Host of challenges await next Pentagon CIO

This article originally appeared on C4ISRNET.

The list of IT issues awaiting the U.S. Defense Department’s next chief information officer is filled with pressing concerns to harness the power of emerging technologies and defend the military against those capabilities.

On that list:

  • Reevaluate the department’s cybersecurity approach, which has come under question after a major federal government hack.
  • Potentially decide whether to take a new tact with cloud services for the DoD, if a plan for an enterprise-wide cloud doesn’t survive a court challenge.
  • Change how employees think about data, securing acceptance for stricter controls to keep it safe and the pushing them to view it as a strategic resource.

Those all tie back to a 2019 digital modernization strategy outlining how the Pentagon will optimize its IT environment for future wars. Implementation must be the priority for the CIO that President Joe Biden will choose, or the DoD risks being unprepared for fights against near-peer adversaries, experts told C4ISRNET.

“That strategy … needs to be our North Star because I know we got it right, in terms of the areas we laid out. But we must get to the nitty gritty of implementation and get it right,” said acting CIO John Sherman, who served three years as intelligence community CIO before jumping last summer to Pentagon deputy CIO.

Under the strategy, the department would save money it could reinvest in emerging capabilities to make war fighters more effective. Still, the CIO — the defense secretary’s senior adviser on IT issues — must ensure the Pentagon stays flexible while enacting the plan, Sherman said.

“We must capitalize on opportunities as they arise or make shifts where they’re necessary,” he said in an interview with C4ISRNET. “If we find a better way to do something, or we tried something that didn’t quite work as we thought, being ready to pivot and call that audible.”

The next CIO, who must win Senate confirmation, needs to shift the organization’s culture to embrace more advanced cybersecurity and software development practices, Sherman added. A top challenge “is keeping the enterprise in sync,” he said.

The DoD is “a very large enterprise with our colleague CIOs in the services and working with the combatant commands and all the DoD agencies in sync on areas like cybersecurity standards, on things like basic architecture, and our left and right limits on how we’re going to do things like Office 365. And how we’re going to do things like software development, but also still enabling agile execution of a broad plan.”

While an updated National Defense Strategy is expected under the new administration, Sherman said not to expect a completely new digital modernization strategy, but a few intermittent updates to some areas, such as software modernization.

One outstanding question for the CIO is what the cloud computing environment should look like. For more than three years, the department has struggled to procure an enterprise-wide cloud environment. The Joint Enterprise Defense Infrastructure, a single-vendor contract potentially worth $10 billion, is delayed by court cases and political controversy.

Sentiment may be turning against JEDI, according to a DoD memo to Congress that said the department will reassess the project’s future if a court rules against the Pentagon in an upcoming procedural motion.

“Cloud is going to remain a priority. Although I think what we’re going to see is instead of focusing on large cloud acquisitions, we’re going to see the department focus on how it’s actually going to best leverage the cloud … for cost savings, increased cybersecurity and increased efficiency,” said David Mihelcic, former chief technology officer at the Defense information Systems Agency and a consultant at technology market insights firm DMMI.

The DoD has long maintained that an enterprise cloud environment is vital for data storage and artificial intelligence development. The department has come to view data as a strategic asset, releasing a data strategy and hiring a chief data officer this year. The CDO position is just seven months old and critically important to setting data governance policies, particularly as the services move toward joint war fighting and rely more on shared battlefield data.

“Given the importance of data to key department initiatives (such as JADC2), priority should be placed on advancing the CDO build out,” said Blake Moore, former chief of staff to Dana Deasy, the last Pentagon CIO, and vice president of strategy and operations for Wickr, a secure collaboration platform.

That valuable data needs adequate protection. The CIO will face a cybersecurity crisis after hackers, suspected to be Russian, compromised a major IT contractor’s platform to infiltrate “fewer than 10” U.S. government agencies, according to government officials’ count. The Pentagon has not stated that it was compromised, though a Cyber Command spokesperson recently told C4ISRNET that “parts of our software supply chain source have disclosed a vulnerability within their systems.”

The future of DoD cybersecurity is a zero-trust architecture, requiring users to constantly verify their identities for access, Sherman and outside experts said.

Changing cybersecurity practices is “going to be incredibly difficult,” Mihelcic said. “This is going to have to be an ongoing conversation about how you use only commercial vendors who you believe have a high level of cyber hygiene.”

The next CIO must address basic cyber hygiene for suppliers, increase visibility into their networks, and promote sharing between components and industry on cyber protections, said Vimesh Patel, former IT official at the National Counterterrorism Center and chief technology adviser for World Wide Technology.

To accomplish those tasks, the department needs common IT tools, platforms and practices.

“How can we create efficiencies by doing these things that we have in common and then doing them better?” Patel said.

The CIO will inherit a department plagued by sustaining decades-old IT systems that burn through cash.

The biggest network reform underway is consolidating networks of the fourth estate agencies that don’t fit squarely underneath the military services. It’s part of an effort under previous defense secretaries to use savings from modernization for shipbuilding or technologies to fight China and Russia.

“The DoD is going to need to look for other consolidation initiatives that can help them save costs,” Mihelcic said. “They can reinvest those savings into mission IT — things that help the DoD be more lethal against their adversaries — as well as cybersecurity.”