Defense 2.0 a work in progress

 

Connecting state and local government leaders

The Defense 2.0 era is still years away as culture, inertia, and IT security concerns that grow only more complicated in a Web 2.0 world continue to challenge military IT leaders.

The vision of adapting next-generation Internet technologies in the Defense Department is gaining new urgency as businesses, and employees, increasingly embrace Web-based social networking applications. But the horizon for what some call the Defense 2.0 era appears a long way off as culture, inertia, and IT security concerns that grow only more complicated in a Web 2.0 world, continue to challenge military IT leaders.

The gap between vision and reality was plainly evident as senior DOD officials and industry experts debated the implications of Web 2.0 technologies yesterday at a conference held by the Information Technology Association of America.

Robert Carey, chief information officer of the Department of the Navy, was among those who have seen Web 2.0 applications making positive contributions to the work of DOD. Carey, who has gained notoriety for being among the highest-ranking CIOs in DOD to author his own blog, also is an active wiki user.

'Wikis offer in my world [a better way] to write policy,' he said. In the old paradigm, it could take 18 months to complete a policy document, with all the comments back and forth, he said. 'Now I can have something in 60 days. I tell people, 'Write the words like you want them, not your comments.' '

Carey has also been impressed with how quickly IT solutions have emerged on the fly using mashups of multiple Web-based applications. He cited the Combined Information Data Network Exchange as one example. What began as a do-it-yourself project in the field using Google maps to track battlefield actions, including indirect fires and improvised explosive devices events, quickly gained wider use by battlefield commanders. It might have taken years ' and millions of dollars ' to build something comparable under traditional IT approaches in DOD.

John Hale, chief of solutions delivery for the Office of the Director of National Intelligence, which spawned Intellipedia, sees Web 2.0 differently.

'Web 2.0 in my world has nothing to do with technology. It's all about enabling the end user and the data,' he said. With 78,000 registered users in the intelligence community and 250,000 additional individuals with qualifications to view the data, 'Intellipedia has been has been the single most ground-shaking way to share info in the community.'

The challenge of Web 2.0 applications, however, remains how to engineer security safeguards into what amount to ad hoc systems.

The ideal approach is to make security part of system design from the beginning. 'The problem is when you cobble things together,' said Brig. Gen Ronnie Hawkins, Deputy Director, Policy and Resources, SAF/XCP-2.

'Many of our coalition partners use collaboration tools more than we do at DOD,' he said. 'We're more strict and locked down. I appreciate having lived on the edge why we need to do that,' he said. But he's also seen the speed and advantages Web 2.0 tools can offer. 'It comes down to behavior in many regards.'

'We should not get ahead of ourselves and allow next generation capabilities until we understand how it architecturally operates,' said Mitch Komaroff, Assistant Secretary of Defense for Networks and Information Integration. 'We haven't solved the last generation.'

Chris Daly, technical competency lead for security, IBM Federal Division, was among those who were more blunt about the technical risks of Web 2.0 applications.

Web 2.0 offers 'the promise of worse security,' he said. 'Web 1.0 at least had a security model, relying on a browser, SSL [secure socket layer protocol], and the [security built into] web servers. Web 2.0 was built using cross-site scripting,' creating opportunities for 'man in the middle attacks.' The fix would involve resolving standards that certify data and its source and redesigning browsers to conduct and manage multi-site certifications, he said.

Mashups present a particular challenge, he said. Without greater administrator control, mashups can disclose more data than intended.

Work is under way, he said, at IBM to provide improved security for enterprise mashups, with a technology named SMash (short for secure mashups). It offers a secure component model, where components are provided by different trust domains which can interact using a communication abstraction that makes it relatively easy to specify security policies. In theory, a technology like SMash can unlock data and services so they can inter-work in ways which allow data to be used more synergistically.

Cloud computing

What wasn't in question at the conference is how rapidly the world is migrating to and relying on the Web.

'We're entering a fundamentally new ' and third ' phase of the Internet, as profound as the World Wide Web,' where data and applications reside somewhere other than on stand alone computers or Web sites, and which can be cross-linked in new and powerful ways, said Michael R. Nelson, visiting professor, Internet Studies, Georgetown University's Communication, Culture, and Technology Program.

The massive shift of activity to the Internet has already begun to unleash an 'exaflood' of online traffic, said Nelson, using a term coined by Bret Swanson and George Gilder of the Discovery Institute. He cited their most recent study, released in January, which estimates monthly Internet traffic will double between 2007 and 2011, to approximately 10 exabytes of data. An exabyte is one billion, billion bytes of information. That figure will grow tenfold by 2015 as video, gaming, cloud computing, and business IP traffic mushrooms, he said.

Nelson predicted that 80 percent of all computing will be done in the cloud in as little as five years, but more likely in 10 years, as technical agreements, business practices and most of all, cultural barriers promoting cloud computing are resolved.

'CIOs and their teams will have to adapt to new roles,' he said. 'They won't be involved in managing their own servers, but [access] to someone else's infrastructure' and helping employees to use this new technology.

Lewis Shepherd, chief technology officer, Microsoft Institute for Advanced Technology in Governments, and a former senior technology officer at the Defense Intelligence Agency, suggested that there were many reasons why not everything will be done on the Web.

As an outgrowth of Moore's Law, the evolution of mini- and multi-core processors will continue to make computing available in increasingly smaller client form factors, he said, in some cases, invisible and other cases embedded. Consequently, 'we don't see everything going to cloud computing,' Shepherd said.

He also suggested that some of the security concerns of Web 2.0 will be resolved as data protection solutions evolve.

Today's mashups turn the browser into a multi-user system, he said, noting that mutually distrusting domains become co-users. There's no control on content integrated from different domains.

The answer won't be in the browser, but in the data and in looking at the cloud like an operating system. That's 'why we're placing a lot of [research and development] effort on a cloud-based approach as the right path.' It's also why 'I'm incredibly optimistic about the Web 3.0 -- the semantic Web -- which is all about the value of embedded data.'

NEXT STORY: Tighter security for IE8

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.