DISA fields a classified version of a very widely used open platform

Since January, the Defense Information Systems Agency (DISA) has been running a highly classified version of a very popular consumer platform. DISA completed functional testing of what it calls DOD-365-Sec, a secure version of Microsoft Office 365, a cloud-hosted suite of common products. With a progress report on user testing, The Federal Drive with Tom Temin  with the program manager for DISA’s Defense Enterprise Office Solution, Carissa Landymore.

Interview transcript:

Tom Temin And is this whole project kind of a development of the post-pandemic remote access platform that DISA has been working on? Originally, there was a version that was kind of set up as an emergency, and now you’re transitioning to something more permanent. Is that a fair way to describe what’s going on?

Carissa Landymore Absolutely. With the pandemic, we fast tracked getting collaboration, moving to the cloud on the unclassified side, which really I think set the precedents to move quick to establish these capabilities into the SIPRnet.

        Find out how security operations centers continue to evolve to stay ahead of cyberthreats by collaborating closely with industry to staff their operations and modernize their toolkits in our new ebook, sponsored by Maximus. | Download today!

Tom Temin All right. So now we have got this Microsoft Office 365-Sec, DoD 365-Sec. What exactly is it? How would you describe it?

Carissa Landymore DISA has made tremendous progress in our efforts to provide enterprise wide cloud based collaboration capabilities, enabling mission critical tasks on multiple classification levels. And DoD 365-Sec, it’s really just another enterprise service that we’re going to be adding into our portfolio. It’s kind of a hyperscale cloud software as a service on a classified mission network. We met a few years ago with multiple mission partners to gather requirements, partner with industry, Microsoft, our integrator [General Dynamics Information Technology (GDIT)] to make sure that we could take DoD 365-Sec and evolve collaboration, enhance data sharing on the secure Internet protocol router network or SIPR network, which has never been done before. By doing this, were providing warfighters with modern tools that allow them to operate ahead of the adversary and meet their mission any time, anywhere.

Tom Temin Now, are the products on DoD 365-secret the same ones you would get if you had a normal commercial version of Office 365?

Carissa Landymore They will be. It’s going to be building blocks. So you’re going to see it continue to evolve. So with Microsoft, they are providing what’s called Release One. They just announced their general availability. Release One is going to provide you SharePoint Exchange online, which is your email and OneDrive. So those are the initial capabilities you’re going to get out of the box. Teams is really what you’ll hear a lot of the mission partners, they’re after that collaboration capability. That’s going to be a part of Release Two, so that’s going to come second. It’s important to get those fundamental blocks established, get that foundation laid down. And then teams is going to come after, which right now Microsoft is on target to provide general availability of that, the end of March.

Tom Temin Now, is it simply the network by which people access it in the cloud facility, in which it’s hosted secret, or is something inherent in the products themselves that are different from the commercial versions?

Carissa Landymore There’s going to be a lot more security around this capability than what you have in the commercial world. So additional security, putting if you think about more fence, more guardrails around this. But what we’re doing, by bringing this to the cloud, is equipping the warfighter in the department with responsive, resilient, secure and high quality IT services.

Tom Temin So the products do have some inherent security measures in them, as well as being on a network that nobody else can access.

Carissa Landymore You got it, absolutely.

        Read more: Technology

Tom Temin And from a user standpoint, now you’re in testing, do they have to do anything differently?  When you have a regular Office 365 account, you put in your password, and most of us have two-factor authentication. Is one of the challenges making it easy for people to get on, yet still be secure?

Carissa Landymore So we’re going to have multifactor authentication. A lot of the ways we secure the environment on the low side using that authentication that you mentioned. We’ve been doing a lot of testing, but folks are going to really take a lot of what they did to prepare for their migration, looking at their existing networks, running through a list of questions, cleaning up your mailbox. All of those different things that we did to prepare for IL5, we’re going to implement apply those lessons learned, and folks can start to do that today. So we’ve already started to work with the components, the mission partners around the department to give them that information, because that’s going to take some time. They’re all on prem. They’re going to have to do some some legwork there to get their network ready to make that transition into the cloud.

Tom Temin We are speaking with Carissa Landymore. She’s a program manager for the Defense Enterprise Office Solution at the Defense Information Systems Agency. And now you have deployed in a, would it be accurate to call it a beta level with certain users? And what’s the progress at this point? And what kind of feedback are you getting?

Carissa Landymore We are currently in our preproduction environment. We started our testing, and again, our partnership with Microsoft, they were able to get us into a pre-production environment beginning last April. And starting late August, after our initial integration and testing, we were able to bring in what we call canary users or technical users to help us come in and test out the functionality of the products that Microsoft is going to be releasing as part of their initial release. So we had three phases of testing. Phase one is what I just mentioned, getting in there, doing a deep review of the initial capabilities, partnering with Microsoft to clean up any configurations, coding that may need to be tightened up there. But all in all, everything tested favorably. So due to the success of that, we were able to ramp up our functionality testing sooner, which allowed us the ability to open it up a little bit and bring in anybody from the department that wanted to come in and test it themselves. Getting back to that network readiness, starting to look in there and think about, OK, what do we need to do as an organization to prepare our community for their transition into the environment? So that’s kind of where we are now, and that’s called the limited user assessment. So we’re very excited about that, because again, that allows us the ability to be transparent and begin that work with our organizations across the department.

Tom Temin And what have you heard so far? Have they called up and said, Carissa, I hate this, or hey, this is pretty good.

Carissa Landymore No, it’s definitely all been great news. And again, because of the partnership we’re breaking down barriers working with the DoD CIO’s office, working with our integrator, Microsoft, making sure that we get the requirements from the components. Getting them in there sooner, allows us to take that feedback and get it back to Microsoft so that they can take a look and say, OK, for future releases, here’s where we need to be focused. So we’re really excited with the partnership and just the overall feedback from the department.

Tom Temin Now, the purpose of cloud applications is so that you can access them from pretty much anywhere, that there is Internet connectivity. So does this require government issued equipment to be able to access it from wherever you are? But can you also use what sorts of wi-fi or wireless networks to access it and maintain the security and have all the authorizations there?

        Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app

Carissa Landymore You will have to be on the SIPRnet, so you won’t be able to access this from the public Internet. Again, this is a classified environment, so it will be locked down tightly. From a security perspective, we have to do that.

Tom Temin So you can’t do it from Starbucks. But what if someone is teleworking? What’s the situation there? How do you get to SIPRnet if you’re teleworking?

Carissa Landymore We do have special devices for certain VIPs and individuals that they can use that we’ve been working with. So if you think of our [Department of Defense Mobility Classified Capability-Secret (DMCC-S)] devices are the mobile devices that certain VIPs can use to access their mail from a mobile device, a secure mobile device. We have another it’s called a Windar. If you think about kind of like a laptop, if you will, that folks can use as well. So a lot of testing going there because, again, part of going to the cloud is getting to that collab, focusing on that collaboration so that people can access their information any time, anywhere. And that’s exactly what we’re doing here. And so far, that testing has been very successful as well. So that testing will continue, but the focus will be you’ll be able to access it from your SIPR client, your thick client or your thin client, either your DMCC-S device or your windar, or think of that kind of like a laptop, if you will.

Tom Temin So warfighters could be able to use this somewhere, with the proper devices and presumably they take with them wherever an action might be happening or an operation might be happening, there is a SIPRnet capability to that zone.

Carissa Landymore Absolutely. Yeah. And the goal is that they’ll be able to use their DMCC-S device today and continue the collaboration just like they’re seeing on the unclassified side with the Microsoft 365 products.

Tom Temin All right. And what’s the schedule from here on out? You’re still in the limited user assessment. Do you have an endpoint for that? And when will that start to go beyond that?

Carissa Landymore Absolutely. Things are really gaining speed here with all the excellent feedback we’ve gotten. So right now, beginning of our mid-May, excuse me. DISA, we’d like to have DISA come in, adopt the service first, making sure we get any, smooth out any processes that we have before we bring in our mission partners into the service. So mid-May, DISA will migrate fully, will declare [Full Operating Capability (FOC)] will transition descent into the offering. And then beginning June, will open up the doors and start to welcome in the other components across the defense agencies, combatant command services, etc.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.