The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, released two key documents meant to raise the cybersecurity practices of government agencies and organizations. The documents, the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model are open for public comment through September 30, the agency reported.
What comes to mind when you think of simplicity? Something that is readily apparent and understandable with little additional guidance? A simple algorithm or a simple mathematical solution? Or rather a simple solution to all problems? When we think of simplicity, we think of Edsger Dijkstra’s words: “Simplicity is the prerequisite for reliability.” Essentially, we’re talking about a solution that is simple, reliable, secure, and that meets all ends at any given stage in a single complicated journey.
The U.S. is in the final stages of developing its unified network plans, according to Lt. Gen. John Morrison, USA, deputy chief of staff, G-6.
Across the globe, ministries of defense are continually challenged with meeting the demands of armed forces who need access to the right intelligence products to protect citizens, defend borders and support humanitarian missions.
While the need for rapid decision-making has never been greater, decision makers often lack the timely information required to inform their choices. In dynamic military environments, situations and plans change quickly and intelligence can become outdated. The problem becomes even more complex during joint and multinational operations.
A delayed focus on IT modernization could create a gap between frequent high-impact cyber breaches and the U.S. Department of the Navy’s preparedness to address them. From the SolarWinds hack to ransomware, new cyber threats emerge almost weekly. Advances in technology to help defend against such threats occur so quickly that current acquisition and infrastructure programs cannot keep pace.
As the Department of Defense migrates more mission-critical systems and software to cloud environments, it must also consider an innovative way for securing this new environment from potential cyber attack.
It is up to DoD organizations like the Defense Information Systems Agency (DISA) to work out the details of such efforts and ensure the military’s considerable inventory of legacy equipment and systems can continue to interoperate smoothly with the latest technologies. But integrating different technologies is never an easy process.
The Defense Department (DoD) is continuing to build out a truly data-centric approach based on the DoD Data Strategy, presenting new opportunities for transforming the way data is collected, analyzed and leveraged.
As the U.S. Department of Defense (DoD) drives forward on its cloud strategy, development teams and chief information officers alike are looking for faster ways to deploy new capabilities, proactively address cybersecurity challenges and take advantage of the resiliency of cloud operations.
The DoD has embraced the cloud to achieve speed, security and scale. The focus is now on clearing the blockers that have slowed deployment in order to accelerate the adoption of new services and unlock the transformational capabilities of cloud for the DoD enterprise and warfighters at the tactical edge.
Recent cyber attacks against critical infrastructure such as the attack on Colonial Pipeline Co. has put cybersecurity in the spotlight.
But combating cyber adversaries is a broad area requiring significant amounts of human intelligence and a deep technical expertise to identify them, Gene Yoo, CEO of Resecurity Inc., told SIGNAL Magazine Editor-in-Chief Robert K. Ackerman during a SIGNAL Media Executive Video interview.
Adversaries come in different types, he added, noting that these range from part-time hacktivists to skilled professionals working for criminal organizations or state intelligence agencies.
As more federal agencies and businesses move to the cloud, managing their security needs in this new environment becomes critical. One way to do this is to implement zero-trust architectures as part of an identity cloud environment, said Sean Frazier, federal chief security officer at Okta Inc.
Zero-trust architecture, where it is assumed that the network is or will be compromised, is the latest phase of security development. This is important as the Defense Department modernizes its cloud-based systems under constant pressure from foreign cyber attacks.
As the Department of Defense (DoD) transitions to 5G mobile technology for its warfighter and facility-based communications, the agency must take several considerations into account such as security and the ability to interoperate with other systems.
One of the biggest attractions of 5G is the promise of high-speed wireless data rates, but that’s just part of the picture, Chris Thomas, an information technology (IT) communications strategist and systems architect at Dell Technologies, told SIGNAL Magazine Editor in Chief Robert K. Ackerman during a SIGNAL Executive Video interview.
The unexpected pivot to a largely remote workforce has put unprecedented pressure on communications capabilities and systems, and this pressure extends beyond voice and conference access. Government and military agencies are increasingly working to interconnect information, people and resources, but to do so efficiently, they must leverage existing unified communication solutions, platforms and processes. As agencies adapt, the goal is to ensure continued access to data through secure and reliable methods.
Many agencies today lack a way to effectively and securely govern access across multicloud environments. Though the use of multiple cloud platforms such as AWS, Azure and Google give agencies the freedom to match the requirements of each use case to the unique strengths of each cloud platform, it also leaves businesses vulnerable to the risks and costs of noncompliance, cyber attacks and human error.
Lack of governance can also stifle productivity and growth—if users can’t get the access they need when they need it, work doesn’t get done. Managing who has access to what and with which privileges is a major challenge in the cloud due to rapid change and its large scale.
The Defense Department’s Joint Enterprise Defense Infrastructure, or JEDI, cloud effort has been tied up in the Court of Federal Claims since a preliminary injunction was issued in February. And although that has prevented the DOD from implementing Microsoft Azure cloud computing solutions, the department is not sitting idle, according to Chief Information Officer Dana Deasy.
“Cloud for me has always been first and foremost about supporting the warfighter,” Deasy told a group of reporters yesterday during a virtual Defense Writers Group meeting. “And when we got put on hold with JEDI, that didn't mean we were going to stop working on figuring out ways to support the warfighter.”
Experts at the Defense Health Agency (DHA) and the Program Executive Office, Defense Healthcare Management Systems, recently completed a game-changing cloud migration project that digitally transformed access to Defense Department medical records. The so-called Accelerated Migration Project, or AMP, was a vast data migration of petabytes of secondary healthcare data to the cloud. The effort involved working with 20 outside vendors, restructuring to 14 cloud native services, managing 60 separate applications and consolidating several hundred virtual machines.
The vast Indo-Pacific region is not well understood. And given the rising threat from China, the Pacific Air Forces (PACAF) operating in that area of responsibility has focused on working closely with U.S. allies and partners to improve interoperability through exercises, experimentation and innovation. The other key priority is increased communication and information sharing, advised Gen. Charles Q. Brown, USAF.
Officials at one of the U.S. Army’s premier research and development centers are exploring the possibility of adding a so-called data fabric to the service’s original tactical cloud system. The concept could improve interoperability, aid the convergence of intelligence and operations information and allow service leaders to completely rethink future Army operations.
As cloud computing gains greater numbers of adherents, their increasing demands are straining security measures designed to guard operations. This problem is going to worsen dramatically when applications such as artificial intelligence development assume a significant presence in the cloud.
Yet those same complications offer opportunities. The new types of security that will need to be applied to the cloud can be used for other forms of cyberspace operations. Solutions to the difficulties of cloud security could help protect data elsewhere commensurate with the enhanced role played by the cloud.
Modernizing information technology across 700,000 U.S. Air Force personnel is not a simple venture. Updating legacy systems, moving applications and data to the cloud, enabling the use of mobile devices, securing appropriate licensing and supplying powerful computing are complex undertakings. The pursuit of a digital transformation is a vital effort of the service, said Maj. Gen. Kevin Kennedy, USAF, assistant deputy chief information officer, Digital Transformation, and assistant deputy chief of staff for Cyber Effects Operations.
Microsoft Corporation, Redmond, Washington, has been awarded a firm-fixed-price, indefinite-delivery/indefinite-quantity contract with a ceiling value of $10,000,000,000 over a period of 10 years, if all options are exercised. The JEDI Cloud contract will provide enterprise level, commercial infrastructure-as-a-service and platform-as-a-service to support Department of Defense business and mission operations. Work performance will take place at the awardee's place of performance. Fiscal year 2020 operations and maintenance funds in the amount of $1,000,000 are being obligated on a task order against this award to cover the minimum guarantee. The expected completion date is October 24, 2029, if all options are exercised. Washington Hea
Solid State Scientific Corp., Hollis, New Hampshire, has been awarded a $59,000,000 firm-fixed-price and cost-plus-fixed-fee hybrid contract for Air Force Weather Enterprise (AFW) Product-as-a-Service/Infrastructure-as-a-Service. This contract provides the migration to the cloud for the Air Force Weather Branch and is to design and build an Air Force Weather Virtual Private Cloud. It is required to expand to support the cloud migration and operations for all AFW applications. Work will be performed at and is expected to be completed by May 9, 2020, with two one-year options. This sole source award is a result of a Small Business Innovative Research Phase III follow-on.
Intelligence experts at the AFCEA/INSA Intelligence & National Security Summit on Wednesday, September 4, offered that the hybrid cloud may be the digital holy grail for future intelligence operations. Disciplines ranging from international intelligence sharing to artificial intelligence, which are being counted on for effective operations, might not attain their true potential without it.
Accenture Federal Services, Arlington, Virginia, was awarded an $11,793,894 modification (P00026) to contract W52P1J-17-C-0022 for General Fund Enterprise Business System-Sensitive Activities cloud migration to IL6. Work will be performed in Arlington, Virginia, with an estimated completion date of May 31, 2021. Fiscal year 2018 and 2019 research, development, test and evaluation, Army funds in the amount of $2,681,158 were obligated at the time of the award. U.S. Army Contracting Command, Rock Island Arsenal, Illinois, is the contracting activity.
The Department of Health and Human Services (HHS) awarded Woodbridge, Virginia-based Sev1Tech a five-year task order to provide the Federal Occupational Health (FOH) agency with cloud infrastructure and information technology modernization services, the company announced recently. Under the contract, Sev1Tech will extend the agency's use of cloud technology from cloud service provider (CSP) Amazon Web Services. Sev1Tech will assist with the use of CSP products and service offerings, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
When the Defense Enterprise Office Solutions (DEOS) request for quotes was released last month, it gave industry a way to leverage a variety of cloud solutions in support of defense missions. The goal of this enterprise cloud strategy is to help the Department of Defense (DOD) standardize, centralize and save money, as well as to enhance DOD capabilities. It is a path toward a multivendor, multicloud environment, according to Kevin Tate of the DOD Office of the Chief Information Officer.
Within the last year and a half, an exciting development has taken place at the Defense Department: It has turned the corner on cloud.
For years, the department had followed a cautious, even wary, approach toward cloud adoption. But after reading the 2018 National Defense Strategy and the department’s new artificial intelligence (AI) and cloud strategies, one can only conclude that top defense leaders now view cloud as the cornerstone of our future military readiness.
U.S. Army leaders agree the way forward is through a fundamental cultural shift—a shift that needs to be inclusive of both strategic and tactical sides for a more holistic strategy based on mission objectives and operational needs.
The U.S. Army is well underway with its strategy to build a modern integrated tactical network through the efforts of the Program Executive Office Command, Control and Communications–Tactical and the Army Futures Command’s Network Cross Functional Team. But leaders know that a tactical network on the battlefield edge won’t be effective without a robust enterprise network.
Commercial cloud offers the federal government access to a dynamic computing environment almost immediately, with services or capabilities they may not have previously had access to during the time of having to purchase all of the hardware, software and infrastructure themselves. However, the roll out to the cloud for the government has not come quickly or easily, experts say.
Moving data to the cloud is on the horizon for many, but before making the move, organizations need to clean their data house. This includes determining who owns what data, what data they should delete and what data they should store elsewhere. A modernization process, such as moving to the cloud, necessitates that a company review data protection efforts as well as ensure its data strategy includes data governance.
Heavy hitters in the commercial cloud industry, such as Microsoft Azure and Amazon Web Services, are pushing cloud-computing capabilities to what they refer to as the intelligent edge. They are connecting Internet of Things devices and mobile applications with ever-expanding cloud capabilities and the advanced computing of artificial intelligence to create a so-called intelligent cloud, pushing out the results of advanced processing and data analysis to a user’s fingertips.
The federal government’s comfort level with the cloud improves, due in part to standards and more offerings from commercial cloud providers.
Although it is already ubiquitous in the private sector, cloud computing has had a slow adoption by the federal government. That trend is shifting, an expert says, as the federal government, as well as state and local governments, employ more cloud computing.
The U.S. Transportation Command was the first U.S. Defense Department organization to begin moving its cyber capabilities, along with command and control applications, to a commercial cloud environment. More than a year later, the unified command is making strides in transferring its unclassified systems and is sharing lessons learned that will make the path to cloud usage smoother for others to follow.
As data migrates to the cloud, it is spawning a new generation of capabilities that may trigger major changes throughout the information realm as well as in the economy itself. These advanced capabilities will allow greater business development in ways that otherwise might have been limited to resource-rich firms.
New iterations of software are being written to connect different devices via the cloud. This will affect networking concurrent with the growth of the Internet of Things (IoT) and the introduction of 5G wireless connectivity. And, the cloud is topping its own status by providing layered services that mimic the cloud itself.
Steven Wert, recently named the U.S. Air Force’s Program Executive Officer Digital, is on a mission to fundamentally alter the service’s processes for developing and fielding software through development operations, commonly known as DevOps. The methodology merges software development and technology operations functions, allowing the two to work more closely to reduce the time needed to create new systems. Working closely with the end users is key to what Wert describes as a “release cadence” of weeks or months instead of years.
Cloud Lake Technology, Herndon, Virginia, has been awarded an $8,875,620 modification (P00012) to contract FA8075-17-C-0002 for Information Analysis Center Program Management Office (IAC PMO) support. IAC PMO support services provides program management analysis, acquisition management, operations analysis, financial analysis, process improvement, strategic communications and performance measurement support. This modification provides for the exercise of an option for additional services under the basic contract, and brings the total cumulative face value of the contract to $21,870,362. Work will be performed at Fort Belvoir, Virginia, and is expected to be completed by March 31, 2020.
CSRA LLC, a General Dynamics Information Technology Co., Falls Church, Virginia, is awarded a $22,496,620 blanket purchase agreement (BPA) to deliver commercial cloud services by the use of multiple cloud service providers to accelerate Navy cloud adoption. The work encompasses Infrastructure as a Service, Platform as a Service, Software as a Service, and other commercially available cloud service offerings in accordance with the Cloud Computing Security Requirements Guide at Information Impact Levels 2, 4 and 5 as defined in the National Institute of Standards and Technology Special Publication 800-145.
Carasoft Technology Corp., Reston, Virginia, was awarded a $25,017,802 firm-fixed-price contract to migrate Army Enterprise System Integration Program Hub to Cloud along with managed services to accomplish their mission. Three bids were solicited with three bids received. Work will be performed in Reston, Virginia, with an estimated completion date of September 13, 2021. Fiscal year 2018 operations and maintenance Army funds in the amount of $24,914,298 were obligated at the time of the award. U.S. Army Contracting Command, Rock Island Arsenal, Illinois, is the contracting activity (W52P1J-18-F-0375).
When National Science Foundation officials announced in February that three major providers of cloud computing were donating up to $9 million collectively for big data research, they already were looking for ways to broaden the effort to include a wider variety of topics, including cybersecurity. The expansion is intended to benefit both research and education initiatives and is necessary, in part, because the cloud providers now acquire cutting-edge hardware before it is made available to researchers.
As U.S. Army and other Defense Department end users employ cloud services more and more through the ACCENT contract vehicle, they will have an army of approved contractors standing by to assist them, with each company trying to make its mark and win business.
The Army’s Program Executive Office for Enterprise Information Systems (PEO EIS) conducts the on-ramping qualification process for companies to be ACCENT cloud service providers. Once approved by the PEO EIS, the companies remain for the duration of the contract; the Army intends to have an annual open window for companies to apply.
A technologist who has never served in the military and has never worked in government has taken the reigns as chief information officer (CIO) of the Department of Defense. But Dana Deasy has plenty of experience in almost 37 years as a private industry information technology executive, leading the IT needs of such venerable corporations as JP Morgan Chase & Co., BP Group, General Motors North America, Siemens Corp. Americas, and Tyco International.
The competitive strengths of the past cannot be counted on in a digital, cloud-based environment, making access to real-time data a critical requirement for success. A company must not only be agile, but also be able to leverage a highly automated infrastructure and incorporate real-time data analytics when making business decisions. As a result, organizations are increasingly pulling away from traditional data centers in favor of architectures that are more automated, software-defined and flexible, according to a recent study by International Data Corporation (IDC).
Blacksky Geospatial Solutions Inc., Herndon, Virginia, has been awarded a $16,430,993 cost-plus-fixed-fee completion contract for software, technical reports and a demonstration model. This contract is to design, develop and evaluate a geospatial intelligence broker development platform feasibility demonstration model that contains components, modules or services of this model in a cloud environment. Work will be performed in Herndon, Virginia, and is expected to be completed by August 16, 2019. This award is the result of a competitive acquisition and two offers were received. Air Force Research Laboratory, Rome, New York, is the contracting activity (FA8750-17-C-0128).
Some government leaders still hesitate to make the move to public cloud services, citing security concerns, a lack of familiarity with cloud-based applications or the perceived need that employees must be educated on the cloud. Things have changed. Commercial cloud offerings are part of the modern technology arsenal that all agencies should be considering.
As we near the end of the first quarter of this new year, it seems like a perfect time to introduce and discuss four new "resolutions," if you will, for federal information technology managers and what a new action plan for progress might look like.
Without further ado, let's dive right in.
Organizations constantly are seeking new ways to address workload-specific storage demands in terms of performance and capacity while also meeting service-level agreements, response-time objectives and recovery-point objectives.
Many information technology operations are inspired by successful hyperscale organizations such as Facebook, Google and Amazon. However, most enterprises lack the scale and substantial development and operations commitment necessary to deploy software-defined storage infrastructure in the same ways. Hyperscale economics also typically don’t work out at smaller scale, resulting in poor utilization or unacceptable reliability issues.
Global security readiness received an overall score of 70 percent, or a C- rating, on the 2017 Global Cybersecurity Assurance Report Card, a decline of six points from last year and lower than the U.S. tally of 78 percent, according to recently released survey results.
The survey, created by Tenable Network Security and conducted by CyberEdge Group, solicited insights from 700 security practitioners in nine countries and across seven like-industries to calculate the global index score. It measures practitioners’ attitudes and perceptions rather than actual cybersecurity system effectiveness and seeks to determine whether cyber defenses meet expectations.
While it’s clear the cloud is the future of government IT, concerns surrounding cloud security continue to abound. Some agency IT personnel remain skittish about handing over data to cloud service providers and skeptical that the data will remain out of the hands of bad actors. As a result, they’re more comfortable housing information in legacy IT systems, even if those systems are, in some cases, decades old and prone to security vulnerabilities.
In truth, deploying a cloud IT infrastructure is ideal for managing today’s ever-changing threat landscape, for several reasons. Here are three reasons why.
The federal budget crunch has amplified bureaucratic appeals to private businesses to develop solutions that will streamline and modernize government agencies, especially the massive U.S. Defense Department.
This was the message delivered Thursday at the Defense Information Systems Agency’s (DISA’s) highly anticipated annual forecast to industry event.
The agency showcased several acquisition and procurement plans that will shape the future of the Defense Department, which aims to embrace technological developments such as commercial cloud services, mobility and the Internet of Things, officials shared.
The U.S. Defense Department unveiled Thursday a bold information technology and cybersecurity road map that modifies its approach on several efforts in the rapidly changing environments. The guide positions the department’s IT infrastructure and processes for a broad impact, in addition to hopes of greater security and scrutiny, said its chief information officer, Terry Halvorsen.