Enable breadcrumbs token at /includes/pageheader.html.twig

Transformational Changes Loom for DISA

Modernization is more than just information system upgrades.

An Alaska Air National Guard tech sergeant tests his radio communications in harsh conditions. The Defense Information Systems Agency (DISA) is speeding up efforts to incorporate transformational technologies into all aspects of defense information systems. U.S. Air Force

Operations and Infrastructure Director Don Means (standing) looks over the shoulder of DISA personnel on the center’s watch floor. Cyber situational awareness will become even more important as large amounts of data are moved to the tactical edge. DISA

The Defense Information Systems Agency is trying to accelerate the pace of change by incorporating transformational technology into its operations. Emerging capabilities such as 5G will find their way into DISA services, but the agency also is partnering with industry to develop and leverage new capabilities to meet burgeoning operational needs.

Part of this effort is in conjunction with Defense Department programs such as the Joint All-Domain Command and Control, or JADC2. Security measures such as zero trust would serve vital roles to protect data reaching customers at the edge. Cyber situational awareness would increase in importance, and automation will play a key role in that capability. These would be essential elements in Defense Information Systems Agency (DISA) operations and infrastructure.

“DISA operations really is foundational to all the other capabilities that we deliver,” says Don Means Jr., director of the Operations and Infrastructure Center at DISA. “It isn’t just about command and control [C2]. We also deliver the underlying fabric. When someone is not in a productive state, we own that problem, guide it to resolution and return them to a productive state. So, we’re really foundational to the capabilities that we deliver at DISA,” he declares.

Means emphasizes that DISA must deliver services at a scale and level of security with a speed that is unusual for both government and the private sector. Security is always an issue with digitized information systems, but speed is essential for defense missions, whether serving decision makers or the individual warfighter at the edge.

“Data really is the center of gravity,” Means declares, adding, “Delivering data is a warfighting sequence, and we enable that capability.” He continues that DISA is not where it wants to be yet, as there are areas that can be improved.

Challenges range from the geopolitical to the technological. The great power competition stands front and center as both China and Russia lead the way among countries that threaten U.S. cyber operations.

On the technological side, Means points out the changing cyber landscape, which also affects the global rivalry.

“Command and control of this environment is a no-fail function,” he says. The environment includes cyber defense, which is part of DISA’s mission to maintain C2.

Other challenges include modernization. Means elaborates that this entails more than just improving the current operational environment. Rather, it involves transformational changes that empower greater agility and resilience.

“We never want to be satisfied with the status quo. It’s continuous improvements,” he states. “But sometimes we have to re-look at things from an outside perspective.

“It’s an ongoing challenge, and the adversary obviously has a say,” he continues. “But it’s always a persistent challenge to transform and make us better.”

Means describes this transformational change as “re-thinking how we’re approaching a problem.” Some change would be disruptive, but it wouldn’t be characterized as either evolutionary or revolutionary.

The biggest change looming near term will involve working with industry to understand what is happening in real time within the environment, Means offers. Establishing this degree of cyber situational awareness will require automation, artificial intelligence (AI) and machine learning (ML), he notes, although other elements will need to come into play to support the flexibility needed for future operations. “If we’re going to be able to move at the speed of relevance, we’re going to have to be able to adapt and change from the cyber environment like we would in any other environment—air, land, sea and space.”

Being more flexible in the cyber environment is both a necessity and an opportunity. The agency needs to leverage what industry has learned and is learning about being more resilient and responsive.

Knowing sooner will allow agency security experts to be more proactive than preventive, Means allows. “Those opportunities are rife—you can learn from industry partners to undertake a collective defense in which we all are in it together and depend on one another to defend our current network,” he states.

And this partnership between DISA and industry will become even closer, he predicts. “We can’t afford to be independent and still be able to operate, for our own purposes,” he says. As DISA continues to change, both environments—public and private—will have a closer partnership with more prevalent opportunities for sharing lessons learned and mitigation. This should improve resilience for both partners as they rely on each other to deliver capability, he adds.

On future technology, DISA looks to be able to take the man out of the process where automation will be more effective. Again, this builds toward being more proactive than preventive—“how we are going to move sooner when there is a problem, how we are going to know whether there is an enemy in the system moving laterally, and then being able to adapt and overcome,” he offers.

The ability to be proactive is strong on the network side, Means continues. This dates back to when net-centricity was the key buzzword. But now, with data as the center of gravity, the agency needs to look “further up the stacks” at areas such as applications. Enabling zero trust across the environment is necessary for determining proper user identification and access. “There is a lot of opportunity for change in those areas,” he offers.

DISA has undergone many changes in work policies since the advent of the pandemic. Many of those, specifically the ones that focus on remote working, have set new standards of operation for the diverse agency. But the pandemic’s influence on DISA operations has not waned, as new approaches are likely to emerge.

“Practically, we’ve enabled situations that we might not have even dreamed about pre-pandemic,” Means says. “We have a geographically dispersed dynamic environment where you don’t necessarily need to be in the building to be able to work.” He continues that the pandemic opened eyes across the department on how to support getting data where it needs to be holistically. This represents a different approach than in the past, where decisions would be made in conference room meetings, he notes. This holds true for general users all the way up to senior leaders, who now can exchange conversations to drive action.

Technology progress also has been accelerated largely based on need. Migration to the cloud, for example, has been in the works for some time. But with a geographically dispersed workforce and users, the cloud is the best and fastest way to enable a more flexible, adaptive and mobile workforce, Means offers. Other capabilities that will help adapt to this new environment include software-defined networking, he adds.

One of the major C2 efforts underway in the Defense Department is with JADC2. All of the services are working on their own elements of JADC2 with the goal of bringing them together into a final environment. Means offers that DISA has a critical role in the delivery of JADC2 in terms of command and control of the environment. This includes delivery of the underlying network that will enable its cloud capabilities and the command and control applications that will build a common operational picture.

The agency is working closely with the Joint Staff to ensure that it is enabling all the JADC2 requirements to meet these conditions, he says. The agency will continue to evolve those capabilities so it can fit them into JADC2.

The agency is striving to pull new information technologies, such as 5G, into its operations. This includes JADC2 and other systems designed to bring data to the edge.

For the future, the agency will continue to innovate, Means states. “We’ve done a lot, but there’s always more to do,” he says. “There are always ways to improve and not be satisfied with the status quo.” Those improvements likely will focus on operational methods, transformational technologies that can be leveraged, more proactive operations and support to the customer with the data it wants when and where it is needed, he offers.