• Thanks for stopping by. Logging in to a registered account will remove all generic ads. Please reach out with any questions or concerns.

The Army will soon allow users to access classified info from home

dimsum

Army.ca Myth
Mentor
Reaction score
18,777
Points
1,280
What could possibly go wrong?  :whistle:

The Army is expected to roll out a capability that will allow employees to remotely access sensitive and classified information in the next 30 days.

The decision to establish remote classified access comes as the COVID-19 pandemic continues to keep Americans working from home and military leaders prep for a second wave of the virus in the fall.

The new capability will allow remote users to access non-classified but sensitive information as well as classified information up to the secret level from remote locations, including at home, Maj. Gen. Maria Barrett, the commander of Network Enterprise Technology Command, told C4ISRNET in a statement.

The Army will be onboarding the first 500 users in the next 30 days, and it plans to eventually scale up to 2,000 users, according to Barrett. NETCOM is working with the Army CIO/G-6 and 7th Signal Command — which is responsible for defending Army networks in the United States — to gather “user requests for prioritization,” Barrett said, adding that the environment is “currently operational with initial onboarding and testing.”

“Based on location, the service will likely work better for [contiguous United States] users; it is our intention to test performance with [outside contiguous United States] users before issuing this as an offering [outside the contiguous United States],” Barrett said.

She added that the “majority” of the devices accessing information will be virtual desktops with no data stored on the end user device, though some will have data storage capabilities to allow users to work offline.

Lt. Gen. Bruce Crawford, Army chief information officer/G-6, said on a webinar in early June that before the coronavirus pandemic, the Army was “probably a year and a half” away from rolling out this capability, but the crisis accelerated that timeline.

The Army’s deployment of a remote environment to access classified information follows a similar effort by the Air Force. In April, the pandemic forced the Air Force to send thousands of unclassified devices to users as part of its Advanced Battle Management System. The devices were meant to be demonstrated as part of an April ABMS test, but that was delayed due to the pandemic.

The remote classified access capability is one of several adjustments the Army has made as the service adjusts to the effects of the pandemic. At the beginning of the pandemic, the service had 800,000 telework -enabled employees on Defense Department network and experienced a 400 percent increase in network access.

Other top IT leaders across the services are preparing for a second wave of the coronavirus in the fall. Vice Adm. Nancy Norton, director of the Defense Information Systems Agency, which manages Department of Defense networks, said in a webinar earlier this month that she’s working with industry to identify future chokepoints and has been asking DoD components what they need to boost telework capacity.

On the same June webinar, Crawford stressed that the telework environment would be around long term and that the service needs to ensure its workforce can continue to operate remotely. He added that Army users “deserve” access to “any data from any device.”

“It’s our job to decide how we’re going to enable them and more importantly,” Crawford said, “how we’re going to secure it.”


https://www.c4isrnet.com/2020/06/22/the-army-will-soon-allow-users-to-access-classified-info-from-home/?fbclid=IwAR05pCZESPlr_HGEL6fLXGVlFlsyhvY90cYj6cv2WMTfBYebZk71eGXO4Iw
 
You do realise that much of their classified data is stored in a public cloud right?

It is us with antiquated ideas about on premise physical storage with single points of access and hence failure that should be face palming.
 
The rest of the world quite capable handles multi/cross-domain classification...if it’s not treated like some voodoo, and implemented and trained for properly...it works.  Probably greater risk missing the Jeffrey Delisles out there...
 
Good2Golf said:
The rest of the world quite capable handles multi/cross-domain classification...if it’s not treated like some voodoo, and implemented and trained for properly...it works.  Probably greater risk missing the Jeffrey Delisles out there...

PPCLI Guy said:
You do realise that much of their classified data is stored in a public cloud right?

It is us with antiquated ideas about on premise physical storage with single points of access and hence failure that should be face palming.

The greatest vulnerabilities are, and will remain, people already trusted.
 
Good2Golf said:
Probably greater risk missing the Jeffrey Delisles out there...

Brihard said:
The greatest vulnerabilities are, and will remain, people already trusted.

We should always fully trust all our TSSA folks to spend time inside the Russian embassy, and never ask questions about it, even when alerted to it.
 
dapaterson said:
We should always fully trust all our TSSA folks to spend time inside the Russian embassy, and never ask questions about it, even when alerted to it.

Information sharing between partner agencies is for chumps.
 
Our current combination of IT policies and security classification are a bit insane. How often does classified information get shared over the unclass system anyway because the infrastructure required to actually do the job isn't in place?  Maybe for TS stuff that makes sense, but with how much stuff that you use day to day is slapped with Confidential/Secret the current system is unworkable without massive investments on the physical infrastructure required, so people use work arounds to tranfer the info required to get work done on the DWAN?

If you give people the tools to make it feasible to actually implement the security requirements, they'll generally use them. How often are people carrying around physical files because that's really the only way they can actually work on something?  May mean a lot more access points, but personally think our current system isn't set up to let people do the work they are supposed to be doing, and if it does get loose, a heavily encrypted digital file is still more secure than a dossier with a stamp on it. Lot easier to monitor activity via AI and track every key stroke then what we are currently doing.
 
As PPCLI Guy said, some might be surprised by what's already migrated to the cloud.

AWS has GovCloud, Secret Region, and Top Secret region (although that one is a bit different)

Microsoft just won a huge contract with Azure for the DoD.
 
Back
Top