This is the accessible text file for GAO report number GAO-04-858
entitled 'Defense Acquisitions: The Global Information Grid and
Challenges Facing Its Implementation' which was released on July 28,
2004.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Subcommittee on Terrorism, Unconventional Threats, and
Capabilities, Committee on Armed Services, House of Representatives:
United States Government Accountability Office:
GAO:
July 2004:
DEFENSE ACQUISITIONS:
The Global Information Grid and Challenges Facing Its Implementation:
GAO-04-858:
GAO Highlights:
Highlights of GAO-04-858, a report to Subcommittee on Terrorism,
Unconventional Threats, and Capabilities, Committee on Armed Services,
House of Representatives
Why GAO Did This Study:
The Department of Defense (DOD) is in the midst of transforming
military capabilities. The transformation relies in part on the Global
Information Grid (GIG), which is focused on building a new
Internet-like network capability that DOD envisions will enable weapons
and other systems and people to share information quickly, allowing
warfighters to identify threats more effectively and to respond with
greater precision and lethality. DOD plans to spend at least $21
billion through 2010 to build a core GIG capability. GAO was asked (1)
to describe the GIG, including the concept, key acquisitions, and
implementation and (2) to identify significant challenges facing DOD in
implementing the GIG.
What GAO Found:
The GIG is a huge and complex undertaking that is intended to integrate
virtually all of DOD’s information systems, services, and applications
into one seamless, reliable, and secure network. DOD’s overall concept
is to enable data access for a variety of systems and users in the
network no matter which military service owns a weapon system or where
a user might be located around the world. DOD is looking to the GIG to
form the basis of a network-centric or “netcentric” way of fighting
wars and to create a decisive advantage over adversaries. DOD has taken
the following two-pronged approach to building the GIG:
(1) Invest in key acquisitions to build a core networking capability,
including new communication satellites, next-generation interoperable
radios, a new ground-based communication network with significantly
expanded bandwidth, and services and applications to manage and protect
the network and help users locate, post, and share information.
(2) Integrate other existing and planned weapon systems, information
technology systems, and logistics, personnel, and other
business-related systems into the GIG. To integrate other systems, DOD
officials who created the concept for the GIG have developed an initial
blueprint or architecture for the GIG and policies to formalize the
GIG, and they are attempting to influence key acquisition and budgeting
decisions to align investments and systems with the GIG.
The most critical challenge ahead for DOD is making the GIG a reality.
While DOD has taken steps to define its vision and objectives for the
GIG on paper and in policy and is beginning to make a heavy investment
in the GIG as well as systems that will be heavily dependent on the
GIG, it is not fully known how DOD will meet these objectives. For
example, it is not known which investments should take priority over
others and how these decisions will be enforced. Moreover, it is not
known how DOD will assess the overall progress of the GIG and determine
whether the network as a whole is providing a worthwhile return on
investment, particularly in terms of enhancing and even transforming
military operations. According to DOD officials, the enhancements DOD
is making to its planning and budgeting processes are meant to begin
addressing these questions. Until DOD implements an investment and
oversight strategy for the GIG as a whole, it is at risk of making
investments that do not fit DOD’s vision for the future.
Highlights of Key Challenges Facing DOD’s Implementation of the GIG:
* Deciding what capabilities are affordable, what capabilities are
unaffordable or not in line with DOD’s vision for the GIG, and
enforcing these decisions
* Assuring management attention and oversight are provided to assess
the overall progress and return on investment
* Developing a trustworthy network so data owners will share data with
a broader audience
* Advancing technologies on schedule
* Developing the means to protect the network and its data
Source: GAO analysis.
[End of table]
What GAO Recommends:
GAO is not making recommendations in this report as this effort is
focused on providing an initial overview of the GIG and challenges. Our
future work will continue to assess how DOD is addressing challenges
and the progress of key acquisitions. DOD- provided technical comments
on this report are incorporated where appropriate.
www.gao.gov/cgi-bin/getrpt?GAO-04-858.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Robert E. Levin at (202)
512-4841 or levinr@gao.gov.
[End of section]
Contents:
Letter:
Objectives, Scope, and Methodology:
Results in Brief:
Description of the GIG:
Acquisitions:
Implementation:
DOD Challenges in Implementing the GIG:
Management and Investment Challenges:
Operational Challenges:
Technical Challenges:
Conclusions:
Agency Comments:
Appendix I: Policies, Standards, and Guidance to Implement the Global
Information Grid:
Tables:
Table 1: How DOD Envisions GIG Will Help Transform Military Operations:
Table 2: DOD Acquisitions Related to the GIG:
Table 3: Overview of Six Major Acquisitions Related to the Core GIG
Network and Information Capability:
Table 4: Key Challenges:
Table 5: Selected Global Information Grid Policies, Standards and
Guidance (2000 to 2004):
Figure:
Figure 1: A General Depiction of DOD's Characterization of the GIG:
Abbreviations:
DOD: Department of Defense:
GIG: Global Information Grid:
GIG-BE: Global Information Grid Bandwidth Expansion:
IPv6: Internet Protocol Version 6:
JTRS: Joint Tactical Radio System:
NCES: Network Centric Enterprise Services:
TSAT: Transformational Satellite:
WIN-T: Warfighter Information Network-Tactical:
United States Government Accountability Office:
Washington, DC 20548:
July 28, 2004:
The Honorable Jim Saxton:
Chairman:
The Honorable Martin T. Meehan:
Ranking Member:
Subcommittee on Terrorism, Unconventional Threats, and Capabilities:
Committee on Armed Services:
House of Representatives:
To achieve long-term dominance over evolving, sophisticated threats,
the Department of Defense (DOD) is seeking to make transformational
improvements to military capabilities. The transformation involves
achieving information and decision superiority over adversaries,
striking with precision, deploying and sustaining military power
rapidly, and dominating the "battlespace" on land, at sea, in the air,
and in space. DOD has said that a successful transformation hinges
largely on disparate weapon systems sharing information seamlessly,
regardless of which military service owns the system and preempting the
need to retrofit weapon systems to solve compatibility issues with
other systems in the field. Beyond the need to build new weapon systems
according to a predetermined architecture, DOD says the transformation
encompasses new doctrine and institutional changes for DOD and its
partners.
One of DOD's key initiatives to respond to this transformation is the
Global Information Grid (GIG). The GIG represents a collection of
programs and initiatives aimed at building a secure network and set of
information capabilities modeled after the Internet. The GIG is
expected to facilitate DOD's transformation by allowing warfighters,
policy makers, and support personnel to engage in rapid decision
making. By having the ability to access and exchange information
quickly, reliably, and securely through linked systems and military
components, DOD believes that commanders would identify threats more
effectively, make informed decisions, and respond with greater
precision and lethality.
DOD began investing in the GIG in the late 1990s and plans to begin
fielding a core capability by about 2010. It plans to spend at least
$21 billion to develop the GIG through fiscal year 2010. Full
implementation of the GIG would occur in the 2020 time frame. Given the
GIG's overall investment and importance to DOD, as well as a lack of
clarity about what the GIG entails, you requested that we review DOD's
strategy for developing and deploying the GIG. As agreed with your
office, our work initially focused on (1) describing the GIG, including
the overall concept, key acquisitions, and implementation strategies
and (2) identifying challenges facing DOD's implementation of the GIG.
Subsequent efforts will further explore the challenges we have
identified and the progress of key acquisitions.
Objectives, Scope, and Methodology:
To gain a better understanding of the overall concept, key
acquisitions, and implementation strategy, we reviewed relevant DOD
plans, policies, guidance, and other documents pertaining to the GIG.
We also reviewed briefings prepared for high-ranking DOD officials and
other organizations within the department to obtain more up-to-date
information on the status of GIG activities and costs of key
components. Funding and cost information was obtained from budget
exhibits and other accounting reports compiled by the DOD. We did not
conduct a comprehensive review of the financial reports or records.
Also, we did not evaluate the content and quality of the GIG
architecture and standards. In addition, we interviewed key officials
responsible for the GIG in the Office of the Assistant Secretary of
Defense for Networks Information and Integration (DOD's Chief
Information Officer); the Defense Information Systems Agency; Office of
the Under Secretary of Defense (Comptroller); Office of Program
Analysis and Evaluation; Office of the Under Secretary of Defense for
Acquisition, Technology and Logistics; and Office of the Joint Chiefs
of Staff. We held interviews with officials representing the Offices of
the Chief Information Officer for the Air Force, Army, Navy, and U.S.
Marine Corps.
To identify the challenges associated with GIG implementation, we
examined studies, reports, and guides on the GIG; DOD's effort to
transition toward more network-based military operations; and DOD's
efforts to enhance its capability to acquire joint systems that were
completed by DOD, the Defense Science Board, and other research
entities, such as the Center for Strategic and International Studies.
We examined reports and guides completed by the Congressional Research
Service, Congressional Budget Office, and GAO on managing technology
projects, architectures, and information technology investments. We
held interviews with previously identified DOD officials to discuss key
challenges associated with the development and implementation of the
GIG.
We performed our work from November 2003 to June 2004 in accordance
with generally accepted government auditing standards.
Results in Brief:
The GIG is a huge and complex undertaking that is intended to integrate
virtually all of DOD's information systems, services, applications, and
data into one seamless, reliable, and secure network. A primary
difference between the GIG initiative and previous efforts is that it
focuses on promoting interoperability by building an Internet-like
network for DOD-related operations based on common standards and
protocols rather than on trying to establish interoperability after
individual systems and platforms have been fielded. DOD envisions that
this type of network would not just ensure systems can easily and
quickly exchange data, but also would change how military operations
are planned and executed since much more information would be
dynamically available to users.
DOD's plans for realizing the GIG involve building a new core network
and information capability and successfully integrating the majority of
its weapon systems, command, control, and communications systems, and
business systems with the new network. The effort to build the GIG will
require DOD to make a substantial investment in a new set of core
enterprise programs and initiatives in order to develop and deploy new
satellites capable of quickly transmitting and routing larger volumes
of data, increased bandwidth capacity on the ground, new types of
communications systems to be embedded on weapon systems, and new
computer applications and services to enable information to be
transferred globally. To integrate systems into the GIG, DOD has
developed an initial blueprint or architecture for the GIG, developed
new policies, guidance, and standards to guide implementation,
undertaken proactive efforts to "market" the GIG and its potential
benefits among various elements of DOD, and is attempting to influence
key acquisition and budgeting decisions to align with the GIG.
Depending on the extent DOD decides to rely on the GIG to facilitate
military operations, the initiative could affect the way weapon systems
and information technology systems are selected and built as well as
how DOD military and civilian personnel collect, analyze, and share
data.
The most critical challenge ahead for DOD is making the GIG a reality.
While DOD has taken steps to define its vision and objectives for the
GIG on paper and in policy and is beginning to make a substantial
investment in the GIG as well as in systems that will be heavily
dependent on the GIG, it is not fully known how DOD will meet these
objectives. For example, it is not known which investments should take
priority over others and how these decisions will be enforced.
Moreover, it is not known how DOD will assess the overall progress of
the GIG and determine whether the network as a whole is providing a
worthwhile return on investment, particularly in terms of enhancing and
even transforming military operations. Until DOD implements an
investment and oversight strategy for the GIG as a whole, it is at risk
of making investments that do not fit its vision for the future. In
addition, DOD faces risks inherent with the nature and scope of the
effort it is undertaking, for example, risks related to protecting data
within the thousands of systems that will be integrated into the
network. Furthermore, the technical challenges to develop new
networking and network management capabilities to support mobile,
integrated communications are considerable. DOD recognizes these
challenges, and many of the actions it is taking to implement the GIG
are meant to address them. However, it is too early to assess how
successful DOD will be in addressing the challenges and overcoming
long-standing organizational impediments.
Description of the GIG:
For the past two decades, DOD has been seeking solutions to improve
interoperability and information sharing across its business and
warfighting operations. Too often weapon and information technology
systems have been acquired by the military services and defense
agencies without regard for their ability to work in a joint
operational environment.[Footnote 1] As a result, extra layers of
redundancy and common systems have been put in place to support
military operations, but without the ability to easily and quickly
exchange data.
DOD defines the GIG as a "globally interconnected, end-to-end set of
information capabilities, associated processes, and personnel for
collecting, processing, storing, disseminating, and managing
information." The GIG is meant to improve interoperability among DOD's
many information systems and weapon systems. More important, the GIG is
to facilitate DOD's effort to transform to a more network-based, or
"netcentric," way of fighting wars and achieving information
superiority over adversaries, much the same way as the Internet has
transformed industry and society on a global scale. Netcentric
operations and warfare, according to DOD, are the combination of
tactics, techniques, and procedures that a networked force can employ
to create a decisive warfighting advantage. The GIG's role is to create
an environment in which users can access data on demand at any location
without having to rely on (and wait for) organizations in charge of
data collection to process and disseminate the information. Data could
emanate from a variety of sources, including weapon systems belonging
to other military services, space-based intelligence, surveillance, and
reconnaissance satellites, and DOD logistics, financial, and other
systems that carry out business operations. Ultimately, DOD expects
that most of these systems will become part of the GIG.[Footnote 2]
With greater data access and a more robust communications
infrastructure, DOD expects the GIG to enable more timely execution of
military operations, collaborative mission planning and execution,
common views of the battlespace, and more timely assessments of the
condition of equipment and the levels of supplies. For example,
according to DOD officials, greater information sharing could
dramatically increase capabilities to rapidly identify and strike time-
critical targets, such as mobile surface-to-air missile sites. In the
past, such targets have proved to be elusive because the enemy is able
to move them to safety in a shorter time frame than it takes U.S.
military forces to detect, assess, and attack the targets. By having
greater command of a battle situation, DOD expects that lethality and
survivability of equipment and personnel would be increased. Armor
protection could be scaled down in favor of more agility. In addition,
the GIG would reduce the substantial resources and logistics needed to
bring command, control, and communications systems to the war-fighting
environment. Table 1 illustrates how DOD envisions the GIG will help
transform military operations.
Table 1: How DOD Envisions GIG Will Help Transform Military Operations:
Current: Customized, platform-centric information technology;
Future: Network-centric, commercial off-the-shelf software, Web-based.
Current: Circuit- based transmission of data;
Future: Internet protocol-based transmission of data.
Current: Bandwidth limitations;
Future: Bandwidth on demand.
Current: Limited operational picture;
Future: Situational awareness.
Current: Fixed and remote command and control;
Future: Mobile, deployable, in- transit command and control.
Current: Broadcast (push) information to users;
Future: Post information on network and facilitate "smart" pull by
users.
Current: Collect, process, exploit, disseminate;
Future: Collect, post, process, use.
Current: Individual;
Future: Collaborative.
Current: Stovepipe decision making;
Future: Communities of interest.
Current: Multiple data calls, data duplication;
Future: Handle information only once.
Current: Private data;
Future: Shared data.
Current: Perimeter, one-time security;
Future: Persistent, continuous information assurance.
Current: Single points of failure;
Future: Diverse routing.
Current: Separate infrastructures;
Future: Enterprise services.
Current: Interoperability by standard applications;
Future: Interoperability designed from start ("born joint").
Sources: DOD (data); GAO (presentation).
[End of table]
The GIG is to be much like the Internet, but with less dependence on
ground-based and fixed systems and equipment to transmit and route data
and more dependence on space-based and mobile, ad hoc systems to carry
out these functions. Figure 1 shows the various layers of the GIG's
overall concept. At the core are communications satellites, next-
generation radios, and an installations-based network with
significantly expanded bandwidth. These will provide the basic
infrastructure through which data will be routed and shared. In
addition, the GIG would employ a variety of information technology
services and applications to manage the flow of information and ensure
the network is reliable and secure. Various information technology
tools would be available to help users determine what information is
available, where to find it, and how best to use it. DOD envisions that
communities of interest would be developed, linking users with common
interests who would collaborate on analyzing and sharing information.
Ultimately, most of DOD's sensors, weapon systems, business systems,
and systems belonging to decision makers, military units, and allies
would be tied into the GIG network--serving as both users and providers
of data.
Figure 1: A General Depiction of DOD's Characterization of the GIG:
[See PDF for image]
[End of figure]
Acquisitions:
DOD has taken a two-pronged approach to build the GIG: (1) invest in a
set of core enterprise programs and initiatives to build a core network
and information capability and (2) bring other existing and planned
weapon systems, command, control, and communications systems,
information technology systems, and logistics, personnel, and other
business-related systems into the GIG network. The core network
acquisitions are to be developed incrementally over time, with the aim
of fielding the first increment of the GIG by 2010. The GIG is
primarily being developed under the leadership and direction of DOD's
Office of the Assistant Secretary of Defense for Networks and
Information Integration in coordination with other components in the
Office of the Secretary of Defense and Joint Staff. The Defense
Information Systems Agency, military services, combatant commands, and
other defense agencies also play roles in implementing the GIG. In
addition, DOD's Strategic Command has responsibilities for eventually
operating the GIG. Table 2 shows the key acquisitions for the GIG's
core network and examples of additional acquisitions that must be
integrated with the GIG.
Table 2: DOD Acquisitions Related to the GIG:
Key acquisitions to build GIG's core network and information
capability:
Communications satellites;
Interoperable radio systems;
Expanded bandwidth on the ground;
Information technology applications to support the network;
Examples of acquisitions that must be integrated with the GIG:
Weapon systems;
Sensors;
Command, control, and communications systems;
Logistics, personnel, and other business-related systems.
Sources: DOD (data); GAO (analysis).
[End of table]
Core GIG Network Acquisitions:
According to DOD, the key acquisitions underway to build the GIG
network capability include 1) Transformational Satellite[Footnote 3]
(TSAT), a new constellation of communications satellites to transmit
and route larger volumes of data; 2) Joint Tactical Radio System
(JTRS), a new family of interoperable radio systems; 3) Global
Information Grid-Bandwidth Expansion (GIG-BE), which includes state of
the art optical network technologies and upgraded routers and switches
to increase bandwidth for greater voice, data, and video transmissions
as well as improvements in network services at about 90 DOD
installations; 4) Network Centric Enterprise Services (NCES), a common
set of services and applications to manage the network and help users
locate and share information; 5) Cryptography Transformation
Initiative,[Footnote 4] tools to protect sensitive information
transmitted across the network and protect the network from attack; and
6) Horizontal Fusion, which is a portfolio of initiatives focused on
developing and demonstrating data applications and tools for
information sharing and netcentric operations.
Table 3 reviews each of the key acquisitions for the GIG's core
capability, including the purpose, the financial investment between
fiscal years 2004 and 2009, the military service or defense agency
responsible for managing the acquisition, and the current status. Some
of these acquisitions will require funding, including sustainment
costs, beyond 2009 but amounts are not yet known.
Table 3: Overview of Six Major Acquisitions Related to the Core GIG
Network and Information Capability:
Program or initiative: TSAT;
Purpose: To develop satellites to serve as the cornerstone of a new DOD
communications infrastructure and provide high bandwidth connectivity
to the warfighter. Some of the technologies that TSAT plans to use are
laser cross-links, space-based data processing and Internet routing
systems, and highly agile multibeam/ phased array antennas;
Investment (fiscal years 2004 to 2009): $8.5 billion;
Manager: Air Force;
Status: Product development began in early fiscal year 2004; first
satellite scheduled to launch in 2011.
Program or initiative: JTRS;
Purpose: To develop family of software- defined radios to interoperate
with different types of existing radios and significantly increase
voice, data, and video communications capabilities;
Investment (fiscal years 2004 to 2009): $5.8 billion;
Manager: Joint service program responsible for the software
communications architecture and waveforms; military service-led
programs responsible for developing radios;
Status: Army is leading the development of a cluster of radios for
ground vehicles and helicopters. This cluster began in 2002; the first
radios are to be fielded in fiscal year 2007.
Program or initiative: GIG-BE;
Purpose: To provide additional bandwidth and information access at key
military installations within the United States and overseas via a
combination of acquiring bandwidth from commercial providers as well as
extending fiber optic networks to bases and installations that are
located away from commercial networks;
Investment (fiscal years 2004 to 2009): $373 million;
Manager: Defense Information Systems Agency;
Status: Procurement phase began in 2003. Initially, 10 sites to be
completed this year and the remaining sites in 2005.
Program or initiative: NCES;
Purpose: To enable network users to identify, access, send, store, and
protect information. Also to enable DOD to monitor and manage network
performance and problems. Is expected to require development of new
capabilities and tools for tagging data so it is useful, providing
users with capability to identify relevant information based on content
and allowing users to freely exchange and collaborate on information;
Investment (fiscal years 2004 to 2009): $371 million;
Manager: Defense Information Systems Agency;
Status: In concept phase; product development to begin in fiscal year
2004; initial set of core services to be provided beginning in fiscal
year 2005.
Program or initiative: Crypto Transformation Initiative;
Purpose: To enable DOD to protect the network and sensitive
information. To provide information assurance and encryption support,
including cryptography equipment (e.g., Internet protocol encryptors),
firewalls, intrusion detection systems, etc;
Investment (fiscal years 2004 to 2009): $4.8 billion;
Manager: National Security Agency, Defense Information Systems Agency,
and the military services;
Status: The National Security Agency is developing information
assurance component of GIG architecture; other ongoing efforts to
develop enhanced encryption capabilities.
Program or initiative: Horizontal Fusion;
Purpose: A portfolio of initiatives, drawn from existing programs,
intended to demonstrate netcentric capabilities and address operational
and technical challenges. Initiative underway, for example, to Web-
enable current data sources, tools, and applications;
Investment (fiscal years 2004 to 2009): $1.3 billion;
Manager: Office of the Secretary of Defense for Networks and
Information Integration;
Status: Ongoing program. Initial set of initiatives funded in fiscal
year 2003. Annual demonstrations known as "Quantum Leap" conducted on
initiatives.
Sources: DOD (data); GAO (analysis).
[End of table]
In developing the GIG's core capability, DOD intends to build upon and
enhance ongoing terrestrial and space-based networks and systems, such
as the Advanced Extremely High Frequency satellite communication system
and the Defense Information Systems Network. The new programs underway
are intended to improve communications and networking capabilities
significantly. For example, according to DOD officials, current
telecommunication lines are not robust enough to handle the volume of
information needed to facilitate optimal, strategic decision making.
The GIG-BE is designed to remove current bandwidth constraints. The
GIG-BE is to use advanced fiber-optic backbone and switching technology
to upgrade telecommunications lines and provide initially up to 10
gigabytes per second of bandwidth at selected defense installations
around the world. Also, unlike DOD's legacy radio systems that cannot
interoperate with one another, JTRS is software-based, meaning that the
radios are essentially computers that can be programmed to imitate
other types of radios and thus be readily configured to operate in
different networks and waveforms[Footnote 5] based on common standards.
JTRS is expected to act as a gateway for users with different hardware
radios--a capability that speeds the transition to universal
interoperability for DOD military operations. Also, unlike current
communication satellites, TSAT is to be equipped with laser-optical
payloads for high-capacity links to other air and space platforms. By
using laser-optics, TSAT is intended to operate above the
radiofrequency spectrum and provide relief to current military
bandwidth constraints. NCES is to make use of commercial products and
tools to manage messaging, storage, search, and other capabilities
across platforms, but also require new and possibly customized services
to ensure the sharing of information based on mission demands and
priorities. Tools to allow users to "smartly" pull and fuse information
will require investing in new data content and management techniques.
Enhanced security (information assurance)[Footnote 6] capabilities
will need to be developed, including encryption mechanisms and devices,
intrusion detection systems, and secure network management.
Other Acquisitions That Must Be Integrated with the GIG Core Network:
Most ongoing and planned weapon systems; command, control and
communications systems; and business systems will need to be integrated
with the GIG network, because they will be the primary providers and
receivers of data needed to support future military operations.
* DOD plans to integrate most weapon systems into the GIG. In fact,
some "transformational" weapon systems now under development require a
more advanced communications infrastructure to perform as intended and
to support voice, data, videoconferencing, and imagery transmissions.
Without an integrated network that ties together different systems and
enables information to flow freely across the battlefield, the high-
paced warfare that DOD envisioned is likely to be constrained,
according to DOD. For example, the Army is developing the Future Combat
Systems, a new generation of manned and unmanned ground vehicles, air
vehicles, and munitions that are to be lighter and more mobile yet
lethal and survivable. Rather than rely on heavy armor to withstand an
enemy attack, the Future Combat Systems will depend on superior
information to see and kill the enemy before being detected. According
to DOD, the ability to make this leap depends on (1) a network to
collect, process, and deliver vast amounts of information, such as
imagery and data, and (2) the performance of the individual systems
themselves. Not only must systems within the Future Combat Systems
interoperate effectively, they also must interoperate with the GIG. The
GIG must perform at a level that enables the Future Combat Systems to
quickly collect, process, and deliver data. DOD is also developing a
new constellation of satellites--known as Space-Based Radar--to provide
a near continuous, all-weather global capability of collecting
intelligence, surveillance, and reconnaissance[Footnote 7]
information. Space-Based Radar is expected to be a critical data
provider to transformational systems, such as those within the Future
Combat Systems. Like the Future Combat Systems, the satellites will
require a more robust communications infrastructure to send massive
amounts of imagery data in a timely fashion. According to DOD, if TSAT,
a key GIG component, is not ready in time or cannot provide the
capability originally planned, DOD may need to build additional
capability into Space-Based Radar satellites and ground stations to
reduce the dependency on the communications infrastructure to transmit
data.[Footnote 8]
* DOD intends to integrate virtually all command, control, and
communications, systems into the GIG. At the same time, DOD intends to
develop and modify these systems to provide military commanders and
forces with near-real time descriptions of the location and disposition
of U.S. military forces and adversaries operating on the ground and in
the air and to provide the ability to communicate across all elements
involved in military operations. Each of the military services has
major architectural initiatives underway (the Air Force's C2
Constellation and ConstellationNet, the Army's LandWarNet, and the
Navy's ForceNet) to transform their command, control, and
communications systems and information infrastructures into the GIG.
For example, the Army's Warfighter Information Network-Tactical (WIN-T)
program (part of LandWarNet) is intended to be the integrating
communications network that links Future Combat Systems units with
higher Army echelons and with the GIG. In addition, DOD considers
numerous other systems to be important in achieving the GIG, including
the Mobile User Objective System (satellite communications), Global
Command and Control System/Joint Command and Control, Deployed Joint
Command and Control, and Teleports (information transport system). DOD
has further identified the need to eventually link the GIG to
coalition, allied, and non-DOD users and systems.
* DOD also intends to integrate its business systems into the GIG.
These include acquisition and procurement systems, financial management
systems, personnel and health systems, logistics systems, and strategic
planning and budgeting systems. Many of these play an important role in
supporting military operations. For example, logistics systems are used
to plan, control, and carry out the efficient and effective movement
and maintenance of forces.
Implementation:
The GIG's success is dependent on DOD's ability to successfully
integrate the majority of its weapon systems, command, control, and
communications systems, and business systems with the new core network.
To make this happen, DOD has developed a blueprint or architecture for
the GIG; developed new policies, guidance, and standards to guide
implementation decisions; undertaken proactive efforts to "market" the
GIG and its potential benefits; and is attempting to influence key
budgeting and acquisition decision-making processes to align with the
GIG concept.
Architecture and Policies:
To help guide decision-making, DOD has developed an initial
architecture for the GIG, which, according to DOD, presents the current
information technology environment and desired (target) technology
environment; describes how the commands, services, and defense agencies
will operate in a netcentric environment, based on selected strategic,
operational, and tactical scenarios; and identifies the actions and
information requirements for conducting operations in a netcentric
environment, how systems will need to function to access information,
and emerging standards for the development and acquisition of systems.
DOD also has developed a reference model so program managers of various
architectures and systems can ensure GIG compliance.[Footnote 9]
According to DOD, the reference model's key purpose is to provide users
with an understanding of the GIG through common definitions and terms
of reference, standards, and templates for developing more detailed
architectures. Future versions of the GIG architecture are to include
more complete views of DOD's operational environment and existing
enterprise requirements. Furthermore, DOD is modifying its Joint
Technical Architecture,[Footnote 10] which sets standard technologies
and protocols to better ensure interoperability and to complement the
GIG architecture.
DOD is also in the process of issuing new policies, standards, and
guidance to formalize the architecture. Specifically, DOD has created
policy that requires all departmental architectures to be GIG
compliant. DOD also has developed specific policies, standards, and
guidance to implement the GIG and help ensure that the military
services acquire systems that integrate with the GIG. Several policies
establish the GIG as a cornerstone for enabling DOD to achieve
information superiority, formally define the objectives and key
elements of the GIG, and assign roles and responsibilities for the GIG
on an enterprise basis. Others assign responsibility and define waiver
procedures for specific aspects of the GIG, such as ground-based
telecommunications networks and NCES. For example, DOD formalized a
waiver process to assess network and telecommunications systems (such
as local area networks) that are not GIG-compliant. In addition, DOD
has set standards to address data connectivity. To provide a common
format for the transmission of information across the GIG, DOD recently
mandated that GIG systems must be Internet Protocol Version 6[Footnote
11] capable, as well as Internet Protocol Version 4 (the Internet
currently is based on version 4.),[Footnote 12] or obtain a waiver.
Furthermore, DOD developed a netcentric data strategy, standardizing
the way data will be described and used in systems that make up the
GIG. Appendix I provides more details on these policies, standards, and
guidance.
Influencing Acquisition and Budgeting Decisions:
DOD officials who developed the GIG concept also expect to influence
decisions by participating in DOD's key decision-making processes. Over
the past couple years, DOD has revised its three primary decision-
making processes for determining and delivering military capabilities-
-requirements setting, acquisition, and budgeting--to focus
acquisitions and investment decisions on meeting joint mission needs,
particularly with regard to interoperability. In revising these
processes, DOD has emphasized compliance with the GIG architecture. DOD
officials have taken further action intended to strengthen these
decisions by developing tools and criteria for actively participating
in the decision-making process--by assisting military services in
preparing for major acquisition reviews (as part of integrated product
teams) and/or by providing input to decision-making boards. The
revisions DOD has made to its requirements setting, acquisition, and
budgeting process are all fairly recent. Therefore, it is too early to
assess whether they will be successful in achieving their goals.
For example, DOD revised its requirements-setting process to shift the
focus to a more capabilities-based approach for determining joint war-
fighting needs rather than a threat-based approach focused on
individual systems and platforms. Under the threat-based approach, the
services were primarily responsible for defining requirements,
selecting alternatives, and developing systems, which frequently
resulted in the fielding of stovepiped systems and duplicating
capabilities. DOD's rationale for shifting to capabilities-based
requirements is a recognition that there is greater uncertainty in
future military conflicts without a clearly defined adversary and it
will need to respond across a broader range of military operations. The
new Joint Capabilities Integration and Development System, established
in October 2003, is organized around key functional concepts and areas-
-command and control, force application, battlespace awareness, focused
logistics, and force protection--aimed at improving joint warfighting
capabilities. In addition, a sixth area has been established--
netcentric operations--to enable planning across functional areas and
support integration of netcentric capabilities. The Office of the
Assistant Secretary of Defense for Networks and Information Integration
and Joint Staff officials believe the joint concept will provide a more
coherent framework for identifying capabilities gaps, comparing
alternatives, aligning requirements to the GIG, and reduce the
potential for stovepiped, duplicative capabilities.
DOD officials also indicated that the department has begun revising its
planning and budgeting process in an effort to instill more
collaboration among different components of the department in
investment decisions. For example, DOD is asking the military services
to plan budgets around guidance that takes a joint perspective. Data
collection and management processes are intended to be merged into a
portfolio management approach that enables program reviews and budget
reviews to occur in a more integrated manner rather than sequentially.
To complement this process, DOD is planning to develop an investment
portfolio management structure to better manage its information
technology resources where decisions about what information technology
investments to make, modify, or terminate, are based on the GIG
architecture and other objectives, such as mission area goals. Other
recent policies have focused on establishing more effective investment
processes for information technology systems that need to integrate
with the GIG.
DOD has developed several mechanisms to complement the decision making
that occurs within the Joint Capabilities Integration and Development
System, planning and budgeting, and acquisition processes. For example,
in November 2003, the Office of the Assistant Secretary of Defense for
Networks and Information Integration, in consultation with the Joint
Chiefs of Staff, Office of the Under Secretary of Defense for
Acquisition Technology and Logistics, and U.S. Joint Forces Command,
established a new Net-Ready Key Performance Parameter[Footnote 13] and
review process to focus greater attention on systems interoperability
for joint operations as well as the information-sharing requirements of
the GIG. The Net-Ready Key Performance Parameter is built around
compliance with the GIG architecture, and the reference model will be
used to assess system information needs, information assurance, and the
technical exchange of information. The Office of the Assistant
Secretary of Defense for Networks and Information Integration has also
developed a netcentric checklist to guide the Joint Capabilities
Integration and Development System and acquisition reviews. The
checklist is based on the GIG architecture and will be used to assess
whether key standards and protocols are being considered and built into
particular capabilities and systems being acquired. In addition, the
Office of the Assistant Secretary of Defense for Network and
Information Integration has established a systems engineering and
evaluation capability to support the reviews. A team of systems
engineers will provide end-to-end technical support to the office and
funding has been requested to create a facility to test key GIG-related
systems and components. DOD will be conducting specific netcentric
reviews of major acquisition programs to assess whether they are
transitioning to integrate with the future network. About 129
information technology, weapon systems, and business systems have been
selected to participate in the initial round of assessments. These
reviews are scheduled to be completed later this year.
DOD Challenges in Implementing the GIG:
The most critical challenge ahead for DOD is making the GIG a reality.
While DOD has taken steps to define its vision and objectives for the
GIG on paper and in policy, it is not fully known how DOD will meet
these objectives, particularly with respect to setting investment
priorities, providing management attention and oversight, transforming
operations, and advancing technologies. At the same time, DOD is
beginning to make a heavy investment in the GIG as well as systems that
will be heavily dependent on the GIG, such as the Army's Future Combat
Systems, and DOD is asking its components and the military services to
accept its vision and plan toward it. In addition, DOD faces risks
inherent with the nature and scope of the effort it is undertaking, for
example, risks related to protecting data within the thousands of
systems that will be integrated into the network. DOD recognizes these
challenges, and many of the actions it is taking to implement the GIG
are meant to address them. However, it is too early to assess how
successful DOD will be in addressing the challenges and overcoming
long-standing organizational impediments.
Table 4 below highlights some of the key challenges facing DOD.
Table 4: Key Challenges:
Management and investment:
* Deciding what capabilities are affordable; what capabilities are
unaffordable or not in line with DOD's vision for the GIG, and
enforcing these decisions among thousands of systems and across the
military services. Assuring DOD has the right representation in
acquisition decisions;
* Assuring management attention and oversight is provided to assess the
overall progress of the GIG and determine whether it is providing a
worthwhile return on investment, particularly in terms of enhancing and
even transforming military operations.
Operational:
* Deciding when, how, and how much information should be posted on the
network and used;
* Establishing rules to ensure the GIG can work as intended without
reducing benefits of flexible and dynamic information sharing;
* Convincing data owners of the value of sharing data with a broader
audience and trusting the network enough to post data.
Technical:
* Developing new technologies and advancing them on schedule;
* Assuring common agreement on technical as well as information
assurance standards and requirements;
* Developing the means to protect the network and its data.
Source: GAO analysis.
[End of table]
Management and Investment Challenges:
While DOD has taken steps to establish a vision and objectives for the
GIG, it is still not fully known how DOD will manage, oversee, and
invest in this effort. Addressing these questions is a daunting task.
DOD must find ways to make and enforce trade-off decisions for
literally thousands of information technology systems, weapon systems,
command and control systems, intelligence systems, and other
systems.[Footnote 14] These decisions will need to span a wide range of
organizations, including the military services and their respective
major commands and functional activities, numerous large defense
agencies and field activities, and various combatant and joint
operational commands that are responsible for military operations for
specific geographic regions or theaters of operations. Having accurate
and reliable visibility over spending on systems that must integrate
with the GIG will be necessary as well as having effective mechanisms
for identifying and deciding which systems should be pursued and which
should not. In 2003, we reported (as part of a survey of federal
agencies enterprise architecture programs) that DOD had made progress
in developing the GIG architecture, however, the department had not
completed some essential architecture products that describe the
desired (target) technology environment and provide a sequencing plan
for transitioning to it.[Footnote 15] More specifically, at this point,
DOD is largely leaving it up to its components and services to decide
how best to migrate their systems to the GIG. There is no well-defined
strategy that:
* identifies what capabilities DOD will invest in and what it will not
invest in;
* identifies how investments will align with the goals and objectives
of the GIG architecture;
* determines what is affordable, particularly in light of near-term and
long-term needs;
* sets out criteria for determining what legacy systems should remain
or be phased out; and:
* specifies by whom and how decisions will be enforced.
In addition, it is unknown how senior leaders within DOD will be able
to focus on the progress of the GIG as a whole, that is, whether it is
being developed and fielded within cost and schedule, whether risks are
being adequately mitigated, and whether the GIG is providing a
worthwhile return on investment, particularly in terms of enhancing
military operations. Until DOD implements an investment and oversight
strategy for the GIG as a whole, it is at risk of making investments
that do not fit its vision for the future.
According to DOD officials, the enhancements DOD is making to its
planning and budgeting processes are meant to begin addressing these
questions. However, these changes may be difficult to implement for a
number of reasons. First, to some degree because of the broad scope and
crosscutting nature of the GIG concept, no office or single program is
in charge of the GIG, making it more difficult to make and enforce
trade-off decisions. Moreover, while key acquisition, budgeting, and
requirements setting processes have been modified, they still largely
operate under the same organizational structure, where it has been
difficult to link acquisition and investment decisions to joint
concepts like the GIG.
Additionally, previous efforts that have been undertaken in past years
to foster interoperability among DOD systems have had limited success,
principally because management tools and leadership attention were not
strong enough to provide sufficient oversight and overcome resistance
by the military services to forgo their unique requirements in favor of
requirements that would benefit the department, as the following
examples illustrate:
* In our 2001 report[Footnote 16] on DOD's efforts to improve its
ability to attack time-critical targets, we noted that DOD had
undertaken numerous efforts to achieve system interoperability,
including the development of guidance, oversight controls, directives
and policies, and technology demonstrations. However, success was
limited because DOD had not yet overcome resistance from the military
services, it lacked an architecture to guide interoperability efforts
and some current oversight and control mechanisms, such as the
interoperability certification process, were not working or were not
being enforced.
* In 2003, we reported[Footnote 17] that two joint acquisition programs
lacked mechanisms to overcome parochialism and stovepipes at the
military service level. The JTRS program lacked a strong management
structure to resolve operational requirements and funding issues among
the services and DOD's approach to planning Unmanned Aerial Vehicles
lacked an effective strategic plan to ensure the military services and
other defense agencies focus their development efforts on systems that
complement each other.
* In 2004, we reported[Footnote 18] that DOD was making limited
progress with its business modernization initiative--a departmentwide
effort focused on transforming DOD business operations, including
standardizing and optimizing business systems across DOD and reducing
duplication. After 3 years of effort, we reported that we have not seen
any significant change in the content of DOD's business systems
modernization architecture (which is to be integrated into the GIG
architecture) or in DOD's approach to investing billions of dollars in
existing and new business systems. Further, DOD had not yet implemented
an effective management structure and processes to provide adequate
control and accountability over its $5 billion annual investment in
business systems modernization. In particular, we reported that DOD had
not yet clearly defined the roles and responsibilities for its new
business investment domains, established common investment criteria,
and conducted a comprehensive review of its existing business systems
to ensure that they are consistent with the business modernization
architecture. DOD acknowledged that it still had much more to do,
including developing the business systems modernization architecture to
a necessary level of detail, defining specific performance metrics, and
clarifying the roles and responsibilities associated with managing the
domains of portfolios of business systems and ensuring that these
systems comply with the architecture.
Several recent studies sponsored by DOD recognize that developing an
investment strategy and adopting better management tools is critical
for the success of the GIG. For example, a 1999 Defense Science Board
study[Footnote 19] assessed DOD's strategies and processes for
attaining information superiority and advocated that (1) an executive
office be established to lead and implement the GIG and that (2) the
office develop an implementation plan, including technical milestones
and measurable interim goals, and identify resources to permit the
transition to and completion of the GIG. A 2004 report by the U.S.
Joint Forces Command,[Footnote 20] documenting the processes and
planned activities underway to achieve transformational improvements in
joint military capabilities, recommended, among other things, that the
GIG should include a time-phased plan for how future capabilities will
link to current investments. In addition, the report recommends that
such a plan should show how network development efforts underway by
each of the military services will contribute to and be compatible with
the GIG.
Other studies have pointed to the need to strengthen current management
processes to ensure warfighters themselves have more input into
investment decisions. For example, a 2003 study[Footnote 21] chartered
by the Secretary of Defense to examine how DOD develops, resources and
provides joint capabilities, recommended moderate to more radical
actions to streamline existing processes and/or establish alternative
organizations to better integrate defense capabilities in support of
joint military objectives. Organizational alternatives for
strengthening the acquisition process ranged from the establishment of
joint program executives for each of the Joint Capabilities Integration
and Development System's functional capabilities areas that would
provide input and oversee resources on joint programs, to capability
acquisition executives for each of the capability areas who would have
direct oversight and decision authority over all programs. A 2004 study
by the Center for Strategic and International Studies[Footnote 22]
identified defense reforms needed to meet the challenges of a new
strategic era and made a number of recommendations, including several
to improve the acquisition of joint capabilities and establish a more
effective resource allocation process. For example, the study
recommended that the Joint Staff (J-6--Command, Control,
Communications, and Computers) be expanded into a departmentwide, joint
task force with budgetary and acquisition authority for joint command
and control capabilities. In addition, to improve trade-off decisions
across mission areas, the study advocates building capacities in the
combatant commands for a stronger role in the resource allocation
process.
Operational Challenges:
There are also many unknowns concerning how DOD will meet its
requirements and vision in terms of people, processes, and, ultimately,
operations. First, DOD has yet to determine how much information should
be posted on the network; when it should be posted; and how and where
it should be used. Once these factors are determined, DOD must develop
rules of operation to ensure the network can work as intended without
precluding the benefits that can be derived from more flexible and
dynamic information sharing. Currently, various offices within DOD are
working through questions on whether unlimited amounts of data should
be made available through the GIG, including unprocessed intelligence,
surveillance, and reconnaissance data, without the benefit of some
assimilation and analysis. These are important questions that need to
be addressed in the near future because they could affect the direction
of investments in netcentric systems and non-network systems as well as
changes that need to be made in how the intelligence community
operates.
Even after these questions are settled, significant operational
challenges remain. Joint commanders and the military services may need
to find ways to adapt to an environment where data can be more readily
obtained and shared by lower levels in the chains of command. New
operational concepts are being developed to guide how military
operations are to be conducted in this enhanced technology environment.
They will need to be followed by associated doctrine, tactics,
techniques, and procedures. Developing joint operational concepts is
one of the key tenets under the Joint Capabilities Integration and
Development System; however, it is unclear how the concepts will be
developed and translated by these boards into more detailed tactics,
techniques and procedures. We recently reported that DOD had been
proceeding with the JTRS program for several years without clear
definition of how JTRS capabilities should be used in an operational
environment and that the program's concept of operations did not
reflect the joint vision of JTRS but instead the service-centric radio-
replacement perspective. If DOD is to achieve its long-term goals for
netcentric warfare, it is imperative that it develop concepts and
processes for how individual systems, such as JTRS, can be used to
leverage DOD's new network infrastructure and maximize interoperability
and collaboration in military operations.
Moreover, DOD must successfully persuade data owners to accept the
value of sharing data with a broader audience and to trust the network
enough to post data. We spoke with several officials in charge of GIG
programs who acknowledged that facilitating these cultural changes--
particularly with the intelligence community--will be difficult.
In addition, DOD also faces a formidable task in persuading the
military services and other users of the network to rely on information
technology applications and services being developed by the Defense
Information Systems Agency. This agency has been tasked with developing
and providing key voice, video, and data connectivity through core
enterprise services for the GIG, such as data query (search or
discovery) capabilities and information assurance. However, the
military services and defense agencies have historically been reluctant
to rely on the Defense Information Systems Agency for these services.
We have reported in the past that the military services have regularly
bypassed Defense Information Systems Agency, preferring instead to
procure their own telecommunications networks and commercial satellites
bandwidth services because they were dissatisfied with the level of
service provided by the agency as well as the cost and length of time
it took to procure these services centrally.[Footnote 23]
Technical Challenges:
Building a reliable, secure network that will operate on the move,
virtually anywhere and provide the necessary information and services
to enable netcentric military operations presents considerable
technical challenges. While DOD intends to utilize existing commercial
communications and networking technologies, which have advanced
significantly in recent years, the GIG requires DOD to advance a number
of key technologies, develop a series of complex systems and software,
field them without delay so schedules for other dependent systems are
not disrupted, and develop the means to effectively manage and protect
the network and its data.
At this time, however, DOD is pushing ahead on several programs with
immature technologies and with aggressive development and fielding
schedules. As a result, DOD is at risk of not delivering required
capabilities within budgeted resources. This, in turn, may affect
schedules and funding for other systems depending on the GIG. For
example, two key GIG-related programs--JTRS and TSAT--are facing
schedule and performance risks, which are largely rooted in attempts to
move these programs into product development without sufficient
knowledge that their technologies can work as intended. In March 2004,
we reported that none of the 20 critical hardware and software
technologies for the Army's initial JTRS radio development for ground
vehicles and helicopters were sufficiently mature according to best
practice standards.[Footnote 24] When product development began in June
2002, the Army determined that while many of the technologies within
the program had been used in other radio applications, they could not
be assessed as mature because they had not been integrated into a
complex radio, such as JTRS. Mature backup technologies exist for some
critical technologies, but program officials have cautioned that
substituting them could complicate integration or result in degraded
performance. Moreover, the program recently experienced a 4-month
schedule slip that officials attribute to short-term technology
deviations affecting size, weight, and power requirements for the radio
sets. Further, the program entered product development with an
ambitious schedule that program officials recognized as high risk. In
particular, the program has a compressed test and evaluation phase that
leaves little room for error and rework.
We also recently reported that the TSAT program entered into product
development with only one of its six critical technologies sufficiently
mature. The remaining five technologies are not expected to reach
maturity until 2006. Backup technologies exist for three of the five
immature technologies, but they would degrade system performance. The
other technology--single access laser communications--has no backup and
program officials indicated any delay in maturing this technology would
cause the first satellite launch date to slip significantly. DOD
believes it has adequate measures to mitigate these risks, however,
concern over TSAT technology readiness led the Air Force to schedule an
interim review for November 2004, which will determine whether the
program's technology development has progressed sufficiently or whether
alternative action should be taken.
Similar risks extend to the systems that must be integrated with the
GIG and on which DOD is dependent for achieving its vision for
netcentric warfare. For example, our review of the Future Combat
Systems determined that the program is at significant risk, in part
because more than 75 percent of its critical technologies were immature
at the start of development and many will not be sufficiently mature
until the production decision.[Footnote 25] First prototypes for the
systems that make up the Future Combat Systems will not be delivered
until just before the production decision, and full demonstration of
the Future Combat Systems' ability to work and meet its goals will not
occur until after production has begun. If the lessons learned from
best practices and the experiences of past programs have any bearing,
the Future Combat Systems program is likely to encounter "late-cycle
churn," a phrase used by private industry to describe the discovery of
significant problems late in development and the resulting search for
fixes when costs are high and time is short.
Networking, network management, and secure network management
challenges are considerable.[Footnote 26] Currently, mobile networking
is limited, mainly to narrowband, fixed infrastructures, and relatively
stable user groups. The GIG network will require new wideband waveforms
that can handle the expected high data rates, throughput of
information, and ability to transmit integrated voice, data, and video
simultaneously. In addition, dynamic networking capabilities that can
automatically adjust to changing circumstances, such as intrusions or
node failures, are needed; however, the scalability of network
management technologies for a network like the GIG with such a large
number of nodes is unproven. To facilitate timely and prioritized
access to information from a wide variety of sources, the network will
require enhanced quality of service mechanisms and algorithms to manage
bandwidth allocation and handle the flow of information and security.
Furthermore, advances will be needed in several other technological
areas, such as antennas, power sources, and the miniaturization of
components to facilitate mobile communications. For example, current
antennas do not support all of the portions of the radio frequency
spectrum where the GIG network will operate and are limited to specific
communications waveforms. Advanced multiband antennas will be needed to
support mobile and simultaneous communications across different
portions of the spectrum.
Integrating other elements of the network will also be challenging. The
increased bandwidth capability provided by the GIG-BE program may not
be fully realized if the military services and defense agencies do not
use compatible technologies and protocols in upgrading their networks.
Even if the technologies and protocols are compatible, bandwidth may be
limited if these networks are not properly designed and integrated to
manage voice, data, and imagery transmissions. Network management
policies may pose challenges if common agreement cannot be reached
across the military services and defense agencies on standards and
information assurance requirements. For example, DOD and the
intelligence community have not yet reached agreement on how they will
exchange information and verify security credentials on the GIG
network.
Information assurance itself may be one of the most critical challenges
facing DOD. While building a network based on Internet protocols is
expected by DOD to provide a more viable path to achieve
interoperability and enable more dynamic and flexible information
sharing, it also exposes DOD to the same vulnerabilities that face all
users of the Internet, and it increases the opportunity for potential
attackers with limited knowledge and technical skills to cause a great
deal of damage. Establishing network and system security safeguards--
such as firewalls, identifying the sender and recipient of information,
protecting information from unauthorized access, and safeguarding data
to prevent accidental and deliberate alterations--will be essential but
difficult given the size the network and the thousands of systems and
users that will be linked to it.
Moreover, if the network is to be used to provide warfighters on the
move with access to intelligence and other sensitive information on
demand, information will need to be encrypted to safeguard data from
misuse.[Footnote 27] However, the technologies needed to secure
communications, such as software programmable encryption devices are
still in their infancy. Further, the complexity and magnitude of
enabling hundreds of systems and applications to operate in a secure,
Web-based environment will require careful planning and coordination.
Comprehensive plans will be needed to ensure that sensitive data and
communications are safeguarded across diverse platforms. This will
require DOD to identify sensitive data as well as applications,
databases, storage subsystems, and media used to process and store the
data. Once systems have been examined, data access models must be
applied to determine proper security levels for information and how
integration can occur across platforms without disrupting network and
near-real time operations. No one security solution likely will address
GIG requirements.
Lastly, the enterprise information services planned for the GIG pose
timing challenges. For example, in the near-term, DOD has established a
goal to complete the transition to Internet Protocol Version 6 by
fiscal year 2008. According DOD officials, the commercial industry may
not be able to provide the necessary products for Internet Protocol
Version 6 by the targeted milestone. Also, the transition will not be
completed until a Joint Staff developed set of performance and
technical criteria can be met. In addition, because of the enormous
amount of data that will become available, new data fusion methods will
need to be developed to help users rapidly identify, access, and make
sense of available information.
Conclusions:
DOD is depending on the GIG to enable a fundamental transformation in
the way military operations are conducted. While DOD's vision of the
GIG is compelling, the breadth and depth of the GIG and DOD's
objectives for netcentric warfare, present enormous challenges and
risks--many of which have not been successfully overcome in smaller-
scale efforts and many of which require significant changes in DOD's
culture. Moreover, even though DOD has begun to make heavy investments
to implement the new network and to ask the military services to accept
its vision for the GIG, important questions as to how DOD will make the
GIG a reality and how it will oversee progress as a whole and ensure
the GIG is providing an adequate return on DOD's investment are only
just beginning to be addressed, leaving DOD at risk of making
investments that may not fit in with its vision for the future.
Moreover, many new weapon systems and sensors, which are costing DOD
tens of billions of dollars, are critically dependent on the future
network to successfully achieve their own capabilities. Any disruptions
in the schedule for key systems that support the network, therefore,
can have significant ramifications. As such, it is important that DOD
ensure it has sufficient knowledge about these systems (e.g.,
requirements, technologies, security) as it makes additional
commitments to them and that it has effective risk mitigation plans to
ensure that they can deliver promised capability on time. Our future
work, therefore, will assess DOD's progress in addressing these
challenges in more depth as well as its progress in managing key
acquisitions related to the GIG.
Agency Comments:
DOD provided technical comments on a draft of this report that we
incorporated where appropriate.
We plan to provide copies of this report to the Secretary of Defense,
the Assistant Secretary of Defense for Networks and Information
Integration, the Under Secretary of Defense for Acquisition, Technology
and Logistics, the Under Secretary of Defense (Comptroller), the
Director of the Defense Information Systems Agency, and interested
congressional committees. We will make copies available to others upon
request. In addition, the report will be available at no charge on the
GAO Web site at http://www.gao.gov.
If you or your staff have any questions about this report, please
contact me at (202) 512-3519, Cristina Chaplain at (202) 512-4859, or
John Oppenheim at (202) 512-3111. Other individuals making key
contributions to this report are Lily Chin, Arturo Holguin, and Yvonne
Vigil.
Signed by:
Robert E. Levin:
Director:
Acquisition and Sourcing Management:
[End of section]
Appendix I: Policies, Standards, and Guidance to Implement the Global
Information Grid:
Table 5: Selected Global Information Grid Policies, Standards, and
Guidance (2000 to 2004):
Policy/guidance: Deputy Secretary of Defense Memorandum, August 24,
2000;
(No. 4-8460);
Subject: DOD CIO Guidance and Policy on GIG Networks;
Key Objectives: This policy establishes the Defense Information
Systems Network (DISN) as DOD's networking capability for the transfer
of information in support of military operation in the context of the
Global Information Grid (GIG). It further specifies that DISN shall be
the means for wide-area and metropolitan-area networking unless granted
a waiver through the DISN/GIG waiver board.
Policy/guidance: Department of Defense Directive;
8000.1, February 27, 2002;
Subject: Management of DOD Information Resources and Information
Technology;
Key Objectives: This directive establishes policies for DOD information
resources management, including information technology, and delineates,
authorities, duties, and responsibilities for DOD information resources
management activities. It also provides direction on establishing Chief
Information Officers at various levels.
Policy/guidance: Department of Defense Instruction;
4630.8, May 2, 2002;
Subject: Procedures for Interoperability and Supportability of
Information Technology and National Security Systems;
Key Objectives: This instruction implements an approach that considers
both materiel (acquisition or procurement) and nonmateriel (doctrine,
organizational, training, leadership, and personnel) aspects to ensure
life-cycle interoperability and supportability of information
technology and national security systems throughout DOD. It also
implements an outcome-based, mission area focused process whereby
information technology and national security systems interoperability
and supportability requirements for new, modified, and fielded systems
are documented, coordinated, implemented, verified, and approved to
achieve an integrated, and secure information technology and national
security systems infrastructure supporting global operations across
the peace-conflict spectrum.
Policy/guidance: Department of Defense Directive 8100.1,
September 19, 2002;
Subject: GIG Overarching Policy;
Key Objectives: The directive states that the GIG shall support all DOD
missions with information technology, for national security systems,
joint operations, joint task force, and/or combined-task for commands
in a manner that offers the most effective, efficient, and assured
information handling capabilities available, consistent with national
military strategy, operational requirements, and best-value enterprise-
level business practices.
Policy/guidance: Department of Defense Directive 8500.1, October 24,
2002;
Subject: Information Assurance;
Key Objectives: The policy assigns responsibilities to achieve DOD
information assurance through a defense-in-depth approach that
integrates the capabilities of personnel, operations, and technology,
and supports the evolution to network-centric warfare.
Policy/guidance: Department of Defense Instruction; 8500.2, February 6,
2003;
Subject: Information Assurance Implementation;
Key Objectives: The instructions implements policy, assigns
responsibilities, and prescribes procedures for applying integrated,
layered protection of the DOD information systems and networks
referenced in DOD Directive 8500.1.
Policy/guidance: Department of Defense; Memorandum, July 7, 2003;
Subject: End-to-End Information Assurance for the Global Information
Grid;
Key Objectives: The policy establishes a goal to converge voice, video,
and data traffic over DOD's inter-network and the National Security
Agency (NSA) as lead in developing the information assurance component
of the GIG architecture.
Policy/guidance: Department of Defense Memorandum, September 29, 2003;
Subject: Internet Protocol Version 6 (IPv6) Interim Transition
Guidance;
Key Objectives: The policy establishes a goal of transitioning all DOD
networking to the next generation of Internet Protocol, IPv6, by fiscal
year 2008. As part of this transition, the strategy will be to minimize
costs by ensuring products and systems procured, acquired, or in
development after October 1, 2003, are capable of operating in IPv6
networks.
Policy/guidance: Department of Defense, Office of the Chief Information
Officer Memorandum, October 24, 2003;
Subject: DOD Net-Centric Data Strategy;
Key Objectives: The policy establishes a DOD-wide goal to
institutionalize the practice of identifying all data assets on the
GIG by fiscal year 2008. Information will be provided on each data
asset to standardize the way data are described and used for all IT and
national security systems. This practice will enable DOD to create
tools to query data assets across platforms.
Policy/guidance: Deputy Secretary of Defense Memorandum, November 10,
2003;
Subject: GIG Enterprise Services Implementation;
Key Objectives: The policy establishes a program to begin the
development of core enterprise services within the GIG as part of the
fiscal year 2006 program review process. Core enterprise services--such
as messaging, collaboration, services management, security, discovery,
and mediation--are to be developed to provide access and the delivery
of data and services across the department.
Policy/guidance: Chairman of the Joint Chiefs of Staff Instruction;
CJCSI 6212.01C, November 20, 2003;
Subject: Interoperability and Supportability of Information Technology
and National Security Systems;
Key Objectives: This instruction establishes polices and procedures for
developing, evaluating and providing interoperability and
supportability certification in support of the Joint Capabilities
Integration and Development System for acquisition category,
nonacquisition category and fielded capabilities.
Policy/guidance: Chairman of the Joint Chiefs of Staff Instruction;
CJCSI 3170.01D, March 12, 2004;
Subject: Joint Capabilities Integration and Development Systems;
Key Objectives: This instruction establishes the policies and
procedures of the Joint Capabilities Integration and Development
System. Procedures established in this instruction support the
Chairman of the Joint Chiefs of Staff and the Joint Requirements
Oversight Council in identifying, assessing, and prioritizing joint
military capability needs.
Policy/guidance: Deputy Secretary of Defense; Memorandum, March 22,
2004;
Subject: Information Technology Portfolio Management;
Key Objectives: This policy assigns responsibilities for managing
information technology investments as portfolios. It also establishes
that decisions on what information technology investments to make,
modify or terminate shall be based on architectures, risk tolerance
levels, potential returns, outcome goals, and performance.
Policy/guidance: Department of Defense Directive;
8100.2, April 14, 2004;
Subject: Use of Commercial Wireless Devices, Services, and Technologies
in the Department of Defense Global Information Grid;
Key Objectives: This policy assigns responsibilities for the use of
commercial wireless devices, services, and technologies in the DOD
Global Information Grid. It also directs the development and use of a
knowledge management process to promote the sharing of wireless
technology capabilities, vulnerabilities, and vulnerability mitigation
strategies throughout DOD and promotes joint interoperability using
open standards throughout DOD for commercial wireless services,
devices, and technological implementations.
Policy/guidance: Department of Defense Directive;
4630.5, May 5, 2004;
Subject: Interoperability and Supportability of Information Technology
and National Security Systems;
Key Objectives: The directive updates DOD responsibilities for
interoperability and supportability of information technology,
including national security systems, and implements DOD Chief
Information Officer's responsibilities. It also defines a capability-
focused, effects-based approach to advance information technology and
national security systems interoperability and supportability across
DOD and establishes the Net-Ready Key Performance Parameter to assess
net-ready attributes required for both the technical exchange of
information and the end-to-end operational effectiveness of that
exchange.
Sources: DOD (data); GAO (analysis).
[End of table]
FOOTNOTES
[1] U.S. General Accounting Office, Joint Warfighting: Attacking Time-
Critical Targets, GAO-02-204R (Washington, D.C.: Nov. 30, 2001).
[2] DOD defines the GIG to include "all owned and leased communications
and computing systems and services, software (including applications),
data, security services, and other associated services necessary to
achieve information superiority."
[3] TSAT is one of six initiatives under development as part of the
Transformational Communications System Initiative.
[4] The Cryptography Transformation Initiative is part of DOD's broader
Information Assurance program, which includes many security initiatives
critical to the GIG. The cryptography initiative is funded from
different program elements within DOD's Information Assurance program.
[5] A waveform is the representation of a signal that includes the
frequency, modulation type, message format, and/or transmission system.
In general usage, the term waveform refers to a known set of
characteristics, for example, frequency bands (VHF, HF, UHF),
modulation techniques (FM, AM), message standards, and transmission
systems. In JTRS, the term waveform is used to describe the entire set
of radio functions that occur from the user input to the radiofrequency
output and vice versa.
[6] "Information assurance is defined by DOD as measures that protect
and defend information and information systems by ensuring their
availability, integrity, authentication, confidentiality, and non-
repudiation. This includes providing for restoration of information
systems by incorporating protection, detection, and reaction
capabilities. "Department of Defense Directive 8500.1, Information
Assurance, October 24, 2002 (Certified current as of Nov. 21, 2003),
Section E2.1.17.
[7] Intelligence is defined by DOD as the product resulting from the
collection, processing, integration, analysis, and evaluation of
information. Surveillance is the systematic observation of places,
persons, or things through visual and other means. Reconnaissance is a
mission undertaken to obtain information about activities and resources
of an enemy or potential enemy or to secure data characteristics of a
particular area.
[8] U.S. General Accounting Office, Defense Acquisitions: Space-Based
Radar Effort Needs Additional Knowledge Before Starting Development,
GAO-04-759 (Washington, D.C.: July 23, 2004).
[9] Referred to as the Netcentric Operations Warfare Reference Model,
Version 1.0, December 2003.
[10] For several years, DOD has emphasized the use of a framework that
defines three types of architectures: operational, technical, and
system. A technical architecture is a set of rules to guide the design
of systems and consists primarily of a common set of standards and
protocols for sending and receiving information (e.g., Internet
protocol), understanding information (e.g., format standards), and
processing the information. The Joint Technical Architecture specifies
the minimum set of standards and guidance for the acquisition of all
DOD systems that produce, use, or exchange information.
[11] Internet protocol specifies the format of packets, also called
"datagrams," and the addressing scheme for communication transmissions
and virtual connections made over the Internet. Internet Protocol
Version 6 (also referred to as IPv6) is the latest version of this
protocol.
[12] IPv6 includes a transition mechanism that is designed to allow
users to adopt and deploy IPv6 in a highly diffuse fashion and to
provide direct interoperability between IPv4 and IPv6 hosts. The
transition to a new version of the Internet Protocol is intended to be
incremental and allow users to upgrade their hosts to IPv6, and network
operators to deploy IPv6 in routers, with very little coordination
between the two.
[13] A key performance parameter represent those critical performance
parameters so significant that a failure to meet a minimum value of
performance can call into question a system's ability to perform
missions.
[14] DOD's information technology budget (covering national security
and business systems) for fiscal year 2004 totaled about $28 billion.
Of this, about $10.5 billion was for modernizing systems and the
remaining $17.5 billion for operating and maintaining existing systems.
[15] U. S. General Accounting Office, Information Technology:
Leadership Remains Key to Agencies Making Progress on Enterprise
Architecture Efforts, GAO-04-40 (Washington, D.C.: Nov. 17, 2003).
[16] U.S. General Accounting Office, Joint Warfighting: Attacking Time-
Critical Targets, GAO-02-204R (Washington, D.C.: Nov. 30, 2001).
[17] U.S. General Accounting Office, Challenges and Risks Associated
with the Joint Tactical Radio System Program, GAO-03-879R (Washington,
D.C.: Aug. 11, 2003) and Force Structure: Improved Strategic Planning
Can Enhance DOD's Unmanned Aerial Vehicles Efforts, GAO-04-342
(Washington, D.C.: Mar. 17, 2004).
[18] U.S. General Accounting Office, DOD Business Systems
Modernization: Limited Progress in Development of Business Enterprise
Architecture and Oversight of Information Technology Investments, GAO-
04-731R (Washington, D.C.: May 17, 2004) and Department of Defense:
Further Actions Needed to Establish and Implement a Framework for
Successful Financial and Business Management Transformation, GAO-04-
551T (Washington, D.C.: Mar. 23, 2004).
[19] Defense Science Board Task Force, Tactical Battlefield
Communications (Washington, D.C.: Dec. 1999).
[20] U.S. Joint Forces Command, Joint Transformation Roadmap
(Washington, D.C.: Jan. 21, 2004).
[21] Joint Defense Capabilities Study Team, Joint Defense Capabilities
Study: Final Report (Washington, D.C.: Dec. 2003).
[22] C.A. Murdock et al, Beyond Goldwater-Nichols: Defense Reform for a
New Strategic Era, Phase 1 Report (Washington, D.C.: Center for
Strategic and International Studies, Mar. 2004).
[23] U.S. General Accounting Office, Satellite Communications:
Strategic Approach for DOD's Procurement of Commercial Satellite
Bandwidth, GAO-04-206 (Washington, D.C.: Dec. 10, 2003); Defense
Networks: Management Information Shortfalls Hinder Defense Efforts to
Meet DISN Goals, GAO/AIMD-98-202 (Washington, D.C.: July 30, 1998); and
Defense IRM: Investments at Risk for DOD Computer Centers, GAO/AIMD-97-
39 (Washington, D.C.: Apr. 4, 1997).
[24] GAO has conducted a body of work on best practices and found that
programs managed within a knowledge-based approach--where levels of
product knowledge are demonstrated at critical points during
development--are better positioned to deliver superior performance
within cost and schedule estimates. For example, a match between
program requirements and resources (mature technology, time, and
funding) at the start of product development is particularly important.
A high level of technology, time, and funding) at the start of product
development is particularly important. A high level of technology
maturity means that the technologies needed to meet essential product
requirements have been demonstrated in their intended environment.
[25] U.S. General Accounting Office, Defense Acquisitions: The Army's
Future Combat Systems' Features, Risks, and Alternatives, GAO-04-635T
(Washington, D.C.: Apr. 1, 2004).
[26] GAO has defined five categories of cybersecurity controls: (1)
access control; (2) system integrity; (3) cryptography; (4) audit and
monitoring; and (5) configuration management and assurance, that can
help as safeguards and countermeasures to protect agencies' information
technology networks such as the GIG network. Agencies such as DOD can
use network management to control and monitor networks to obtain status
data from components, make configuration changes, and alert network
managers to problems. See U.S. General Accounting Office, Information
Security: Technologies to Secure Federal Systems, GAO-04-467
(Washington, D.C.: Mar. 9, 2004).
[27] Cryptographic transformation involves altering data into a form
that conceals that data's original meaning to prevent it from being
known or used.
GAO's Mission:
The Government Accountability Office, the investigative arm of
Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office
441 G Street
NW, Room LM Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director,
NelliganJ@gao.gov
(202) 512-4800
U.S. Government Accountability Office,
441 G Street NW, Room 7149
Washington, D.C. 20548: