Air Force turns to Microsoft for network security

The U.S. Air Force is drafting Microsoft to help simplify its networks and software contracts, a move that could improve its computer security and deliver savings of $100 million.

The Air Force is consolidating its 38 software contracts and nine support contracts with Microsoft into two all-encompassing, agencywide agreements, according to a statement seen by CNET News.com.

The contract, done in conjunction with Dell, will call for the installation and configuration of software as well as ongoing maintenance and upgrades. The deal, which includes 525,000 licenses of Microsoft's Windows and Office, is valued at $500 million over six years, according to Microsoft.

The move is part of the "One Air Force, One Network" strategy that the Air Force plans to announce Friday. An Air Force representative confirmed many details of the announcement, including that it is expected to save the agency $100 million over six years.

"The consolidation will result in standard configurations for all Microsoft desktop and server software," the Air Force said in the statement. "The standard configurations will enforce rigorous security profiles and will be updated online with security patches and software updates."

Microsoft representatives confirmed that the company will work with the Air Force to define security configurations for the agency's desktop and servers. The representatives also said the deal includes an agencywide help desk service contract.

The Air Force deal differs from that of other government agencies because it will involve more custom work around security, and because the Air Force has taken an agencywide approach to procuring software and services, said Curt Kolcun, the general manager of Microsoft's federal business.

"By working together in this way, we can get a better understanding of what we need to do to our technology and how it will be applicable for commercial products, as well as other agencies," he said.

Government agencies have come under ongoing criticism for not buttoning up their network security. Last year, the U.S. Department of Defense got a 'D' in network security on the Federal Computer Security Report Card. The House Committee on Government Reform has not released this year's report card results.

The Department of Defense has historically been the most lucrative client for information technology companies.

Microsoft's responsibilities also will include implementing an Air Force-wide compliance policy, automating the patching and tracking of software applications, and building a unified help desk, according to a public contract announcement.

The Air Force expects to test all potential applications by mid-December to find out whether the software can be part of the agency's new network. The agency's security initiative is scheduled to be completed by October 2005, the Air Force stated in a contract announcement late last month.

CNET News.com's Martin LaMonica contributed to this report.

[cschlise]

Just Like NMCI

This sounds very similar to NMCI which is managed by EDS. CNET News has some updates about that (below) company that aren't exactly flattering. NMCI is a big mess and the Navy and Marine Corps are dumping a lot of taxpayers money into something that doesn't work as advertised and is still being "developed" even though it's supposed to be mature. Hopefully the Navy won't renew the contract when it expires in two years.

http://news.com.com/Deeper+trouble+vexing+EDS+and+other+data+services/2100-1014_3-5437204.html

[akhenatonelmarna]

Marriage Equality for in-bred Oxymorons

Two oxymorons have wed: "Miltary Intelligence" and "Microsoft Security". The Federal Computer Security Report Card gave the Department of defense a "D" last year. This year it will be an "F"

Aior Force Stupidity

The head contracting official for the Air Force was sent to prison
for taking a job with Boeing. But the real scandal was her "gifts"
to large companies like Microsoft's contract.

Security for the Air Force will be more tenuouus having identical
configurations which make a saboteur's job more focused!

Dumb but typical of Air Force contracting!

Isn't this like

Letting a pedophile watch your kids

Asking a drug addict to work at a pharmacetical company.

This is too funny

[djugan]

US Air Force flying blindly into 21st Century

This is the kind of story that will drive many IT workers into a fit of laughter or, a week of mourning for the future of the United States.

Of course, there's been plenty of news like this going around lately throughout the country.

[David Arbogast]

What I find funny....

What bothers me, is that people who hate Microsoft are so blinded by their feelings that they will suggest the most successful software company in the world is a joke, and now, at the same time, suggest that the world's greatest Air Force is also a joke.

Is it possible... just maybe... that the Air Force conducted an exhaustive review of their options and found the best solution to be one presented by Microsoft?

No... not if you ask people around here.

Because after all... those who hate Microsoft have conducted far more detailed research than the Air Force ever would... right??

Or not.

Just goes to show you. Some of the very best organizations in the world are successful and productive using Microsoft technology. The blind discrediting really is unfounded.

[paleobones]

Re: What I find funny....

"The standard configurations will enforce rigorous security profiles and will be updated online with security patches and software updates."

There's an example of your "world's greatest Air Force" showing their security incompetence. I'm hoping that "online" means "from their own SMS system" instead of "from the Internet using Windows Update." But this is a press release, so they probably do mean to imply that "all 525k workstations will connect to Windows Update to get the latest patches and updates." First rule of Windows security: Don't install software that hasn't already been vetted by the sysadmins.

And with 525k identical workstations (I don't know if that's how many actual machines they will have; working off the quoted license purchase) using online updating, it would be trivial to introduce a Slammer-like worm that would spread to all 525k workstations in no time flat (ask Continental Airlines how long it took them to clean up just 3500 workstations).

With MS, it only takes *1* machine to put at risk the entire "One Air Force; One Network." The only way to truly keep a MS network safe is to disconnect the MS network from the Internet (which I would hope our friends in the Air Force are planning to do).

As a side note and being a security professional, I find the MS lobbying to high officials in our govt disturbing. For example, the DHS (which flunked the security report card with the lowest score last year) also signed a multi-hundred million dollar contract w/MS just after BillG paid a personal visit to Tom Ridge. All the while the DHS had developed in house (NSA) one of the most secure general-purpose OS's to date (SELinux). To me, these contracts w/MS only show heavy payoffs and kickbacks to procurement officials and *not* any security advantage using MS's products.

Define successful

What has MS invented?

Their 'success' is built of theft and deciet, nothing more.

Stop trolling

Even funnier

Is that anyone rational person or organization could even consider MS when looking into network security. MS has never, not once, developed a system that is reasonably secure on its own.

Please stop sucking arse, it is a disgusting habit.

[Not Bugged]

are you kiddin?

Ever since when does Microsoft know anything about security? If they do know about security then why are all their consumerproducts as insecure as H...? I really don't understand why the NAVY goes to the producer of the most Insecure software around (in the world)