The year 2020 was big for advances in telework in the Defense Department, even for people who need access to classified information. The Army alone deployed thousands of new devices to let its leaders get access to secret-level information from home.
But those toolsets and technologies turned out to be useful in ways that go beyond telework. The service is using what it’s learned over the years about supporting remote users to also make it easier, faster and cheaper to deploy secret-level networks on its own bases.
Ordinarily, installing the infrastructure needed to connect to DoD’s Secret Internet Protocol Router Network (SIPRNet) is not a trivial matter. SIPR connections in DoD buildings traditionally have required a Protective Distribution System (PDS), with specialized conduit, anti-tamper technologies and other security measures to keep classified network cabling physically secure.
But just as the pandemic was beginning, at Fort Gordon, Georgia, the new home of Army Cyber Command, officials from the Army’s 7th Signal Command were already looking at a new way of doing things. Instead of installing PDS systems for each new classroom and building, they wanted to try connecting users to SIPRNet over encrypted connections to virtual desktops, using plain old unclassified cabling to transport data.
The hardware and software package behind that concept was already on its way to getting a signoff from the National Security Agency at the time COVID-19 struck, said Maj. Gen. Maria Barrett, the commander of Army Network Enterprise Technology Command.
“But we said, ‘Hey, could we add wireless to this package in order to make this a remote capability as well?’ So we amended the package, NSA approved it, and now we had a full desktop environment for classified users that we rolled out during the summer,” she said during an event hosted by AFCEA’s Northern Virginia chapter. “It provided us a viable option for those of us who are not just consumers of SIPR, but really require a full desktop experience as a teleworker.”
Barrett said the virtual desktop approach has the potential to help replace and consolidate the more than 20 implementations of remote capabilities for classified work the Army has been piloting and using until now. The aspirational goal is to run most of the infrastructure in a commercial cloud environment that’s approved for DoD classified workloads.
“I think we’re at a point right now where we see the benefits, including the cost and flexibility benefits of this, and maybe we should take a more enterprise approach to the solution as well as the transport,” she said. “Instead of [the Army] building, hosting and lifecycling this capability ourselves, let’s think about hosting this in an [impact level 6] commercial cloud so we can quickly surge when we need it and ramp it down when we don’t. I’m very proud of what the 7th Signal Command engineers did to modify and accelerate the delivery of this initial operating capability in response to COVID. But it did take them about four months to get it this out — from the idea of modification of the package to getting the first client in the hands of our pilot users. We’d like to be able to spin up additional capability quicker in response to any range of contingencies.”
The Army is considering an expansion of the Fort Gordon idea to expand its SIPRNet connectivity on other bases.
One is at Fort Knox, Kentucky. There, NETCOM was suddenly tasked with supporting hundreds of new SIPRNet users as a result of the Army’s decision early last year to reestablish the V Corps and place its headquarters staff in a facility that was mostly outfitted to only support unclassified networks.
“So now you have an organization in one wing of the building that does have a requirement for SIPR. So how can we do this without having to bust through walls and put PDS in?” Barrett said. “Here’s the solution: This virtual desktop solution that we can give you right now — just plug it into your NIPRNet connection, and we’ll get it where it needs to be. It solved a problem that would have taken us months and a contract and installation, and instead we can spin it right up.”
Meanwhile, the Army is also working on long-term solutions for telework on its unclassified networks. The vast majority of the Defense Department moved in that direction last year, when DoD implemented a temporary toolset called Commercial Virtual Remote, based on Microsoft Teams, in response to the pandemic.
Over the next year, the Army will start to transition users from CVR to an Office 365 environment that will interoperate in a “federated” model with other DoD components’ Office implementations, much of which will be sourced from DoD’s new Defense Enterprise Office Solutions contract.
“One of the big things that we just did in order to enable the Army’s migration is to cut over to the global directory services that DoD has mandated,” Barrett said. “The authoritative directory services are going to enable us to have that cross-tenant interoperability and security inside Office 365. We’re ready to start doing our test migrations in mid-to-late February, and then the plan is to migrate 25,000 users per week.”