Roles and responsibilities of Army unit commanders
Local approving authorities receive permission to connect local secret networks with specific configurations to the SIPRNET. (Incidentally, for purposes of SIPRNET connections, all Army unit commanders are local approving authorities because they have no direct control of the SIPRNET backbone, only their local networks. This is regardless of rank or position.) Once the local unit receives authority to operate its network, the local unit can make changes to the secret LAN within the scope of the original authority.
For example, if a secret local network was approved within a building and the commander wants to expand the network to another part of the building, this is completely acceptable as long as the required physical security requirements are met. All the local commander needs to do is inform the SIPRNET authorities of the change and document it. There is no reason for a completely new authority to operate.
However, these are the only types of changes the local commander can make without express permission from SIPRNET authorities outside the Army.
For example, if a unit is deploying from Europe or the continental United States to the Middle East, it’s reasonable for the unit commander to expect SIPRNET capability upon arrival. Planning for this new connection requires time. Too often, the request is forgotten and so the unit’s communications officer just “makes it happen” upon arrival in the Middle East, ignoring any security issues.
One way communications officers make it happen is to request a normal communications link, place military-grade cryptographic devices on each end and pass SIPRNET traffic through the link. Another way is to tunnel SIPRNET traffic through the unclassified military network or through the Internet via Taclane or Network Encryption System encryption devices. While either method is technically correct, the local commander bypasses SIPRNET authorities if either is used without permission, because both methods effectively extend the SIPRNET, changing the basic backbone configuration. Remember, no officer in any Army unit can grant permission to change SIPRNET connections or topology.
In summary, the local or regional commander/authority:
* May not grant interim or final approval on the design or equipment configuration for a new SIPRNET circuit. Only the SIPRNET DAAs or the DSAWG may approve the new circuit. Also, the local or regional commander/authority may not accredit the circuit or equipment configuration without having it verified by a DSAWG/SIPRNET project-manager designated activity;
* May not grant interim or final approval for the design or equipment configuration for a major SIPRNET topology change. This includes tunneling the SIPRNET through new or existing non-secure Internet-protocol router network or Internet connections, or extending an existing SIPRNET installation beyond the scope of the current accreditation;
* May not approve the interconnection of the SIPRNET with any other network. This includes interconnecting the SIPRNET with the NIPRNET, Internet or anything else, or enabling a secret-and-below-interoperability guard such as a mail guard, data guard or data diode;
* May disapprove any design or equipment configuration submitted by subordinates;
* May authorize the expansion of the local classified SIPRNET LAN within the scope of an existing accreditation, as long as the accreditation change is documented and submitted up the SIPRNET approving chain;
* May regularly change the configuration for tactical SIPRNET connections. Tactical connections include those provided by mobile-subscriber-equipment and triservice-tactical type of systems. This is within the scope of the tactical-system accreditation. This authority does not include the long-haul or local fixed circuits that connect the tactical systems to the SIPRNET backbone.
COPYRIGHT 2003 U.S. Army Signal Center
COPYRIGHT 2003 Gale Group