声明 下午好,主席,委员会成员和工作人员。我是后海军上将迪克·梅奥(Dick Mayo),目前担任海军工作人员,担任太空,信息战以及指挥和控制的主管。
I am pleased to be here to discuss what I believe are two of the most important areas we are facing today in the Navy�Information Superiority and Information Assurance.The United States Navy is in the midst of a transformation that capitalizes on the awesome potential of advanced information technology, and the topics of this hearing go to the heart of all our basic Information Age challenges.In a strategic sense, this now includes the dimension of cyberspace.我们必须很好地利用网络空间来影响事件,并且必须保护我们对网络空间的访问。Operationally, using networks to host this new medium provides a significantly increased advantage to our warfighters.在过去的几年中,我们已经取得了巨大的进步,意识到这一潜力,比以往任何时候都更重要。 I would first like to offer our current perspective on Information Superiority, then discuss Information Assurance, and finish with our "entry fees" to both of these. 以网络为中心的操作自从2010年联合愿景的发行首次以该主题为主的意识以来,已经获得了许多新的见解。海军全面参与了以网络为中心的运营,作为我们将网络组织和技术带入战斗空间的顶峰概念。它利用我们的人员,信息,武器和传感器的分布式网络,通过更智能,更适应性的性能来更快,显着改善效果。当我们开始派遣网络,并在现实世界中与他们进行实验和操作时,我们为知识优势的新概念带来了更多的见解,并基于我们对信息优势的原始欣赏。 Knowledge SuperiorityKnowledge Superiority provides a strong perspective on the value of organizational and human dynamics, and how these networked organizations behave to yield truly powerful benefits.Knowledge Superiority focuses on people; what they know; how they bring that knowledge together; and, how they put that knowledge into action to gain the advantage and take the initiative.该功率主要来自三个主要网络功能:首先,几乎普遍访问信息;其次,在有兴趣和知识渊博的政党中使用丰富的合作场所;第三,巧妙地应用了分散的权力,以迅速而知识促进战术接触点。这些战术接触的点是我们最想要适应性,速度,精度和敏捷性的地方。通过让我们的水手能够获得网络,协作和创新的能力,并具有专业和适当的行动以实现我们的目标的信任。我们确保海军的运营成功。 投资和政策选择决定了运营适应性的程度
我想首先强调有关授权能力的这一点,因为认识到我们对我们人民可用的连通性和应用程序做出的选择绝对至关重要,这将决定我们的战斗方法。Where we place our network connections, what connectivity is available, what network applications are provided, and how reliable they are, will determine how our Sailors will be able to achieve their goals.We should be careful not to lock out options, especially when our greatest advantage is the battlefield innovation repeatedly demonstrated by our own people who constantly impress us with new combinations of actionable knowledge, followed by the unique and powerful application of capabilities that we did not previously imagine. 必须保持我们的动力在向我们的车队运送工具中,以获得高度分布的,通常分散的,充分赋予能力,以实现我们创新的信息年龄潜力。这种心态必须构成有关连接性,应用程序以及网络控制和管理的选择。We must enable our Sailors to the fullest extent possible so as to allow them to control their combat destiny. Indeed, we should always err on the side of empowerment because I am eager to let the Sailors themselves tell us what we need to win our future wars.
运营收益
这是他们告诉我们的。During Operation ALLIED FORCE in Serbia and Kosovo, the SIPRNET (Secure Internet Protocol Router Network) literally replaced regular naval messages as the primary means for communication and coordination among our staffs and ships.The medium is so much faster and more personal that it has become absolutely indispensable in the conduct of today's operations.Key planning events were conducted via e-mail and video-teleconferences.Commanding Officers had on-going dialog with their Task Force Commanders.海军空中罢工计划者将与欧洲各地的联合情报牢房以及在岸上空中行动中心的罢工计划者以及Tomahawk导弹计划者在其他船上的其他船上合作。Pilots were on the net conducting live debriefs with intelligence collection managers.情报分析的新组合,再加上指挥官的智慧和经验以及现场战术家的亲密现实,在这项联合运动中创造了新的和相关的成功。
在战争之中,我们能够捕捉一个令人惊奇的事件。On one occasion, a USAF aircraft over Serbia recognized a group of enemy mobile targets.该信息被馈送到网络,从而大大减少了响应时间,并允许将海军战斧导弹用于这些目标。通过使用我们的网络,我们能够采用以前消耗几天的过程,并将其变成真正具有战术意义的能力。We want to spread that capability throughout our forces.我们21的信息技术英石Century, or IT-21 capable Battle Groups continue to report operationally significant benefits like this.在沙漠狐狸行动对伊拉克行动中,我们几乎完全在SIPRNET上与联合航空公司进行了双载战队罢工协调。最近,在朝鲜渔船入侵韩国水域的危机中,第七舰队派出IT-21船只进行监视和反应,使这些船只能够与岸上的联合部队指挥官分享他们的情境意识。A true transformation is taking place, with organizational and operational overtones that are now just being recognized and understood.
Some additional examples come to us from our Fleet Battle Experiments.我的局赞助罗德岛州纽波特的海军战争发展司令部(NWDC)。NWDC在我们的舰队中进行实时实验。In Fleet Battle Experiment(FBE)由第七舰队进行的三角洲(Delta),我们的网络技术使得和执行全新的策略。这种以前未经测试和未经尝试的力组合能够实现反弹攻击的十倍。In FBE Echo conducted by THIRD Fleet in March 1999, our networks enabled new combinations of surveillance and strike platforms working against mobile targets ashore.同样在FBE Echo中,我们地区的反贵族部队成功地采用了SIPRNET网站来维持常见的海底图片,并通过基于Web的聊天进行协作计划。这种基于网络的功能已转移到太平洋剧院成功的现实世界业务。在1999年12月由第五舰队进行的FBE Foxtrot中,我们的网络被用来加速行动防御,海上控制,拦截和罢工行动的所有阶段和维度。This is known as rapidly decisive �parallel� or �simultaneous� operations.我们的网络使我们能够达到新的性能水平。
信息安全和信息保证
I would now like to address Information Assurance (IA).Our approach to Information Assurance is known as �defense-in-depth.�We have adopted a layered, end-to-end approach to network defense.As I describe the measures, please keep in mind that these apply directly to our currently on-going IT-21 and projected Navy-Marine Corps Intranet (NMCI) efforts.With defense-in-depth, security protection mechanisms are employed in multiple locations in the network architecture.例如,深度可能意味着通过网络协议加密分层链接加密,并通过电子邮件(应用程序层)加密进一步分层。另一个示例是使用两个不同的反病毒软件包,一个在防火墙/邮件服务器上,另一个在最终用户工作站。除了这样的技术保护设备外,我们的深入防御设备还考虑了受过训练的人员和改进的IA组织基础设施。
Firewalls, intrusion detection devices, and software tools are installed as technical defense measures throughout every network echelon.这意味着,在我们网络的每一层中 - 从单个桌面,到每艘船或建筑物中的LAN(局域网),到整个建筑物(例如总部设施或基地),到大都市地区网络和区域网络运营中心 - 同时使用这些工具。
我们已经将空间和海军战系统司令部(Spawar)IA计划经理指定为所有技术安全事务的IA技术机构和认证机构。该中央权威为质量控制和合规性提供了网络范围的高标准。Navy's central Technical Authority maintains a web site as a central up-to-dateresource that includes an IA software toolkit (such as virus scanners and a secure copying program), IA policy and guidance, and certification templates.技术机构还开发了我们的IA技术出版物,其中包含详细事件报告指南,防御系统配置指南和IA技术程序。金博宝更改账户Most important, the Technical Authority works with acquisition program managers throughout the Department of the Navy to ensure that technical requirements are being met in all programs.
A significant part of our Information Systems Technician (IT) personnel and training efforts cover our needs for IA.在他们的职业生涯中,所有IS级的人员都将受到不同程度的IA培训。除了最初的系统管理培训外,在网络运营中心工作的中级人员正在接受网络安全漏洞技术人员的培训。This is an 8-week course directed at securing information systems.自1997年推出该课程以来,我们的吞吐量增加了一倍,达到每年120个。E-6和O-4级别的合格IT人员正在通过一门新课程作为信息系统安全经理进行培训,该课程将在今年培训164名人员。他们将函数作为一个活动的认证action officer, institute security policy, implement security risk management programs, and develop information systems security and contingency plans.This training is being made available both at Pensacola and by six Mobile Training Teams.
Our organizational infrastructure has been adapted to deal with increased security threats.我们于1999年7月31日实现了计算机网络防御(NCTF-CND)的海军组件工作组的完全运营能力。NCTF-CND进行连续的IA漏洞评估,实现信息安全条件(INFOCON),并直接与联合工作组合作用于计算机网络防御(JTF-CND)。1999年,NCTF-CND发布了11个IA漏洞警报以及三个IA漏洞公告,以减轻计算机网络漏洞。NCTF-CND also conducted a Navy-wide INFOCON exercise in late 1999, the results of which contributed greatly to our understanding of the operational impact of INFOCONs and the need for detailed response procedures.
我们的车队信息战中心(FIWC)进行入侵检测,事件报告,并操作海军计算机事件响应小组(Navcirt)。FIWC还与编号的舰队指挥官和战斗小组指挥官合作,在联合工作队练习期间进行积极的“红队”努力。通过这种方式,我们可以检测到IA问题,在压力条件下进行在职系统管理员培训,并提高IA意识作为部署准备的一部分。
与我的员工一起,我们的IA努力中的每一个武器都重叠,专注于支持所有海军系统管理员,即我们的“战术联系点”。They are notified of potential security activity or concerns by the NCTF-CND and have FIWC-developed response capabilities at their disposal.Every System Administrator also has access to the expertise and security products resident at the Navy's central Technical Authority at SPAWAR.他们同时在各个级别管理网络系统,为防御提供了深度。They are truly our first and best line of defense, and are often the initial reporting source on probes and incidents occurring in our networks.
我们的组织一致性很快将包括海军和海军陆战队总部C4I员工的紧密整合,并为我们的IA计划和政策提供了单一的领导。New IA leverage has also grown from our intense Y2K effort, including much greater insight into our total IT inventories which will be used for improved security through configuration control and improved enterprise-wide IA vulnerability assessments.
Other specific IA accomplishments this past year include:
此外,我们认识到由全球定位系统(GPS)生成的信息安全性对于我们的平台导航,定位和武器定位的重要性。作为GPS的海军代理商,我们积极从事联合导航战(NAVWAR)努力。
我们准备继续推进一些目前在01财年资助的IA计划。These are:COMSEC(高安全加密设备);安全的声音;pki;和Kiv-7。
信息年龄功率的入场费
Achieving our Information Age potential comes with a few �entry fees��in other words, you can not achieve the operational outcomes without certain key investments up front.In addition to network security and IA, these fees are: a complete network infrastructure; new operating processes and structures; and, people ready for and trained in Information Age operations. 网络基础架构
IT-21
使SIPRNET示例我刚刚提到的每条海军部队都可以使用,这意味着完成我们的IT-21网络的范围。到目前为止,我们的IT-21倡议已经为我们的四艘指挥舰,五个承运人战斗集团和五个两栖动物组提供了准备。我们大约两年半的初始野外计划,以使我们的生产力量完全装备。In addition to our groups, some form of IT-21 is scheduled to be installed in every naval combatant.Slight variations of several related programs are planned, trying to balance our desire for high bandwidth connectivity and comparable ship capability with affordability.IT-21总是随卫星访问分类的SIPRNET和未分类的伴侣NIPRNET(非分类Internet协议路由器网络)。在命令船上,它还具有视频评估功能。在所有情况下,IT-21都配备了一套称为GCCS-M或Global Command and Control System-Maritime的操作工具。海湾合作委员会在每个台式机和观察站都放置了共享的,共同的,共同的操作图片。额外的正在开发的新应用程序the operational commanders, and because these are software-based and can reside in almost any Internet-Protocol server, the IT-21 infrastructure supports an incredible amount of adaptability to the various Fleet and Joint Commanders� needs.此外,我们的IT-21网络使我们能够通过带来我前面提到的所有IA好处来为我们的船只建立一个紧密的信息安全飞地。这些方面已经证明了它们在实际操作中的价值。 From where we started a few years ago with reasonable hopes that IT-21 would bring us new power, we are now at a time when our operational commanders are counting the ships that do not have IT-21.下面的例子说明:手机号Bay was designated by the SEVENTH Fleet Commander to be the ship on-scene for the recent East Timor crisis specifically because she is IT-21 equipped.随着时间的临近替换车站上的移动湾的时间,运营指挥官将希望一艘能够同样能力的船以类似地共享情境意识或进行快速协调。如您所见,运营指挥官现在正在根据其IT-21功能管理船舶的就业时间表。We need to keep pressing to simplify these difficult and vital decisions. 海军海军陆战队Intranet 为了在IT-21运营经验中带来与我们看到的漂流相同的岸上的好处,我们已经在海军海军军团Intranet(NMCI)倡议上设定了课程。For long haul communications, the NMCI will ride the Defense Information Systems Network (DISN).对于其他Intranet服务,海军的判断力是行业将提供高度竞争的解决方案。1999年12月,海军向行业发出了提案请求(RFP),以签订我们的Intranet的合同。C3I的国防部长已同意海军对NMCI的追求NMCI与网络公用事业行业的同意,但尚未发现海军业务案例分析。我们目前正在进行此分析。 There are some very key facets of an intranet that make it very compelling for us.首先,Intranet可以在我们部门的每个漂浮和上岸元素中提供完整的合作。NMCI中不会有“与众不同”。Every naval element will be a full participant.与今天不同,每个命令和每个水手都将具有适当的访问权限,可以完全利用网络应用程序和服务,进而能够充分贡献。其次,我们将通过只有单个企业Intranet所能提供的通用标准来提高网络互操作性。Like successful business enterprises, the NMCI will provide full access across the enterprise to common databases and information repositories, as well as a great cross-functional reach across previously stove-piped boundaries.我们目前不协调且不一致地开发和操作的网络不允许这种协同作用。NMCI将更好地使我们能够支持诸如企业资源计划或``ERP)之类的全面应用程序。ERP的一些试点项目已由海军部商业事务执行委员会(RBA Excomm)的革命租用。就像一家商业企业一样,ERP将使我们能够提高分布式设计,开发,采购,采购,用品分配,维护链的分配,维护链和其他类似商业的活动的效率车队支持。
最后,最重要的是,Intranet带来了安全措施,这些措施在不协调和不确定的网络集团中是无法实现的。提高的安全性可能是我们NMCI中最大的增值。We want to take the improved security posture achieved with our IT-21 capability and expand that secure enclave ashore.The NMCI architecture framework defines four defensive "boundaries" in conjunction with our overall IT defense-in-depth strategy, ranging from the external network boundary to the application layer.这些边界将用于定义特定的分层安全措施。我们的NMCI指南还描述了技术和服务质量标准的安全要求。需求包括内容监视,内容过滤,虚拟专用网络(VPN)和加密标准,启用PKI的应用程序的标准以及Web安全性。此外,NMCI设置了合同系统管理员和网络经理所需的资格标准。"Red Teams" are also established under the NMCI to determine the effectiveness of contract fulfillment toward security requirements and to perform ongoing network vulnerability and risk assessment.A "Blue Team" will verify security configuration management and approve all security architecture choices and security procedures.The NMCI vendor will be responsible for providing raw data that will be analyzed by Navy to determine whether an incident has occurred as well as the magnitude of any incident.如果没有共同标准和所需的服务质量,则无法保证这些安全措施。
自今年年初以来,海军已经认识到未分类系统上的19个计算机网络事件。我们在这些和过去的入侵尝试的经验验证了在企业层面上维持技术施加,反应迅速的IA组织的重要性。尽管我们培训系统管理员以尽可能安全地运行他们的系统,并通过IAVA,Navcirt Advisories和其他及时的技术信息保持最新状态,但本地过程中总有差异的元素,复杂的软件版本升级和网络重新配置。借助NMCI,集中式系统管理将使我们能够动态和远程实施(即“推”)“最佳实践”,对策和安全的网络配置,以允许近乎真实的时间,技术上统一的IAVAS和技术咨询范围内海军。例如,尽管本地命令将继续撰写组织网页的内容,但网页本身将驻留在统一和中央配置的NMCI服务器上 - 根据DOD/DON的最佳实践进行了配置。网页“ hacks”的脆弱性将在整个企业中均匀缓解。 NMCI还将加快3类PKI启用网页和身份验证措施的期望扩散,以适当授权访问和修改海军网站。NMCI企业中PKI/证书机构和反病毒签名的统一实施将大大降低由密码“嗅探”所获得的外部入侵根访问的风险,并从带有恶意附件或“ Trojan Horses”,“ Trojan Horses”,“ Trojan Horse”,“ Trojan Horse”,“例如去年的“梅利莎”一集。 组织过程和结构
Because there is so much appropriate attention to fielding the physical network infrastructure, it is sometimes easy to overlook the organizational dimensions.但是,到目前为止,在我的所有陈述中,都有巨大的一线希望,需要关注这些组织维度。我已经强调了有必要充分赋予水手以新方式合作的能力。系统管理员向我们的安全工作中心的明显举动表明了重要的组织适应。企业资源计划清楚地利用了该网络在以前的组织边界中的影响力。这些只是组织过程和结构正在进行的几个示例,这些示例绝对需要实现网络的全部力量。其他人必须遵循。
We are constantly addressing our work processes.我们从行业中知道,在信息时代,组织结构和流程正在发生广泛的变化。业务领域的一个共同主题是````disag''当前的业务方式并将其重新聚集在网上。这确实是以网络为中心的操作的全部内容。检查和调整我们的业务和经营流程的一项非常重要的努力是在第三舰队进行的,约翰·C·斯蒂尼斯战斗集团(John C. Stennis Battle Group)刚配备了IT-21。THIRD Fleet�s Network Centric Innovation Center (NCIC) has been targeting the improvement of Battle Group processes based on the IT-21 network. This low cost, high leverage activity is indeed a critical entry fee to achieving full operational potential of our networks.
A byproduct of our success in process-redesign efforts like the NCIC, as with our experience with IT-21, is our recognition of an increasing need for more Information Management (IM), Knowledge Management (KM), Bandwidth Management, and improved Network Management procedures overall.Navy recently introduced our FY 2000-2001 IM/IT Strategic Plan.我们的Intranet知识管理工作组(IKMWG)于去年由RBA Excomm租用,并在海军首席信息官部(DON CIO)的领导下,正在追求该计划的许多目标。The IKMWG has begun to catalog and leverage the many lessons learned from several existing Navy KM initiatives. We are also leading the charge on a DoN enterprise �knowledge portal," a tailored web site that acts as the front end for a tremendous amount of Navy documented knowledge and data repositories.知识门户类似于您的桌面上有一名海军范围的图书馆员。最后,我们正在进行有关标准化数据库的试点项目。This effort will teach us how and where data and information is best organized on our networks to permit plug-and-play functionality.
人们
今天,明天和将来,我们的人民始终是我们最重要的资源。它们确实是我们战斗组织中最适应性的元素。我已经强调了有必要通过我们的分配网络基础架构和政策来增强他们的能力,以及我们如何通过与安全有关的专家培训来增强其功能。我想提及我们针对人员结构,技能和培训的一些具体计划。
We have commenced fashioning an end-to-end approach to enlisted personnel in the Communications, Information Systems, and Networks�or �CISN��field.The Navy has re-designated the Radioman (RM) rating to the Information Systems Technician (IT) rating.随着重点的这种变化,以下是以下高影响力的行动: �在所有促销区域中,选择性重新进入奖金(SRB)增加 �Advancement opportunity well above Navy-wide averages for all pay grades �IT评级向所有非评级,第一入伍水手(``gendets'')开放。 �Rate conversion for E-5 and below into IT has been opened up significantly �进入评级的能力要求已增加 在过去的四年中,我们还将网络系统管理员的培训可用性增加到了188个席位/季度。With the rapid infusion of our networks, this is a critical support item. We have identified an upward trend in retention of our IT-rated professionals when they have received formal training as systems technicians or administrators in their first enlistment. Transformation An additional challenge is that something fundamental is happening that can truly be considered transformational.我们将大量集中在基础架构上,但是正如我所说,我们的员工及其在这些网络中的新协作行为是非凡的。The shapes and processes of all of our organizations are in transition.The �network effect,� where organizations are now working in a �many-to-many� system, creates relationships that cut across former boundaries in all directions.有时,这些关系是高度短暂的,并且专注于一项独特的任务,有时它们会建立以随着时间的推移完成许多任务。他们以丰富的个人方式利用范围内的海军智力和信息资源,从而改变了实际的操作事件。通常,新的``实践''出现。有时,我们有意识地促进了这种新的组织行为,但最常见的是人们自己会看到新的力量并掌握自己。Sometimes, we do not even notice at first glance. 这个``许多人to-mony''系统本质上是非线性的。I venture to say that because the possible networked combinations are so incredibly numerous, it isexponentially non-linear。我的IT-21经验以及对模型和指标的同时需要的刺激了我的局,这将显示新的IT网络投资如何实现离散的运营成果。我们继续为此努力,但是我们坚信,这里发生的基本转型使分析难度的程度提高了一个数量级或更大的顺序。Highly discrete analytic metrics may not reveal themselves until we move further with this transformational shift. We are keeping up the press, and in the meantime, our best and most convincing evidence of value are the clear operational results--highlighted by my examples--that没有我们的新网络投资就无法实现。 信息时代的曙光确实是一个了不起的时光。In society at large, we expect the ride to continue, fueled by both economic and social imperatives.艾伦·格林斯潘(Alan Greenspan)和其他专家将这种转变描述为``创造性的破坏,'',在旧的系统秩序中,旧的全身秩序在一个全新的水平上被新的更好的秩序推出。For Navy, our imperatives are strategic, operational, and tactical in the ways I have already described to you.And to attain this whole new level of combat performance and realize our full Information Age potential, we must continue strong investment in our entry fees.More than half of our afloat forces are awaiting our new IT-21 networking capability.We have not yet realized our Navy-Marine Corps Intranet, an effort to achieve the most efficient, effective, and secure networked naval community we can.We have just begun to adequately train our people to work in this environment, including how to conduct network-based operations under security stresses.These are things we must do.We have made a great start.现在,保持我们的步伐和势头是我们最伟大的当务之急,最终导致了我们的未来 - 以网络为中心的力量。 Thank you very much for the opportunity to comment. |