Army prepping IA policy

The Army is moving a step closer to implementing a new information assurance policy as the service meshes its own policies with the Defense Department's directive.

The enterprise information assurance (IA) policy is one of the key pillars needed to support the Army Knowledge Management goals of defending networks, supporting the Objective Force and lowering the overall cost of technology, said Robert Ringdahl, chief integration officer at Network Enterprise Technology Command's Enterprise Systems Technology Activity.

The Army policy is in draft form and should be ready for release this fall, Ringdahl said during a June 5 speech at the Army Small Computer Program's Information Technology conference in Fort Lauderdale, Fla.

"It will be the Army's implementation policy of [DOD's 8500.1] directive," he told Federal Computer Week.

DOD's Directive 8500.1 was issued in October 2002 and instructs DOD agencies to protect data when it is shared across the Global Information Grid. Furthermore, DOD Instruction 8500.2, issued Feb. 6, sets forth the way that rules and policies in the directive are implemented. The document is designed to ensure that information-awareness training and education are provided to all military and civilian personnel in ways specific to their responsibilities for developing, using and maintaining DOD information systems.

"It's a long-standing practice that when DOD issues instructions, each service [then] does their own instructions," said Loren Thompson, a defense analyst at the Lexington Institute, an Arlington, Va., think tank. "This has less to do with information assurance than it does with military culture."

Thompson said securing the service's networks is critical to DOD's warfighting mission because the services could not function without access to timely, relevant data. "The fastest way to get the Army to do something is to issue their own policy." The Army and other armed forces could not have issued their internal IA policies prior to the DOD directive and instructions because they would have risked their guidance being incompatible with the departmentwide vision, he said.

Col. Ted Dmuchowski, director of IA at Netcom, said the new Army policy is really an updated regulation that will align and consolidate the service's IA goals and objectives to support DOD Directive 8500.1 and Instruction 8500.2.

***

Security philosophy

Col. Ted Dmuchowski, director of information assurance at the Network Enterprise Technology Command, noted that the "cornerstone philosophy of Army information assurance" is to:

* Design, implement and secure access, data, systems and repositories.

* Increase trust and improve trusted relationships.

* Employ technical and operational security mechanisms.

* Deny all unauthorized access.

* Permit necessary exceptions to support Army, Defense Department, and joint interagency and multinational tactical and base operations.