Navy, DOT embracing cloud migration for greater security, flexibility

The Navy is working to secure its data assets and reduce the size of its shared cyber footprint with the help of cloud technology.

Naval Supply Systems Command (NAVSUP) launched its digital accelerator project a few months ago in hopes of leveraging its existing data in a broader effort to reform its business practices.

Kurt Wendelken of NAVSUP

The command is looking to re-engineer its business processes in order to find IT solutions, and one area to be reformed includes shifting legacy systems to the cloud. Kurt Wendelken, assistant commander for Supply Chain Technology/Systems Integration (N2/N6) at NAVSUP, said his agency is reassessing its processes.

“We’re looking at business process all over the place,” he said on Federal Insights: Cloud Month. “I would tell you … as someone who’s done IT for 28, 29 years now inside the Navy, the IT itself is almost never the problem. It’s always the business process.”

The digital accelerator teams include staff from weapons system support, business systems center and Wendelken’s own office. The chief of naval operations has several digital pilots which are cross-Navy endeavors, and also include parties from Naval Sea Systems Command and Naval Air Systems Command, he said.

Wendelken said NAVSUP controls some business processes exclusively and while some are open to change, others are dictated by law. He said NAVSUP is developing a partnership with the Defense Logistics Agency for business processes related to transportation of reparables, for example.

Resulting lines of code will be housed in the enterprise web, Wendelken said. NAVSUP has the authority to be its own cloud broker.

“We are moving out with cloud. We’ve got a number of different initiatives internally where we are looking at what the offerings are from different cloud providers,” he said. “I’m challenging my staff to come to me and explain how we shift these legacy systems that we have into a better platform in the cloud, by taking the legacy systems we have and just shifting those up into the cloud. So we really want to take advantage of the capabilities of new platforms, do some business process re-engineering while we’re going into the cloud with the remainder of our legacy systems.”

Navy Rear Adm. Danelle Barrett

But no matter how sophisticated the technology is, it’s no help unless good data is going into it. That’s what Rear Adm. Danelle Barrett, director of the Navy’s Cybersecurity Division, said at the Akamai Government Forum: Zero Trust on June 14 in Washington, D.C.

She questioned if the service should inherently trust its data, arguing that a sophisticated avatar would not just “x-fill” data but change it.

“They’re going to make you doubt your data,” she warned.

The Navy’s “compile to combat in 24 hours” initiative means a fundamental change to “the way we deliver content afloat and ashore and across our enterprise,” Barrett said. “Because frankly this is our lowest common denominator because we’re relying on satellites, which is always a challenge for us.”

She said using satellites often means limited bandwidth or none at all, therefore leaving applications and their data insecure in transmission, in processing and when being stored at rest.

“So we have to make sure that that whole continuum is covered,” Barrett said.

Transportation using cloud to break physical chains

For civilian agencies such as the Department of Transportation, migrating to the cloud means freeing staff up from the physical constraints of a headquarters. Andrew Orndorff, associate chief information officer for Cybersecurity and Information Assurance and the chief information security officer, said this is as much to do with flexibility as security.

Andrew Orndorff, Department of Transportation

“Historically, headquarters is the all-important node in the environment,” Orndorff said. “But we don’t want to rely on headquarters.”

Indeed, he pointed out that DoT’s data center can be found on the ground floor of its headquarters, which lies within feet of the 500-year flood line of the Anacostia River. In addition, the D.C. region is vulnerable to hurricanes and several agency projects are based far away from headquarters, he said.

Therefore, having the ability to connect staff and projects remotely via the cloud is crucial, as well as allowing staff to work from other agencies if needed.

“We’re approaching it in layers,” Orndorff said. “At the software defined networking layer we’re really in the process now of learning what is in our environment, and starting from the business perspective how are we connected, what information flows across those links?”

Using increments, he said DoT is evolving toward a cyber architecture independent of headquarters. For its MPLS cloud, Orndorff said DoT eliminated its onsite internet access points and is working with EIS to leverage services for availability and resiliency features.

DoT will move toward an automation and orchestration framework first, allowing the agency to do “zero-touch” provisioning and management, followed by security automation and and service capabilities.

“That will allow us to assess the environment for what is normal, detect the anomalies and automate the response to the anomalies,” he said.