The Narrow Doorway: Big Data Opportunity at DISA

Published: July 01, 2015

Big DataDEFENSEDISA

Big data analytics are central to the cyber security solution being employed at the Defense Information Systems Agency and becoming familiar with DISA’s Rapid Deployment Kit is crucial to understanding where new business can be developed.

A short time ago, the Armed Forces Communications and Electronics Association (AFCEA) hosted a multi-day symposium in Baltimore, Maryland with the Defense Information Systems Agency. The topic of the symposium was defensive cyber operations, which DISA has been tasked with taking a lead role in for the Department of Defense as a whole. The centerpiece of DISA’s cyber defense efforts is the Joint Force Headquarters (JFHQ) Department of Defense Information Network (DoDIN), which exercises command and control of defensive cyber operations under the authority of a single commander. Establishing the JFHQ-DoDIN is a complex undertaking, both organizationally and technologically, and the information provided by DISA speakers only reinforced that fact. A lot of material was thrown at the audience during the two-and-a-half day event and I won’t attempt to recap it here. Rather, I’ll focus on one technology area – big data – in an effort to tease out where there might be business opportunities of interest to the readers of this post.

Without doubt, the most fascinating presentation of the symposium, from a pure technology perspective, was that on Cyber Situational Awareness as discussed by Dan Bart and Bob Landreth of the DISA Infrastructure Development organization. Although Bart and Landreth discussed many aspects of DISA’s situational awareness paradigm, the big data portion is the CSAAC, or Cybersecurity Situational Awareness Analytical Cloud. The CSAAC is a big data solution which defends DoD networks at the points where those networks connect to the Internet. Because all web traffic travels through these Internet Access Points, it is the logical place to monitor and analyze the data for anomalous patterns that could indicate suspicious activity.

The big data solution being used by the CSAAC is called the Rapid Deployment Kit (RDK), which was described by Landreth as “a DISA developed capability for ingesting and storing large data sets, building analytics, and visualizing the results.” The key phrase here for industry is “DISA developed.” The RDK is an internally built big data solution that leverages “open source and unclassified components,” as well as “technology transferred from other DoD entities;” meaning that knowledge about the technical aspects of the CSAAC are privy only to DISA personnel and the handful of vendors who provide Jack Wilmer’s Infrastructure Development organization with support.

So, given this situation where is the narrow window of opportunity to which the title of this post refers? It is in providing software, particularly advanced analytical capabilities that are 1) open source, 2) commercial-off-the-shelf, and which 3) offer features that the RDK does not already provide. DISA wants new analytical capabilities to augment what it already has, but it is difficult to understand what those capabilities are. This means that cleared vendors must speak to the right people in the Cyber Security Division or establish a mutually beneficial relationship with Northrop Grumman, the contractor that was awarded a $74 million task order in March 2015 for operation of the Acropolis big data storage portion of the CSAAC.

This is a narrow window indeed. There is, however, another possible business development avenue to be explored. This is in the process of helping to “enable collaborative analytic development across the DoD.” Remember, the RDK is a kit intended for the building of analytics and while I do not know technical details about the RDK it sure sounds the objective is to use it as the basis for developing cyber security analytic solutions in other parts of the DoD that are compatible with CSAAC. Becoming more familiar with the technical details of the RDK seems critical, therefore, if vendors interested in doing big data work at DISA wish to uncover the opportunity.