An information assurance architecture for army installations

The increasing dependence information systems as the core Warfighter assets has prompted the US Army to make protecting its infrastructure of information systems and computer networks from attacks and disruption a top priority. This paper traces the development of an information assurance (IA) architecture for Army installations. Early in 1999, as a critical initiative within the Army´s Installation Information Infrastructure Architecture (I3A) project, the Army´s ODISC4 Architectures Directorate undertook the task of developing an IA architecture overlay that could be applied to Army installation communications and computer network backbones. Following DoD´s Defense-In-Depth philosophy and taking into account current and emerging DoD and Army IA policies, a multiorganizational team continues to develop a flexible, capabilities-based IA architecture that blends Army IA concepts with accepted best practices from the commercial world. The emerging architecture is being applied to both ATM and TCP/IP networks and is enabling the Army to tailor installation IA implementations to meet unique mission requirements. The paper describes and discusses the various policies, capabilities, techniques, and types of produces that are currently included in the architecture including firewalls, security enabled routers, and proxy servers. Some of the challenges that are facing Army networks such as electronic commerce and issues associated with malicious code are presented along with potential solutions that are currently being investigated including the use of technologies like e-mail scanning servers and virtual private networks. Key efforts and initiatives undertaken by the 13A Configuration Control Board´s Information Assurance Working Group to develop the concepts, policies, and management processes that the Army will need to maintain its IA enabled networks are also included