Robert K. Ackerman

Bringing diverse information technology programs together under a single umbrella goes beyond settling on common commercial technologies.

Virtually every piece of military electronics hardware, from the simplest handheld personal computing assistant to the most powerful mainframe computer, faces the challenge of interoperability to fit into the U.S. Defense Department's Global Information Grid. Designed as the ultimate military networking project, the grid is a cornerstone for achieving the information superiority outlined in the department's Joint Vision 2010 and Joint Vision 2020.

The Global Information Grid, or GIG, is designed to link all diverse military information system elements into a common network of networks to permit the smooth and timely flow of information to whomever needs it. The effort, described by Defense Department officials as "the entry fee to the future," also is envisioned to link the revolution in business affairs and the revolution in military affairs.

The GIG's mantra is to provide the right information at the right time to the right warfighter in the right format. This assumes bandwidth on demand and zero-bit false data rate. And, it must meet exacting security needs that permit customers to use the GIG effectively while denying adversaries any opportunities to wreak havoc in its target-rich information environment.

John Osterholz, director of architecture interoperability in the Office of the Chief Information Officer (CIO), Office of the Secretary of Defense, emphasizes that the GIG is a transformation activity rather than a program. Part of the GIG's mission is to organize large elements of information technology to enable their integration and assimilation. Over time, a more detailed structure will be synchronized to ensure that end-to-end capabilities operate in concert.

"Much of the GIG transformation recognizes that the forces will be leaner, lighter and faster and will depend even more on reach-back to information and computing capabilities that used to happen organic to the unit that was using them," Osterholz warrants.

Arthur L. Money, assistant secretary of defense for command, control, communications and intelligence and chief information officer, Office of the Secretary of Defense, notes that information superiority has moved on to become decision superiority, which adds speed of decision into information. Each of the services has been developing its own systems aimed at networking the battlespace, but these systems largely have been stovepiped with little assurance that they would work in concert with their equivalents in other services. The GIG becomes necessary because the speed of information transfer does not permit the luxury of spending time to make data compatible, he adds.

He continues that, while the department increasingly is turning to commercial off-the-shelf equipment because its speed is better than almost anything the department could develop, potential adversaries have access to the same commercial hardware and software. The distinction between the United States and its adversaries can come down to the speed with which the military can apply its information to decision making.

The GIG's connectivity will extend to any device that passes information, Money notes. "Anything that sends or receives a one or a zero is to be compatible with this grid," he says.

Adapting legacy equipment to work in this new information grid is the biggest challenge facing the GIG, Money offers. "We must get the legacy equipment fixed, transformed, replaced, or compliant with the GIG so that we're more interoperable," he declares. And, there is no formula or quick fix to attain that solution.

"The heart of this information superiority is that there is no way we can throw away 30, 40, even 50 years of legacy equipment," Money warns. Much of this gear was built without any thought to interoperability as it currently is defined. So, the department must find a way to incorporate this vital gear into the interoperable grid. Money cites gateways and interfaces as the current options for achieving compatibility.

The department faces two other key challenges in implementing the GIG: determining priority needs and achieving information assurance. Meeting the first challenge--sorting out which elements, capabilities and technologies are important--entails recognizing that the GIG cannot be all things to all people simultaneously, Osterholz relates. This transformation must begin somewhere and must meet the department's priority needs.

The horse that leads the cart, Osterholz explains, is the clear understanding of the operations that information technology must support. "Our major thrust is to make sure that we have a full understanding of the operational view--some call it the operational architecture--for the activities for which this information technology is to be applied. Once you have that reasonably good view to a level necessary to understand the basic operations, then you are in command of either a material solution or a procurement such as an outsourced service."

Osterholz emphasizes the GIG's governance process as vital to its success. This process involves the Joint Staff, the services and the department CIO. "Part of what we bring to the picture is the challenge of bringing process and technology together," Osterholz states. A technology-only systems solution would be an unsatisfactory solution, he emphasizes. So, priorities must be established to allow important elements to compete for resources.

In establishing these priorities, the CIO office's approach is to focus on the importance to joint operations. This is expressed through the architecture to make clear what those joint missions are and how they are supported by information technology. Additional factors include major shortfalls in that support and how best to cover those shortfalls, either through investment or through nonmaterial solutions such as changes in tactics, techniques and procedures--in other words, new business processes.

The second major challenge--information assurance--arises because both the warfighter and the national policy maker must have confidence that the GIG is dependable. And, those engaged in combat support activities must be able to rely on the GIG to carry out e-commerce and other network-centric combat support operations at their required fast pace.

With information assurance being key to maintaining GIG effectiveness, the CIO office is seeking improvements beyond the defense-in-depth concept currently in operation, Osterholz maintains. Attacks on U.S. defense information capabilities will be increasingly sophisticated and numerous, and the GIG cannot be protected without the ability to characterize and respond more quickly and more effectively to information attacks. "We want to move from a defense in depth to a defense in breadth," he allows. This involves looking across a broader front of potential attacks, including those of cooperative insiders.

Virtually every device, even the smallest handheld one, could be an entry point for an attack, Money points out. So, the security infrastructure will ensure that data from that handheld device does not enter the GIG in an unprotected manner.

Money notes that almost every information technology has vulnerabilities, and the key to successful GIG risk management is defense in layers. The department has endured 28,000 cyberattacks, and all except about a dozen were trivial nuisances that were handled routinely. However, most of the dozen were serious, although the department was able to handle them. Three years ago, Money relates, the department "would have been on its knees" with the number of cyberattacks experienced in the past year.

The CIO office, in concert with the Joint Forces Command, has developed a set of requirements for the GIG known as the capstone requirements document, or CRD. Osterholz notes that this CRD, led by the Joint Forces Command, is now entering the Joint Staff requirements process for formal coordination and approval. This will establish the requirements basis for the GIG.

Co-evolving with the CRD is the GIG architecture. With its first version currently undergoing rollout, this integrated architecture features an operational view that discusses basic operational processes used by the department to execute its missions, Osterholz says. A system view traces through from the operational view into actual systems choices, while a technical view represents the standards base for acquiring GIG components.

Osterholz relates that the GIG architecture is organized around the joint mission areas recently approved by the chairman of the Joint Chiefs of Staff. These include intelligence, surveillance and reconnaissance; logistics; and fire control, for example.

The department now is working to implement GIG below the policy level. This involves examining programmatics in three areas. The first covers traditional capabilities acquisition or services procurement. The architecture will be a controlling document for establishing systems requirements in capabilities and for operational and systems requirements in outsourced services.

The second area involves the designation of GIG pilot programs for large-scale activities emphasizing integration. Osterholz explains that these large pilots will aim to expose traditional problems that are not revealed in advanced technology demonstrations, for example. One current department-level GIG pilot is the Navy/Marine Corps Intranet. Facilities such as the Joint Interoperability Test Center in Fort Huachuca, Arizona, will help assess some of these pilots.

The third area focuses on legacy management. Osterholz notes that this topic has not been the beneficiary of the same kind of attention in a managerial sense, and he characterizes this omission as a mistake. "This is the Vietnam of this business," he allows in describing the difficulties inherent in legacy management. However, failure to address it in the GIG effort could mean that a transition from legacy systems to new technologies and capabilities "is pretty much not going to be practical or possible," he states. Some legacy capabilities must be extended, which must be determined in an upfront corporate-level decision.

Money emphasizes the need for commercial technologies in GIG operations. The pace of technology change has shortened generations from 18 months to about 12 months, and the Defense Department cannot continue its methodology of spending anywhere from two years to eight years just on planning a new system. "We have a huge mismatch between the time we can buy something and the current rate of obsolescence," he says.

The Joint Forces Command has taken on the responsibility as the joint doctrine developer to pick up the operational view of the GIG and work these areas into the command's ongoing doctrinal areas. The earliest emerging area will be network operations, which is fundamental to the GIG, Osterholz points out. This element combines traditionally separate network management, information assurance and information dissemination management functions. Integrating these facets helps avoid seams in the management capability that otherwise could be exploited by an adversary, and it helps facilitate response to an information attack.

Quality of service in network operations is a key issue, Osterholz notes. Traditionally, networks have been provisioned by bandwidth. Now, however, the department has a greater understanding of the role that service quality plays in the distributed computing environment. It affects virtually every functional area. This is especially relevant in network management and basic engineering, where latency and other parameters such as packet loss become key network performance criteria that are more important than bandwidth, he emphasizes.

What Osterholz describes as "a sensible level of our computing capabilities" also is important. The department successfully has consolidated most of its computing operations at the mainframe level. Similar efforts at the server-based level have not been as successful, he allows. The department still has "a large number of unfulfilled requirements for systems administrators" because of the large number of server-based computing capabilities that are not properly staffed. These systems administrators are vital to information assurance as "the first line of defense," he notes. Some consolidation of the department's server-based computing similar to that achieved with the mainframes "is probably in the cards," he states, adding that this probably will entail consolidating much of the mid-tier defensewide and joint applications in similar enterprise computing centers.

The GIG architecture also will address the end state of convergence. The department still is evaluating whether to converge on Internet protocol (IP) or to utilize existing asynchronous transfer mode (ATM) as its convergence platform. The commercial world appears to be converging on an IP-based platform, Osterholz admits, but intermittent connectivity in the tactical community may make IP a less desirable choice. Some aspects of the operations environment may mitigate against straight use of IP. The GIG decision will be made on the basis of operational needs and not just because the commercial world takes a particular path, he declares.

Nonetheless, at the communications network level, IP technologies are critical, Osterholz offers. In the computing environment, the object request broker technology Corba is vital for moving objects around a network. Any object-oriented languages are strategically important.

GIG planners are strongly behind identity-based certification for access to networks and computing. Public key infrastructure (PKI) likely will be used, not only for identity certification to access facilities and networks, but also for managing data that previously would be considered too sensitive to store on a network. This data now can be protected on a community-of-interest basis using PKI certifications.

The reliability of commercial off-the-shelf software is important to the GIG, and Osterholz states that the route to attaining that reliability has been a checkered path. Commercial software reliability must improve if it is to be used in the GIG, even with the price and market advantages inherent in commercial products. Money has emphasized working with software manufacturers to tailor their product for military needs before mass market penetration, and this effort is focusing on software for next-generation wireless communication systems. Interoperability, especially across the oceans, is a major challenge. Applications that enable interoperability before these wireless systems are even introduced will enhance communications during combined operations among allied nations.

Next-generation wireless technologies are key to GIG operations. Osterholz explains that this discipline encompasses three of the GIG's five major transformations. One of these transformations involves moving from data to relationships, which in turn requires moving the data's object representation along with the data. The second transformation is to transition from personal computers to interpersonal computers. This recognizes handheld computing as a major capability in the grid. The third item is the migration from wired to wireless datalinks. The combination of these three elements provides the customer base--the warfighter, the business process user--with the freedom to execute their operations anywhere and any time.

The CRD and the first version of the GIG architecture currently are being finalized. Both are designed to be fundamental to the upcoming quadrennial defense review being conducted by the Bush administration. Osterholz expects this strategic re-examination to influence GIG resources in the fiscal year 2003-2008 time frame, which also will represent the period of major thrusts in investment and process changes. Substantial pieces of the GIG should be implemented by 2010.

Information exchange requirements in version 1.0 of the GIG architecture can be divided among several different elements. The largest, which takes up about one-third of the requirements, involves employing fires. The second largest, at about one-fifth, is command and control (C2). The third largest, slightly smaller than C2, involves operations other than war. Next, in descending order of size, are force protection; intelligence, surveillance and reconnaissance; communications and computing; and logistics.

Several early decision opportunities loom for the 2003-2008 time frame. These include network operations implementation; the joint tactical radio system; intelligence community collaboration architecture options; and the family of interoperable operational pictures (FIOP) information management.

Osterholz allows that attaining GIG goals likely will require some major investments. However, it is premature to specify which individual devices will be key. Some areas, such as network operations and assurance of service quality, are likely to require considerable investment.