Navy says new intranet will upgrade computer security

When the Navy Marine Corps Intranet (NMCI) comes online in mid-July, the program's entire security infrastructure will be fully operational and effective, Navy officials said Tuesday. NMCI is the Navy's 5-year, $4.1 billion-effort to outsource the technology, maintenance and help desk support for over 350,000 desktops and 200 networks. The Navy awarded the NMCI contract to Electronic Data Systems in October 2000. Scott Henderson, a systems engineer at the Space and Naval Warfare Systems Command, outlined the project's exhaustive approach to security at a press conference Tuesday. NMCI will use six network operation centers equipped with full-time security staffs. These centers will govern all network traffic between NMCI's networks and the public Internet. "The network operation centers will fully isolate the Navy and Marine Corps from outside networks," Henderson said. "The government has outsourced the infrastructure but has retained the authority to run the network." NMCI's security won't end there. Further monitoring will occur at the regional and command level, and every workstation and server will be monitored for viruses and outbreaks of malicious code. Under NMCI, every Navy and Marine Corps server will be moved to server "farms" managed and protected by the network operation centers, thereby limiting access points and reducing security risks. Currently, the Navy suffers from differing security capabilities at its various commands, said Henderson. NMCI will unite the Navy under a single security policy. The Marine Corps already has one. The Navy has reason to pay close attention to information security. Last year, the Navy tracked 23,662 possible hacking attempts on its networks. Thus far in 2001, the Navy knows of 125 successful intrusions into its systems. While most of those were aimed at Web sites rather than core business systems, the Navy takes each hacking incident very seriously, Henderson said. Most successful hacks could have been prevented had known vulnerabilities been fixed, Henderson said. NMCI's enhanced security will make it easier for the Navy to fix known software foul-ups that hackers typically take advantage during their exploits. Fixing such vulnerabilities should enable the Navy and Marine Corps to focus on more advanced information warfare threats, such as those posed by foreign states or terrorist groups, said Henderson. NMCI will be the largest Defense Department implementation of public key infrastructure (PKI), said Henderson. A PKI is used to restrict computer access to only authorized users as well as to protect and encrypt data traveling over networks. EDS stands to earn up to a $10 million performance bonus if Navy and Marine Corps official s are satisfied with NMCI's level of security.