WASHINGTON: The Pentagon will create a new portfolio office this fall to manage the Defense Department’s zero-trust architecture program, acting DoD Chief Information Officer John Sherman announced today.
Defense officials view zero-trust security as a key technical enabler for the Joint All Domain Command and Control (JADC2) concept as well as DoD’s overall cybersecurity.
Sherman did not detail the exact composition or precise duties of the new office, but did say that Deputy DoD Chief Information Officer for Cybersecurity Dave Mckeown will lead it and noted that the Defense Information Systems Agency (DISA) is “key to this.”
The announcement comes as multiple deadlines loom for JADC2-enabling initiatives. Sherman said his office is “making the right investments and really leaning into” the JADC2 push.
The next significant deadline is Sept. 3. That’s when DISA will receive industry’s ideas for prototype, development, and test activities related to Thunderdome, which is DISA’s zero-trust architecture program. DISA will draw from industry’s ideas and then select partners to help build zero-trust tools, systems, and capabilities.
Sherman noted that “you don’t just buy zero trust,” echoing scientists at the National Institute for Standards and Technology. “[Zero trust] really is a new strategy,” the DoD CIO said, while emphasizing the new portfolio office will collaborate closely with DISA on the initiative.
Sherman said some pilot programs related to identity, credential, and access management (ICAM) — a key component of zero-trust architecture — are already underway, and that the CIO’s office has “already got[ten] military department commitments.”
“All of the advantages right now are with the attackers, and we’ve got to change that,” Sherman told the audience during the second day of the virtual FedTalks conference. “We have to get this right.”
Electromagnetic Superiority Strategy Implementation Plan
Sherman’s wide-ranging talk touched on various other CIO priorities.
On the heels of Secretary Lloyd Austin’s July 15 approval of the Electromagnetic Superiority Strategy implementation plan, Sherman said the hand-off from Joint Staff Vice Chairman John Hyten to the DoD CIO’s office will occur in October. The EMS implementation plan is classified and a separate document from the publicly available Superiority Strategy, which was published in October.
Sherman said he’s “personally excited about what EMS brings to the fight” and that “EMS really gets me fired up and excited.”
The full House Armed Services Committee markup of the Biden administration’s proposed fiscal year 2022 defense budget will be released on Monday, and the full committee markup hearing is scheduled for Sept. 1.
The HASC Subcommittee on Cyber, Innovative Technologies, and Information Systems markup of the budget included a statutory requirement for DoD to appoint a single individual responsible for implementing the EMS plan, after DoD failed to execute on two different strategies over the past decade.
Additional JADC2 Initiatives
Sherman did not provide much news on other JADC2-related initiatives, but he did summarize the current state of some major program components, to include:
- Joint Warfighting Cloud Capability (JWCC) — Sherman reiterated that DoD is in the market research phase right now, engaging all five US “hyperscale” cloud service providers in what he characterized as “robust dialogue.” The solicitation for this multi-cloud capability is still slated for an Oct. 15 release, with initial partners selection expected to occur in April 2022. Sherman, in July, revealed JWCC as the replacement for the Joint Enterprise Defense Infrastructure (JEDI) contract, which was finally scrapped after years of vendor legal challenges and delays.
- Artificial Intelligence and Data Accelerator Initiative (AIDA) — Sherman said DoD is currently sending AI Expert Teams to Combatant Commands, but provided no details. He did note that Northern Command’s recent Global Information Dominance Experiments provided a “glimpse of the vision” of AIDA, which Sherman said is meant to “unlock the power of data and AI for combat missions.”
- Positioning, Navigation, and Targeting — Sherman mentioned these capabilities, but provided no details on progress around specific initiatives.
Tracking Other CIO Priorities
Sherman said the DoD will release a cyber workforce strategy at the turn of the year, but did not provide details.
Sherman also said his office is gleaning lessons learned from DoD’s existing software factories to drive software modernization, which he characterized as a “tide that lifts of all boats.” In particular, he said his office is looking at how to “rapidly scale” code by optimizing software factories.
On a related topic, Sherman talked briefly on the importance of DevSecOps 2.0, but he provided no concrete updates.
Finally, Sherman touched on DoD 360, a department program for digital transformation and collaboration using Microsoft’s Office 360 productivity suite. DoD continued the rollout during the pandemic, enabling remote work, but Sherman said DoD 360 “is not just about remote work.” He said DoD has already begun the next step, which entails “looking at where do we take this to the secret level.”