Defense contracts worth billions cover network operations, cyberthreat sharing, Android security

The Defense Information Systems Agency (DISA) this week awarded Lockheed Martin a three-year contract to support operations and security on the Department of Defense global data network. The contract, which could be extended up to four additional years, might reach a potential $4.6 billion over seven years.

RELATED: GAO goes undercover to expose military electronic parts fraud against DoD

SECURITY: Stuxnet cyberattack by US a 'destabilizing and dangerous' course of action, security expert Bruce Schneier says

The Global Systems Management Operations (GSM-O) contract includes not just Lockheed, but teammates AT&T, ACS, Serco, BAE Systems, ManTech and others. The DoD's GSM-O is headquartered at Fort Meade, Md., home of the National Security Agency, with multiple support locations said to be across the globe. Lockheed's responsibilities under the contract, which replaces a decade-long contract awarded to SAIC, calls for network provisioning, operations, assurance and maintenance across the military's networks.

The award follows another Lockheed win last month with the DoD to provide the workforce technology underpinnings and analysis for the Department of Defense Cybercrime Center, known as DC3, run under the aegis of the Air Force, and based in Lithicum, Md. The previous contractor supporting this was General Dynamics.

DC3 program director at Lockheed, Rohan Amin, this week discussed the work being done for that project.

DC3 is concerned with all types of cybercrime that might occur related to the defense services and networks. It has been focusing on how to better share cyber-intelligence not just in the DoD, but with businesses that work closely with the DoD, Amin says.

The effort that Lockheed is assisting DoD with now involves expanding intelligence-sharing to include as many as 2,650 companies that partner with DoD today and store classified information. As Lockheed assumed the contract last month there were only 37 companies doing that, but the goal is now to have DoD bring a much wider array of companies into the intelligence-sharing effort. There is even discussion that this might proceed beyond those holding classified information.

"This is an attempt by DoD to reach out to industry in a collaborative way," says Amin about what he still considers a pilot program to get the 2,650 companies on board to securely share information about cyber-incidents. The goal is to obtain and share real-time reporting about attacks against these companies that hold classified information.

Currently there's a "secure portal to facilitate sharing of information," Amin says. The data is being stripped of any reference to specific companies or individuals before it's shared across DoD and industry partners, he says, adding a very limited number of individuals in the military will receive data that hasn't been sanitized in this way.

By sharing important and timely information about suspected cyber-incidents, such as phishing attacks, for example, it's hoped that the DoD and its industry partners will gain improved insight into attacks aimed at undermining security.

ANDROID SECURITY

Another contract related to security that may help DoD into the future was issued by the Defense Advanced Research Projects Agency (DARPA) this week to Fairfax, Va.-based Invincea for work on security in Android-based smartphones and tablets. Android devices are undergoing real-world field tests in Afghanistan by the U.S. Army, where troops are using about 5,000 smartphones and tablets from various manufacturers. Invincea notes that the Army has basically set up its own wireless network for these 5,000 or so Android devices which are running military-specific apps.

According to Invincea, the new four-year contract, worth about $21.4 million, is a follow-up to an earlier contract Invincea worked on to come up with a secure operating system, encryption and software controls for remote wiping of the Android devices that the U.S. Army is using in Afghanistan. The latest contract awarded calls for Invincea to come up with application controls to make sure only approved apps can be downloaded, plus to devise ways to prevent any possible exploits against browsers that might have vulnerabilities, says Anup Ghosh, founder and CEO at Invincea. He says it will be much like a "whitelisting" technology for unauthorized Android apps.

The DoD does not yet have a definite plan to make mobile devices widely available to enlisted personnel, though that is a strategy being worked on, with the National Security Agency and various DoD agencies providing needed input. There is no announced plan to use only Google's Android platform either, but it has proven appealing in some regards because unlike with Apple's iOS platform, the Android operating system can be changed to suit DoD's requirements.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article1

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark