Test report: AFNet effective, suitable, mission-capable|
by Chuck Paone
66th Air Base Group Public Affairs
3/23/2011 - HANSCOM AIR FORCE BASE, Mass. (AFNS) -- The effort to manage Air Force web and email operations as one, consolidated enterprise took a giant step forward March 18, with release of a testing report on Air Force Intranet Increment 1, referred to as AFNet Inc 1.
The Air Force Operational Test and Evaluation Center's evaluation showed that AFNet Inc 1 is "suitable, effective and mission capable." This helps clear the way for the main operational user, Air Force Space Command's 24th Air Force, to fully deploy the capability.
AFNet is both a network defense and network management tool, said Vince Ross, the program manager of the Air Force Electronic Systems Center's Cyber Integration Division.
"The Air Force had been operating with a base-centric model, which eventually evolved to a major command-centric model, but we'd never managed the entire Air Force network as a single enterprise," he said. "That meant there was no centralized management of the network, that systems and hardware weren't standardized, and that top-level commanders didn't have complete situational awareness."
It also meant that the network had too many entry points. Each entry point represented a security threat. AFNet consolidates operations to reduce the Air Force's 100-plus independent NIPERNET connections down to 16.
"We're ushering in a new era of network security for the Air Force," said Ronnie Carter, the system program manager, noting that, in addition to the nearly 85 percent reduction in entry points, additional security tools are being added to the network.
The added security is a result of the AFOTEC testing and by data derived from the sites where AFNet Increment 1 has already been implemented, especially across Pacific Air Forces bases.
"Sixty percent of all incoming message traffic at those bases has been blocked," said Capt. Michael Crowl, the deputy program manager for test on the program. "And everything blocked needed to be blocked. It was either malicious or it was spam, which in itself can be harmful, in that it's often designed to slow down and degrade network effectiveness."
Air Force Space Command officials have been impressed with the results and have been pushing to accelerate deployment, Mr. Ross said.
"Now, they can do so with even more confidence," he said.
The entire Air Force should be operating this way by the end of the fiscal year, according to Jan Krajewski, the lead engineer, who has been working on the project since 2003.
Mr. Krajewski recalled the early attempts to build a MAJCOM-focused system, which was primarily a cost-effectiveness exercise. However once the MAJCOMs took control of their own networks, the leap to Air Force-level control met resistance.
"We had to make the case to the MAJCOMs that this really was in everyone's best interest," he said.
They had to design, redesign and continually test the concept, to make sure such a large enterprise-level system would work as promised, he said.
"We didn't have any existing model to go on," he said.
But all the design work and developmental testing -- as well as the formal AFOTEC testing, of course -- has paid off, he said.
"Everyone agrees now that this is the right way to go and a huge step forward," Mr. Ross said.
None of which suggests that no problems are expected. Indeed some have already been anticipated.
"We know we're going to make the network a lot more secure, but we're not necessarily going to make it faster," Mr. Ross said, acknowledging that fewer entry points could lead to congestion.
However, planned technology upgrades should continue to enhance capacity and thus speed. Those upgrades will also help the system stay ahead of the ever-evolving threat curve, he said.
Nearly all of this will be -- and already has been, at early-implementation sites, including Hanscom AFB -- transparent to users.
"The only thing they're noticing is a lot less spam," Mr. Ross said.
He also emphasizes that AFNet really is about "controlling the Air Force's front door." Point-to-point email exchanges from users within the network are not a major focus, and recent email issues with the network have nothing to do with AFNet.
"AFNet is about keeping threats from getting into the network, and the AFOTEC report validates that we're executing on that requirement," Mr. Carter said.