This post marks the first in a series that will take a look at the IT priorities of specific federal agencies and departments. What better way to start than with the biggest department of them all – the Department of Defense (DoD)? While we can’t cover everything going on within the department, we did want to highlight some initiatives that have made the news recently.
Better Buying Power
The DoD recently released the third update in five years to its Acquisition Strategy. Updates are intended to reflect the technologies that the department is looking to procure and use in innovative ways. The update includes a strong focus on cyber security, making sure security is considered along every step of the lifecycle of military networks and systems. In talking about the updates, leaders nod toward integrating security efforts between acquisition, law enforcement, counterintelligence, intelligence communities, and the private sector as critical to achieving security goals.
DoD CIO, Terry Halvorsen, spoke publicly about the need for BYOD policies in the Defense Department citing three core benefits – having a productive workforce, saving money, and recruiting new talent (details on all three here). Halvorsen recently announced a BYOD pilot and said its first users would be staff from DoD headquarters which represents a “big enough user base that it will be a controllable test.” To this point, the department has gone as far as issuing “dual-persona” unclassified BlackBerry smartphones and a modified commercial Android phone that can handle data at secret-level classifications. These devices allow users to handle official business with the added benefit of access to personal email and limited applications, like Pandora. So far, 1,500 of the unclassified phones have been issued as the department deals with more demand than they can keep up with.
Within the walls of the Pentagon, there is still talk of finalizing the transition to IPv6. A recently released audit showed what many department insiders already know – the DoD missed a deadline in 2012 to upgrade its public-facing servers and domain name systems to natively use IPv6, and another mandate in 2014 to upgrade internal client applications that communicate with the public Internet. While IPv6 has many benefits – like embedded IP security, mobility, the ability to create dynamic IP addresses for devices such as sensors, smart munitions, weapons systems, and plug-and-play networks – auditors said it simply was not a top priority for leaders. The audit report pointed out two key reasons the transition should be moved higher on the priority lists — “The longer DoD waits to migrate to IPv6, the more expensive the migration will become (because outdated IPv4 systems become further embedded in critical mission systems). The result will be increased transition difficulty, complexity and cost.” Also, the report noted, “adversaries are gaining experience using IPv6, and DoD’s delayed migration is leaving network security personnel without the expertise to identify malicious activity in the new IPv6 environment.”
Push For Offense
U.S. Cyber Command commander Adm. Michael Rogers recently told a Senate Armed Services Committee that more attention and resources need to be paid to offensive efforts in the cyber realm. In the hearings, Rogers stated that the deterrence techniques being used today are not doing enough to actually deter attackers. Senators McCain and Reed are pushing for increased spending to enable Cyber Command to “plan, control, execute and assess robust military operations in cyberspace.”
Army Making Next Generation IT Moves
Two recent reports show that the Army is quickly embracing new networking and IT system approaches. According to this article in C4ISR & Networks, “in the coming months, the Army will collapse the separate IT networks of the Army National Guard, Army Reserves, and the Army Corps of Engineers as the service works toward a flattened, singular Army network.” This move is in keeping with DoD’s implementation of joint regional security stacks (JRSS), a central piece of the single security architecture and enterprise-centric IT environment the Pentagon is pursuing. In another move, the Army released a cloud computing strategy. The Army’s tactics mirror DoD’s cautious approach toward cloud computing. The Army has shown that they realize using cloud computing on a scale large enough to serve its warfighters and directorates requires significant investment.
What are you seeing around the DoD in relation to these and other trends? Let us know in the comments.