[Infowarrior] - DISA to establish safe haven outside the Internet

Richard Forno rforno at infowarrior.org
Sat Feb 13 18:27:04 UTC 2010 

While I understand the defensive logic behind this, and the potential  
security benefits of limiting your access points, does not this also  
present a larger single point of failure/vulnerability that negates  
much of what makes networks (ie resiliency/survivability) so useful?   
Do "we" sacrifice those essential features in the name of possibly  
increasing security?
Just wondering out loud.... --rick

DISA to establish safe haven outside the Internet
Move would whisk users away from the perils of public Internet access

http://gcn.com/articles/2010/02/12/disa-dmz.aspx

	• By Amber Corrin
	•  Feb 12, 2010
The Defense Information Systems Agency plans to cordon off its  
unclassified networks from public Internet access, creating a  
"demilitarized zone" isolating Web-based servers and applications from  
other defense systems.

The DISA procurement budget for fiscal 2011 includes $6 million to  
construct a bypass around public Internet portals for users of the  
Unclassified but Sensitive IP Router Network (NIPRNet), according to  
govinfosecurity.com. The DMZ would eliminate “the need for most DOD  
assets to directly connect with the public Internet, which greatly  
reduces its surface and exposure to attacks,” the DISA budget stated.
The DMZ was designed to provide an infrastructure to implement data  
segregation to protect private, controlled and classified data from  
publicly accessible information, according to the budget description.

The funding will procure hardware and software to move Web-based  
application servers into the DMZ. “These servers separate networks  
that should have access to the Internet from those that should not,”  
the budget stated.

The project is part of DISA’s Information Systems Security Program  
(ISSP), for which $14.6 million total was budgeted for 2011. Other  
projects under ISSP include nearly $1.8 million for its host-based  
security system to counter cyber threats on Defense Department   
computers and “accomplish configuration and management control across  
all endpoints,” the budget stated.

Other funding includes:

	•  $2.3 million to bolster DOD’s classified Secure IP Router Network  
(SIPRNet) firewall against external attacks.
	•  $2.2 million for Insider Threat capability that addresses  
potential internal attacks.
	•  $2.5 million for the Cross-Domain Enterprise Service to securely  
transfer information between NIPRNet and SIPRNet and to safely  
disseminate information while reducing costs.

More information about the Infowarrior mailing list