Battlefield AutomationOpportunities to Improve the Army's Information Protection Effort Gao ID: NSIAD-99-166 August 11, 1999
The Army's modernization objectives over the coming decade include the integration of information technologies to acquire, exchange, and use timely information throughout the battlescape. Information technology integration--or digitization--is to be implemented throughout the Army through the fielding of more than 100 individual systems. The Army's digitization efforts are projected to cost $20.8 billion between 2000 and 2005. The Army expects this investment to increase survivability, lethality, and the tempo of operations. However, the Army also recognizes that reliance on digitization could make its command and control systems more vulnerable to enemy activities, such as jamming and computer network attacks, and it has developed a general strategy for implementing information protection into the design of the digitized battlefield. This report evaluates the Army's development and acquisition plans for command and control systems that will be a part of future digitized battlefield units. GAO examines the Army's protection plan to determine whether it ensures sufficient assessments to test and develop the defensibility of the digitized battlefield against command and control warfare attacks.
GAO noted that: (1) the Army has carried out a number of assessments to test and develop the defensibility of digitized battlefield systems and forces, but its protection plan does not ensure sufficient vulnerability assessments; (2) while the Army's plan provides a general strategy for implementing information protection into the design of the digitized forces, it does not constitute a detailed implementation plan, one that lays out the specific systems, networks, and infrastructures covered; their information protection requirements or needs; the information protection knowledge and knowledge gaps for those systems; and the tests or other events that will be used to fill specific knowledge gaps and address previously identified weaknesses; (3) without such a detailed implementation plan, systems vulnerabilities that might otherwise be identified may not be exposed and fixed and the substantial investment made by the Army could be at risk; (4) additionally, without a plan that identifies specific needed events, adequate funding may not be made available for needed activities, and valuable test opportunities could be lost; (5) furthermore, systems could be developed and tested under requirements that are not aligned with the goals and needs of the Army's protection plan; (6) for example, GAO found that a key digitization effort does not have a minimum requirement for development of the protection concept outlined in the Army's protection plan; (7) as a result, systems could be developed without providing features needed to achieve that concept; (8) GAO also found that the system that is the centerpiece of the Army's digitization efforts has a key performance requirement that is set for a non-jamming environment and is not conducive to judging whether sufficient protection has been achieved; and (9) while the Army has already undertaken a number of activities laid out in its protection plan, much remains to be done as its digitization efforts are to extend over the next decade and be implemented through the development, production, and fielding of over 100 individual systems.Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.Director: Team: Phone: