Why we need to follow the rules

The SIPRNET is a fairly fragile system with more than 400,000 users, equally sharing risk. There are very few internal controls and little compartmentalization within the system--once you have access, you're in. Because of the system's fragility, physical-access controls must be kept tight. A poorly secured computer with dial-up secret access in Chicago is just as much of a threat as a misconfigured system in the Middle East.

One aspect of physical security is to know where the system extends and how it's secured. These details are part of the normal SIPRNET connection-approval process. If a unit extends its secret network to another location without permission or interconnects the secret LAN with the Internet because it makes administration easier (this actually happens), the unit puts all networks connected to the SIPRNET at risk. One possible consequence of ignoring the rules is having the unit's SIPRNET connection terminated, regardless of the operational consequences (this also happens from time to time).

Operational security today is paramount. Properly secured, configured and documented networks are an integral part of operational security for network-centric warfare. Otherwise, the network cannot be fully trusted ... and an untrusted network is useless. No networks, no network-centric warfare.

REFERENCES. CJCSI 6211.02A, Defense Information System Network and Connected Systems; DISA, SIPRNET Customer Connection Process Guide; DISA, AUTODIN message 121713Z DEC 95, subject: SIPRNET interim-connection requirements.

More information about the SIPRNET connection process can be found at http://giap.disa.smil.mil.

COPYRIGHT 2003 U.S. Army Signal Center
COPYRIGHT 2003 Gale Group