The Department of Defense’s ability to ensure the highest performance of its Mission-Essential Functions (MEFs) is at growing risk. Adversaries are seeking any means to cripple force projection, warfighting, and sustainment capabilities by targeting critical defense assets both within the United States and abroad.
Mitigating risk to DOD’s command, control, communications, computers and intelligence (C4I) assets through a comprehensive, synchronized approach is the job of DISA’s Mission Assurance Branch.
Whether it’s part of the deliberate planning process or analyzing courses of action for a contingency, such as a natural disaster, the Mission Assurance Branch ensures the Defense Information Systems Network (DISN) experiences minimal disruption.
Although MEFs are spread across all domains, they all utilize DISN equipment, infrastructure, and facilities, and it is DISA’s charge to analyze, assess, and report shortfalls and gaps to key decision makers.
“Mission assurance is critical,” said DISA’s Mission Assurance/Critical Infrastructure Protection Branch chief, Fred Ruonavar. “We have to determine what the DOD is able to do, determine appropriate support plans, determine where information falls in the three-phase process, and determine what assets are required.”
Because the DOD relies so heavily on the DISN, any interruption to the critical infrastructure could severely affect DOD’s ability to execute its mission, thus negatively impacting the warfighter.
Partnering with the combatant commands, DISA’s Mission Assurance Branch analyzes annual task critical asset requirements while remaining agile enough to address contingencies that may appear without warning.
Ruonavar said DISA's Mission Assurance Branch takes an aggressive approach when assessing DOD’s top contingency and operational plans. He stressed the DISA headquarters team doesn’t operate in a vacuum, and said coupled with strategic partners located around the globe, they are able to analyze seams and gaps associated within mission essential functions and tasks.
Ruonavar said mission assurance has never been more critical than it is today.
“Twenty years ago, we would have never been discussing flying unmanned drones,” he said. “However, today, we need to plan for situations where an unprecedented amount of bandwidth is required. In the future we’ll be flying squadrons of unmanned fighter jets — latency and interruptions are simply not options to the modern warfighter.”
The cyber domain’s significance places mission assurance as a top priority for the DOD … so much so, the department established policy and assigned responsibilities for MEFs directly relative to mission execution. Under DOD Directive 3020.40, dated Nov. 29, 2016, the department set goals to achieve the highest level of mission effectiveness though mission assurance planning.
The planning is important, according to Ruonavar, because there are 1.4 million active-duty members that could be deployed across more than 150 different nations.
“These partnerships support air, land, sea and the cyber domain where more than 15,000 different applications are being used,” he said. “This is why mission assurance is critical.”
In an effort to pass along lessons learned and subject-matter expertise, Ruonavar said his branch holds Critical Information Infrastructure Protection courses on a regular basis.
The syllabus focuses on assisting critical infrastructure protection stakeholders by determining what is important and how to prioritize risk mitigation measures, including single points of failure and a gap analysis of C4I infrastructure, which directly supports the warfighter.
“These courses provide a better understanding of the DOD’s mission assurance strategy, how the DOD applies the strategy, and how DISA fits into the mission assurance landscape,” Ruonavar said. “Attending is a great way to gain better understanding of the different mission sets of the combatant commands and how those mission sets can be impacted with a loss of critical infrastructure.”
Those desiring to learn more about critical infrastructure protection and threats; the mission assurance process; industrial control system security; supply chain risk management; and legal challenges should contact DISA’s Mission Assurance Branch at 301-225-3380.