The Defense Information Systems Agency, the Pentagon’s lead information technology arm, wants the military to have an enterprise network that spans and utilizes the IT resources of every military branch and agency.
It wants that network to be highly resistant to cyber threats and to be so reliable and so agnostic to the devices that connect to it that users and developers no longer have to think about which piece of hardware they’re using on a day to day basis. Instead, things will just work, and new technologies come on board as soon as possible.
DISA, at the agency’s annual customer and industry forum in Baltimore this week, is telling the public and private sector entities that it works with that it intends to do all of the above, even in a climate in which budgetary resources are declining. Or maybe because they are declining.
Tony Montemarano, DISA’s component acquisition executive, said military leaders in every branch and agency now recognize that DoD has to run its IT functions more efficiently.
“I’ve never seen the leaders of every military department coming together and saying that we’ve got to make this more effective,” he said. “I believe the time is right. The time is close. It’s within reach. People have to get religion and know that we can bring this stuff together.”
Getting religion, however, does not mean subservience to the church of DISA, said Lt. Gen. Carroll Pollett, DISA’s director. In a roundtable meeting with reporters this week, he said his goal is to move DoD into a space in which the department, as a whole, is able to use its IT resources more efficiently and effectively.
“It shouldn’t matter whose sign is hanging on the building,” he said. “It’s about the capabilities we have within all of our environments in terms of providing enterprise services. I’m very cautious about saying, ‘It’s gotta be DISA’s way or the highway.’ It’s about being software-centric, not hardware-centric.”
That means creating an IT environment in which DoD’s IT users spend less time thinking about how technology works, and more time using it to do their jobs, Montemarano said. .
“We’re trying to present to the warfighter a single platform. A single cloud, or whatever the current jargon is,” he said. “We’re trying to present an environment where they can plug in and do their jobs.”
Along those lines, David Mihelcic, DISA’s chief technology officer, said he predicts a future five years down the road in which there are no longer any personal computers at workstations.
“Instead, we’re going to have wireless mobile devices that will be used for all classification levels of processing,” he said. “You’ll have one device that will span unclassified, secret and top secret. And based on sensors that determine the environment it’s working in, it will automatically switch between those environments at those classification levels. Then, when you get to your desk, it will wirelessly dock with a keyboard and give you a full-featured environment.”
He said the existing networks for unclassified traffic, secret traffic and top secret traffic will be phased out too, converging instead around systems that more logically converge with the mission areas of each part of DoD and its partners.
But getting to that point will involve new approaches to security, according to Richard Hale, DISA’s chief information assurance executive. He said DoD still lacks the ability to apply the security it needs to the rapidly evolving technology capabilities it wants.
“Nothing yet is designed to work properly in the face of cyber warfare by a capable adversary,” he said. “We’re doing consumer-grade stuff and hoping we can get those dependability properties. But this business of moving to an enterprise is allowing us to put more mass on the problem. We’ve found that with enterprise email with the Army. Certain performance problems are starting to be solved, because we’ve finally got enough people working on them.”
“Right now, we’ve got to get DoD’s house in order,” said Hale. “We’ve got to be able to work in a realistic operational environment. Security hasn’t been cast as a mission assurance or dependability problem. We still have these paper-based certification and accreditation processes that haven’t caught up to the idea that everything is hooked to everything else.”
Hale said DISA will move to an approach that continuously monitors and scores the security of everything on the network, a new effort he said will at least partially transform the sluggish certification and accreditation process.
He said for industry, the enterprise vision means that products that vendors build for DoD can’t rely on closed or proprietary standards. That’s because DISA will have to automate many of the processes the department currently uses to certify oncoming technology. That automation will require that all players use open standards, leading to products and services that can be sourced from many different vendors.
DISA officials said huge obstacles remain, however, aside from security challenges. Speakers at this week’s convention tended to point to two other factors: cash and culture.
In terms of funding, it’s not just a matter of the widely-acknowledged assumption that the Pentagon’s budget trajectory will edge downward in the coming years, Montemarano said.
IT spending is dispersed among many agencies and services, and in many cases, it’s divvied up between many types of funding sources even within a DoD component.
“Inside of DISA alone, we have a working capital fund for fee-for-service, a fee-for-subscription fund and then we have appropriated funds,” he said. “The military services have similar problems. How do we address that? Because right now, everybody is going to be hugging their own dollars. They’re going to be looking at it from their own perspective. As long as they do that, we’re not going to be able to bring it together.”
Pollett, DISA’s director, said it’s up to DoD’s leadership to address whatever cultural boundaries are preventing the creation of a more effective IT system. He said senior officers across the services understand the challenge and that the need to overcome it.
But the need to save money by using IT more effectively certainly hasn’t hurt matters.
“It’s been a forcing action that’s affected culture,” he said. “It’s probably affected it more significantly in the last 12 to 18 months in terms of converging talent together to look at how to gain efficiencies and get beyond the traditional barriers we had.”