Navy Chief Information Officer Aaron Weis already knows what the future of technology for 240,000 sailors, civilians and Marines looks like.
Like the one-time Hair Club for Men commercial from the 1980s, Weis isn’t just the president, he’s also a client.
Weis is one of 100 pilot users of the new virtual desktop interface (VDI) that takes full advantage of cloud services, authentication and verification that doesn’t require the use of the Common Access Card (CAC) and more easily opens the door for bring-your-own-device and other compute options.
“It’s an amazing capability. We are delivering a Windows 10 desktop from the Microsoft Azure cloud. It’s a Department of Navy security technical implementation guide (STIG) image so it’s got all of the right modifications for our security envelope,” Weis said during Federal News Network’s second annual DoD Cloud Exchange.
Security-wise, it comes equipped with approved endpoint protection and can be administered and defended by the Navy Cyber Defense Operations Command, Weis said.
“It’s fully integrated. It is tied in with our cloud storage,” he said. “So my Azure cloud storage that I have on my desktop is fully accessible there. All your documents are there. You have the full suite of Office 365 capability. It is enabled, CAC-less authentication.”
In fact, the VDI is so powerful it turned his desktop using the Navy-Marine Corps Intranet (NMCI) from a dud to a stud.
“I actually just fire up the virtual desktop and run it from the Pentagon on my NMCI machine, and I have a way better experience than I get with the native desktop that’s literally sitting under my desk,” he said. “That’s just because of the power of what you have in the cloud and being able to deliver that in a fully integrated way.”
Next, the Navy plans to address the need for the CAC to access encrypted items and to log on to websites that want CAC-based authentication.
“We’re working with the Defense Information Systems Agency, and we are a very close to being able to deploy that,” Weis said.
Then, users logged in with multi-factor authentication, CAC-less authentication, will be able to present their certificates and access encrypted email.
Continual improvements for Navy users
Another change, through his office’s work with the service’s Program Executive Office for Digital and Enterprise Services (PEO Digital), is the ability to securely access applications on the Defense Department Information Network (DoDIN).
“If there’s an on-premise system or application, I will be able to access that from my Azure virtual desktop as though I was physically sitting on the DoDIN,” Weis said. “These are some of the kind of the last-mile, last-link things that are being worked on. But this has huge promise.”
Weis’s optimism today follows a nearly three-year journey for the CIO Office. When he became the DON CIO in October 2019, he inherited a network, architecture and technologies stuck in the late 1990s and early 2000s.
The Navy’s move to the cloud also has had disparate and uncoordinated stops, adding complexity to its modernization and transformation effort.
To begin to change the entire DoN network and architecture, Weis and his acquisition counterpart issued a new cloud policy in late 2020 requiring any new cloud spending to be funneled through the Naval Digital Marketplace, an electronic provisioning service operated by PEO Digital.
“Before that memo was released, cloud was a very fragmented activity. It was sort of done on a per application or per program level. When you looked at Department of Navy metrics on just cloud acquisition, we had more acquisition agreements than any of the other military departments and yet a smaller number, a smaller aggregate spend on cloud overall,” Weis said. “What that says is, you’re not very focused on it in a cohesive way, and you’re driving it at a very fragmented level. That memo was the first sort of shadow or shot across the bow saying, ‘This is a critical capability, and we must use it strategically because it’s an integral part of our information superiority vision,’ which sort of charts a path long term.”
Navy’s three-pronged effort to save money and invest in cybersecurity
Weis started a series of well-named efforts to coordinate, consolidate and standardize IT modernization across the service. Operation Flank Speed was the O365 implementation. Operation Cattle Drive is the application rationalization initiative that ends with turning off legacy systems and applications. Super Nova involves reviewing and consolidating an assortment of analytics tools and systems used department-wide.
The underlying goal of these digital transformation efforts is to save money to reinvest in new capabilities and continue to improve how the Navy defends its networks, systems and data.
This is why defend is one of three lines of effort (LOEs) under the information superiority vision, Weis said.
“Cloud is an integral part of that effort to defend our information as we transition to cloud-based solutions, cloud-delivered applications and cloud-delivered infrastructures,” he said. “Then, we’re going to leverage that capability to improve our ability to defend our information through heightened cybersecurity, augmented by a different footing in cloud. Cloud is part of this context and a means to an end for a number of these LOEs.”
The next phase of digital transformation is the expansion of enterprise services. The Navy started with systems like enterprise resource planning (ERP) and Office 365. Soon it plans to add SharePoint in the cloud.
“We continue to shift workloads to the cloud. We’re doing that from an on-premise perspective to the cloud as well as any new capability. As part of that cloud memo, the intent is ‘it’s cloud first’ so we are not looking to expand our on-premise infrastructure,” Weis said.
Black Pearl, the Navy’s DevSecOps standardization platform
Weis signed the enterprise services memo in October to move away from isolated development of duplicative IT and focus on delivering secure IT services that are agile and part of an accelerated development process through a more coordinated development, security and operations (DevSecOps) process.
“We stood up a cloud-based identity credentialing and access management solution, which is a stack of software to do identity credential authentication, and its first customer in terms of a platform was that Navy ERP enterprise system,” he said. “The intent now is we are going to take that ICAM solution and begin to fold other systems on to that system. That becomes a cornerstone enterprise service that will be delivered.”
As part of the move to enterprise services, the Navy is taking advantage of the Air Force’s Platform One offering to create Black Pearl, a platform to begin standardizing its approach to DevSecOps. Weis, however, fully admits the Navy will not have one DevSecOps platform for every mission area.
Instead, the service will build multiple capabilities in its DevSecOps environments, multiple applications and platforms. There will likely be environments for tactical applications for weapons systems and weapons platforms, for instance. Also, he expects that the service will need distinct DevSecOps environments that can serve in the classified realm and the unclassified realm.
“We need to have a portfolio of DevSecOps platforms that will absolutely leverage the cloud,” he said. “They will link into other enterprise services, like identity management, for example, and at the end of the day, they will deploy capabilities into other cloud delivery platforms. You could deploy a containerized application into an AWS cloud infrastructure, and then know that in that DevSecOps environment, you can update it.”
Weis said the Black Pearl effort is part of the Navy’s fiscal 2022 campaign plan and roadmap. He’s excited by the potential that now seems possible. “Stacking all these capabilities on top of what we’ve been talking about will get us to this point where you’re able to respond in weeks and do it with cybersecurity built in,” Weis said. “We will do it leveraging enterprise services. It’s potentially a game changer.”
To listen to and watch all the sessions from the 2022 Federal News Network DoD Cloud Exchange, go to the event page.