The components of the United States Navy surface and submarine fleet have long been plagued by inefficiencies caused by disparate systems and aging technologies. This has lead to numerous cost, manpower and technology issues. To combat these issues, several companies in the private sector have been awarded contracts to initiate what is called Consolidated Afloat Networks and Enterprise Service or CANES. The overall mission of which is re-architect the Navy’s command and control network infrastructure. To achieve this mission, the concerted effort is to improve overall network agility. To provide this agility, the architecture of the new system is lending itself to consolidating hardware into several key locations and then delivering mission critical applications via a private network to ships, submarines and naval installations abroad. By using this system, the U.S. Navy is migrating to a cloud based architecture for its command and control facilities. The contractors that are implementing the CANES are aligned by the following vision or three pillars. The first pillar is a common computing environment with consolidates and improves utilization, promotes commonality and delivery to early adopters of the system. The second pillar is cross domain systems which seek to secure the infrastructure and collapse security domains. The final pillar is the use of service oriented architecture which decouples hardware and software.

Introduction of Cloud Computing to the United States Navy

In order to provide for the collection, analysis and dissemination of battlefield intelligence, both the surface warfare and submarine community of the U.S. Navy rely on the efforts and information from the Command, Control, Computer and Intelligence (C4I) component. Whereas the delivery of this information has been most successful, it is an inefficient system in terms of technology, staffing and cost. On any typical naval vessel there can be up to 50 disparate systems, each one requiring specially trained personnel to operate. Complicating this issue is that these systems are developed and supported independently from one another. Equipment used is often proprietary which lends itself to expensive replacement or repair when compared to commercial off the shelf (COTS) equipment. To combat these issues and ensuing inefficiencies, the Navy has made the decision to consolidate hardware and software components and move towards a service-oriented architecture (SOA) (RAND, 2009) In particular, this new system will utilize a cloud computing architecture in which services, data and applications will be centrally located and distributed to ship and shore installations worldwide.


The Consolidated Afloat Networks and Enterprise Service (CANES) will be based around a cloud computing architecture that will host applications. Through this approach the Navy goal is to provide a common computing environment that will rely on commercial off the shelf equipment. By decoupling hardware from software, this will improve efficiency and reduce cost. At present, there are existing C4I systems in place. A sampling of these mission critical applications are:

  • Navy Tactical Command Support System (NTCSS) – According to the Space and Naval Warfare Systems Command (SPAWAR) this system provides a common framework of tactical support information systems to both ship and shore installations for both the Navy and Marine Corps. This support is primarily for the Aviation, Surface and Subsurface maintenance, Supply, Inventory, Finance and Administration communities.
  • Combined Enterprise Regional Information Exchange System–Maritime (CENTRIX-M) – This system according to the Navy is designed to be global data network that facilitates multinational information sharing. Originally conceived by the United States Air Force, the system was adapted to the Navy to provide maritime information to ship and shore installations. (Boardman and Shuey, 2004)
  • Global Command and Control System–Maritime (GCCS-M) – According to SPAWAR, this vital system provides naval commanders information on friendly, hostile and neutral land, sea and air force assets. This information can include attributes and locations of said assets in order to support command decisions.
  • Integrated Shipboard Network System (ISNS) – This is a network application that allows for secure channel voice, video and data traffic between ship and shore installations. Both tactical and non-tactical traffic is passed through this system.
  • SCI – This is an information sharing network that securely delivers cryptologic and intelligence systems data between ship and shore installations. As opposed to other systems, SCI is the transport used to send both top secret and sensitive compartmented information.

These C4I systems will be early adopters of the CANES implementation. It is the intention of the Navy to integrate these applications initially and then close to twenty others into the CANES environment over the short term. Eventually other applications, systems and data sources will be added to provide an on-demand system synonymous with cloud computing. By reducing complexity, eliminating proprietary systems and providing improved scalability and adaptability the Navy will realize more flexibility to changing conditions. Cost savings will be realized as the need for infrastructure, energy and staffing to manage the new system will be reduced.

Mission Statement

Since the CANES implementation covers several different communities, the mission statements of all command components are shown below:

  • Deputy Assistant Secretary of the Navy - C4I and Space

C4I/SPACE is the focal point in the Office of ASN (RDA) for all matters related to Command, Control, Communications, Computers, Intelligence (C4I) and Space programs and policy. DASN C4I/SPACE serves as the single Department of the Navy (DON) point of contact for Military Services, DoD staff and Agencies, and the Office of Management and Budget for Space, C4I, IO, and Information Technology (IT) program and policy matters. DASN C4I/SPACE provides acquisition guidance, oversight, and policy expertise to PEOs and other members of the DON acquisition community engaged in command and control, communications, computers, intelligence/surveillance/reconnaissance, space systems, information operations, Information Resource Management (IRM), IT, and other matters as assigned. DASN C4I/SPACE executes its mission in accordance with the Strategic Principles established by the ASN(RDA).

  • Program Executive Office - C4I

Headquartered on the Old Town Campus of the Space and Naval Warfare Systems Command in San Diego, Calif., the mission of the Program Executive Office for Command, Control, Communications, Computers, and Intelligence (PEO C4I) is to provide integrated communications and information technology systems that enable Information Dominance and the command and control of maritime forces.


SPAWAR delivers higher-end Navy information technology products and services to the fleet and other Defense Department stakeholders. As the Navy’s Information Dominance Systems Command, Space and Naval Warfare Systems Command designs, develops and deploys advanced communications and information capabilities. With more than 8,900 active duty military and civil service professionals located around the world and close to the fleet, SPAWAR is at the forefront of research, engineering, acquisition and support services that provide vital decision superiority to our forces at the right time and for the right cost. It is our mission to make the Navy’s Information Dominance vision a reality. Our products and services transform ships, aircraft and vehicles from individual platforms into integrated battle forces, enhancing information dominance and awareness among Navy, Marine, joint forces, federal agencies and international allies. As the Navy’s technical lead for C4ISR, SPAWAR provides the hardware and software to connect our war fighters at sea, on land and in the air

Strategic Direction Statement

United States Navy Command, Control, Computer and Intelligence community along with other Navy component commands will utilize the CANES system in their missions to support the people, information and technology which enable the naval command structure to deal with the uncertainty of combat and to deploy military forces in an efficient manner. As stated in the U.S. Navy Command and Control doctrine, “command is the authoritative act of making decisions and ordering action; control is the act of monitoring and influencing the action.” To continue with this mission, commanders must be able to have up to date systems with which to communicate effectively with warfighters. By utilizing EA and effective change management, the CANES project will deliver effectiveness in communication and infrastructure systems which would be a substantial improvement over the current system.

Strengths, Weaknesses, Opportunities and Threats (SWOT)

The CANES system relies on cloud architecture to deliver mission critical applications, services and data to United States Navy ship and shore installations worldwide. A SWOT analysis of the CANES system would mirror that of private cloud architectures and is worth analyzing to determine what can be built upon the strengths and opportunities as well as mitigate weaknesses and threats. What is certain is that the world in a much different place now than it was twenty years ago. In the days of the Cold War, it was known who the enemy was for the most part what tactics and strategy they used. However, in the present day the United States must be prepared for non-state enemies and terrorists who seek to strike hard and fast against military and civilian assets. Therefore, the military of the United States, most notably the Navy, has seen the need to be as efficient as possible to deliver correct intelligence to war fighters abroad. As stated in A System of Systems Focused Enterprise Architecture Framework and an Associated Architecture Development Process the authors suggest that “For organizations to survive and succeed in today’s world… they must have the ability to quickly adapt and respond to changes of all types: changing technology, changing customers’ needs, changing customers, and changing business partners.” (Morganwalp and Sage, 2003). This model can be extended and adapted to military standards in that there is a constant threat from changing, threats, changing opportunities and changing actors whether they be friendly or hostile. The more adaptable the military force, the quicker and more efficient they are when deploying soldiers and sailors and the mission critical information they need to win the battle. By adopting and enhancing the CANES system and incorporating effective change management through structure enterprise architecture initiatives, the system will become more robust and useful to the war fighter.


There are several strengths in utilizing cloud computing architecture that will benefit the Navy once fully implemented. Cloud computing lends itself to scalability in the enterprise. Within a cloud computing architecture, services and applications can be scaled up or down depending on changing needs and requirements. This would be particularly effective in constantly evolving landscape of military operations. Cloud computing is customizable in the enterprise by delivering new classes of applications and services that are independent for location, environment and context. One such example of a new service would be that of a mashup. Mashups are defined as interactive Web applications that draw content from external data sources. This creates new and wholly different services for access on the cloud (Merrill, 2009). This could be leveraged in the CANES environment by allowing data streams from other military branches and government agencies to create more detailed intelligence and war fighting information. Furthermore, cloud computing allows for the offloading of intensive data processing to the cloud infrastructure allowing a smaller client footprint. This reduces network latency and availability. There is a decrease in the infrastructure and energy costs with a cloud computing infrastructure as opposed to alternatives. Consider that in the year 2000, on average 45 percent of an organization's capital expenditures were for information technology. By contrast, only 6 percent of server and network capacity was utilized. If the assumption is that a server or network hardware component has a lifetime of 3 years, then infrastructure and more importantly energy cost far exceed the initial investment (Marston, 2008). Cloud computing reduces the footprint of an organization while still providing robust services. As the military seeks to unshackle itself from foreign energy sources, this strength is apparent. Cloud computing lessens maintenance and management costs. CANES is being designed to have network management tools continuously monitor key systems and infrastructure thus allowing it to operate mostly unattended. Furthermore, with a migration to CANES there will be less need for sailors trained to operate and maintain legacy systems and more targeted training can be used for CANES operators. Although unfortunate that some sailors may be lost to attrition or reduction in force, overall there can be more resources then available to enhance the CANES infrastructure. Security is vastly improved in a cloud computing infrastructure. Within a cloud computing architecture it is possible to have preset templates that can be applied to servers and other virtual machines that have necessary applications, security and data. By having uniform configurations for every server, switch and router, security is greatly enhanced and configuration mistakes become less common. Furthermore, cloud computing makes it easier to monitor and control where, when and how users can access the system. This lends itself well to military applications where the security of data is paramount to overall national security.


Whereas there are much strength to the cloud computing model there are notable weaknesses that would need to be mitigated especially when such architecture is used for military applications. Some of those weaknesses include:

  • Despite best efforts, a cloud computing architecture is subject to bottlenecks due to the centralized nature of the technology. Even with large cloud computing vendors such as Amazon Web Services, the SLA commitment to customer is 99.95 percent. This figure would be manageable to small and medium sized businesses but would be detrimental to large organizations that need uninterrupted access to mission critical information. Even though CANES would be private cloud, it is still susceptible to performance issues due to environment issues.
  • It is a proven fact that the use of wireless technologies to deliver applications can lead to complications. The CANES program uses satellite technology to deliver applications, services and data to ships and submarines which can cause latency delays which for mission critical application can be disastrous. In a combat situation information needs to be timely and accurate. Additionally, the cost involved in launching and maintaining a satellite system is extensive. Since there would be a need to have constant and redundant satellite coverage in order to disseminate information this cost would be multiplied in mission critical settings. Furthermore, signals from unguided mediums such as satellite can be intercepted and interpreted thus introducing a security threat to data integrity and confidentiality. Such a breach can be detrimental to the war fighter both at sea and shore installations.
  • As it is one of cloud computing’s strengths, flexibility can also be a weakness. With typical client-server computing models, there are several layers of approvals needed to purchase new hardware and provision new services. In this respect there are controls over what gets provisioned. In a virtual environment that is common with cloud computing, services can be created and deployed without the previous constraints of new hardware. This can lead to security issues with rogue services and applications being deployed without appropriate security measures.


Opportunities can be realized when using cloud computing architectures. The U.S. Navy can leverage these to construct a robust system that will minimize infrastructure, energy and staffing costs. Cloud computing gives the opportunity to start up a new service or application with minimal cost. In previous client-service architectures it was necessary to purchase a new server, cabling and client software for every new application required by an organization. With cloud computing however a new service can be set up and delivered by allocating space on an existing resource. By consolidating hardware, it is possible to reduce the use of legacy hardware and move applications to servers and hardware that have more memory, faster processors and improved throughput. Ship and submarine assets where space is a premium can enjoy access to the same applications as larger vessels all the while conserving space. Since the more data intensive operations are performed on the backend servers and networking hardware, there is more network bandwidth on the front end. The United States military is one of the world’s largest consumers of energy. This energy is used to power ships, submarines, aircraft and other vehicles in support of worldwide military operations. It is estimated that in 2008 alone, the military spent $17.9 billion in energy costs (Cuttino, 2011). Thus any opening to save money in energy cost is a welcome effort. Moving towards cloud architecture allows an organization to reduce overall infrastructure thus reducing energy consumption and cost.


Threats to a cloud computing architecture must be weighed in the correct context and mitigated accordingly. Failure to do so in the CANES implementation could have disastrous consequences. An analysis of some of these threats is detailed below: As with any technology innovation, cloud computing in general and CANES specifically will produce backlash among the user and administrative population. This backlash is caused by the change in operations and in some cases culture that legacy systems have provided. One of the biggest changes could be that of staffing. It would be difficult for anyone to support a system that could potentially threaten job security. This is a very real concern as the Navy has projected that a full cut over to CANES will reduce the number of sailors needed to operation ship and shore installations. As disgruntled employees also present a major security risk, this is a threat that must be addressed and mitigated properly. As with any new technology, there is a threat that comes with a lack of standardization. History will show that early network systems had no standardization and thus did not promote interoperability of these systems. It was not until the International Organization for Standardization (ISO) created the Open System Interconnection (OSI) model that interoperability was achieved. Without these standards, cloud computing even in military applications could be forced into proprietary systems which can be more expensive than their commercial off the shelf counterparts. To combat this however the ISO is has formed a group called the Subcommittee on Distributed Application Platforms and Services to address this challenge. The goal of this group is to “to ensure the development and deployment of interoperable distributed application platform and services standards in relevant areas“ The biggest threat to cloud computing is security both inside and outside the network. As with any government organization, the military is susceptible to abuse from hackers and from disgruntled employees from the inside. Military computing history is replete with examples of how malicious users have exposed security weaknesses within military systems. What is concerning about the securing of military systems is that often this work is performed my defense contractors and not by a particular branch of the service. A highly publicized attack against military assets drew into the spotlight this practice. On July 12, 2011, a hacker published 90,000 logins and passwords from users in the Army, Navy and other government agencies that were obtained from defense contractor Booz Allen Hamilton. These logins were taken from a relatively unprotected server. (Adhikari, 2011). This attack prompted this statement to Congress by Senator John McCain: “I write to renew my request that the Senate create a temporary Select Committee on Cyber Security and Electronic Intelligence Leaks. I feel this Select Committee is necessary in order to develop comprehensive cyber security legislation and adequately address the continuing risk of insider threats that caused thousands of documents to be posted on the website Wikileaks. As you know, cyber security legislation has been drafted by at least three committees and at least seven committees claim some jurisdiction over the issue. The White House put forward a legislative proposal in May and the Department of Energy put forth requirements and responsibilities for a cyber security program that same month. Earlier this month, the Department of Commerce sought comment on its proposal to establish voluntary codes of behavior to improve cyber security and the Department of Defense issued its strategy for operating in cyberspace. With so many agencies and the White House moving forward with cyber security proposals, we must provide congressional leadership on this pressing issue of national security… ”(McCain, 2011). Former Central Intelligence Agency chief and now Secretary of Defense Leon Panetta echoed this sentiment in testimony before the Senate Armed Services Committee. During this session he stated: “The next Pearl Harbor we confront could very well be a cyber attack …” We must act now and quickly develop and pass comprehensive legislation to protect our electric grid, air traffic control system, water supply, financial networks and defense systems and much more from a cyber attack.” (Panetta, 2011). Since cloud computing put resource and data intensive assets on the back end infrastructure, this presents an attractive target to hackers whether they are foreign or domestic. Proper risk management must be performed against all assets in the cloud and security mitigation techniques applied to ensure the confidentially, integrity and availability of cloud services in the CANES implementation.

United States Navy Enterprise Architecture

The Enterprise Architecture of the Navy CANES program follows standard enterprise architecture methodology specifically tailored to military standards and one that is federally mandated. In a memorandum from the Deputy Chief Information Officer of the Navy dated April 6, 2007 the enterprise architecture policy was stated as follows: “Enterprise Architecture, operating in concert with data strategy…is vital to supporting management decisions and actions regarding investment in IT, sharing information, reducing costs. Establishing effective governance, conveying and assessing requirements/capabilities, achieving information assurance, conducting modeling and simulation, and enhancing joint/inter-agency/multinational interoperability…” The purpose of having such a policy is to align all Navy programs and initiatives under a common EA framework to ensure compliance with the adopted Department of the Navy guidelines but also that of the Department of Defense. In doing so, newly developed systems, applications and services with be efficient and effective in the missions both at ship and shore installations. The mission of the EA initiative is based around four tenets. First, it will create information technology agility by laying the foundation for the planning of current future capabilities and adapt not to just the changing military environment but also that of threats to national security. Secondly, a mature EA framework will reduce complexity by minimizing the duplication of technology in the Navy infrastructure. This is realized by the consolidation of products and tools that provide similar functionality. Thirdly, adopting an EA framework will reduce costs by streamlining that acquisition, support, maintenance and training costs associated with IT assets. Further cost savings can be realized when reusability is factored into purchases and there is a set of standards when purchases are made. Finally, the department of the Navy seeks to better IT portfolio management by not making duplicate purchases and a drive to invest in an asset once but be able to use it many times.


Another primary reason for Navy enterprise architecture is to allow federation with other Department of Defense agencies and other branches of service. Federation as defined in DoD terms refers to the process by which disparate system can relate to each other while maintaining strategic and tactical goals. Since each agency and branch of service has their own systems this concept is key when providing a stage for joint military initiatives. To facilitate a federated approach, the Department of the Navy Chief Information Officer has teamed with the Deputy CIO of both the Navy and Marine Corp to develop the following seven initiatives.

  • DON EA Hierarchy – a structure based on the Joint Staff-developed Joint Capability Areas (JCAs) to relate the complete set of activities occurring within the DON.
  • DON EA Governance – an overall governance structure that clearly defines the roles and responsibilities for development, review, verification and validation, approval, use and enforcement of architectures across the DON.
  • Naval Architecture Elements Reference Guide (NAERG) – standardized architectural elements, based on common terms, which form the elemental building blocks of the architecture.
  • DON EA Implementation Plan for the GIG Architecture Federation Strategy – a single set of DON-level federation rules and guidance for use by all developers of DON Segment Reference Architectures (SRAs) to federate with external partners.
  • DON EA Product Style Guide – formatting and style requirements for architecture products.
  • DON EA Project Management Plan – a schedule for developing Segment Reference Models, SRAs and supporting governance and other management processes.
  • DON EA Development Management Process – DON EA development criteria and process to manage EA development activities of DON SRAs and enterprise solutions to ensure EA efforts align to DON strategic goals and objectives. (Ecarma, 2009)


Department of the Navy Enterprise Architecture did not develop in a vacuum nor was there not a motivation for its creation. In 1996, Congress passed the Clinger-Cohen Act that among other things directed all federal agencies to develop and maintain Information Technology Architectures. From this, the Federal Enterprise Architecture recommendation was drafted by the United States Federal CIO Council in 1999 which was to be a federal-wide IT architecture that would “develop, maintain, and facilitate the implementation of the top-level enterprise architecture for the Federal Enterprise” (CIO Council, 1999). To facilitate this compliance took the collaboration of the DON CIO and deputy CIOs from both the Navy and Marine Corps. From that collaboration a series of initiative was drafted that included the following:

  • The DON Deputy CIO (Navy) issued the Navy Enterprise Architecture and Data Strategy April 7, 2007, which states that Navy programs, projects, systems, capabilities and investments that are not in compliance with the DON EA and Navy architectures will have their funding withheld.
  • The DON Deputy CIO (Navy) stood up the IT Management Council in May 2008 to oversee the development of Navy architectures.
  • The DON Deputy DON CIO (Marine Corps) stood up a Marine Corps Enterprise Architecture Working Group in May 2007 to provide policy and guidance to enable Marine Corps EA planning, development, use and evolution throughout the entire life cycle of the Marine Corps EA program.
  • The DON CIO is drafting a DON EA policy that will implement similar enforcement mechanisms across the DON.
  • ASN(RDA) CHSENG is using DON EA compliance as criteria during acquisition program reviews.
  • The DON CIO is in the process of developing a proactive approach to CCA certification for Major Automated Information Systems and DON IM/IT Special Interest Programs. A key component of this proactive approach will be assessment of proposed investments against the DON EA. (Ecarma, 2009.)

To further enhance this process and to provide a roadmap to ensure compliance, a comprehensive checklist was drafted that mapped to all DoD requirements from the Clinger-Cohen Act. This checklist is reviewed at periodic intervals during the project to ensure continued compliance. The information requirements are listed below:

  • Core Priority Function Determination – This determines if the proposed acquisition, application or system meets a specific need to accomplish military missions or accommodate business processes.
  • Outsourcing Determination – This determines is an outside contractor can better support the development of the application or system
  • Analysis of Alternatives – This determines if all alternatives for a solution have been researched and documented
  • Economic Analysis – In this phase, a full life-cycle cost and benefits analysis must be conducted on the on the proposed solution and that there was a systematic approach used to determine the most cost effective way to meet a particular agency's need
  • Outcome-based Performance Measures – This requirement documents the use of performance and results indicators in planning and/or acquiring solutions, applications or systems
  • Acquisition Performance Measures – This process documents the accountability for a solution's progress measured in cost, schedule and performance
  • Global Information Grid Architecture compliance – This documents that an application or services is consistent with the standards and policies dictated by the Global Information Grid architecture
  • Information Assurance Strategy – This documents the solution's ability to ensure availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for the restoration of information systems by incorporating protection, detection and reaction capabilities.
  • Modular Contracting – This documents if a system that is acquired is compliant and interoperable with existing systems
  • IT Registry – Is the finished solution, application or system included in the exhaustive list of the DoD Information Technology Registry.
  • Post Implementation Review Planning – This is a thorough documenting of any issues and lessons learned by integrating the system with DoD legacy systems.
  • CCA Compliance Confirmation – This certifies that the system has met all compliance requirements and milestones.

Department of the Navy Enterprise Architecture Framework

The DON EA framework is a layered approach similar to most EA frameworks. In the case of the Navy, there is a Capstone layer and Solution layer. The Capstone layer is further divided into two layers namely the DON EA Reference Models and DON Segment Reference Architecture. Reference models for the Navy are similar to Federal Enterprise Architecture models in that they model standards by which new systems and architecture are uniformly developed and approved. By having such standards there can be interoperability between various systems both within and without the Department of the Navy. For DON enterprise architecture there will be six reference models that govern and provide standards to build internal systems:

  • Performance Business Reference Model – Provides frameworks or standards to measure the performance of major IT investments and their contribution to program performance.
  • Business Reference Model – Provides an organized, hierarchical construct for describing day-to-day business operations.
  • Service Component Reference Model – Business and performance driven, functional framework that classifies service components with respect to how they support business and performance objectives.
  • Data Reference Model – Describes, at an aggregate level, the data and information supporting government program and business line operations.
  • Technical Reference Model – Component driven, technical framework used to categorize the standards, specifications and technologies that support and enable the delivery of service components and capabilities.
  • Security Reference Model – Provides a methodology for developing low risk enterprise information security designs and delivering security infrastructure solutions that support critical business initiatives directly from the Business Reference Model.

The Navy intends to use these architectural models to create a uniform framework all the while ensuring federally mandated compliance within systems and applications.

CANES Concept of Operations

Introduction and Scope

The United States Navy information technology strategy is in need of change due operational inefficiencies and interoperability problems. Ships and submarines have been forced to integrate various redundant systems in order to provide vital mission critical intelligence. The end result of these inefficiencies is as follows:

  • Loss of command and control agility and responsiveness
  • Unacceptable timeframes to replace legacy systems
  • Limited bandwidth per sailor
  • Aging technology that is cost prohibitive to replace
  • Limited reuse of technology
  • Network security vulnerabilities

Realizing that these issues could affect the agility and flexibility of the United States Navy in critical battlefield situations, there was an effort to find a solution to the aforementioned issues. What was determined was that a cloud computing architecture could be implemented that would decrease costs, infrastructure and staffing thus saving the Navy money in both the short and long term. To this end, the Navy issued a request for information from various contractors on how best to develop, implement and maintain such architecture. The Navy eventually awarded contracts to Lockheed Martin who has been providing defense contracting services to several branches of the military for quite some time. The solution devised became known as the Consolidated Afloat Networks and Enterprise Service or CANES. Lockheed sub-contracted various elements of the CANES project to General Dynamics who provided the CDS solution, ViaSat who provide IA services, Harris who provide wireless expertise and American Systems who provide certification and accreditation

Current System and Situation

According to Rear Admiral Kenneth Deutsch, director of warfare integration at the Office of the Chief of Naval Operations, the current manner in which the Navy develops, procures and maintains systems is not sustainable. In a recent interview for Government Computer News, Deutsch stated, “over a 14-year period, we would have to pay out $2.6 billion just to maintain current capabilities. This is a function of how we procure, acquire and test systems. That is a shipwreck.” Currently, the Navy relies on what are called stove piped systems that are team with other similar systems. Worse yet, they can be very cost prohibitive to replace and repair owing to being proprietary. To put the current system into perspective, consider that presently the Navy relies on at least 642 legacy systems aboard its 300-plus ships. There are 297 versions of the Integrated Shipboard Network System, some classified, some unclassified. There are 151 Combined Enterprise Regional Information Exchange Systems; 144 Sensitive Compartmented Information Network systems; and 50 SubLAN systems that are the primary shipboard infrastructure elements, along with NIPRNET and SIPRNET. A total of 15 legacy facilities support those networks, comprising three help desks that processed more than 8,700 calls between 2005 and 2007, seven training sites, two supply-support units to handle spares, and three engineering sites. (Rosenberg, 2008). None of the current system lends itself to a flexible and adaptable enterprise. This of course is critical in a time when state and non-state threats pose numerous issues to the United State military and those that they are sworn to protect. As private section organizations need to adapt to ever changing customer needs, the Navy needs to exceed that exponentially.

Description of the Proposed System

The purpose of the Navy implementation of CANES is to bring commercial off the shelf (COTS) system to ship and shore installations. This will be coupled with a backend system that will handle the resource and data intensive operations and deliver applications and services to afloat assets worldwide. By adopting this model the Navy will save money in both infrastructure and energy costs. Additionally, new functionality brought about by a cloud computing architecture will allow for the fast and efficient delivery of legacy and new mission critical services, applications and data without excessive hardware and software costs.

Analysis of the Proposed System

The overall objective is to bring outdated Navy systems up to date with state of the art equipment. By allowing COTS equipment to be used in the installation there will be a cost savings as compared to the proprietary equipment that is commonly used. Furthermore, by eliminating redundant networks higher levels of security can be achieved which is vital in military operations. Overall, CANES is to provide seamless delivery of mission critical application to the warfighter. This can to various locations, but given as that this is the United States Navy, this delivery can and will happen aboard ships and submarines as well as land based facilities. The main concept was to take antiquated and non-reusable systems out of assets afloat and onshore and provide centralized administration in a data center environment. By centralizing hardware and application repositories in a data center, it is possible to stream applications to thin clients aboard ship and shore installations. By migrating to this cloud infrastructure, the Navy can realize a reduction in both cost of technology and simplicity in technology selection and design.

Security Plan

The CANES implementation will have similar security threats as other cloud computing architectures. As with any network or system, risk management will need to be perform on each asset to determine what safeguards are needed to ensure confidentiality, integrity and availability to the system. This is vital in the CANES implementation to ensure that the war fighters in ships and submarines have accurate mission critical information when it is needed to make crucial command decisions. That being said, there are common weaknesses among cloud based infrastructure and mitigation techniques that are listed below:

  • Abuse or nefarious use of cloud computing resources – As stated earlier and illustrated by the hacking of Booz Allen Hamilton, the cloud is a prime target for malicious use. One primary reason for this is concentration of data on back end systems since they are used for resource and data intensive operations. This issue can be remediated by constant vigilance of the network infrastructure by proper incident response and handling.
  • Insecure interfaces coupled with Application layer interfaces – In order to utilize cloud computing services, software interfaces are developed. The provisioning and deploying of new applications and service depends on these APIs. However, these software interfaces if programmed incorrectly can introduce security threats to the entire architecture. Therefore, a careful security analysis of each API must be performed to determine potential threats. Further threats can be averted by ensuring strong authentication and access controls be utilized. Finally, since APIs can be linked to provide mashups, understand the API chain is necessary to avoid security threats when combining data sources.
  • Insider threats – It should go without saying that one of the biggest threats to a network is from the inside simply because of the direct access allowed to backend systems. Many times the damage that can be done is completely unintentional. However, insider threats can take the form of disgruntled former employees who can inflict damage by various means. Furthermore, damage can be done when receiving hardware and software from unknown vendors who can appear to offer properly configured systems but have underlying code to route sensitive information off site. To prevent these issues, it is necessary to thoroughly screen employees and contractor for potential warning signs of being untrustworthy. By ensuring that vendors come from trusted supply chains is vital as well
  • Outsourced technology – Referencing the previous article regarding Booz Allen Hamilton and given the history of the military outsourcing critical components of systems one of the major security threats is not being able to control all ingress, egress and protection systems within the network. Whereas assurances may be given to uphold service level agreement by defense contractors this is still a huge security hole. That being said it is important to have scheduled and unscheduled checks of contractor performance to ensure security of vital systems.
  • Data leakage or loss – Data can be compromised in many different ways both intentionally and unintentionally. This is an issue that is amplified in a cloud computing architecture as most of the data that is being streamed to remote sites is resident in a few data centers. Therefore redundancy and backup of data must be a priority in order to continue servicing customers
  • Misuse of credentials – Usernames and password can be stolen from outside the organization thus leading to unauthorized access. However, from inside the network users out of carelessness or laziness may share this information with other users. Credentials that are created for one user may not be authorized for another. Therefore identity and access management best practices must be used to ensure that the user is who they say they are and that they have access to systems. Credentials must be audited and unused accounts deleted to avoid security breaches.

CANES Disaster Recovery

CANES share similar disaster recovery techniques with cloud computing architectures. However, CANES also has elements that make it unique. As with cloud based infrastructures, CANES will need documented procedure by which data backup will be performed. This should include items such as how frequently data is backed up, the restore process and how long backed up data will be stored. Furthermore, there must be redundant data centers with fast switching capabilities in the event a primary site was to degrade to a point that applications, services and data could not be effectively delivered. Within each data center there must be redundant power and outside data connections. At the ship and submarine level, spare parts inventories for onboard systems must be regularly checked to ensure optimal uptime of systems. Scheduled tuning and maintaining of systems must be performed to ensure system uptime. Finally at the communications level, satellites and transmission facilities must be checked to ensure proper orbit and operation. Testing of redundant systems must be performed and “fire drills” schedule to test the fitness of the sailors manning the systems and reaction times.

Conclusions and Summary

In order to have a Navy that is flexible and adaptable to today’s threats, a migration to the CANES environment is needed. In an December 2011 interview with C4ISR Journal Robert Wolborsky of the the Navy’s program manager for afloat networks, information assurance and enterprise services within the Navy’s Program Executive Office for C4I stated, “Today, every functionality comes aboard with its own set of infrastructure. We want to start decoupling these applications and capabilities from the hardware baseline and port them into a common computing environment. By getting rid of expensive network capabilities and migrating to an enterprise network architecture that will be a single backbone with a uniform application of security and service, we will increase our ability to secure the network and add cutting edge functionality much quicker than we can today with our federated architecture.” The CANES initiative will allow for such a transition and will allow the Navy to save costs associated with infrastructure, energy and staffing. Security will be vastly improved by having a common backbone and interoperability will be easier to achieve with a common computing environment. Because of these reasons, it is vital that the Navy implement the CANES initiative as soon as possible.



QR Code
QR Code navy_cloud_computing (generated for current page)