2020 Solution Review Problem Sets
In order to outpace peer competitors, Army leadership is challenged to build a survivable, unified, end-to-end network that enables leaders to prepare, lead, and fight in high-intensity conflict with Unified Action Partners against any adversary from anywhere they choose at any time to win decisively in all domains and all environments. Data sharing is a critical capability that will enable the global integration of military forces to combat trans-regional, multi-domain, multi-functional threats with the highest security and speed.
As a result of the many challenges that face the U.S. Army, the Chief Information Officer (CIO) is seeking solutions to emerging or existing challenges. The problems identified are not formal contracts and have not been the subject of a Request for Information (RFI). The problems stated have been identified by Signal Soldiers or through processes that appear to need improvement. The CIO provided 8 topics for review seeking industry feedback in the form of an abstract of up to 500 words with a potential solution that addresses one of the eight problem statements.The deadline for abstract submission was Wednesday, February 26, 2020. Notifications were sent out on Tuesday, March 10 to both all selected for presentation and all that will be kept on-file as potential backups. All abstracts will be compiled into a digital compendium that is made available to Army leadership.
If selected/confirmed for presentation, there will be a $950 administrative fee to offset operating costs.
Solution Review #1:
Modernize - Critical Data Enablers (LOE #1.3)
The pace of an evolving threat landscape mandates a change in the culture and operational construct for how we manage data, which is now considered a strategic and critical asset. The Army Cloud strategy, in conjunction with the Army Data Plan, provides opportunities to deliver dynamic, real-time data that supports defensive and offensive operations through relevant and timely information to decision-makers. Data-informed Multi-domain Operations will allow the Army and its joint and multinational partners to defeat every adversary.
A data-aware and data-educated force is needed to execute the Army Data Plan where the right people, with the right skillsets, ask the right questions to get maximum value from Army data. Talent and culture are key foundational enablers and will directly impact mission outcomes.
The Army must be able to attract, train, and retain a talented and experienced workforce imbued with a data-centric culture. This workforce must understand and appreciate the military role for data at the strategic, operational, and tactical levels. A lasting cultural change across the Army requires a deliberate, sustained effort emanating from the top of the organization down to the Soldier.
Why this is a problem
Today’s Army has disparate, isolated data sources, which limits sharing, hinders speed of decision making at echelon (a network infrastructure problem), and prohibits the use of current and emerging cloud capabilities including evolving Artificial Intelligence (AI) and Machine Learning (ML) services and tools. Enhanced use of data can transform the Army’s ability to deliver lethal capabilities, augment decision-making, and increase accountability. In the present state, the Army cannot use data management as a force multiplier, due partially to the lack of skilled, mission-focused, and a data-aware and data-educated workforce.
The Army Data Plan (Dated 15 November 2019) applies to all Army data and describes a global, standards-based environment where data and information are Visible, Accessible, Understandable, Trusted, Interoperable, and Secure (VAUTIS) throughout the lifecycle.
In order to meet these needs, the Army will need a robust, integrated approach that serves the Warfighter and properly manages resources while implementing protections and security. The Army is looking forward to engaging with commercial vendors who can provide advice on a comprehensive enterprise-wide, hybrid data strategy that will help develop a strong data-centric workforce.
Solution Review #2:
Modernize (Visible) - Content Discovery & Retrieval/Discovery of Metadata (LOE #1.3)
The DOD Data Tagging Strategy proposed that data must be tagged when it is created or acquisition or modified. Data has value only when it is actually used or can be made useful in the future. Delaying the association of metadata results in imprecise descriptions of the data as this descriptive information may be forgotten or lost. Data that is not immediately rendered discoverable or is inaccurately described cannot be relied upon to support analysis or effective decision making.
In order to treat data as a strategic asset, the Army must identify methods of provisioning data services. Leveraging data services provides data-centric functionality to consumers–such as search, create, retrieve, update, delete–and validation against specified criteria. Critical to mission success are methods of advertising data services to allow manipulation, aggregation, and transformation of data to make the data more useful by business applications.
Why this is a problem
A foundational goal of the data plan is to identify, tag, and register all authoritative data in a way that makes it easily discoverable by users across the enterprise. The Army is still in the process of establishing the governance of its enterprise data so that data security is optimum while at the same time ease of access is timely.
The Army needs industry support in cutting-edge data management and sharing, with the ability to maintain a strategic and tactical advantage to win over its adversaries at anytime and anywhere in the world.
Solution Review #3:
Modernize (Accessible) (LOE #1.3)
The Army must provide all credentialed users access to authoritative and non-authoritative data via commonly supported access methods and shared data services in accordance with law, policy, and security controls. The Army requires protected means and mechanisms for all credentialed users to have timely, need-based, and authorized access to the right data, including access to security-related metadata that clarifies historical context.
Why this is a problem
The Army has a need to enable authorized users to discover authoritative and non-authoritative data by registering in a shared space. Authoritative data is particularly important because it is, by definition, the most valid, trusted source data that exists. Only by registering data assets, with metadata related to structure and definition, consistent with Army standards, can the objectives of data discovery and accessibility be achieved. In addition, the Army will require linking user access to authorize data sets with the user’s credentials. The Army requires a holistic approach to data accessibility: authorized users will gain access to authoritative data only through access-approved applications.
The Army needs to continue to stay on the leading edge of Data-Centric operations. The Army is seeking industry support to improve the accessibility of its critical data. The Army wants industry partners to provide information on technical Authoritative Data Source (ADS) that support smooth global operations. Every request the application sends to the Application Programming Interface (API) must be authorized. User credentials, applications, data, and metadata must all be integrated to insure seamless operations.
The Army must be able to get data down to the decision makers, whether that data is housed or stored on sensitive or classified portions of the environment, so that full correlation tied to desired mission outcomes can be achieved. The Army needs clear data policies, rules, and guidance for facilitating integration at the corporate, business, or mission levels, and at a minimum, for metadata-models and data architecture governed or influenced by the enterprise architecture. The Army will lose the ability to gain an operational advantage over our adversaries if we cannot deliver necessary and relevant data to the Warfighter regardless of where it is housed. The use of advance Cross Domain Solutions will enable those functions throughout Army operations.
Solution Review #4:
Modernize (Understandable) (LOE #1.3)
The Army must ensure the data are useable and understandable by authorized consumers, known or unanticipated, through development and use of shared vocabularies, common data standards, and documented data dictionaries. The Army has a way to go toward becoming a culture that actively promotes and cultivates a data-aware and data-educated workforce. Across the Army enterprise, the influence and governance of an Army Data Board–creating robust data models, data standards, integrating data, providing data architecture overviews, and identifying data requirements–must be the priority to improve information traceability.
Why this is a problem
According to a published report, the Pentagon failed its first ever audit in November of fiscal year 2018. The audit report highlighted three issues of note: 1) audit and inventory management; 2) cybersecurity; and, 3) poor data quality within the existing systems. Unstructured data is yet another problem. Examples of unstructured data include share-often text or binary files such as Word documents, PowerPoint presentations, audio files, video files, image files, and so forth.
It is not uncommon for medium-to-large organizations to have terabytes of structured and unstructured data that they need to manage, backup, and potentially recover. This situation presents both a problem for the IT department, and a significant, if not always visible, cost to the organization in terms of resources (storage space, backup space, backup time, staff resources) to manage so much unstructured data.
The Army needs industry support to improve the usability and information or insights of any data sources. Industry should relate scalability and automation technologies that could augment data capability. The Army is looking for industrial best practices and knowledge of network-based information-sharing that transcends traditional governmental boundaries and coordination to address “the biggest impediment to all-source analysis and to a greater likelihood of connecting the dots: the human or systemic resistance to information sharing.” Industry support is also needed to provide technologies or process improvement for data at rest, data in motion, and data access across the global enterprise. Recommend industry provide insights into their best practices for metric development and methodologies to assist the Army in determining a process to score or determine data quality in a quantified approach. This quantified approach will enable Army decision-makers to invest in or divest of systems.
Solution Review #5:
Modernize (Trusted) (LOE #5.3)
Identify and designate authoritative data sources for all data artifacts. Analyses are required to establish traceability and ensure data integrity with timely configuration control and life-cycle management. Data integrity, in turn, requires that data are measured, recorded, and protected at the source. Data reliability requires that data are validated and reconciled to establish known pedigree and confidence in the data.
Data protection and integrity remain a top priority for the Army. Data is constantly being used, transmitted, and stored at multiple levels. Protecting data must include protection from internal and external threats; protecting data should not degrade operations, and protecting data must include the appropriate security measures and proper handling of security controls of all data from the point of creation through use and destruction. Additionally, the Army has a need to “tag” or apply “attributes” to all data. This will allow our sensors to identify data movements that fall outside of the approved scope, regardless of platform.
Endpoints are one of our most critical avenues of approach or breach, so protection methodologies should include endpoints, because manipulation of data could be just as malicious as theft of data. As required by the Army Data Plan, the Army must ensure data confidentiality, integrity, and availability are maintained at all times throughout the data lifecycle.
These measures assure that data, and database products and analyses, are accurate and reliable, and that data-driven decisions are enabled, answering multi-faceted, inferenced, or correlated questions. This critical area drives three requirements: the use of strong authentication, a hardened environment, and the reduction of inadvertent disclosures of critical data.
Why this is a problem
Loss of data should almost always be considered worse than initially suspected. The primary reason for this consideration is aggregation. With so much data being used, transmitted, and stored, it is nearly impossible to determine what data has already been lost or stolen. An adversary could collect enough “meaningless” data to solve the puzzle of more critical data. The next area of concern is access to data. The Army does not have an effective access control methodology for all levels. The Army does a good job for data at some level of security, while other data is basically overlooked or weakly filtered and protected.
Fortify the security posture for Army data by reducing the number of vulnerable points through which an adversary could gain access and exploit our data. An aggressive accountability and auditing tool is needed to inventory, safeguard, and manage data at all levels. The Army needs a methodology to first determine all of the data, then to properly categorize and classify the data, next tag or apply attributes to data, and finally to safeguard the data. This must be an automated process verified by humans and with the assistance of Artificial Intelligence (AI) or Machine Learning (ML). The protection from loss of secrecy, modification, and loss of availability (C/I/A) should be in the forefront of Army cyber protection and cyber readiness. The idea tool should address Test Access Port (TAP) controls to ensure all malicious avenues of approach are considered.
Solution Review #6:
Modernize (Interoperable) (LOE #1.3)
The Army must ensure that all data are useable across multiple systems and applications by stakeholders using non-proprietary, open source, industry, or DoD-designated standards. If a system produces data that can only be consumed by its proprietary platforms then we fail to make VAUTIS. This highlights the need for open source data platforms and methodologies.
Relationships and dependencies of data will be established, and global data standards will be codified. Interoperability relies on shifting from vertical data distribution to horizontal distribution to ensure maximum data sharing such that data is accessible for linking resources together.
Why this is a problem
The Army has data in multiple sources in various degrees of data cleanliness, with uncertain data quality. Poor data management and operations without enterprise oversight results in "dirty data" influencing decisions. Data siloes make the problem worse, distancing the Army from its goal to be a "data-driven organization." Army leaders are unable to see, share, and act on accurate and quality data. In addition to this, the identification of siloes and determination of importance to overall information value chain need to be highlighted by the Army Data Board in its governing activities. The Army requires a standardized format for inoperability. There is a critical need for an open API service, versioning, or standardized schema that will allow applications to interconnect. The process of calling and responding to data requests from various authorized entities is often filled with confusion and convolution, due to the lack of use of open API services and standardization.
The Army needs industry support with efficient and effective data modeling and tagging so that the Army can operationalize its data. Open source is a best practice and of tremendous value to the Army, both near- and long- term. Since APIs and services are complementary, the Army needs industry support in adding automation capabilities and data services, versus tools to refine data as an enterprise asset. The Army data capacity at the enterprise level is too much to conduct assessments without the use of ML or AI capabilities. Further, the Army needs innovative ways to protect data throughout its lifecycle, no matter the network environment. Finally, the Army needs to eliminate duplicative, out-of-date, and erroneous data and information policies. Request industry provide courses of action (COA) to execute current framework that correlates to data interoperability.
Solution Review #7:
Modernize (Secure) (LOE #5.3)
The Army’s inability to have proactive, internal security at all levels will prove to be detrimental – especially as Army moves more to the cloud and the Internet of Things. Insider Threats pose multifaceted problems for the Army. Internal incidents reported in 2018 were mostly attributed to abuse and malicious intent, with a portion of the internal incidents being unintentional acts. External attacks were less than half of all attacks. The majority of external attacks were accredited to web application, software vulnerabilities, and the use of stolen credentials.
Over half of known breaches were the result of insider activity in 2018, according to a Forrester report. The threats can be intentional and unintentional. Both circumstances provide similar devastation, if proactive and reactive, real-time Data Loss Prevention (DLP) and Disaster Recovery (DR) controls are not employed. The majority of the Army’s security controls address external threats to the infrastructure, with very few consideration given to internal threats other than policy-based controls.
Why this is a problem
The number of networks, people, devices, and workflows combine to produce and receive a lot of data, putting the Army at constant risk. One weak link or unattended risk, at any level, could cause the entire infrastructure to fall. The Army has a need to improve, build, and extend its tactical radius to provide comprehensive cybersecurity for its assets.
Cleared and vetted personnel are able to maliciously manipulate information systems and data, usually without detection. The detection of an insider threat is difficult, and once identified, the distinction between intentional and unintentional can be another challenge. Insiders pose a greater threat because they are closer to the core than external threat agents. Insiders often know the policies and other security controls that are in place to mitigate, detect, deter, and prevent attacks against the Army. Many security policies address insider threats but there is minimal standardization of controls (and vetted tools) to address the threat.
There needs to be a Never Trust (Zero Trust), Always Verify framework (Risk Management Framework [RMF]) to ensure our Cyber Readiness. The Army is interested in a holistic security solution that could help ensure a zero trust environment through monitoring and trust assurance at every level. The Army solicit industry feedback focused on baked-in RMF processes automated into their technologies. The solution should include micro segmentation with the goal to reduce internal incidents or insider threats, and the development of a standard tool to identify indicators and defend against insider threats. Additionally, the Army requires assistance with composing Tactics, Techniques, and Procedures (TTPs) to make a more security aware environment.
Solution Review #8:
Modernize - Cloud & Data/Application Migration/Enterprise/Hybrid Cloud Strategy (LOE #1.3)
The Army develops and sustains applications and data in a highly distributed manner, and does not have a holistic mechanism to modernize or manage application life cycles. Army applications include both Commercial off the Shelf (COTS) and the Government off the Shelf (GOTS) categories. The focus of the Army migration is mainly on GOTS applications and data. Cloud brings the essential elements of elasticity, resiliency, broad access, efficiencies, secure computing platforms, data standardization, and compliance tools. The Army has implemented a strategy to modernize and migrate thousands of applications and data to the cloud, but the Army needs assistance with protecting its data through the use of solutions that generate efficiencies through automation.
Why this is a problem
Army application and data owners have been reluctant to migrate en masse due to technical limitations, funding availability, priorities, and perceived risk. Cloud computing capabilities should be adopted in a shared or common approach that is Content Service Provider agnostic to prevent limitations in abilities to change vendors both near and long term. This model limits our ability to aggregate data for the purpose of Artificial Intelligence (AI) and Machine Learning (ML).
Establish enterprise cloud and data ecosystems that are AI and ML ready, hybrid, protect Army data, increase lethality at each echelon (heavy emphasis on processes and architecture data modeling versus cloud services), and that generate reinvestment opportunities for modernization. Deploy an agile and flexible cloud framework to adapt legacy software to quickly meet changing operational environments, increase readiness, and improve cybersecurity. The Army is looking forward to commercial vendors who can provide advice on a comprehensive enterprise and hybrid cloud strategy that will integrate tactical and non-tactical infrastructure.