Battlefield Automation:

Opportunities to Improve the Army's Information Protection Effort

NSIAD-99-166: Published: Aug 11, 1999. Publicly Released: Aug 11, 1999.

Additional Materials:

Contact:

Allen Li
(202) 512-3600
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed the Army's development and acquisition plans for command and control systems that will be part of future digitized battlefield units, focusing on the Army protection plan to determine whether it ensures sufficient assessments to test and develop the defensibility of the digitized battlefield against command and control warfare attacks.

GAO noted that: (1) the Army has carried out a number of assessments to test and develop the defensibility of digitized battlefield systems and forces, but its protection plan does not ensure sufficient vulnerability assessments; (2) while the Army's plan provides a general strategy for implementing information protection into the design of the digitized forces, it does not constitute a detailed implementation plan, one that lays out the specific systems, networks, and infrastructures covered; their information protection requirements or needs; the information protection knowledge and knowledge gaps for those systems; and the tests or other events that will be used to fill specific knowledge gaps and address previously identified weaknesses; (3) without such a detailed implementation plan, systems vulnerabilities that might otherwise be identified may not be exposed and fixed and the substantial investment made by the Army could be at risk; (4) additionally, without a plan that identifies specific needed events, adequate funding may not be made available for needed activities, and valuable test opportunities could be lost; (5) furthermore, systems could be developed and tested under requirements that are not aligned with the goals and needs of the Army's protection plan; (6) for example, GAO found that a key digitization effort does not have a minimum requirement for development of the protection concept outlined in the Army's protection plan; (7) as a result, systems could be developed without providing features needed to achieve that concept; (8) GAO also found that the system that is the centerpiece of the Army's digitization efforts has a key performance requirement that is set for a non-jamming environment and is not conducive to judging whether sufficient protection has been achieved; and (9) while the Army has already undertaken a number of activities laid out in its protection plan, much remains to be done as its digitization efforts are to extend over the next decade and be implemented through the development, production, and fielding of over 100 individual systems.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: The Army has begun work to develop the detailed implementation plan called for in the report.

    Recommendation: The Secretary of Defense should direct the Secretary of the Army to develop a detailed implementation plan for the Army's protection efforts for the Army XXI information systems to include information such as a system by system breakout of tested and untested (known and unknown) areas of vulnerabilities; the specific test events to be used to look for systems vulnerabilities or to confirm fixes to previously identified, significant vulnerabilities; and responsible performing and funding parties.

    Agency Affected: Department of Defense

  2. Status: Closed - Not Implemented

    Comments: An Army Training and Doctrine Command official informed GAO that the Tactical Internet Capstone Requirements Document that defined overarching requirements for Tactical Internet systems was never formally approved, no longer exists, and will not be recreated. As such, GAO's recommendation has been overtaken by events.

    Recommendation: The Secretary of Defense should direct the Secretary of the Army to require the Tactical Internet to have threshold information protection requirements consistent with the Army's "defense in depth" protection concept.

    Agency Affected: Department of Defense

  3. Status: Closed - Implemented

    Comments: DOD has stated that the Army tested the FBCB2 system in a jamming environment. Additionally, the FBCB2 operational requirements document has undergone subsequent revision and the communications requirements in a non-jamming environment have been removed.

    Recommendation: The Secretary of Defense should direct the Secretary of the Army to set performance requirements for and test the Force XXI Battle Command, Brigade and Below system in a jamming environment.

    Agency Affected: Department of Defense

 

Explore the full database of GAO's Open Recommendations »

Sep 22, 2016

Sep 21, 2016

Sep 19, 2016

Sep 12, 2016

Sep 8, 2016

Sep 7, 2016

Sep 6, 2016

Aug 25, 2016

Looking for more? Browse all our products here