Terry Halvorsen, CIO, US Department of Defense
This is the Department of Defense’s (DoD) primary mission. Our IT infrastructure must effectively and efficiently support this wherever, whenever and however the mission calls.
There has never been a time of such opportunity to transform. Rapid innovations in technology present unlimited potential for advancement, while also garnering unknown risk from adversaries. We face a future that is increasingly dynamic, connected and global; we cannot afford to stand alone. By exploiting the power of the modern enterprise, the DoD’s IT infrastructure will flexibly and securely transform data into actionable information, increase mission-effectiveness and efficiency, all while maximizing the return on investment.
“To provide the military forces needed to deter war and to protect the security of the United States.”
A foundation of this streamlined and more efficient enterprise infrastructure are the Joint Regional Security Stacks (JRSS). These regionally based, centrally-managed suite of commercially-available network security appliances are truly a game changer. Prior to JRSS, the DoD had more than 1,000 disparate network security suites on its classified and unclassified networks, supported by separate, individualized, localized Service and Agency systems. As Services continue to migrate to JRSS, the attack surface is declining to the end-goal of approximately 50 points on the network. This baseline will also provide a more mission-effective, coherent, singular security architecture for cyber defenders. As JRSS is further operationalized, cost efficiencies will increase as resources and expertise are pulled together to identify common solutions and capabilities for the DoD.
“The DoD’s IT infrastructure will flexibly and securely transform data into actionable information, increase mission-effectiveness and efficiency ’’
Transforming DoD Landscape
The department is rapidly transitioning more than three million Windows-based desktops, laptops, and tablets to a single common operating system—underpinned by a secure host baseline. Previously, the DoD’s network was a mix of operating systems, ranging from up-to-date, to near or at end of service. This disparity led to differences security levels of the network and sub-optimal use of the Department’s finite resources. As the transition progresses, benefits are quickly being realized, from increased cyber posture, to enabling quicker software patching, to enterprise-wide adherence to DoD security standards for computers. Also, adopting a common operating system will help leverage shared applications and enterprise solutions for areas such as data storage and cloud computing. While this transition is aggressive and unprecedented in size, all the Military Services are actively moving forward with deployment.
Another way the Department will gain efficiencies inherent in a less complex environment is through a Hybrid Cloud Environment that consists of a mix of on premise government, and on and off premise commercial cloud services; DoD IT enterprise services; commercial data centers; and more efficient DoD data centers. An optimized distributed compute environment is critical to enabling a more agile and defensible, and less costly IT environment. Recently, the DoD awarded an onsite managed service contract that will provide an application agnostic, elastic infrastructure, in which programs only pay for what they use. By reducing the footprint-both physical and virtual–security will improve and costs will be reduced.
While proven and procurable commercial technology is important, the Department must have a workforce that understands that everyone—regardless of their role—is accountable for maintaining the cybersecurity of our IT infrastructure.
Starting with the Cyber Basics, we have been building a culture of cyber discipline. Tools such as the Cybersecurity Discipline Implementation Plan and the Cybersecurity Scorecard have drawn attention to progress made across the Department. The Cybersecurity Scorecard reports organizational progress and is reviewed monthly by DoD leadership—making cybersecurity the commander’s responsibility. We are also working to ensure our acquisition workforce understands and builds cybersecurity into acquisition efforts.
Next, the Department has a holistic plan to ensure the Cyber/ IT workforce has the cutting-edge knowledge and expertise to offensively and defensively protect our infrastructure. We are creating a new civilian cyber workforce outside the strictures of the traditional civil service system. This gives the department more flexibility to hire and pay employees in critical cyber posts. Additionally, the DoD is leveraging exchange programs, such as the Information Technology Exchange Program, to increase the sharing of best practices between the department and industry.
Collaborating for Mission Success
Once again, the Department cannot do this standing alone. The landscape is moving too fast and is the world is too connected. The DoD needs to leverage what I call “Our secret weapon Industry.” Collaboration with industry partners is integral to our success. This requires us refocus how we work and think–to push boundaries, and often change the conversation. By talking in terms of capabilities needed, rather than pushing out complicated technical requirements, industry is able to look at the full range of solutions and trends, versus building to a prescribed, and narrowly set of technical requirements based on perceived needs of today.
The dialogue needs to be two way engagement. This has started and will continue. Recently, we also wrote our cloud security guidelines with significant industry dialogue. In addition, we sought out industry input when we streamlined our agile accreditation process. This was based on feedback that the process was overly burdensome and did not take into account best practices to increase overall effectiveness.
The connected and highly contested strategic landscape that we face demands a seamless, transparent DoD IT infrastructure that transforms data into actionable information and ensures dependable mission execution in the face of the cyber threat. By leveraging the power of the Department of Defense’s enterprise and the knowledge of those with deep expertise, our IT infrastructure will become a cornerstone for tomorrow’s operational landscape that extends the battlefield that extends into space and cyberspace.