Air Force Unveils Enterprise IT Road Map
The Department of the Air Force’s technology modernization journey advanced another step today with the public release of its comprehensive enterprise information technology road map. The plan identifies the specific milestones for adding necessary technology solutions, such as zero trust and identity management.
The capability advancements are vital for the Air Force’s and the Space Force’s success in a near-peer environment, where the services face communications disruptions and widespread cyber exposure across all aspects of operations—and with adversaries only growing more and more sophisticated over time, explained Jay Bonci, chief technology officer (CTO), Department of the Air Force, speaking at the AFCEA Rocky Mountain Cyberspace Symposium on February 23.
“We know where we need to go,” Bonci said. “We know the direction we're headed. And we’ve all heard words like zero trust, identity, data, data, data. But knowing where we are going doesn't matter if we don’t execute. We know the path ahead of us is incredibly complex. We have a number of highly integrated, complicated motions to be able to change the architectural imperative of the way we structure the Air Force.”
The road map is a public-facing document for industry and military officials to understand the 10 core areas the department is slated to address over the next several years, including: zero trust architecture; identity, credentialing and access management (ICAM); software-defined wide area networks; core services; hybrid and edge cloud; pathways to cloud; data fabric; and workforce automation.
“It is going to change how we deliver IT,” he noted. “It is going to change our culture and responsibilities. It is going to change the way we design, field and ship out applications. [This road map is a way] to make sure that we aren’t missing any steps along this process and to synchronize the incredibly complex world with our mission partners.”
For consistency and understanding, the department created an ontology to define the language, terms and categories for all the digital solutions to be developed, Bonci said. And the department first pursued zero trust and ICAM, as they are the hardest capabilities to address. “Zero Trust is the 800-pound gorilla,” he offered. “You see that fan chart with all the capabilities and activities, and we know that my [gosh], we have a lot to do. But it's not magic. It is achievable.”
For solutions related to software-defined wide area networks, the department expects to define a specific plan and draft milestones by May. It is planning to identify core service capabilities and any related subcomponents by June. Later this summer, the department will identify the first critical capabilities needed for pathways to the cloud; data fabric; workforce automation; and hybrid and edge cloud.
And to help examine any implications to operations or personnel from pursuing the capabilities, the department is collaborating closely with the offices across the Secretary of the Air Force, including Management; the A-1; Air Combat Command; 16th Air Force; the Cyberspace Capabilities Center; Advanced Battle Management; Cloud One; Platform One and its software factories, amongst other organizations.
Along the way, the department will begin to tackle broader, fundamental challenges, such as if the Air Force Network, or AFNET, or the Secure Internet Protocol Router Network, the SIPRNet, will be needed as they exist today.
“It leads us to a lot of future questions,” the CTO noted. “Are we going to have an AFNET in the future? Do we even need a SIPRNet? if we have zero trust, does the network matter?”
We need modernized applications, resilient networks, healthy devices, safe and integrated data, continuous identity evaluation, and policies that enable seamless and secure choices.
In addition, Bonci encouraged industry to get involved with potential solutions, pointing to the website of the Office of Information Dominance and Chief Information Officer, or SAF/CN, which will display the comprehensive enterprise information technology road map, as well as the separate plans for the components such as zero trust or ICAM.
“We need modernized applications, resilient networks, healthy devices, safe and integrated data, continuous identity evaluation, and policies that enable seamless and secure choices,” Bonci stated.
Companies can also make meeting requests to engage with department officials or can submit feedback on the roadmaps, he said.
For the department, which greatly expanded the dialogue on zero trust back in 2019—and has been pursuing its components for the last 10-20 years, Bonci argued—the time to act is now, with this plan codifying the approach.
“We're going to incorporate new sources of data, better ways to make decisions,” the CTO said. “We're going to upload our cloud posture and we're going to better incorporate our DevSecOps. This is a constant upload of what we have today. We're not going to go and buy a zero-trust solution and drop it on top. It's going to be a lot of iterative motion for how to get there.”