FORT BELVOIR, Virginia, Nov. 20, 2015 —
Logistics professionals rely on accurate information from official data sources to ensure warfighters have the supplies they need to complete their mission. The most common and safest tool to ensure warfighters have what they need when they need it is the web-based Federal Logistics Information System, otherwise known as “WebFLIS.”
WebFLIS provides visibility to more than 16 million items of supply used by the Defense Logistics Agency, military services, government agencies, and contractors that perform business with the U.S. government and North Atlantic Treaty Organization allies, said Tim Bunnell, DLA Information Operations team lead in the WebFLIS sustainment office in Battle Creek, Michigan.
The system provides all the essential information about a supply item including its national stock number; item name; manufacturer, company and supplier; and physical and performance characteristics. It also lists hazardous material indicators, demilitarization codes, substitutable items and other data.
One of the biggest benefits of WebFLIS is that it provides logistics information not just for DoD, but for the entire federal government, Bunnell said. The system is updated multiple times a day, making WebFLIS’ information more current than what’s available on commercial websites, he added. In addition, WebFLIS contains sensitive and proprietary data that is not authorized for release to the general public, allowing users additional capabilities that cannot be replicated by unofficial systems.
WebFLIS not only offers a more complete and accurate data record, it can also help users eliminate the risks that come with using commercial websites, said Charles Docherty, a DLA Information Operations cyber security lead in Battle Creek, Michigan. Users who trust the wrong website for logistics data can compromise DLA’s supply chain since there is no way to validate the information stored by commercial sites, he said.
“Even if the website claims to have received information from an official source, how do you know if the information is still current or accurate?” he continued.
Docherty said users can easily come across fraudulent commercial websites by simply Googling the names of DoD automated information systems. He warned that the companies behind those websites may try to collect DLA’s data in an attempt to repackage and sell the information back to the military services and other federal agencies.
“While these websites may give the appearance of being affiliated with the federal government, they are actually unofficial commercial websites that should not be used to conduct official business,” he said.
In one example, Docherty said a customer attempted to search for an official DLA system, but inadvertently followed the wrong link back to a commercial website instead. After asking a DLA program management office for help verifying the accuracy of the system’s data, DLA staff determined that the website was actually an unofficial site with inaccurate data.
Besides risking the use of outdated or inaccurate information, users also need to consider how unofficial sources can make them vulnerable to “phishing” attacks. A fraudulent website trying to look like an official source may offer logistics data as bait to obtain the information from users, similar to an email-based attack.
“The first thing users should look for is whether the website is both secure and hosted by either a .gov or .mil domain,” Docherty said. “Next, verify that the website has a valid certificate and certification path by clicking on the padlock icon in your web browser’s navigation bar. The certification path for military websites will usually point back to a DoD root certificate authority.”
Docherty said most DoD automated information systems will also require user registration and many have implemented common access card authentication. The WebFLIS 2.0 version requires users to register for an account through DLA’s Account Management and Provisioning System, which assigns role-based permissions for each WebFLIS user.
Adopting these new security changes protects the users and system by using dual factor authentication, encryption, role-based accounts, DoD certificate authorities, and login and inactivity timeout policies, Docherty said.
He cited a case in which a customer thought a commercial website was more convenient to use because it didn’t require registration and didn’t have a timeout policy.
“It’s important to take the time to register for official systems, because it’s far more important to wait and have the right information than to have the wrong information right now,” he said.
As for websites that either give the appearance of being official or claim to be an alternative for an official federal or DoD site, users should follow the advice, “If you see something, say something,” Docherty said.
He encouraged users who see these types of websites to report them to their senior leadership, adding that, by reporting sites, users can help ensure the agency doesn’t compromise security or introduce defective or counterfeit items into the supply chain.
Logistics professionals can find official data through these search tools:
Public Logistics Data (PUB LOG FLIS)
Federal Logistics Data (FED LOG)
FLIS Portfolio Data Warehouse web services.
To inquire about an item of supply,
contact DLA’s Customer Interaction Center
or visit Logistics Information Services
to register for one of DLA’s automated information systems.
DLA Customer Interaction Center (DLA CIC)
Toll Free: 1-877-DLA-CALL (352-2255)