For Defense Department chief information officer Dana Deasy, digital transformation was never just about the cloud.
This is why making the Air Force’s dev/sec/ops program, known as Platform One, a DoDwide enterprisewide service is an important milestone.
Deasy said Platform One will make it easier for the military services and defense agencies to modernize applications.
Insight by Citrix: During this webinar executives from the Department of the Navy, U.S. Army Corps of Engineers, Census Bureau and Citrix Systems will discuss how federal leaders can use their experience over the last 20 months to continue to reduce costs and complexities and move further into the cloud and other modern approaches to technology.
“My office recently designated one of the most mature dev/sec/ops platforms within the department, the Air Force Platform One, as an enterprise service which has the effect of making this capability broadly-available across the DoD. That designation also links directly into the software acquisition policy released by Acquisition and Sustainment that encourages both the uses of dev/sec/ops and adoption of existing enterprise services,” Deasy said during a briefing with reporters on July 30. “While we tend to focus on technology when we talk about software, it is important to acknowledge that progress is delivering — delivering capability more rapidly will depend as much on non-technical enablers such as changes to acquisition policy, cyber risk acceptance processes, as the technical capabilities.”
The memo Deasy referred to is from January, where the policy lays out 17 considerations when buying and developing software.
The memo’s goals are to:
Meanwhile, Platform One is a series of dev/sec/ops tools, contracts and services that the Air Force oversees along with the Defense Information Systems Agency, the DoD CIO and others.
The Air Force has more than 45 programs on Platform One, including the F-35 and the Ground Based Strategic Deterrent (GBSD) teams. Several services and defense agencies, and even some civilian agencies, are already using Platform One.
But by making it an enterprise service, Deasy said DoD is giving it a seal of approval above and beyond just telling agencies it’s there and they can use it.
“[I]f you really dig under the covers, what was really important in that announcement was Air Force truly has matured this vision that I have been an advocate for a long, long time around dev/sec/ops. They’ve done a lot of work in the entire software development process in various tools and techniques that we are advocating as part of our agile workforce,” he said. “[W]hen we announced [Platform] One, I think people picked up on the word ‘the cloud.’ What the big message there was, we asked you for the first time, had designated a cloud across DoD that could be used for a common way of doing dev/sec/ops.”
Deasy said that work includes more than just setting up contracts and telling agencies to go use them. Platform One, however, did do that. It awarded 55 vendors basic ordering agreements and the Air Force wants to add another 25 vendors in the coming months. The service recently issued a solicitation to add more vendors to Platform One.
Deasy said Platform One gives users several tools that will help remove the obstacles to dev/sec/ops. DoD has a goal of training 100,000 servicemen and women and civilians on the dev/sec/ops process so making the approach easier is part of this larger effort.
“[T]here’s these things called ‘code blueprints.’ In my prior life, we used to refer to them as design templates. The power of dev/sec/ops is getting developers out of the world of creating everything as original code, but taking the most common reused code elements, putting them into what we’re calling these code blueprints, and then allowing them for reuse,” he said. “[W]hen we say we’re training 100,000 people or whatever, what we’re really doing is just saying, ‘Hey, we’ve got to get them a reference architecture, we’ve got to figure out how to bring in the defense-industrial base into this, and we’ve got to then have these predefined blueprints available for them.’ And then the last thing we’re working on is, if you can create all that, we also want to try to solve once and for all this idea of ongoing global directory, or the identity that you carry when you sign in and use an application.”
Deasy called the code blueprints the reference architecture and identity management service foundational elements of dev/sec/ops. He said the goal is for developers to include the global identity authentication service to truly create a single sign-on.
He said all of these “pre-requisites” will make training easier.
Along with Platform One, Deasy, in a wide-ranging press conference, offered updates on several other digital transformation initiatives.
He said the cloud contract known as JEDI remains on track for a re-award this month.
“[T]he judge put a stay; asked us to go back and specifically look at a section of the RFP (request for proposal) solicitation. We committed to turn that around and have that out, allow each of the two respondents then to respond back,” he said. “Our goal is to finish the evaluation of those responses in August, which was always our plan. [W]e are still on schedule to, I guess you could say, do a re-announcement of our intentions to award probably sometimes towards the very end of August, barring any last-minute unforeseen additional issues that are raised.”
Deasy said the DoD’s move to the cloud has always been much more than the JEDI contract, which could be worth $10 billion over 10 years.
He said the Commercial Virtual Remote (CVR), which is a DoD-only implementation of Microsoft Teams, continues to demonstrate its value. Deasy said the tool supports 1 million active DoD users with unclassified voice, video and chat capabilities in the cloud.
“CVR has been an extraordinary collaboration tool in enabling colleagues and partners around the globe continuing DoD operations without interruption. CVR provides the flexibility to support a more inclusive workforce, make people more connected, and demonstrate the department’s resiliency when challenged,” he said. “Normally, a program of this scale and complexity would take over a year to design, engineer and deploy, but the extraordinary efforts by my fellow technologists across the department have led to the delivery of a CVR platform in under 60 days. While cloud capabilities are vitally important, more is required to ensure our servicemen and women are prepared for future threats.”
Now, Deasy said, DoD is looking to expand CVR to the classified network.
“We’ve always recognized that where we really need to move this is from kind of what we call an impact level 2 (IL2) to an IL5 environment that has all the robust capabilities that you would expect, where you could do much more secured types of collaboration,” he said. “Now, the trick in doing that is you don’t want to lose the goodness of how we’ve been able to allow people to work off-net, so to speak, from their home, from their own types of devices. But how do you now transition to an IL5 world which locks down things in a lot more restrictive way, and obviously, for very good reasons? So there’s a lot of pilots going on right now on how we pivot CVR from kind of an IL2 world to an IL5 world between now and, I’m going to stay, toward the end of this year. And so if you were to ask me, what is the big heavy lifting we’re working on right now is, how do we actually do that pivot from an IL2 to an IL5 world?”
Another big focus area for DoD in the coming months is around data. The Pentagon recently appointed Dave Spirk to be the DoD chief data officer, and Deasy said he is on a 90-day listening tour.
“Dave’s organization is focused on strengthening data governance, interoperability, and data protection across the department. This will be a major effort. In the coming months, you’ll hear more about that as we release the DoD Data Strategy,” Deasy said. “The chief data officer is on a directed 90-day listening tour where he is talking to senior leaders in the Pentagon, warfighters and at the combatant commands, industry and academia to assess the overall department’s progress. At the conclusion of the 90-day tour, Dave will provide a written assessment with a plan of action.”
Deasy added among the areas Spirk and the data strategy will address is data policies, standards, governance and quality, as well as the importance of user engagement and prioritization of opportunities to accelerate the value of data across Joint All-Domain Operations, senior leader decision support and business analytics.