Technology is a vital part of the United States Department of Defense (DoD)鈥檚 capabilities, making security and enhancements essential to the nation’s stability and growth. AFCEA International鈥檚 flagship event, TechNet Cyber, emphasizes the role of cybersecurity and IT within the DoD. Alongside its partners, such as such as Amazon Web Services (AWS), Everfox and Ciena, 探花视频 attended TechNet Cyber to support DoD mission objectives. 探花视频 maintains a unique position in the defense industry with the ability to connect DoD and intelligence community (IC) personnel, Government IT decision-makers, thought leaders and industry and vendor partners. At this year鈥檚 conference, leaders and operators in the IT and Defense Department joined to network, facilitate problem solving and explore ways to expedite and secure the procurement process.
1. Expanding Zero Trust: 鈥淔lank Speed鈥 is Ready to Scale
To safeguard against potential cybersecurity attacks, the DoD is working to secure its networks with Zero Trust, a security strategy focused on identity, credential and access management. In the session 鈥淒oD Zero Trust Success Stories,鈥 David Voelker, Zero Trust Architecture Lead for the Department of the Navy, discussed recent initiatives to bolster Zero Trust within Flank Speed, the Navy鈥檚 single enterprise solution that provides productivity tools, collaboration tools and OneDrive storage. The Navy plans to implement autonomous penetration testing to identify which of its are applicable to baseline, as well as bolstering the many programs within the Navy, with the goal of purchasing and deploying these capabilities by the end of the 2027 fiscal year.
Another speaker, Ian Leatherman, the Zero Trust Strategy Lead for Microsoft U.S. Federal, discussed key takeaways from 惭颈肠谤辞蝉辞蹿迟鈥檚 work with Flank Speed. Visibility into agency networks is critical to emboldening existing Zero Trust strategies. Mr. Leatherman stated, 鈥淲hen in doubt, collect the telemetry: you never know what new or novel adversary techniques you may find.鈥 Knowing exactly how many endpoints, applications and users are on the network at any given time positions the DoD to swiftly deal with incoming threats.
Leatherman also discussed recent initiatives to involve all Navy personnel in a cybersecurity strategy; security is more than a technology solution, but a way to ensure safety within the agency. David Voelker, Zero Trust Architecture Lead at the Department of the Navy echoes this statement. While the Zero Trust Portfolio Office set their DoD-wide Zero Trust adoption target as the end of fiscal year 2027, Flank Speed is already operational. Voelker notes that the Flank Speed configuration could be lifted and shifted to other customers in the DoD, with a quick deployment time of under 24 hours. Mr. Voelker also recommends automating this shift.
探花视频 and our vendor partners offer several cybersecurity solutions to help Government agencies implement Zero Trust architectures that protect critical information and reduce national security risk. Our offerings align with Public Sector Zero Trust maturity models developed by NIST, the DoD and CISA.
2. How Mission Objectives Drive Acquisition
Acquiring powerful, up-to-date technology enables the DoD to protect against persistent and increasingly sophisticated cyber-attacks. The DoD aims to streamline its procurement process to maintain pace and safeguard against attacks. In the session 鈥淒oD Software Modernization Senior Steering Group,鈥 speaker Sean Brady, Senior Lead for Software Acquisition Enablers at the Office of the Undersecretary of Defense (Acquisition and Sustainment), explained that there are two key drivers to this transformation. The first is mission objectives; software should be tailored to allow the DoD to adapt its systems to rapidly changing threats. The second is access to commercial innovation, which allows the DoD to access products in weeks or months rather than years.聽聽
3. Digital Transformation for Operational Effectiveness聽
Digital transformation in the DoD is crucial for maintaining pace with an increasingly technology-driven security environment. Thomas W. Simms, Principal Deputy Executive Director for Systems Engineering and Architecture at the Office of the Under Secretary of Defense for Research and Engineering, discussed the major digital transformation efforts within the DoD.
The main four are:
- , a congressional requirement that integrates technical and business strategies to promote acquisition and drives modular designs
- The DoD鈥檚 , which requires programs to use digital engineering in their design process
- Application Program Interfaces (APIs), a ruleset that allows communication between software applications and is driven by the DoD鈥檚 guidebook, which enables the DoD to become more data-centric
- The DoD鈥檚 Guidebook, which is currently undergoing an update to incorporate guidance from the Secretary of Defense鈥檚 latest memos
By modernizing legacy systems and enabling the DoD to acquire the newest and greatest in IT, these initiatives enhance operational effectiveness and improve decision-making speed.
4. Fast-Tracking Authority to Operate (ATO)
In the defense industry, technology must be approved to mitigate security risks. The a process that expedites software verification within the U.S. Government, is changing the way the DoD manages risks and conducts Authority to Operate (ATO). Contractors can get involved with the latest software acquisition and risk management changes by participating in the three recently released requests for information (RFIs).
These RFIs, which close May 20th, are:
Katie Arrington, the Acting DoD Chief Information Officer (CIO), also discussed the set to launch on June 1st of this year. The initiative will replace the traditional Authority to Operate (ATO) structure and add a few requirements, such as third-party Software Bill of Materials (SBOM), third-party risk assessments and the population of Enterprise Mission Assurance Support Service (eMASS) with artifacts. Once these guidelines are in place, contractors will gain a Provisional ATO.
Ms. Arrington attests that these changes will revolutionize the Risk Management Framework (RMF) by allowing industry experts to provide feedback to the DoD. Paper compliance isn鈥檛 enough anymore, Ms. Arrington says. The DoD is looking for 鈥渃ontinuous monitoring, red-teaming and people to continually evaluate their capability.鈥
She also added that the DoD will be sunsetting the Approved Products List (APL). Additional sponsor additions are no longer being accepted. Instead, the SWFT initiative will take over, establishing a 鈥渢rust, but verify鈥 procedure, promoting both security and swift ATO action.
5. Using Interoperability to Pitch to DoD聽
As operations increasingly move online, interoperability becomes increasingly important to efficiency and accessibility. Venice Goodwin, the outgoing CIO for the Department of the Air Force, offered advice to industry professionals on navigating changes within DoD. Goodwin recommends that the industry practice 鈥渆xtreme teaming;鈥 rather than service each department individually: vendors should focus on servicing the DoD as a whole. As the DoD prioritizes capabilities that have cross-departmental benefits, industry experts should demonstrate the effectiveness of their capabilities and solutions in every domain across land, sea, air and space. With this collaboration, both the Private and Public Sector can get the results they need.
The digital transformation journey within the Department of Defense represents not just an evolution of systems, but a commitment to defending interests at home and abroad. Acquisition, ATO and Zero Trust are all valuable assets to maintaining pace with the current, constantly evolving technological climate, ensuring the United States carries out its mission of protecting the nation.
To learn more about mission-critical technology, visit 探花视频鈥檚 defense portfolio to explore solutions showcased at TechNet Cyber. For additional research into the key takeaways that industry and Government leaders presented at TechNet Cyber, view 探花视频鈥檚 full synopsis of key sessions from the tradeshow.鈥
