Protecting Global Information Grid requires new strategy.

• Author: Pappalardo, Joe

The cornerstone of future defense programs is information technology, but that foundation may contain cracks that endanger the entire effort, according to security experts within the government.

Ensuring that future information exchange in and out of the Global Information Grid will be done safely will require a new way of viewing the problem, according to J. Michael Johnson, chief of the information assurance office of the National Security Agency. "Net-centricity requires a shift in information assurance strategy."

The National Security Agency is developing the information assurance component of the GIG, with support from the Defense Information Agency and each military service.

The GIG will resemble the Internet, but with more dependence on space-based and mobile systems to send and receive information. Those connections will be configured based on the situation. "This goes beyond the Defense Department. We have to have the ability to share information across the U.S. government."

Responding to a weapon of mass destruction attack will require providing information to government users besides the military and outside of the federal government, such as local responders to international players. Each of these new players will come to the situation with varying levels of trust, but with a pressing need for information. So the GIG has to be flexible enough to allow access, but designed to maintain security.

Currently, there are clear divisions between networks of varying security levels, with the perimeters protected by software, hardware and protocols. Keeping intruders and other unauthorized people out of sensitive areas was a matter of denying them access at known points, he said. In the event a new entity needs access, secure holes have to be punched in that perimeter and those breaches guarded by programming, routers and firewalls.

In the more dynamic GIG model, information is flowing between security levels more seamlessly, with new partners added in an ad hoc fashion. The concept of perimeter security is not adequate to police such a model of information exchange, Johnson said.

The shift in strategy must:

* Ensure that a single point of failure will not spread.

* Augment perimeter monitoring with ways to police activity from within.

* Build forensic abilities into the system to quickly trace the origin an attack.

* Make every information node a sensor that can relate security information to those tasked with securing the network.

"If...