It took a global pandemic to light a fire under the Department of Defense’s network modernization efforts, and now its senior IT leadership is trying to keep that fire going.
Since the onset of the coronavirus pandemic, the DOD has made major technical and cultural shifts away from previous business models to support network modernization across the force in support of remote work. And beyond the Herculean technical feat of telework deployment across the DOD, the pandemic has pushed the culture of the force to be more technology-focused, giving greater value to IT transformation that is often talked about but less often delivered.
DOD’s Commercial Virtual Remote telework platform reached millions of users in a matter of weeks, mostly thanks to a small cloud team in DOD’s Office of the CIO. The leader of that office, Sharon Woods, called the build out of the CVR environment the largest deployment of Office 365 in history. After the launch of the project in late March, DOD tech personnel worked non-stop to fully deploy CVR across the entire department within a month.
“It is the Thursday that never ended because it was the day that never ended for us — we worked 24 hours a day, seven days a week,” Woods said during the AFCEA TechNet Cyber summit in December.
It was not an exaggeration, she added — it was truly a round-the-clock effort. The team behind the build took to wearing hats to hide messy unwashed hair and had mugs brimming with coffee and the occasional “other” beverage, as the hours rolled by without sleep or breaks.
And it was not just her team of seven senior engineers, but offices and agencies throughout the DOD, from Cyber Command to service-level IT shops, that spurred the change, she said.
“Everybody really stepped up in a huge way,” Woods said, adding that her office “was not the only office burning the midnight oil.”
The team needed to build out enough cloud space to host the services and get to work securing the platform. The temporary telework solution still operates on a cybersecurity waiver, even though officials have stressed its secure up to Impact Level 2.
“The security was happening in the background, but it needed to be codified,” she said.
Like the old Silicon Valley adage goes, while DOD moved fast, it did break some things. Messaging to employees could not keep up with the pace of change, Woods said. That led to some confused DOD workers unsure of how to get on the CVR platform, or even what it was. One DOD employee, clearly adhering to DOD warnings on phishing scams, responded to a CVR account set up email by saying “not today, ISIS.”
Other early missteps included a crunch in bandwidth with employees streaming videos on their devices. DOD moved to shut access to Netflix, YouTube and other streaming services to limit the impact distracted employees had on network speeds.
Now that millions of users have access to CVR, DOD is working to find long term solutions both to teleworking and codifying the new technology across operations.
Change is here to stay
Over the summer, DOD’s CIO Dana Deasy announced that the technical architecture built out to support teleworking was here to stay. The plan is now to transition to an “enduring” telework solution, one that will carry with it more security and permit employees to transmit sensitive data, up to Impact Level 5, across the Microsoft Office suite.
“The way we work has changed dramatically,” Deasy told reporters. The IT brought in to help during the pandemic would help DOD continue the modernization of its networks, he said.
While not currently in place, classified telework could be coming soon as well. The Defense Information Systems Agency‘s Emerging Technology Directorate accelerated work on classified telework during the pandemic. It’s something that Deasy had hinted at before, but the directorate’s Director Steve Wallace confirmed in early December, saying the agency is full-steam-ahead working on a platform to allow even the most sensitive work to happen from home.
“Remote classified [work] was accelerated by pandemic,” Wallace told reporters on a press call.
What comes next, JEDI and all
The next major modernization step for DOD will be the finalization of the Joint Enterprise Defense Infrastructure (JEDI) cloud contract, which aims to give the entire DOD access to tactical edge cloud capabilities from a single vendor. While the DOD waits for JEDI’s eventual legal settlement, it has been working to deploy cloud capabilities through other means.
“We continue to work on what I always call the prerequisites,” Deasy said in October. “We’re doing a lot of work with the services on getting them prepared to move their development processes and cycles to DevOps. So when the JEDI cloud finally does get awarded, we’re not starting at day one.”
Offices like the Air Force’s Platform One and Cloud One are currently supporting programs with cloud capabilities, Deasy said. Those offices have been able to use JEDI engineers that were supposed to be working on the enterprise-wide construction, but have been sidelined by the legal challenges to the contract’s award to Microsoft.
As several cloud service offerings are being developed across the DOD, the challenge once JEDI is finalized will be bringing them all under one common architecture to support the DOD-wide infrastructure. Ensuring that the disparate efforts do not result in disparate systems is a near-term worry for Deasy, he said.
DOD leaders across the IT portfolio want to keep the momentum brought by the pandemic going. On a press call with reporters, Vice Adm. Nancy Norton, the outgoing director of DISA, announced plans for a zero trust reference architecture that she said will drive DOD’s modernization efforts to support enhanced cybersecurity.
“It’s not a rollout like we have for most programs because zero trust is not a program,” she said.
This story is part of a FedScoop special report on the Network and Telecom Modernization. Read the rest of the report.