The Cyber Edge Home Page

  • Vice Adm. Nancy Norton, USN, director, DISA, and commander, Joint Force Headquarters–Department of Defense Information Network, speaks at West. Photo by Michael Carpenter
     Vice Adm. Nancy Norton, USN, director, DISA, and commander, Joint Force Headquarters–Department of Defense Information Network, speaks at West. Photo by Michael Carpenter

DISA's Approach to Partnership

The Cyber Edge
May 1, 2019
By Kimberly Underwood
E-mail About the Author

The information systems agency aligns expectations for its trusted partners.


The Defense Information Systems Agency is a combat support agency, and as such, is charged with supplying key information technology to warfighters and civilians around the globe. The agency provides voice, data, video, spectrum, computing and other communication capabilities to combatant commands, the Joint Staff, the services, offices and agencies in Department of Defense and the intelligence community.

These important joint and combined warfighting command and control and information technology capabilities can’t be realized without industry. And anyone helping the agency to provide technological solutions to warfighters has to be a trusted partner, says Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency (DISA) and commander, Joint Force Headquarters–Department of Defense Information Network.

For industry, this means being clear about a technology’s true capabilities, being honest about the scope and scale of a solution, having good economical stewardship, incorporating cybersecurity from the get-go and having full supply chain risk management and accountability, among other traits.

“Without the kind of trust together between us and industry, we can’t meet the needs of the Defense Department, and ultimately, the nation,” the admiral states.

This trust is central, especially as DISA looks to harness emerging technologies alongside the traditional information technology it provides. The agency is looking to innovations in access controls, artificial intelligence, automation, cyber protection and defense, electromagnetic spectrum, improved mobility, identity management, software-defined networking, development security operations and agile development, and other capabilities. To capture advanced solutions, DISA, in January, brought its technology innovation efforts into a single organization, known as the Emerging Technologies (EM) Directorate. The EM is working to harness legacy expertise but is applying it in a new approach when incorporating innovation, according to the agency. The directorate is working with industry through the agency’s small business office and the related Encore III contract awards, with other federal agencies, through the new $7.5 billion systems engineering, technology and innovation (SETI) contract vehicle, as well as with other transactional authority (OTA) contracts.

While these efforts are aimed at providing DISA better access to key and nontraditional vendors, Adm. Norton needs those players to remember what is at stake. “I think this is one of the most important things that we do as a combat support agency is to help everybody that supports us understand what it is that we do, and what it is that they do for us,” she offers.

In offering solutions to DISA, partners should be certain of what the potential technology can and cannot do; in supporting warfighters, the agency has to have confidence in the actual capabilities. Industry partners should be clear “with us in terms of explaining what is reality and what is future potential—future potential in terms of the technology, future potential in terms of the reliability of the systems and future potential in terms of the scope and scale of what their products can do,” Adm. Norton declares.

This comprehension of a company’s solution must also include an understanding of the extent of its application across the military. “And so when our trusted partners come to us with a product and say, ‘We think this is something that has potential to be used in the Department of Defense,’ we need them to come to us with frank and open explanations about what it can actually do, where it would fit in the department, and whether or not it would fit in a niche market in the Department of Defense,” the admiral says.

Veracity is key, as most information technology products DISA employs have to be able to run across a wide range of users at the department. “[A technology] can be wonderful and can be very reliable, but may only run on a very small scope and scale,” the admiral notes. For example, partners need to explain if a technology would fit in better with particular mission partners in the Defense Department that are more noncombat related than as a combat tool. “Or if they really think, ‘No, you could put this on your backbone.’ You can have an expectation that all of your users could rely on it every day to include combat operations tomorrow,” she explains. “We need them to tell us that expectation upfront.”

The readiness of a product should be revealed, the director continues. “Because if they’re trying to sell us a product with the expectation that it would work at the scope and scale of a backbone for combat operations, and we go in trying to do the testing, we’re both going to waste a lot of time and energy just to disprove that claim,” she notes. “And we would much rather know upfront that it’s an emerging product that will eventually try to get to that point. So perhaps, we would want to try it in a niche market and see what it can do. That will build trust with us and it’ll build trust in those products.”

DISA cannot afford to use an emerging technology in the wrong place or part of its mission, Adm. Norton emphasizes. “So that’s what we’re talking about with trusted partnerships,” she says. “Nobody wants to buy an emerging technology for a car seat for a newborn baby, for example. We have incredibly important no-fail missions, and that’s not where we want to use a new, emerging technology with no confidence.”

Moreover, being a trusted partner means being a good steward, as far as costs or fees, Adm. Norton continues. “Everyone in industry, I want them to think about what they’re doing as a taxpayer, so that they’re thinking of how they’re being judicious in terms of what they’re charging DISA and the Department of Defense, in terms of national defense dollars, and making sure that they’re giving [us] the best value and the best product for that national defense capability that they’re providing so that their families are protected,” the admiral stresses.

Being a good steward also means holding the line on cybersecurity, as to the products they are bringing into the agency and the department. “It is one of the things that is just absolutely most important to me,” she notes. “If you don’t build cybersecurity into your products from the beginning, and are bolting it on later, first of all that is not very effective. It always ends up being problematic, and it is always significantly more expensive. And often times it winds up not being done at all because companies can’t afford it at the end.”

With the Department of Defense Information Network, or DODIN, constantly under attack, “we can’t have that in our cybersecurity domain,” she insists. “We have concerted attacks from state and nonstate actors against our networks every day. And all of our industry partners need to recognize that means that the systems and the capabilities they support and operate are part of that attack surface, that attack vector.” And if companies are not building that cybersecurity capability into their systems, “then they become the weak link for our networks,” the admiral admonishes. “They have to be thinking about that from the beginning, or they really are our vulnerability.”

Partners also have to be accountable for supply chain risks, the admiral says. This is an area that companies may not have thought a lot about before, but need to now. “As more and more of our companies become multinational, and more and more of our manufacturing is done overseas, it’s really difficult for us to have confidence in where all of our equipment is actually being made,” she states.

Adm. Norton urges industry partners to have a clear understanding of their entire supply chain and be able to validate every piece of their equipment, as they will be held accountable. This includes prime contractors, subcontractors and third-level contractors. The agency has made changes to its acquisition rules—and will continue to make adjustments as Congress further restricts the supply chain.

Meanwhile, DISA is working to improve its transparency with industry. The agency is focusing on improvements to its acquisition process, especially in regard to communication with the industry. The agency has hosted industry days over the last few years and is issuing requests for information before putting out solicitations to increase the dialogue. “Transparency is really important,” the admiral says. “We try to make sure that our program offices and our program managers are spending a lot of time with industry and being as transparent as we can be about what are our missions, what are our goals, what are our capability gaps and what are we looking for from industry. And I think if we can get industry to engage earlier with the right people, with the people that understand their products and understand the mission set that they’re trying to fit into, then we’ll get better solutions from the beginning.”

In turn, the admiral hopes that this improved communication will help industry in its decision-making processes. “Hopefully, that will help industry focus their own R and D [research and development] dollars, their own priorities for their investments and where they put their best people and for recruiting for their workforce,” Adm. Norton suggests.

“The key to trusted partnerships is really about understanding that I want them to feel as much a part of serving the DOD mission as I am.”

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.


Departments: 

Share Your Thoughts: