Twenty years after the Department of the Navy started to consolidate its IT networks into the Navy-Marine Corps Intranet (NMCI), you’d think that the sea services would have come close to eliminating all of their network stovepipes by now.
If so, you would be wrong.
As of today, there are approximately 140 separate “legacy” and “excepted” networks throughout the fleet that still haven’t been brought under the NMCI umbrella. And even though they represent a relatively small user base, they’re basically ungoverned territory. Their continued existence makes it harder for the DON to move toward a future with universally-accepted standards, and where consuming commercial cloud services is second-nature.
Insight by Akamai: Learn how the Air Force and other services are embracing zero trust in this free webinar.
“It’s become really unaffordable, and it’s a also large security burden,” said Capt. Ben McNeal, the program manager for Naval Enterprise Networks. “We’ve been successful in the past in terms of absorbing legacy and excepted networks into NMCI, but we really want to take a leap as we move forward, much like we did on the afloat networks with the CANES program.”
The Navy hopes to use the latest recompetition of its Next Generation Enterprise Network contract, known as NGEN-R, to achieve that vision, which McNeal calls “domain singularity.” The $7.7 billion award to Leidos is being held up for the moment by two separate bid protests.
But once those matters are resolved, the Navy wants to use the contract to help absorb its remaining one-off networks into a more manageable structure. McNeal said the ultimate goal would be to physically integrate those stragglers into NMCI, much as it already plans to do with ONE-Net, the Navy’s overseas network.
However, that’s the sort of thing that takes a lot of time and money. So in the meantime, a single “logical” network that follows one set of standards may have to suffice as an interim goal.
“There are going to be places where we can’t roll in and converge to a single solution set,” McNeal said in an interview for Federal News Network’s On DoD. “So we want to make sure that the logical connection allows us to have seamless data flow between those networks. Some of the concepts and solution sets within the zero trust architecture allows us to be able to have that seamless flow, such that it’s more of a logical than a physical connection. Policy, and how we architect those, allows for those trusts that don’t exist today.”
Integrating the Navy’s IT systems into NMCI is helpful for interoperability. But it’s less than ideal if NMCI itself is buried in technical debt.
And Navy officials freely acknowledge that’s the case today. Aaron Weis, the Navy Department’s new chief information officer, estimates NMCI is running about 15 years behind industry standards.
“Our networks our are Achilles heel,” he told a group of IT professionals at the DON’s annual West Coast IT conference in San Diego in March. “They are complex, they are difficult to defend, they do a poor job of transmitting information to the point of use. As an industry CIO, the biggest surprise I saw in coming over to the government was the currency of our technology. We’re probably where industry was in the early 2000s, and that’s something we need to change.”
McNeal attributes much of the current problem to outdated requirements documents. If the network the Navy’s using today looks like something from 2001, that’s because that’s when NMCI was architected. Ever since then, it’s been designed mostly to connect individual bases with one another — not to connect the Navy with the commercial cloud computing services it now wants to use.
The Navy has tried to address that problem too via NGEN-R.
“We’ve framed out a journey that’s going to take us from being cloud-intolerant — not able to consume cloud services at all — to being cloud-tolerant, cloud-ready and ultimately, cloud-native,” McNeal said. “We’re still just in the cloud-tolerant stage right now. As we’ve implemented things like Office 365, we’ve had to make major modifications to the network just to be able to consume those cloud based productivity services. Ultimately, when we’re in a cloud-native state, a new application can be consumed without issue, but we’re not there now.”
The COVID-19 situation spotlighted that problem — and potential solutions to it — in spectacular fashion.
Faced with a crush of teleworkers that was exponentially larger than any of the military departments or agencies had ever anticipated, the Defense Department quickly put funding toward projects like bandwidth expansion.
In Norfolk, Va., for example — the largest fleet concentration center in the world — the total internet bandwidth available to Navy users was 2 gigabits per second (Gbps) before the pandemic hit. Projects to expand that capacity had been delayed for the past two years.
But armed with new funding as part of the CARES Act, the Defense Information Systems Agency managed to widen that pipeline to 44 Gbps almost overnight.
Likewise, the Defense Department quickly stood up a new service called Commercial Virtual Remote, based on Microsoft’s “Teams” platform, to let employees collaborate and communicate from home. That service has its limitations: it’s only authorized up to Impact Level 2, so it can only be used for the lowest levels of unclassified data.
But McNeal said it’s been something of a game-changer.
“It provides for collaboration across the entire Department of Defense. It is the closest thing I’ve seen yet to domain singularity — we have all of the DoD that can consume these capabilities, there’s a single tenant, and we can all collaborate together — we’re all in it,” he said during a May 12 webinar hosted by ACT-IAC . “When I talk about domain singularity, this is what we’re trying to bring forth for other services in the same manner as DoD was able to bring forth for productivity services.”
But when the Navy first implemented CVR, it was careful to warn its users not to get too used to it. Any data stored on that platform would be deleted, and the entire thing would be shut down once the pandemic was over, officials warned.
That’s partly because it’s a trivial matter for Navy users to connect to commercial cloud services when they’re at home, where they’re directly connected to the public internet. Once they return to their desk computers, NMCI’s narrow pathways to the cloud simply won’t be able to support all of those connections to a service like CVR.
Not in the near-term, at least.
“All of our buildings across all of our posts, camps and stations across the Navy are based on an idea of an internal routing and switching fabric,” McNeal said. “So our challenge is how to upgrade the boundaries to allow for the same kind of user experience when you’re external to the network. Those upgrades are underway, but the Navy can’t afford to upgrade the infrastructure in each building across all 2,500 of those sites. That’s where we’re looking to some transformational technologies — 5G for example — as a mitigator of some of the cost and level of effort that would be required for some of those traditional upgrades, because that would be unaffordable.”