Dana Deasy Drives Toward Digital Modernization
Cyber comes first and foremost for the U.S. Defense Department.
By some measures, Dana Deasy, U.S. Defense Department chief information officer, has made a lot of progress in a little amount of time. He has developed an overarching digital modernization strategy, created a cyber working group, reviewed the department’s plans for implementing an enterprise-scale cloud computing architecture, and is leading an effort to establish a Joint Artificial Intelligence Center.
Now, Deasy says, he is ready to move from the planning stage, the “what-if discussion” phase to “putting points on the board.” He adds that measurable goals are important. “You’ve got to measure the things you want to get done. For me, that’s really driving everything around the four initiatives—cloud, artificial intelligence, the communications agenda and the cyber agenda,” Deasy explains.
Cybersecurity, cloud computing, artificial intelligence (AI), and command, control and communications (C3) are the four pillars of digital modernization. “I’m thrilled that, in less than 100 days, we have a strategy. It’s not just at a superhigh, artificial level. We have a cyber strategy for the Department of Defense. We have an AI strategy for the Department of Defense. We have a cloud strategy for the Department of Defense,” Deasy says.
Cyber connects all other strategic pillars. “Whether it’s cloud, AI or communications, threaded through all that is a very strong need to get the cyber element right. Cyber is the fourth tenet of the strategy, but cyber is thematically the thing that has to be first and foremost,” he states.
A conversation about any of the other three pillars requires a conversation about cyber, Deasy adds. “You can’t have that discussion nowadays, whether you’re in a policy discussion, an architecture discussion or an operations discussion, without cyber being first and foremost in that conversation,” he says.
Among his other accomplishments, Deasy has created a chief information officer (CIO) cyber working group involving key personnel within the department and the military services. “It’s every single week, and we are having a constant rotating conversation on the most important things going on in the cyber world, may that be from a policy standpoint, an offensive standpoint, a defensive standpoint, a hygiene standpoint, a remediation standpoint,” he reports.
The CIO stresses the need for individual responsibility in the cyber realm. “Everybody needs to stop thinking that somebody else is going to protect them. The moment you sit down in front of a computer, there has to be this ongoing, active awareness of what’s going on around you,” Deasy says.
And that awareness needs to continue once the workday is done. “A cyber mindset needs to go all the way down into your personal life. It doesn’t stop at your professional life, at your partner’s professional life. It goes down even to all of your family members who are going to engage in some digital way,” he maintains.
Cybersecurity also has to extend to the defense industrial base. Adversaries such as Russia and China have been especially adept at breaking into contractor networks and stealing sensitive defense information. Earlier this year, for example, Chinese government hackers reportedly stole massive amounts of undersea warfare data from a Navy contractor, The Washington Post reported.
In August, the MITRE Corp. offered a plan for securing the supply chain. The report is titled Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War. Vice Adm. Joseph Kernan, USN (Ret.), the undersecretary of defense for intelligence, requested the report.
“Through the acquisition process, DOD can influence and shape the conduct of its suppliers. It can define requirements to incorporate new security measures, reward superior security measures in the source selection process, include contract terms that impose security obligations and use contractual oversight to monitor contractor accomplishments,” MITRE officials say on a website publicizing the plan.
The MITRE report complements Deasy’s comments. “It has to start way back at the time that we’re first engaging them on requests for proposals, when we’re actually putting out technical documents and describing our requirements,” he says. “There is definitely more that we should be doing in describing to the industrial base what we’re going to expect going forward.”
Lt. Col. Mike Andrews, USAF, Defense Department spokesman, says the department will closely review the report’s recommendations. “The protection of the national security innovation base is a key priority for the department. As such, the department is examining ways to designate security as a metric within the acquisition process. Determinations are based on cost, schedule and performance. The department’s goal is to elevate security to be on par with cost, schedule and performance,” Col. Andrews says.
Deasy indicates that contractors and subcontractors at all levels doing business with the Defense Department should be as secure as the department. “They’re no different. We need to up our game here. We need to continue to challenge the industrial base on what they need to do,” he states.
In addition to stressing a cyber mindset, Deasy emphasizes the importance of integration. “You have to have a foundational cloud. AI is a capability that will run on top of that. It’s got to communicate out to the warfighter, and all of that has to be done in an integrated, cybersecure manner,” he offers.
Among his early accomplishments, Deasy reviewed the potential $10 billion, 10-year Joint Enterprise Defense Infrastructure (JEDI) cloud computing contract and decided to stick with the single-source strategy. The contract is seen by critics as favoring Amazon Web Services, one of several companies competing for the award and the only one with experience providing highly classified cloud computing services.
Indeed, Oracle filed a pre-award protest in August. Because of the protest, Deasy cannot say much about the JEDI proceedings, but he insists that the Defense Department will continue to have more than one cloud vendor. “The Department of Defense is a multicloud, multivendor environment. We will continue to be a multicloud, multivendor environment,” he says.
The department, Deasy adds, has “stood up a lot of cloud capability” but in a “disjointed, disparate” way. “What JEDI is simply helping us to do is to find a partner to help us learn to build clouds at enterprise scale, learn how to secure them the right way, learn how to use the tools, learn how to build applications from a cloud mindset. We need to start with a partner to do that,” he asserts, stressing the article “a” to emphasize that it needs to be one partner.
An enterprise-level cloud requires a different approach, according to Deasy. “We need to put in a cloud foundation, and we need to do that at enterprise scale, which is a very different problem than if you’re trying to stand up individually unique clouds,” he points out.
Enterprise-level cloud computing is important, in large part because of the capabilities it provides. “One of the most fundamental reasons we need to do this is that there are a bunch of new, great and enabling things that we have to get after. They all involve machine learning and artificial intelligence,” Deasy offers.
Regarding AI, Deasy leads the Defense Department’s effort to establish a Joint Artificial Intelligence Center (JAIC). Patrick Shanahan, U.S. deputy secretary of defense, ordered the creation of JAIC in a June 27 memorandum. The center will guide the execution of so-called national mission initiatives, large-scale, high-budget efforts to apply AI “to a cluster of closely related, urgent joint challenges,” the memo states. Those national mission initiatives will be developed in partnership with the military departments and services, joint staff, combatant commands and others.
The center also will leverage cloud adoption to establish a common foundation for departmentwide execution in AI that includes the tools, shared data, reusable technologies, processes and expertise to enable rapid delivery and scaling of AI-enabled capabilities, the memo adds. Additionally, it will take over Project Maven, the department’s high-profile AI program, and will collaborate on any project within the department with a budget of more than $15 million.
Deasy expects the center to make major progress next year. He will use the remainder of this year to complete some of the basics of setting up a new organization, such as hiring personnel, working out the national mission initiatives that will serve as JAIC’s focus and establishing a location, or possibly multiple locations. “We’ll be in a position to start up after the first of the year, and then 2019 will be a year when we’ll start to develop these tools,” Deasy says.
Some Defense Department officials and other experts have warned that the United States is falling behind competitors such as Russia and China in the development and application of AI technologies. One reason AI is so important is that it can potentially increase military effectiveness across warfighting domains and missions. “It cuts across all elements of the department. That means the back office as well as the warfighter—everything from supply chain and transportation all the way out to better equipping the warfighters with the right intelligence to do their jobs,” Deasy states.
The CIO seems comfortable in his new role. He allows that he feels a certain pride and patriotism each time he walks into the Pentagon. Deasy effortlessly sums up his mission: “At the end of the day, it’s all about the warfighter. That’s one thing that has really struck me—this whole focus on what we do to help enable the warfighter.”