Did you know that the Navy Commercial Cloud Enterprise (NCCS) Blanket Purchase Agreement (BPA) was awarded Sept. 26, 2018? This centralized vehicle for acquiring commercial cloud services and associated engineering support from multiple cloud providers is now in place for use by all Department of the Navy Mission Owners and Ordering Contract Officers.
PMW 270, NCCS Project Manager, Travis Methvin, from the Program Executive Office for Information Enterprise Systems (PEO EIS), explained his team develops and executes the Navy's overarching cloud brokerage structure. Methvin said the idea is to optimize the department’s accessibility and security of the data it generates each day in a panel discussion he facilitated at the DON IT Conference, West Coast in February in San Diego.
Methvin and his team are embracing the vision for a digital Navy, as described in the Chief of Naval Operations’ Design for Maintaining Maritime Superiority Version 2.0, by accelerating cloud acquisition processes and support.
Challenges and Opportunities
Like with so many recent technology game-changers, there are opportunities for the Navy to improve its information infrastructure, cybersecurity and processes by taking advantage of cloud solutions. The biggest barrier for commands to adopt cloud computing is in understanding how to implement a cloud solution to fully reap its benefits. Adopting cloud in the DON requires a new understanding of risk in a shared cybersecurity model between cloud vendors and the Navy to protect the DON’s portion of the Department of Defense Information Network (DoDIN) in the commercial cloud, Methvin explained. To this end, PMW 270 offers training on its website (https://cloud.navy.mil) to Mission Owners and contracting officers to better understand cloud security and the need for business process reengineering to obtain the best results from commercial offerings.
The DON and Defense Department have a history of buying commodity IT with military-specific requirements that can sometimes affect software performance and cause unintended consequences for government systems.
Cloud implementations will be different though, Methvin explained.
While the government is accustomed to modifying IT solutions, Methvin said cloud computing works best if you buy it as is — as industry would use it. This new approach in procuring cloud solutions is a cultural change for the department.
Navy Cloud First Policy
In February 2017, PEO EIS advocated a Navy Cloud First Strategy to consolidate and integrate DON cloud service by 2022. Approved by the Deputy Chief of Naval Operations for Information Warfare (OPNAV N2N6), the PEO EIS executes governance and policy actions for the enterprise.
The policy change is designed to decentralize contracting support and speed the delivery of cloud services for Mission Owners.
PEO EIS is the Executive Agent (EA) on the BPA and assists authorized Navy Cloud Brokers (NCB) with contracting functions. The Navy Cloud Brokers are commands that have a NCB Ordering Contracting Officer (OCO), and include: Space and Naval Warfare Systems Command, Naval Sea Systems Command, Naval Air Systems Command, Naval Supply Systems Command, Naval Facilities Engineering Command, Military Sealift Command, Navy Installations Command, and the office of Strategic Systems Programs, Methvin advised.
Because acquisition for cloud solutions presents a different paradigm than purchasing other commodity IT, it’s critical that Mission Owners seek the assistance of a NCB Ordering Contracting Officer who is equipped with expert knowledge of the BPA, pricing models, and the various cloud options available.
DON Mission Owners are defined as any organizational element within the department that has an appropriate requirement for cloud services. Any Mission Owner can order cloud services through NCB OCOs by submitting a Service Demand Request (SDR) package. The OCO will then execute a Task Order on the BPA.
The BPA is General Services Administration (GSA) Schedule 70-based, Federal Risk and Authorization Management Program (FedRAMP) approved, DoD Cloud Provisional Authorization (PA) approved, and fulfills CONUS and OCONUS requirements. It is NIST Publication 800-145 compliant.
The BPA provides the ability to order cloud services, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), easily through Navy Cloud Brokers allowing Mission Owners to realize maximum flexibility to acquire the right services at the right time. Cloud solutions at Impact Levels for 2, 4 and 5 are approved, according to the Defense Information Systems Agency’s cloud security standards.
The Navy achieved a major cloud success in February 2017 with the launch of My Navy Portal (MNP), a Sailor-facing, self-service portal to manage human resources needs from Sailor hire-to-retire. The Navy is hosting iNavy, a Navy-wide portal solution that provides a collaborative framework via SaaS hosting IT solutions to Navy communities in a secure environment with multiple authentications, including CAC and PIN access, for enhanced security, Methvin explained.
The latest Microsoft Enterprise SharePoint portal technology offers a fully virtualized framework providing robust, centralized and secure collaboration which enables users and organizations to discover and tag data and documents, organize content, and perform advanced searches — along with smart records management tools. It’s a scalable modular designed platform with the capacity and capability to grow and support the entire scope of Defense Department users. The iNavy portal provides the Navy with a single secure infrastructure on a robust collaboration platform that increases mission efficiency and realizes cost savings and cost avoidance through consolidation.
The Cloud First policy directs the Navy to “design, transfer, host, operate and sustain Information Technology capabilities with Commercial Cloud Service Provider hosting environments to the maximum extent possible for classified and unclassified systems up to Secret.”
Additionally, the policy memo outlines the basic tenets for the security requirements of hosting data in the cloud, to include compliance with the U.S. Government and DoD Risk Management Framework.
“The Navy is committed to being ‘all in’ on transforming operations and business processes to leverage cloud technologies across the information warfighting platform through to the tactical edge. The operational advantages to warfighting with cloud technologies vice legacy client/server models are far reaching and include the ability to use micro-web services across the enterprise, as articulated in the Compile to Combat in 24 Hours (C2C24) architecture, and to store authoritative data once and have them reused by many different systems in the context needed for speed and accuracy of decision making,” Director, Navy Cybersecurity (OPNAV N2N6G) Rear Adm. Danelle Barrett wrote in the October-December 2018 edition of CHIPS Magazine.
The Navy can leverage the services offered by commercial cloud vendors for big data analytics, artificial intelligence, and machine learning, which they are providing at a speed and scale that cannot be matched on DoD networks, Barrett has often said.
The advantages to securing tactical and operational data sharing are other important factors.
“These services can also reduce our attack surface and improve cybersecurity and protection of our data in that cloud operating environment,” Barrett wrote.
The C2C24 architecture is a striking example of the power a cloud solution can deliver.
The C2C24 architecture was successfully demonstrated on the USS Essex (LHD-2) and USS Stockdale (DDG 106) last year. The results will allow the Navy to deploy new software capabilities in under 24 hours, not the 18-month timeframe that’s now common. The Navy is using the XML open standard, and the efficiently-compressed XML format, which uses less bandwidth, to maximize a Sailor’s ability to access data from the Navy’s huge data stores via the Navy’s Consolidated Afloat Networks and Enterprise Services (CANES) cloud, Barrett explained.
Many commands are using the Navy Cloud First Strategy as a means to modernize or eliminate legacy applications and data centers to optimize performance in a cloud environment. Navy IT officials are monitoring progress to avoid stove-piped applications and duplication.
For optimal results from a cloud solution, Methvin advised Mission Owners to adopt a managed services approach and to understand the security boundaries within a cloud offering by using virtual digital twins to build a strategy. A digital twin is a virtual model of a process, product or service. Pairing the virtual and physical realms allows data analysis and system monitoring to avert problems before they occur on a live system and prevents system downtime by using simulations to game possible outcomes.
Lessons learned should be updated every step of the way, from building a cloud strategy to reengineering business processes, and planning an acquisition, Methvin also advised. Policy documents, training, a Service Catalog, the BPA, and playbooks are available on https://cloud.navy.mil to assist, or contact the NCCS functional account at NCCSSupport.firstname.lastname@example.org. An Ordering Guide will be released in the second quarter of Fiscal Year 2019 that details the step-by-step process to secure cloud commercial services.
In conclusion, Methvin discussed the advantages of using “infrastructure as code” — not buying or building what the Navy can rent.
“Less owned infrastructure, a smaller footprint, leveraging a commercial network, mitigating obsolesce and staying ahead of the technology curve can reduce costs for the Navy, Methvin said. “We have to adopt cloud where it makes sense.”
Editor’s Note: A Navy Enterprise Commercial Cloud BPA Workshop, open to CAC-holders, will be hosted at the DON IT Conference, East Coast 2019 on the first day of the conference, June 3 at 1 p.m. The conference has been approved for June 3-5, 2019, and will be held at the Hilton Norfolk The Main in Norfolk, Virginia. For registration and to download the schedule, visit: https://www.doncio.navy.mil/CHIPS/ArticleDetails.aspx?ID=12368.