Networks need automation -- just ask the U.S. military

11.05.2016
IT professionals are looking to software-defined networking to automate what are still complex and vulnerable systems controlled by human engineers. Major General Sarah Zabel knows where they’re coming from.

Zabel is the vice director of the Defense Information Systems Agency (DISA), which provides IT support for all U.S. combat operations. Soldiers, officers, drones, and the president all rely on DISA to stay connected. Its network is the epitome of a system that’s both a headache to manage and a prime hacking target.

Zabel was a featured speaker on Tuesday at the Open Networking User Group conference, a Silicon Valley gathering of enterprise IT leaders who want to steer vendors toward technologies that meet their real needs. Members include large retailers, financial institutions, and manufacturers.

ONUG announced some broad technical initiatives on Tuesday, and a common wish voiced at the meeting was to make networks eventually run themselves.

DISA is a case in point. With 4.5 million users and 11 core data centers, its infrastructure generates about 10 million alarms per day, Zabel said. Approximately 2,000 of those become trouble tickets. These aren’t just for users who can’t get into Outlook: A lost circuit could cause a battlefield surveillance drone to abort its mission and return to base, or could cut off commanders in the field from their superiors.

Then there’s hacking: DISA logs 800 billion security events per day. Though many are innocuous, the Defense Department detects about 14 phishing attacks per day and rejects 85 percent of incoming email, Zabel said. Everyone from teen-age hackers to nation-states is targeting the network.

Between countermeasures, configuration fixes, and the rest, DISA makes about 22,000 changes to its infrastructure every day.

“A lot of those changes, of course, are automated, but there’s a lot of human interaction,” Zabel said. “We need a little less human interaction.”

Zabel wants the same benefits of automation that other IT managers at ONUG cited: fewer errors, faster service provisioning, and less labor. Staffing is a big issue at DISA, which is deliberately overstaffed at all times. It takes six months to hire new engineers, and the agency doesn’t want to get caught short if anyone leaves, Zabel said.

Software-defined networking is a first step toward that automation, and it’s just starting to move out of the lab at DISA. But SDN can do more than save staff. For one thing, it could make DISA less locked in to specific vendors, Zabel said.

The agency even plans to use SDN to outwit intruders. If they penetrate part of the network, DISA would virtually cut off that segment, pulling the workloads, users, and address space out into another part of the infrastructure. The hackers would be left with a non-functioning “honey net.”

Like other users at ONUG, Zabel thinks technology may be able to do all of this, but the biggest change could be organizational. Rather than simply automate those 22,000 daily changes, she wants to change DISA’s relationship to its customers by giving them more visibility and control.

Part of cultural change is persuading users that SDN can do everything hardware does, and just as reliably. For example, the circuit that delivers live data from a reconnaissance drone may work just as well if it’s virtual, but troops in the field won’t trust it.

“They want to see a wire,” Zabel said. “They want to see blinking lights, and they want to see those lights blinking in sequence, because then they know that their circuit is up.” DISA needs to prove a virtual circuit is just as good.

Judging from what’s being said at ONUG, many IT managers are hoping that’s true.

Stephen Lawson

Zur Startseite