The Defense Information Systems Agency (DISA) serves as a Combat Support Agency for the Department of Defense (DoD). DISA develops and delivers global enterprise infrastructure and Command & Control (C2) capabilities in direct support of our Nation’s warfighters and senior national leaders, to include the President. Most of DISA’s operational missions, to include cyber security, are executed at Scott Air Force Base, Illinois by DISA’s Continental United States (CONUS) Field Command. In 2010, DISA’s Director, Lieutenant General Pollett, challenged the DISA CONUS Field Command to serve as the operational lead for DISA’s most significant and innovative technical initiative of 2010. The challenge was to develop and implement DoD’s first-ever global capability to harden the boundary between DoD’s largest and most-used network, the Non-Secure Internet Protocol Router Network (NIPRNet), and malicious activity coming from the commercial Internet.

DoD’s global NIPRNet experiences 10.1Gpbs outbound and 2.0 Gbps inbound traffic during peak usage, with 70% of the traffic accessing the Internet. DISA CONUS sought to engineer and operate a defendable perimeter against an unprecedented level of cyber attacks on our Nation’s critical infrastructure with a strategy that included a number of related projects and capabilities which were combined under one program called “NIPRNet Hardening.” The first step was to develop a list that identified internal assets and devices that actually needed to be accessed from the Internet. This effort reduced DoD’s cyber attack surface by close to 98 percent for certain classes of attacks. The next critical step was to create a ground- breaking global Internet Access Point Network (IAPNet) that consolidated DoD’s numerous access points and afforded symmetric routing between the NIPRNet and Internet. Construction of the IAPNet was foundational for several follow-on initiatives that use symmetric routing to allow full inspection of traffic as it traverses the NIPRNet-Internet boundary.

The next major breakthrough was developed and deployed through a Security Content Automation Protocol and content filtering tools. During this phase, DISA’s security initiatives could not impact the operational requirement to share information across government and it was imperative that DISA deploy measures to enable collaboration on its enterprise infrastructure. In doing so, DISA CONUS was successful in integrating prioritization of the traffic across the boundary in ways that are much more flexible and effective now than ever before. Since the implementation of the NIPRNet Hardening effort, thousands of potential attacks have been mitigated. DISA CONUS is currently expanding these new enterprise capabilities and continues to improve an innovative and flexible defensive posture that allows quick response to emerging cyber threats and technologies. As DoD moves toward Internet Protocol convergence for all voice, data, and videos services, these NIPRNet Hardening solutions will continue to play a vital role in protecting America’s vital networks and information.