Defense Department Plans to Automate and Virtualize Its Information Networks

by Rachael King

MOUNTAIN VIEW, Calif. — The Defense Department is planning to automate and virtualize much of its information networks. The agency is still in the early stages of the transition.

The department envisions fully automated tasks such as ordering, billing, disaster recovery, software patching and intrusion detection, said Maj. Gen. Sarah E. Zabel, the Defense Information Systems Agency’s vice director, at a conference here. DISA, which is under the jurisdiction of the Defense Department’s CIO, is the agency that supports combat operations with information technology. The agency is working on proofs on concepts in the lab in areas such as service ordering, usage tracking and billing. Some cases are moving into production.

“Anything that can be automated and virtualized needs to be automated and virtualized,” said Gen. Zabel, speaking at the Open Networking User Group Spring conference. The goal also is to change how the agency does business by creating new processes.

This move impacts the Department of Defense Information Networks that support the military, President, Vice-President and other leaders. The information networks are made up of compute, storage, networking and information security. 

The plan it to move the infrastructure to a so-called software-defined enterprise which eschews proprietary hardware for hardware that can be configured for a number of uses depending on the software that it runs. This is similar to the way that the largest Web companies such as Alphabet Inc.GOOGL -1.19%’s Google and FacebookInc.FB -0.81% operate their infrastructure.

Since the agency makes 22,000 changes each day to its infrastructure, automation would save a great deal of human intervention, said Gen. Zabel. With a software-based infrastructure, it means that changes to servers and switches can be made from a remote location. The end result might look a bit more like Amazon Web Services, where customers can order services and get them up and running and make changes online.

So far, the Defense Department has implemented virtual servers, desktops and storage drives, but has not deployed virtual routers, switches, firewalls and encryptors. With a virtualized network, the Defense Department could potentially better outmaneuver cyber adversaries, she said.

Such as arrangement would let the Defense Department more easily create a new virtual network and move users off the compromised network to a new one. If intruders were found in a certain part of the network, the Defense Department could create a so-called honeypot to keep them there and move the users instead.

The agency plans to operate in a hybrid mode using both newer and older systems as it slowly begins to move in the direction of automation. “What we’re trying here is setting up a new autonomous system that would sit side by side with our existing systems,” said Gen. Zabel.

As the agency starts to bring capabilities into the new system, it plans to migrate users of the system in as they’re able and provide gateways in and out, she added.

Write to rachael.king@wsj.com

This article was originally published in the Wall Street Journal, CIO Journal on May 11, 2016.