The Army has been talking for years about the need to modernize its enterprise IT networks, but in a forthcoming digital transformation strategy, officials are thinking bigger. Besides making technical upgrades, the multiyear strategy will try to reform the Army’s IT policies, realign its workforce, and build new partnerships with industry and academia.
Army leaders first called out the need for “digital transformation” in their broader Army modernization strategy in 2019. But the Army Digital Transformation Strategy (ADTS), expected to be formally released this week, is meant to explain exactly what the service hopes to achieve between now and 2028.
It will be organized into three pillars: Modernization and readiness; reform; and people and partnerships, according to Raj Iyer, the Army chief information officer.
Speaking at the annual Association of the U.S. Army conference in Washington on Wednesday, he said the Army’s IT struggles are not fundamentally a money problem.
Even though “transformation” will involve some tradeoffs, with $15 billion per year in information technology spending, the Army has the resources it needs, he said. But without a cohesive strategy focused on modern digital approaches, much of that money is going to be spent on projects that aren’t helpful to the cause.
“What ADTS lets us do is to achieve unity of effort. If you don’t have this, commanders are going to do what they’re good at, which is executing and operating the mission. Program managers are going to do what they’re best at, which is sticking to cost, performance, schedule and the requirements of their individual program,” he said. “ADTS gets the CIO and the senior leaders strategically engaged. When we say that we are going to be cloud-native with everything that we do, we’ve got to make sure that we are providing the right oversight and the right support. We also have to work with industry to make sure that all of you folks understand the strategic intent and the direction we’re headed. That’s what the ADTS helps us do.”
In addition to a major emphasis on cloud, taking an enterprise approach to cybersecurity will be a big focus area within the modernization pillar.
Maj. Gen. Matt Easley, the Army’s chief information security officer, said that’s partly because the nature of the threats the Army faces has changed fairly dramatically since its networks and cyber protection mechanisms were designed.
“A lot of those attacks have moved up to the application level or to the person level, and that’s forcing us to change the way we think of cybersecurity. The way we think of a network, the way we think of our systems needs to be pulled together,” Easley told reporters. “The Army is a very large and complex organization: we have 128 posts, camps and stations, but if you include the National Guard, Army Reserve and other installations, we have more than 3,000 installations. How we pull all that technology into our enterprise architecture is a huge shift. Our authorizing officials have authorized more than 3,000 systems. So normalizing those systems so that they’re using a similar cybersecurity solution, similar data standards and a similar cloud infrastructure is the way we’re going to scale this.”
And Iyer said the Army can’t transform its approach to things like network infrastructure and cybersecurity without also making a concerted effort to update its IT policies.
The bulk of those governing documents were written in an earlier era — some are 30 to 40 years old — and in many cases, they simply stand in the way of soldiers and Army civilians who are already trying to innovate with modern digital tools, Iyer said. They also complicate the Army’s implementation of modern cybersecurity principles, like zero trust.
“Zero trust is the opposite of the [perimeter defense approach] we’ve done in the past. The policies we need for zero trust are all about saying we’re not going to let anybody in, and that’s our policy – we’re going to be using analytics to determine whether you’re a good actor or a bad actor,” he said. “And in terms of things like robotics process automation, we still don’t yet have enterprise policy. What do we do with these non-person entities on the network? Right now we give Common Access Cards to people, and that’s how we know they have access to the network. We need the right policies to make sure that these bots are treated like humans, with the right access privileges and so on.”
Meanwhile, the strategy’s people-focused pillar aims to build the Army’s bench of digital talent.
The service has already started efforts to upskill and reskill the 72,000 military and civilian employees in its IT workforce. Iyer said one of the strategy’s goals is to create an centralized “easy button” — managed by the CIO’s Enterprise Cloud Management Agency — to set up cloud-based IT infrastructure, so that the workforce can focus on higher-end tasks, not managing servers and data transport.
“If we don’t get ahead of the race for talent, we run the risk of losing this right from the get-go. So we’re building capacity, but we’re building it in small [increments], with reasonable expectations. I do not want to go create a dozen software factories like some of the other services. We have to learn from what we’re doing at the software factory in Austin, get the lessons learned and then talk about then how we’re going to scale it,” he said. “We also do not want to limit ourselves to just the [active duty] Army. How do we take advantage of the expertise that we have in [the National Guard and Army Reserve] – people that are actually doing this in their day-to-day jobs? We want to build a marketplace of talent across the Army, independent of what your specialty is, what component you work for, and whether you’re a civilian or a contractor.”
David Markowitz, the Army’s chief data officer, said much of the workforce planning is being done via a separate but related digital human capital strategy.
So far, the Army’s digital workforce questions have been highly focused on data specialties, but the analysis will also encompass the skills and number of personnel needed for functions like cloud architecture and cyber defense.
“One of the areas we’ve tried to identify is common skills that are [required by] like 90% of the workforce – things like basic data manipulation, data analytics, to try to identify which of those are the higher end skill sets,” he said. “We want to make sure we get to a common metric about skills across our Training and Doctrine Command schoolhouses. As we’re baselining, we also want to make sure our cyber workforce is trained to do the work that they’re doing, and making sure they match right. What can we automate so that we can get people out of highly labor-intensive tasks? It will be a continuous kind of review that asks, ‘Are we about right?’ That zero-baselining and restructuring will be with us for at least five years, if not a decade.”