Enable breadcrumbs token at /includes/pageheader.html.twig

Complementary Actions Define New DISA Strategy

Five not-so-easy pieces characterize the agency’s plan for the future.

A U.S. Air Force captain radios an aircraft heading for a landing on a highway in Bulgaria during the exercise Thracian Summer 2021. The Defense Information Systems Agency (DISA) is placing high emphasis on improving command and control as part of its new strategy. USAF photo

Lt. Gen. Robert J. Skinner, USAF, hosts a virtual town hall with DISA and the JFHQ DODIN. Security is a key element of both organizations as they strive to ensure connectivity across the Defense Department. DISA imagery

The Defense Information Systems Agency is introducing a new strategy that will blend five lines of effort with an internal reorganization amid new budgeting authority. The goal is a synergistic effort that ensures information superiority for the U.S. military as it moves forward against new adversarial challenges.

The new strategy aligns the fiscal year 2022 budget collaboratively with internal agency reorganization. This approach is designed by Defense Information Systems Agency (DISA) leadership to allow it to make necessary changes for the next several years.

The agency is combining specific objectives with due dates for action plans in each of the five lines of effort. Individuals within DISA organizations are responsible for portions of each of the five areas. “We’re going to ruthlessly manage in our battle rhythm offense to make sure that we have the right progress,” says Lt. Gen. Robert J. Skinner, USAF, DISA director and Joint Force Headquarters (JFHQ) DODIN commander.

Gen. Skinner emphasizes that the top priority among these five lines is command and control (C2). As a combat support agency, DISA considers C2 a “no fail” priority, he says. That includes driving C2 for the current environment as well as for the future environment. This ranges from the president of the United States being able to communicate with and command forces across all domains.

The strategy encompasses both top-down and bottom-up C2, Gen. Skinner continues. “When I talk command and control, when I talk communication, it has to be from the foxhole in a denied, degraded environment at the tactical edge all the way to the strategic level and beyond,” he emphasizes. Similarly, the White House Communications Agency must be able to put the president in touch with foreign leaders, the U.S. public or defense leaders. The agency must balance its C2 capabilities among the executive branch, the Defense Department and individual warfighters.

The first step in this new strategic emphasis is a zero-based review of all the C2 requirements needed by Defense Department personnel ranging from senior leaders to warfighters. This entails a revalidation to understand whether these requirements are being met, either from an acquisition standpoint or an operational standpoint. Other criteria include whether a program exists to improve requirements, if the correct resources are aligned, and what the operational team leveraging these capabilities needs, the general offers.

He adds that the agency already knows of certain programs that need upgrading and improvement. Right now, the agency is determining the specific actions needed to fix them. This will be followed by learning what industry and academia can offer to meet the modernization challenge. The general notes that this action can range from simply upgrading an existing system to moving toward leap-ahead technologies and processes for a more resilient capability with greater capacity.

The strategy’s next line of effort is to leverage innovation. This is at the heart of modernization, the general points out. While many people and organizations exploit innovation “all over the map,” DISA is focusing its innovation on requirements for capabilities needed by the force. “We have a lot of legacy/vulnerable systems across the department that we have to modernize,” he says. “It can’t just be, ‘We’ll add a little bit of technology and call it a day.’ We have to actually innovate the process, innovate the technology and innovate the force structure to get the most bang for the buck as we move forward.” He notes that the actions being used to improve C2 are part of the thrust to leverage innovation.

The third line is to focus on data as a center of gravity. As the world moves toward a software environment, the agency must leverage data at the heart of decision making, cybersecurity, transportation, logistics, global strike and other elements. “To have an optimized and efficient force, we have to focus our data as a center of gravity,” he says.

The agency has stood up a chief data officer to bring together all the disparate datacentric efforts within the agency. This officer is leading work to assemble a plan “to holistically look at what is required,” the general says. As an example, he cites work with the U.S. Cyber Command (CYBERCOM) and the National Security Agency on a unified platform, which is a datacentric environment that enables blue force instrumentation data to be housed in multiple data links. This will allow using artificial intelligence/machine learning to improve configurations and security posture.

Robotics process automation leverages data and processes to streamline and automate manual process, Gen. Skinner adds. The agency has about 10 different initiatives currently underway, and these have saved thousands of hours, relieving individuals of the need to pore through spreadsheets or updating configurations. “We’re using robotics process automation to automate all that,” he notes.

DISA also is leveraging machine learning and artificial intelligence to “find the needle in a haystack” of adversaries trying to exploit a vulnerability or to shore up a vulnerability before it is exploited. “That is a key way we are going to leverage data,” he says.

For the fourth line, from an information technology standpoint, cybersecurity must be harmonized with the user experience, Gen. Skinner offers. “If you have a system that an individual can’t use very well or takes a Ph.D. to operate, then we’re not being optimized,” he states. Too much cybersecurity can make a system unusable, thus rendering the system incapable of meeting the requirements that need to be supported.

Many of the cybersecurity efforts will draw from the other lines, particularly data as a center of gravity. The JFHQ DODIN will play a role in that effort as well.

The strategy’s fifth line of effort is to empower the workforce. Gen. Skinner is calling for unleashing the talent inherent in DISA. “It never ceases to amaze me. The talent that we have in DISA, in JFHQ DODIN, across the department and even across the United States is just amazing. It’s our jobs as senior leaders to have the right environment that everyone can realize the best of themselves where we can drive them to greater heights than what they could even imagine.”

This will require aligning the workforce, education and training, he points out. Encouraging their creativity will generate great ideas, which tend to come from the grassroots level, the general posits. “That’s what we need to empower.” He describes it as “an all-hands approach” to recruiting and retaining necessary personnel.

The agency is leveraging its intern program to tap young people in college and high school to give them a taste of the agency and what it does. In particular, DISA is applying some missions that would not be available in commercial opportunities, and the agency is highlighting these as options for young potential hires. “We can’t compete with companies when it comes to salaries only,” the general allows. Instead, DISA must take a balanced approach with mission, benefits, salary and organizational processes as part of culture and workplace climate. “We want to be able to bring all of those different things together and have a best value for individuals,” he says of the many opportunities DISA can offer workers.

Foundational to these five lines of effort are two elements. The first is velocity of action—“to win,” Gen. Skinner says. “Our actions have to be aligned in the right pace, the right speed and in the right direction to move the department forward.” Absent the velocity of action to win, potential adversaries in Europe and Asia are positioning themselves to seize the initiative with their own velocity of action. This includes challenging the rules-based international order that has dampened security threats for generations.

The other element is what Gen. Skinner describes as transparency of understanding. This entails being able to clearly show how taxpayers’ money is being spent and in what context. In a time of tight resources, this transparency will provide better conditions for supporting key allocations and acquisitions. It also enables a diverse force to be able to provide inputs for better decision making.

As head of the JFHQ DODIN, Gen. Skinner offers that his organization pursues goals in conjunction with CYBERCOM for operating and securing Defense Department information networks. As simple as this statement may be, the tasks are complex. The defense information environment comprises more than 44 elements, each with its own lead in an analogy the general likens to states and their governors. The JFHQ DODIN provides synchronized and aligned direction to these governors as they run their own elements. Each DODIN area of operations is commanded and directed by an individual in charge of operating the network and the assigned cyber domain.

Maintaining this operation requires constantly refining policies and procedures, the general continues. “We’ve had many successes when it comes to some of the ransomware and some of the other zero-day and malicious cyber actor actions and activities,” he notes. “[We’re] not perfect, but we continue to refine that, and that is at the heart of what we do from a command-centric operational framework.”

The JFHQ DODIN leverages technologies and processes, and their maturation provides better situational awareness and understanding, he offers. This is critical for knowing what is happening in the cyber domain, and it improves cyber C2 for directing forces to shore up vulnerabilities while operating in the domain.