DISA To Industry: Innovate, Yes; But Don't Have Us Buy Unneeded Widgets
Meeting technology priorities—at cost, at speed and using what’s already in inventory—coupled with better workforce development initiatives were some of the headline objectives of center directors from the Defense Information Systems Agency, or DISA.
“I'm really looking to get more proactive, more preventative,” Don Means Jr., director of the agency's Operations and Infrastructure Center, said during the second day of discussions and presentations during AFCEA’s TechNet Cyber event, taking place April 26-28 in Baltimore. “You've heard us talk about not having the end user be a sensor. I want to know before there's a problem so I can get ahead of it and keep people in a productive state.
“We've deployed a lot of tools that harvest data, that provide functionality, but I don't want to have to buy more widgets for resilience.”
In a snapshot, Means outlined for the audience tuned into the DISA center directors panel discussion some key wants that comprise the agency’s immediate wish list:
- Solutions already in inventory replace something before it's broken.
- Ability to add robustness where choke points exist for warfighters.
- Innovation to streamline problems choking the endpoints and get ahead of issues before users cannot use their endpoints.
“What I'm looking for, and we're all looking for, is how to get to the future faster,” Means said.
Short of a time machine, one part of reaching that future state at an accelerated pace involves a reliance on industry-produced solutions, the DISA center directors said. The other part is empowering the workforce.
“Industry is a large driver [of innovation] and we’re looking for those industry best practices on how to do this effectively and efficiently to enable the missions that we have to support,” Means said.
A key discipline is the development of cloud technologies, for example, and leveraging diversification of how and where data is stored and accessed, said Sharon Woods, director of DISA’s Hosting and Compute Center (HaCC).
“There's been a mythology that you have to either be in data centers [on-premise] or be in the cloud, or that there's this pressure to take everything that's in a data center and put it in the cloud,” Woods said. “That’s not how industry operates, and it's not how the department operates. Our requirements are diverse and there is no single hosting and compute platform that could possibly solve for all requirements.
“What we're really talking about is hybrid. … For the Hosting and Compute Center, we're trying to innovate and deliver capabilities that facilitate the consumption of hybrid cloud. That's really our focus over the next one to two years.”
The HaCC partnered with Microsoft, AWS, Google and Oracle, for example, to explore infrastructure as code for automated provisioning of cloud environments, levering industry-developed accredited and preconfigured security solutions that freed up government workers to focus efforts elsewhere, Woods said.
DISA also is looking toward artificial intelligence (AI), machine learning (ML) and other automation tools and solutions to “make data better” and more accessible, said Roger Greenwell, director of the Enterprise Integration and Innovative Center. “How do we get away from someone having to try to parse through data and [instead] take advantage of technology and take advantage of AI and ML to be able to allow the cyber defenders to have much better visualization of actually what's happening in real time?” Greenwell asked.
Ultimately, the agency needs technology to help in “lowering the noise so that we can see where we really need to engage,” Means added. “That involves a lot of work with regard to understanding the data, shepherding data and then ultimately understanding the data so that we know where to focus our efforts and where the real threats are so we can mitigate them early. Help us not to just iterate like we do, to make baby steps, but really transform to what's next and when to win the future fight,” he pleaded.
Leaders aren’t making decisions and changes in a vacuum. DISA continuously takes the temperature of its workforce and customers—the warfighters and end users—to pivot when needed and measure the effectiveness of implemented tools, technologies and policies, said Jason Martin, component acquisition executive and director of the Digital Capabilities and Security Center.
“We started talking to the end user—right, novel concept,” Martin joked. “When you think about DISA’s mission set, it is so large, it is so diverse—it's not hard to miss an area. So we've really put a conscious effort [to communicate across the agency], all with the end user in mind.”
Some of the user input leaders have taken to heart to fix is the elusive single sign-on technology and difficulty accessing multiple networks, Martin said. “Think of the swivel chair approach these cyber operators have to work through.”
In addressing what else is needed in “reaching the future faster,” the panelists were quick to point out that technology is not the sole answer and they are working on enhanced empowerment efforts for the workforce.
DISA has created cross-organizational teams that let employees learn new skills, pairing data center personnel with commercial cloud experts, for example, and “merging them into a single cross-organizational team and then throwing them after a problem,” Woods said.
It also means providing the right tools and the proper training, challenging employees and rewarding innovation, and making the culture shift that encourages change from the bottom up.
“We want our workforce to actually be participating in giving us the ideas that we need to really modernize our capabilities, build out the future and it can't all start from a top-down perspective,” Greenwell said. “It really needs to start from that lowest level in the workforce.”