DISA Rolls Out Corporate Denial of Service
Everyone used to bitch and moan about AKO (Army Knowledge On-line) as a horrible email solution for the Army – with its outdated interface and horrendously small storage capacity. But there were always workarounds for exemptions on storage, the BETA program for a modern OWA UI and bypassing the whole thing with IMAP. Oh, if we could only have that old system back.
Then DISA found it in the best interest of the Army to roll-out Enterprise Email. It’s kind of like a self-imposed denial of service. Login is only possible with a CAC which of course requires everyone to have compatible hardware and operating system drivers (at first this left everyone stuck on Internet Explorer and Windows ... hardly a "more secure" option). Whether you have a CAC or not, the system continually blasts you with pop-up windows to re-enter your PIN … sometimes as often as every ten minutes. Even if you enter the PIN, it will still time you out in the middle of your work causing it to be lost. Somehow, they’ve taken a working Microsoft product (OWA) and mutilated it so the page doesn’t render properly in anything but Internet Explorer. If it happens to die, the page will NEVER come back unless you close your whole browser down and re-open it – the rest of your tabs and work be damned. I used to be accessible to my subordinates and unit nearly at all times with my SSL IMAP access from home and work machines. But then I had to have CAC readers installed at work just to access the page and as I mentioned before, it continually times me out or fails the PIN re-entry because my screen locked. Needless to say, the inconvenience of it all means I only check once a day every couple of days now.
Their roll-out strategy was even worse. When a commercial entity migrates its IT systems, they usually attempt to do it as unobtrusively to their users as possible because lost productivity equals lost revenue. Not the Army … everyone was forced into having a new e-mail address created for them. They were forced into a (supposedly) hard changeover from one system to another. Their existing mail was not automatically migrated. Users were advised they had to do this on their own by creating Outlook .pst files (not using Outlook? not DISA’s problem) and then sending these enormous files to a helpdesk that may or may not actually perform the import. Forwarding from your old address to the new address was not automatically performed. Users were given instructions on how to do it, yet for several months the page that actually allowed you to forward wasn’t offering the option. Prior to your changeover date, the new account was actually receiving email for you without any indication to your old account causing personnel to accuse one another of never replying or never disseminating information. And vice versa, after the changeover messages were still diverted to the old account. Theoretically, active duty was “okay” since their enterprise accounts were supposed to map to local DOIM exchange servers but everyone else like the one and a half million Reservists and National Guardsmen were left in the cold to deal with OWA exclusively because the Outlook accesses were restricted to .mil networks only, too bad you don’t have government lines running into Fort Living Room. If you happened to be a dual-status Reservist and government civilian … you’re treated to twice the fun with extra accounts and multiple CACs, etc.
So thanks DISA … you’ve demonstrated once again that the military will do whatever it wants regardless of the best practices established by industry (via the professional contractors you should be hiring - but not the Russian ones you did hire).
From DISA’s published strategic plan (pdf), “DISA will support the Department’s priority to rebalance our communications and services in the Asia-Pacific region, as well as “Operate Effectively in Cyberspace,” (FAIL) and will play a critical role in the Department’s efforts to provide modern armed forces with reliable information (FAIL) and communications networks and assured access to the cyber domain.” DISA would best serve the DoD by contracting its services to adversaries of the United States and reducing their effectiveness not via covert cyber operations but via the overt application of its infrastructure plans. Who knows, maybe the adversary will even pay our government for it.