DISA Strives to Exploit the Pace of Change
New technologies are affecting the information agency both positively and negatively.
Being able to pace technology is the top challenge facing the Defense Information Systems Agency, according to its director. This activity encompasses both positive pacing, in which the agency takes the lead in incorporating innovative capabilities, and negative pacing, where it responds to the constantly evolving technology-based threat.
Industry plays a significant role in both aspects of pacing. The private sector serves as the font of innovation for new information capabilities sought by agency customers. Similarly, industry must be the primary source of related technologies that help counter the growing threat posed by nation-state and independent adversaries.
Vice Adm. Nancy A. Norton, USN, is the Defense Information Systems Agency (DISA) director and commander of the Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN). She points out that the commercial world often creates new systems that generate new demand from warfighters. “Things we never thought of needing before become a reality because [they] are available in the commercial world, and we can see their applications,” the admiral relates. Working with commercial industry, along with pursuing developments in-house and across the U.S. Defense Department, is at the heart of DISA implementing new capabilities for ease of operations and security, she adds.
As the agency moves more data to the cloud, partnerships with commercial vendors proliferate. DISA recently released its milCloud 2.0 contract, and it will be moving much of its mission partner data to that cloud. Service from CSRA in government facilities gives the agency a hybrid model for security, oversight and evaluation, with best pricing that allows scaling based on need, the admiral offers, adding that other models similar to this one may appear in the future.
DISA has a wish list of technologies and capabilities it wants from industry. Mobility tops the list, and Adm. Norton says she needs industry to help with it. This capability is a high priority for the Defense Department, with warfighters requiring communications and networking in new and different areas of the world—many of which have lacked a U.S. military presence. “These mobile solutions must be more robust and capable than they have been in the past,” she offers. “We’re not talking about just a cellphone kind of thing. We want to have … video down to a tablet for watching ISR [intelligence, surveillance and reconnaissance] data in the field. That’s very different.”
Adm. Norton cites the need for end-user equipment with form factors that are easy for warfighters to transport, maintain and use without extra instruction and equipment. Battery life also is important, she notes, whether the user is in a tactical environment, a hotel or an urban area.
Another capability, software-defined networking, has great potential, the admiral asserts. “We really want to see its benefits expanded across all of our systems, where we can be much more rapid and agile in how we set up our networks, how we manage and operate them,” she says. This technology offers the potential to reduce the time to set up circuits and capabilities for users and the manual labor for processing, she adds.
Adm. Norton also is calling for automation tools in cybersecurity. They would speed up the process of evaluating vulnerabilities and responding to attacks as they occur. “We’ll never keep pace if we’re waiting for a new signature and then developing a solution for that and then implementing it,” she points out. “We have to have machine learning and artificial intelligence [AI] that starts to recognize, ‘This is an attack, and I need to respond rapidly,’ without a lot of additional manpower.”
AI will be critical to the future of DISA, Adm. Norton states. “You think about all the different things we do that can be automated in different ways and things that have been very labor-intensive across applications—and understanding data, cybersecurity and software-defined networking—and understanding how to respond to the things that are happening in the network without having to have a person make those decisions,” she offers. “We can actually have the machines make those very rapid decisions. That’s when you start responding at the pace of cyber.”
The agency also must be able to reduce the complexity of system integration, which in turn will streamline training requirements for operating and maintaining the Defense Department’s information technology system of systems. Cultivating a skilled workforce and providing the training it needs is one of DISA’s biggest challenges, Adm. Norton offers. “The people need to be as agile responding to the technology as the technology is for working with the people,” she declares.
But technologies—particularly private-sector innovations critical to DISA’s mission—are not necessarily a panacea. In its race to come up with a new app or capability, industry does not always prioritize system security, the admiral points out. DISA must ensure that any capabilities it incorporates from industry are as secure and resilient as needed based on mission requirements, she emphasizes. This adds a layer of expertise and evaluation time for moving innovation into the field. DISA must assess risk to the mission and determine acceptability for warfighters.
Overall, the scale of complexity for the department’s system of systems is greater than anything established by the private sector, she points out. “The size of our network, the volume of traffic, the number of circuits that we have, the number of users on our individual networks is beyond any commercial [capability]. It really is massive,” Adm. Norton says. Adding these factors to the commercial and government systems increases the importance of DISA’s integration role, as the agency ensures security and interoperability through its standards and oversight, she notes.
Adm. Norton offers that DISA is well-postured to support operations in two priority areas specified by the secretary of defense. First, in building a more lethal force, DISA is tasked with establishing and operating communications networks that increase the force’s lethality. “The ability to communicate across that force absolutely is a force multiplier,” she says. “Building that secure network for that force is critical.” Second, in strengthening allies and adding new partners, DISA is improving communications with them, the admiral points out.
The agency works with the services and the combatant commands on their requirements. The Joint Staff and the Defense Department chief information officer (CIO) facilitate plans based on those requirements. Input is aided by feedback from DISA personnel posted around the world with combatant commanders, the admiral notes.
Providing a greater flow of secure information changes the way forces operate, Adm. Norton observes. “The confidence level of warfighters that the information they are using is accurate and will be there when they need it enables completely new ways of doing business,” she says. The ability to conduct operations remotely, and to pass data from sensors globally to command and control forces such as unmanned systems, can be done only over the circuits DISA provides, she emphasizes.
DISA has all the authorities it needs to carry out its mission today, Adm. Norton states. In her role as commander of the JFHQ-DODIN, she has a new authority known as the Directive Authority for Cyberspace Operations, or DACO. She describes DACO as fundamentally critical to the success of the JFHQ-DODIN because it grants the ability to direct the configuration, standards and systems across the entire DODIN. This extends beyond DISA’s purview to include all the services and agencies. When an issue emerges or a vulnerability is detected, the admiral can direct necessary broad network changes.
Another key authority is the ability to do other transaction authority (OTA) agreements, which allows quicker contracting outside of traditional federal acquisition regulations. This authority enables faster access to the new technologies needed in the networking arena, the admiral says. While DISA is still learning how best to use these OTAs, the agency is well aware of how valuable they are for prototyping new systems and responding to new technology requirements quickly. This approach recently has been extended beyond prototyping to longer-term contracts, and that will help DISA in the future, she predicts.
And Congress has authorized a new Cyber Excepted Service hiring practice that benefits DISA on the personnel side, Adm. Norton states. Compared with general government service, the new system allows for greater flexibility in hiring cyber operations staff. “If we want to have the best and brightest of our people with the latest and greatest training and education, then we have to have the ability to hire them quickly and flexibly,” she declares.
The admiral points out that DISA’s workforce is in high demand, as the agency competes with the commercial world for the best and brightest. It finds itself vying with its private-sector partners in many ways for the same talent.
Existing and future DISA employees must understand the importance of agility, she adds. Technology continues to change, along with its focus, and exploiting that technology to the warfighter’s benefit will require a workforce that can adapt and adjust to changes quickly over time.
In addition to building a quality workforce, Adm. Norton has several goals she hopes to accomplish during her time leading DISA. One of these is to move more systems to Internet Protocol and eliminate legacy systems that have become hard to manage and maintain. The agency is making good progress here, she adds.
Another goal is for the Defense Department to exploit mobile devices to access data anytime, anywhere. The admiral wants the department to be able to do this quickly and agilely, without paying for constant connectivity when these mobile devices and systems are not in use, she emphasizes.
DISA already is embracing cloud technology, another objective, and the admiral wants the agency to take advantage of all the opportunities the technology offers for efficiency and increased cybersecurity. She also wants to incorporate AI into cybersecurity capabilities to a greater degree.
And she wants improved partnerships between DISA and the military services and defense agencies. One goal is to provide enterprise services that they are eager to use without replicating a tailored solution within their own organizations, Adm. Norton says.