Navy Next-Gen Network Looks Highly Vulnerable To Cyber Attack

The Navy Marine Corps Intranet (NMCI) is the biggest intranet in the world. With 800,000 users, some people say the only network that’s bigger is the Internet itself. But NMCI has spawned more than its share of controversy, because the Navy awarded a huge contract to Electronic Data Systems to run every facet of the program for ten years. The contractor’s role was so expansive that it even owned the computers sailors used to access the intranet. EDS never made any money on the program, but because it was responsible for everything, it also got blamed for everything — even when problems were the inevitable result of the way the sea services operate. So now that the ten-year contracting period is drawing to a close, the Navy wants to take a different approach.

The Navy wants to unbundle various pieces of its intranet and parcel them out to best-of-breed suppliers. Thus, the company running the help desk might be completely different from the company providing the software. The Navy would integrate the whole system, thereby eliminating the overbearing influence of EDS (which, incidentally, is now part of tech giant Hewlett Packard). It calls the new approach the Next Generation Enterprise Network, or NGEN, and it plans to transition from NMCI to the successor system over the next few years. Unfortunately, NGEN is a cyber disaster waiting to happen.

The basic defect of the NGEN architecture is that every time you add another contractor to the mix of suppliers, you introduce seams and discontinuities into the system that can be exploited by intruders. Standards and practices will vary from company to company, and clever hackers can figure out how to leverage those difference to corrupt the system. For example, the company operating the NGEN servers might ban portable storage devices or social networking portals from its work environment, while the company running the help desk might allow them. But a clever hacker could use a single cracked door anywhere in the system to thoroughly penetrate the whole network. And once they’re in the system, rooting them out will be made harder by the diversity of companies supporting NGEN.

Of course, the Navy has all sort of smart ideas for how to maintain security across a system of system suppliers. But the simple truth is that the more players there are, the harder it will be to enforce standards and prevent intrusions. That’s just common sense. For all of its supposed faults, the current Navy Marine Corps Intranet is a remarkably secure network, and that security is undoubtedly traceable in part to the fact that one company oversees the whole enterprise. Breaking it up and parceling out the pieces seems like a foolish idea at a time when everyone else in the government is preoccupied with making information networks less vulnerable to intrusion.