A Common Operating Picture Through Network Virtualization

Network Virtualization

The Situation

Army Gen. Keith Alexander, the head of the new cyber command stated that the Defense Department needs situational awareness across DOD’s networks to protect its cyber defenses.  “We do not have a common operating picture for our networks. We need to build that.”

DOD is responsible for protecting more than seven million machines, linked in 15,000 networks, with 21 satellite gateways and 20,000 commercial circuits. Unauthorized users probe DoD networks 250,000 times an hour or over six million times per day, he added.

In the current situation the proliferation of networks, circuits and computers offer to attackers an enormous “attack surface” which is for all practical purposes indefensible.

Virtual Networks

Network virtualization combines hardware and software network resources into a software-based administrative environment, which can be managed centrally. Network virtualization enables the integration of numerous networks so that central services, such as consolidated security management, situation awareness and protective measures can be shared across every network.

The components of virtual networks are: Network hardware, such as routers, switches and network adapters; WANs and LANs; Network storage devices; Network media, such as Ethernet and Fibre Channels. Examples of virtual networks are switches that physically connect to external networks as well as services that allow system administrators to combine local area networks into a singly administered network entity for the purpose of intrusion prevention.

Network virtualization software allows systems managers to route traffic to diverse datacenter environments where support of business and warfare applications can take place.

In the past DoD components used to purchase multiple security protection measures and to set up failover and redundancy capabilities at each of thousands of data centers. The installation of network virtualization software makes it possible to migrate security services as a fully configured virtual service to each data center, regardless of geographic locations. This allows for migration from legacy environments to a virtual environment across datacenters across the world.

As data center resources become consolidated the network virtualization software allows for reduction in space requirements, in optimal server utilization and in the consolidation of controls into DoD-wide network control centers so that highly trained personnel can be utilized much better.

Implications

Establishing situational awareness and the much needed real time responses to attacks that emanate from 15,000 networks and 20,000 commercial circuits is not feasible using the existing network configurations in place in DoD.

The installation of network virtualization as an architectural direction for DoD will make it possible to consolidate points of control to a limited number of network control centers. Such a move will not only deliver large reductions in cost but also safeguard the security of millions of computer devices.

Time has come to start migrating to designs that will use network virtualization as the basis for cyber defense operations.