Navy stovepipes prove resilient
Scores of legacy applications are forcing customers to maintain separate systems that NMCI was intended to replace
Scores of legacy applications that do not meet the strict security requirements of the Navy Marine Corps Intranet are forcing initial customers to maintain separate systems that NMCI was intended to replace.
Applications are put in a "kiosk" if they don't pass the security test, said Navy deputy chief information officer Ron Turner. These systems remain outside the NMCI network.
The number of kiosk systems is much greater than was originally anticipated, Navy officials said. The Navy is searching for a way to get a better handle on those systems so they do not undermine the overall objective of NMCI — having an enterprise network for all of the service's shore-based applications.
"In the long run, we don't want a separate network running," said Capt. Chris Christopher, deputy program executive officer for information technology at the Navy Department.
The Navy has always anticipated that there would be some legacy applications that would not be able to meet the new security criteria for NMCI. But that number was relatively small — the original plan was to have nine kiosk systems hosting about 11 legacy applications, Christopher said.
But the Navy has been flooded with swelling numbers of legacy applications, and the number of applications determined to be "mission essential" but not able to migrate to the NMCI network has ballooned to 160 as of Feb. 27 at the three test sites.
That number changes often as applications are certified and accredited for NMCI, said Chris Grey, a spokesman for EDS, the lead vendor for the $6.9 billion project.
"They will stay there until they are modified or replaced with a new application that meets the security requirements," Turner said. "Once you put the applications in the kiosked doghouse, then it is up to the developer to bring that application into compliance."
Some fixes involve relatively easy changes in code, he said, or updates to macros that are not compatible with the Microsoft Corp. Windows 2000 environment. Others, however, may be more complex and require a total package replacement.
Navy officials stress that the kiosk problem is not caused by NMCI, but rather is part of the daunting effort to get a handle on the number of applications that the Navy is using, Christopher said. In fact, he said, NMCI is part of the solution to this issue.
"We have the same problem whether we are doing NMCI or not," he said. "We are using NMCI to drive down the number of applications" used across the Navy. Previously, there was nothing driving the Navy to assess the thousands of applications across the organization.
Christopher noted, however, that unlike the private sector, which can order that applications be fixed "or else," the Navy cannot do that with applications that may be important to the service's mission — especially during a war.
The Navy is urging sites that will be moving to NMCI to start working on their legacy systems as soon as possible so they can avoid such issues.
NEXT STORY: OMB, CIOs support a central e-gov fund