When the Defense Department announced its plan to upgrade most of its computers to Windows 10 by 2017, the Marine Corps, characteristically, said it would go first. But the smallest of the Defense services has run into problems.
Upgrading the operating systems on three million desktops within the mandated timeframe rests largely on performing those updates remotely, without a technician having to visit each desktop and laptop. In the Marines’ case, early plans suggested they’d be able to do so with roughly 60 to 70 percent of the computers within the Marine Corps Enterprise Network (MCEN).
But Brig. Gen. Dennis Crall, the Marine Corps CIO, says it now appears the actual figure is more like 10 percent.
“Our challenges are with hardware, and hardware that is older than a couple years is having more difficulty accepting Windows 10 than hardware that is new,” he told an AFCEA DC forum in Arlington, Va. Wednesday. “And when you look at what ‘new’ means within DoD, we purchase yesterday’s technology tomorrow. A lot of our brand-new systems are having difficulty with the upgrade as soon as they come out of the box, and we didn’t anticipate that.”
Insight by Verizon: Learn about the progress that the Pentagon is making in finding real value out of 5G and its future across DoD.
Crall said the hardware issues also pose potential financial concerns for the Marines. The service hasn’t budgeted for the manual labor that might be needed to install Windows 10 on machines that can’t be upgraded remotely.
“We’re working with Microsoft engineers on this and I’m very optimistic that we’ll work through some of these challenges, but there’s going to be a break point between the human labor costs that make that work and what it would cost to replace our equipment outright,” he said. “We’re left with a few bins: some of our systems will get upgraded just as we thought, some will require some touch labor, and the rest will probably have to have to be replaced via technical refresh earlier than we anticipated.”
DoD considers the Windows 10 initiative an urgent priority because, in the military’s case, it isn’t just a matter of upgrading to the newest version of an operating system. The Defense implementation comes along with what officials term a “secure host baseline,” marking the first time in the department’s history that it’s applied a common set of security configurations across the millions of PCs in its inventory.
Nonetheless, on Tuesday, the National Security Agency’s Information Assurance Directorate advised that moving to any form of Windows 10 would give defense components a security boost even if they’re unable to implement all of the features in the baseline, said David Cotton, the deputy DoD chief information officer for information enterprise.
“Their assessment was that if the hardware is not compliant for all of the features we want, it’s still better to migrate to the new operating system because you have improved security,” he said. “Hopefully that’s good news that reduces some of the financial costs.”
Bill Marion, the Air Force’s deputy CIO, said his service’s Windows 10 migration planning has raised several of the same issues the Marine Corps is grappling with, including how to minimize hardware obsolescence amongst the hundreds of thousands of laptops and desktops the Air Force owns and operates.
One potential solution is to own fewer of them.
“What does our desktop look like tomorrow? What does the end device look like tomorrow? I would contend that the cost of a traditional desktop and office software and the security that goes around that is pretty expensive,” Marion said. “In some cases that’s needed, and in some cases it’s not. A mobile device with a containerized cloud application is lightweight, better encrypted, easier to defend. We’re also looking at how we increase our virtual desktop footprint. We’re less mature in that area, but we’re trying to attack it from all three of those angles.”
Crall said the Marines also see virtualized desktops as part of the answer, but not in every case.
“We’ll probably adopt a hybrid solution,” he said. “In a garrison environment, virtualization seems pretty attractive. In a tactical environment it’s much harder to employ, and the convergence between those two things is at the heart of our difficulties.”
A February memo authored by deputy Defense secretary Robert Work told all of DoD’s components to move to Windows 10 by January of 2017, but does allow some wiggle room. During 2017, the CIOs of the individual military services will be allowed to grant waivers for commands within their services that haven’t yet met the deadline.
After that, any requests to stay on older operating systems would have to be approved by the DoD CIO.
Terry Halvorsen, the current CIO, said there will be consequences for military services that don’t comply with the Windows 10 mandate.
“I’m not going to get into the specific repercussions,” he told reporters on a conference call last month. “But the first repercussion would be around how people are spending their money.”
Halvorsen said DoD is taking the Windows 10 issue so seriously because the secure host baseline would achieve several key objectives, including making the computing environments in each military service more interoperable with one another and giving U.S. Cyber Command a common operational picture while it tries to defend Defense networks.
“We’ve never had an operating system that’s had this much security baked in from the beginning,” he said. “We’re going to put out some guidance for our employees in general, listing the characteristics of what Windows 10 would give you if you put it on your home system. That’s about as close to an endorsement as I can get for a software product.”
Halvorsen said he’s optimistic that upward of 80 percent of DoD’s laptops and desktops will meet the January deadline, since the vast majority of them are in fixed offices on military bases and managed by enterprise networks like the Navy-Marine Corps Intranet and the Air Force’s AFNET.
But a significant proportion of the remaining 20 percent may not be upgraded or replaced for years, because they ride atop weapons platforms that spend most of their time afloat, overseas, or otherwise engaged in military operations.
“We still have Windows XP and before, and we can’t get rid of it,” said Janice Haith, the Navy Department’s deputy CIO. “We don’t bring our ships into port very often, and some of our capabilities are so embedded in our warfighting offerings that [upgrading them] is just not possible anytime in the next five to ten years.”