The Department of Defense (DoD) is continuing to make headway on adoption of cloud computing and the implementation of a zero trust computing environment, top DoD officials told lawmakers at a March 29 Senate hearing.
DoD Chief Information Officer John Sherman kicked off his testimony before the Senate Armed Services Committee’s cybersecurity subcommittee by touting the Pentagon’s access to enterprise cloud capabilities.
“Enterprise cloud will help the department advance the Joint All Domain Command and Control effort and will further enhance efforts involving artificial intelligence and machine learning efforts, software modernization, and cybersecurity,” Sherman said.
In December, DoD awarded contracts to four technology companies – Amazon Web Services, Google Support Services, Microsoft, and Oracle – to provide services in support of its Joint Warfighting Cloud Capability (JWCC).
JWCC is a $9 billion multiple-award contract vehicle that allows the department to acquire commercial cloud capabilities and services directly from commercial cloud service providers.
“At last, the department has access to enterprise cloud capabilities from four world-class U.S. vendors at all three security classification levels from the continental United States to the tactical edge,” Sherman said.
Lt. Gen. Robert Skinner, director of the Defense Information Systems Agency (DISA), told lawmakers that to support JWCC efforts and facilitate the rapid adoption of the cloud, DISA has deployed several accelerators which streamline the cloud adoption process from a normal 45-day timeline to within hours or even minutes.
“This is helping to accelerate our pace to the cloud to improve our overall user experience, while also increasing our cybersecurity,” Skinner said.
Sherman talked about the Pentagon’s efforts to shift away from perimeter security of its networks toward a zero trust environment. He explained to senators that a zero trust architecture is founded on the assumption “that an adversary might already be on our network, and we must prevent them from moving laterally and gaining access to our most critical data.”
In November, the DoD released its long-anticipated zero trust strategy and roadmap outlining how the agency plans to fully implement a department-wide zero trust cybersecurity framework by the fiscal year 2027.
The Zero Trust Strategy and Roadmap spells out how the department plans to move beyond traditional network security methods to achieve reduced-network attack surfaces, enable risk management and effective data-sharing in partnership environments, and contain and remediate adversary activities over the next five years.
“That strategy has since become a North Star document for the DoD and other Federal agencies, as well,” Sherman said.
“We have made great strides on our zero trust journey,” Skinner said. “When the DoD released the zero trust strategy, we had already started our Thunderdome initiative, which brings modern and commercial zero trust technologies to the department.”
Earlier this year, DISA officially completed work to prototype its Thunderdome zero trust security project and has rolled out the system to about 1,600 users to date, with more on the way. The agency is currently working with Sherman and his team on the acquisition strategy and expansion of these capabilities across the enterprise, Skinner said.
However, technology is not the only thing that has helped in the adoption of the cloud or zero trust in the department. The people behind that technology are critical to DoD network efforts, Sherman said.
He explained that DoD is making strides in ensuring the right personnel are in place to implement and manage ongoing network modernization efforts. The DoD’s recently released cyber workforce strategy aims at the department’s workforce retention challenge.
“The best technology in the world means nothing without a trained, motivated, and diverse workforce,” Sherman said. “We recently released a cyber workforce strategy that will continue to drive us to new and more effective approaches to how we identify, recruit, retain, and upskill our cyber digital personnel.”