When we talk about getting the most valuable commodity in a fight, information, to the decision-maker at the right time and right place, we leave much to chance. We are taking significant risks in our Information Technology infrastructure, which is responsible for meeting our golden requirement — securely generating and moving information from anywhere to anywhere. If the topic of hypersonics is easily recognized as critical to the warfight, it should be just as obvious how critical it is to have reliable and resilient IT and Cyber. Developing and operating IT and Cyber as a strategic asset has alluded us. In the Department of the Navy, the IT life-cycle is not generally managed holistically like the 30-year shipbuilding plan. In fact, it has not, until the December 2019 issuance of the DON Information Superiority Vision, detailed a vision for change.
In realizing that vision, its first objective — modernize our IT infrastructure — is fundamental. Information technology modernization is a necessary prerequisite to support current and emerging high-end conflicts because IT itself is a critical force component of the Fleet. Modernizing our IT infrastructure and management practices must be a Naval priority.
Modernization is the primary focus of the DON CIO Chief Technology Officer (CTO). As we modernize, we need to pursue both tactical excellence in the day-to-day IT experience for the entire workforce, drawing a clear line between what we spend on IT and the IT outcomes we receive, and strategic alignment on how the evolution of IT capability enables the Naval maritime strategy. The CTO is pursuing IT modernization according to the following four lines of effort:
1. Modernize Networks and Transport
We fundamentally need to bring the performance of DON networks up to commercial levels and keep pace with a rapid technology improvement cycle. This means local weapon systems and IT applications as well as the ability to get to and leverage remote cloud services.
First and foremost, we need to understand what our networks are. The DON has not prioritized the culture and practice of IT asset management (ITAM), but via the Naval IT Infrastructure Portfolio Review, we are undertaking comprehensive efforts to elevate its strategic importance.
Second, we need to know what modernized networks look like, now and tomorrow. Therefore, we are supporting the Navy and Marine Corps development and iteration of Network Modernization (NetMod) plans that optimize for cloud, adopt enterprise services, and implement zero-trust principles. Paired with focused reference and solution architecture work, this will enable strategic investment decisions and a sustained continuous transition effort.
2. Deliver Cloud Services
Cloud is fundamentally the core of the DON’s approach to IT capability development. That does not mean only connected cloud — it means leveraging the inherent characteristics of cloud computing even in local and disconnected circumstances. As important as it is to broaden adoption of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS), it is equally important to continue the transition to digital engineering practices such as Modular Open Systems Architecture (MOSA) designs for weapon systems and Model-Based Systems Engineering (MBSE) that enable cloud-native architectures at the tactical edge.
Our first step in accelerating cloud is the new policy signed by the DON CIO and Assistant Secretary of the Navy Research, Development and Acquisition (ASN(RD&A) Dec. 7, 2020. This is a major update — the first in 6 years, a geological eon by technology standards — which acknowledges that we were well past the crawl and even walk phases. Cloud is basic business now, and we’re focused on running fast, aligning technology, cybersecurity, and acquisition authorities to knock down barriers and decrease friction.
The cloud policy sets the foundation for a more general transition to enterprise IT services. Simply put, the DON cannot get to the technology pace needed when treating every IT use case in isolation and building platforms and services from scratch by default. The enterprise IT services policy, which is in coordination now, will call for a move to capability portfolios supporting warfare, business, and our core IT infrastructure. These capability portfolios will be designed to enable alignment, discovery, and reuse of key services. They will enable product teams to inherit, extend, and build upon those services rather than recreate them — the principle of “build once, use often.”
3. Optimize Identity and Access
Identity and access are foundational to the ability to securely move information from anywhere to anywhere. While historically our digital identities have been fragmented and system-specific, we are heading toward a future of a single email for life, or at least for the time we are working within the Department of Defense (DoD). And in order to ensure that all different types of users, personas, and connected devices can access and create information where they need to and when they need to, we need to update our notion of information security.
Therefore, the DON is working on its first Identity, Credentials, and Access Management (ICAM) strategy. This strategy will lay the cornerstone for our shift to a zero-trust mindset, in which the right to access or change information is dependent on many dynamic factors, such as your identity, your device, your location, and the information in question. The ICAM strategy aligns with and leverages the work of the DoD CIO and Defense Information Systems Agency (DISA) on zero trust and ICAM strategies, reference architectures, and reference designs while addressing unique Naval requirements such as Delayed/Disconnected, Intermittently-Connected, Low-Bandwidth (DDIL) use cases.
At the same time, the DON is building an enterprise service for ICAM: the Program Executive Office (PEO) Digital and Enterprise Services’ Naval Identity Services (NIS). After a successful pilot in fiscal year 2020, NIS is focused on integration with Navy Enterprise Resource Planning (ERP) in FY21, and moving beyond in FY22, and into the future. PEO Digital is in continuous coordination with PEO Manpower, Logistics, Business Solutions; PEO Command, Control, Communications, Computers, and Intelligence (C4I); and Headquarters Marine Corps (HQMC) to ensure that NIS is broadly applicable to the full range of ICAM use cases. In addition, NIS is integrating both the Navy Flank Speed identity and data rights management capabilities and DISA’s Global Directory.
4. Ensuring Global Access to the Electromagnetic Spectrum (EMS)
From 5G to Joint All-Domain Command-and-Control (JADC2), the importance of EMS access is increasingly clear. For many years, the DON has been in the vanguard of developing and updating policy and strategy for spectrum management. SECNAVINST 2400.3 was issued in October 2018 to implement an enterprise approach to all activities necessary for DON Electromagnetic Battle Space (EMBS) superiority and Electromagnetic Spectrum Operations (EMSO). In May 2019, SECNAVINST 2400.1B updated EMS policy and management to ensure the DON’s continued ability to develop and acquire spectrum-dependent systems via controlled processes. In September 2020, the DON CIO chartered the EMBS Governance Board to implement the enterprise approach mandated in SECNAVINST 2400.3. And in October 2020, DoD issued an Electromagnetic Spectrum Superiority Strategy.
Going forward, the DON will be focused not just on policy, strategy, and regulatory forums, but on ensuring that the spectrum workforce and Spectrum-Dependent Systems (SDS) are aligned to produce continuous modernization of spectrum access.
A key element of all these modernization efforts is culture, and evolving that culture to demand and practice IT and cyber excellence throughout the IT lifecycle — from operator and consumer to developer. It requires all communities to recognize that IT as a strategic platform does not and should not be expected to perform as our more hardware-centric platforms.
IT modernization requires rethinking processes, policy and roles. When we bend steel and produce an Arleigh Burke-class guided-missile destroyer (DDG) of a particular flight baseline, that hull is not going to be radically reimagined short of an unbelievably fraught modernization that would probably cost more than building a replacement. That hull is fundamentally done, and engineering changes to modernize it are going to be evolutionary rather than revolutionary.
- IT modernization is continuous — the demands of missions require new data-driven technology, while current technology will become a cyber and budget liability.
- IT is agile and malleable — aggressive redesign is not only possible, it’s a best practice.
- The ability to stay ahead of the adversary in today’s fight demands an ability to learn and reconfigure that can only be paced by an IT platform. It requires knowledgeable agile warriors steeped in a culture and practice of secure continuous technology development, integration, and deployment (DevSecOps).
- IT is reusable — code, services, microservices, platforms. A mantra of reuse to reduce time to deploy is fundamental to modern IT culture, but it requires trust between organizations that have not trusted each other in the past.
- IT is everywhere — protecting it and keeping it relevant is a 24/7/365 job.
DON IT modernization is possible and is happening. Not only has Commercial Virtual Remote Environment (CVR) Teams demonstrated the art of the possible, but we have already seen notable progress, such as: (1) circuit upgrades to major DON installations; (2) end-user hardware refreshes that yield significantly better customer experiences; (3) moving Navy ERP into the cloud and standing up the DON’s Naval Digital Marketplace at https://cloud.navy.mil/; (4) migration of the Marine Corps into Office 365; and (5) establishment of the Navy’s Flank Speed environment. Flank Speed, the DevSecOps Task Force, and other efforts have clearly indicated the value and need for further workforce talent development with continuous reskilling and upskilling.
The important change still to come is realizing that these or any modernization achievements do not “finish” IT – modernization is continuous, and every iteration will require fresh and concerted effort in order to be successful.