The Defense Information Systems Agency (DISA) has entered into a multiyear enterprise contract to use Lumeta Inc.’s IPsonar for network mapping and leak detection for the Department of Defense (DoD) global networks.
TKC Global, a systems integrator, will deploy the system.
Why is IPsonar considered necessary?
The short answer is, you can’t defend what you don’t know. We consider leak detection and mapping as key requirements to fully understand DoD’s networks and our external connections. This capability directly supports one of the actions in DISA’s recently signed Campaign Plan, where we want to conduct cross-domain searches for leaks between networks. IPsonar will provide a good start towards that requirement.
What networks will it be used on?
IPsonar will be used on SIPRNet [Secret Internet Protocol Router Network] and NIPRNet [Nonsecure Internet Protocol Router Network].
How well has it worked on the SIPRNet?
The “good” news is that we’ve had limited success with this tool on SIPRNet. I view it as good news because the problems we have getting a network mapping tool to work are directly tied to the security controls we’ve implemented to limit the ability of an adversary to maneuver on our networks. The vendor has made some changes to make it easier to work through some of these issues, plus we are now working a revised CONOPS [Concept of Operations] that will put the tool in the hands of those best able to make the network changes needed for the tool to be fully effective.
Is the software used for one-time or periodic network mapping? Or does it run continuously?
I would like to see this run continuously, at least the portion of the tool that supports leak detection. We are working now with JTF GNO [Joint Task Force-Global Network Operations] and the services to finalize the CONOPS.
Once the network or networks are mapped, then what does DISA do?
DISA’s role here is as the acquisition and support agency for an enterprise information assurance capability that will be operated by the COCOMS [DoD's combatant commands], services and agencies. We are responsible for lifecycle support of the capability.
Is DISA planning other steps to increase network security?
Absolutely. We have a large information assurance program that includes a number of initiatives to reduce the attack surface, improve information sharing and provide the global situational awareness needed to assure mission success in the face of cyberattack.
How will IPsonar relate to the transition from IPv4 to IPv6?
We will always have a requirement to understand our network topology and identify leaks. Today, IPsonar can detect, query and capture info from IPv6 assets. The IPsonar solution is sitting on an IPv4 stack but they have identified in their roadmap and are on track to be IPv6-compliant. We will work with the vendor and IPv6 test efforts in DoD to make sure this and all of our IA [Internal Audit] capabilities remain effective as we transition to IPv6.
How will this deployment relate to complying with the Trusted Internet Connections Initiative?
We have strong policy and procedures to support the Trusted Internet Connection Initiative. The leak-detection capability of IPsonar provides the technology to help identify any unapproved Internet connections.
How will this implementation allow DISA and the DoD to meet FISMA compliance standards?
This will support the FISMA requirement for “asset awareness” by providing a mapping capability.
Why choose IPsonar, vs. other networking mapping software?
Our most critical requirement was leak detection. When we considered that, along with the mapping requirements, we found IPsonar to be the best solution.
How will IPsonar integrate with existing network, storage and endpoint security software at DISA to ensure better cybersecurity?
We have a number of cybersecurity solutions providing valuable data for our network defenders, but integration is largely manual. One of the top priorities for us in FY10 is to address this issue. We have two efforts ongoing: one focused on configuration management and vulnerability management requirements leveraging the SCAP data standards, with the other focused on attack detection, diagnosis and response. Both of these efforts will integrate IPsonar to help put data from other sources into context.