Secured Availability

All DoD activities involve decision making based on information, and as a result, the GIG is and always will be a high priority target. DoD networks and information are constantly threatened by a variety of adversaries, including nation states, terrorist and criminal organizations, insiders and common hackers. The availability, reliability, and resiliency of the GIG are critical to successfully maintaining information superiority and Information Assurance (IA) is a foundational element for each of these concerns.

Delivering on DoD’s net-centric vision requires a robust set of IA capabilities. Sharing information throughout the government, as well as with DoD’s industry and coalition partners, demands an assured environment. IA provides the users of the net-centric environment with the trust and confidence that the integrity of the information is maintained, that information systems will be there when needed and remain under DoD control, and that adversaries are not able to compromise the decision space. In this context, IA is essential to countering the increased threats brought about by the greater interconnectivity and interdependency in a net-centric environment.

Secured Availability (SA) addresses several challenges the Department faces in achieving a fully net-centric environment. SA protects and secures critical data, capabilities, IT infrastructures and data exchanges while providing authentication and non-repudiation of GIG information and transactions. It also makes it possible to rapidly and securely respond to incidents threatening GIG operations. Throughout DoD’s transition to a net-centric environment, additional IA capabilities may be required by a given program to meet the SA rules and principles stated here; however, as IA shifts toward enterprise-wide SA services, such interim programmatic solutions will be replaced.

Enabling Net-Centric Secured Availability

Fully implementing SA in the net-centric environment requires new technologies, new policies and new levels of collaboration within the Department and among its federal, state, local, industry and coalition partners. Successful implementiion of capabilities providing Secured Availability will serve all DoD missions and COIs. Key elements include:

  • Providing and managing assured identities for all users, services, and devices to facilitate dynamic information sharing within and across the network boundaries of organizations at varying trust levels.
  • Permanently and incorruptibly binding metadata to associated data objects (at the time of the object’s creation, not retroactively) to facilitate assured data visibility and handling.
  • Assessing threats and risks associated with the software, hardware and services supply chain to enable DoD program, security, and operations personnel to understand the level of trust that can be associated with the IT components they acquire, manage or use.
  • Enabling rapid modification of access, resource allocation or prioritization (e.g., bandwidth, processing, and storage) through enterprise-wide, policy-based management in response to changing mission needs or threats based on directory-provided attributes for services and users
  • Improving ease of management for enterprise-wide security services and infrastructure (e.g., encryption, crypto key management, identity, privilege and security configuration management, and audit).

Successfully implementing the capabilities to provide Secured Availability will serve all DoD missions and COIs. For example, SA solutions that eliminate the "man-in-the-loop" security review and privilege management requirements will also support the automation of GIG network operations, furthering DoD's progression toward full net-centric operations.

Maintaining Security in an Ever Changing Environment

The GIG will be a continuing target of attack and the IA community must continue to counter the entire range of threats brought about by the greater interconnectivity and interdependency of DoD systems. Being able to effectively assess the security posture of the constantly changing GIG, evaluate emerging technologies, assess threats, and adjust investment priorities is increasingly critical to DoD’s security.

Near-term initiatives emphasize solutions that provide immediate return on investment, while maintaining and expanding current Computer Network Defense (CND) capabilities. To maintain the advantage offered by net-centric operations, the GIG must be designed to “fight through” these attacks and reconstitute critical capabilities during and after these attacks.

Departmental priorities are likely to feature investments that represent incremental progress toward SA implementation in the net-centric environment. Resource commitments are expected to provide increased protection for data in transit and at rest, improve interoperability, accelerate information management and data exchange automation, and increase IA workforce readiness. Lastly, the Department will ensure Mission Assurance concerns are addressed as part of DoD’s overall risk assessment framework through policies, standards, processes and initiatives that address hardware, software, and supplier assurance concerns.

Principles and Business Rules

The Secured Availability principles and rules have been established to guide IT investment decisions and ensure programs properly emphasize implementation of Information Assurance to achieve Secured Availability.