The DMZ provides a buffer between the DoD’s unclassified network and the internet, explained Dave Mihelcic, DISA’s chief information officer.
"If we are under a cyber attack we could potentially crank up the level of security for most of our servers inside and yet leave certain critical e-commerce servers open to the internet, still with security controls, but we don't have to cut them off", Mihelcic told the crowd at a Jan. 6 lunch sponsored by the DC chapter of the Armed Forces Communications and Electronics Association. His remarks were quoted in a Federal News Radio article.
The DMZ is a “collection of services to secure both inbound and outbound traffic, and control what is exposed and what isn't", he said.
DISA developed the DMZ program in 2001 in response to the CodeRed and nimda malware attacks against DoD networks, but the agency is significantly expanding its use across the department’s networks over the next two years.
"What will take two years to complete is the migration of all of the service applications behind" the DMZ, Mihelcic said. "That migration is not necessarily moving a box place-to-place, but really redirecting traffic through this capability. We have a plan working with the services to do that."
Richard Hale, DISA’s chief information assurance officer, told the luncheon that the agency wants to provide DoD unclassified network users with multiple access points to the internet while beefing up “perimeter defenses” at the same time. Hale said that the agency plans to change the name of the program from DMZ to Project Lightning.