The Top 3 cyber priorities for DOD’s incoming CIO

The DOD’s new top IT executive Dana Deasy will be an important cog in DOD’s big push toward universal defense cloud adoption, facilitating organizational changes that will make the military’s cyber defense more streamlined and effective and actively promoting an expansive cyber workforce.

Dana Deasy
JPMorgan Chase

On April 5, the Department of Defense announced that Dana Deasy will serve as the new DOD CIO. Deasy, formerly the CIO for JP Morgan Chase, is President Trump’s first appointment to that position. (The role of DOD CIO had been occupied by acting CIOs since February 2017.)

In a nutshell, as Chief Pentagon Spokesperson Dana White tagged it in a tweet the day Deasy’s appointment was announced, is #Reform. To keep from having to boil the ocean with such an open-ended mandate, when Deasy formally takes over in May he will have three main priorities as it relates to cyber: Cloud (and cloud security), overseeing US Cyber Command (CYBERCOM) promotion to a Unified Combatant Command, and upgrading the DOD cyber workforce.

Let’s look at each of these priorities in greater depth.

Going all-in on cloud (and cloud security)

DOD plans to release an award for its huge enterprise cloud contract, the Joint Enterprise Defense Infrastructure (JEDI), this fiscal year. You read that right—that’s the end of the federal fiscal year, September 30. That’s a tall order for a cloud migration estimated to cost up to $10 billion over 10 years.

The contract winner will provide both the cloud infrastructure and platform, and eventually will host unclassified and classified data (up to Top Secret designation). Fortunately, DOD has experience with an enterprise cloud environment – think DISA’s milCloud 2.0 –  but as we learn more about JEDI, it’s safe to say that the scale will be much larger.

Obviously, there will be huge security ramifications. Given the tight timeline, one of the top priorities for the incoming CIO will be to work with the military branches and DOD agencies to ensure that this extensive cloud environment has the right protections in place.

Tactical cloud security will also be top of mind for the DOD CIO. The services are increasingly talking up the promise and potential of cloudlets and micro-clouds, essentially clouds that live on the tactical edge, whether on land, in the air or at sea. The goal here is secure data that transits to and from remote locations. While the new DOD CIO will not be directly managing these capabilities, they will have a lot of influence on the requirements and decisions down the road.

CYBERCOM as a unified Combatant Command in October 2018

The new DOD CIO will likely coordinate activities between the military branches and CYBERCOM, which will soon become a full-fledged Unified Command. Previously, it had been subordinated to the U.S. Strategic Command.

This long-overdue promotion, mandated by the NDAA 2017, gives CYBERCOM more say in how its resources are allocated, how it trains and what missions it runs. More importantly, it will have full control over the cyber warriors under its roof who are charged with securing DOD’s networks. CYBERCOM will also be able to better fight for and secure vital funds for cyber defense and perhaps cyber offense. All this means an improved ability to protect infrastructure protection, combat systems, platforms and data.

Enhancing the cyber workforce

Related to the cyber warriors I mentioned in the previous section, is the need for a strong cyber workforce throughout DOD.  In the same tweet mentioned earlier, the Pentagon’s White wrote that Deasy is expected to be “bringing the talent we need to maximize taxpayer dollars & drive a culture of performance.”

This, of course, is nothing new. Previous CIOs have been very vocal about the need to procure top cyber talent and to train existing employees with cyber skills. This cyber workforce will need to be continually equipped with the latest analytics solutions, monitoring capabilities and non-signature-based security tools. The new CIO will have to pick up the banner and be the voice that pushes for the right level of funding and support for the right priorities.

Not surprisingly, the DOD is one of the biggest targets in the entire federal government for cyberattacks. The DOD CIO’s role expands beyond cyber, of course, playing a critical role in making senior decision makers aware of the threats that are out there and the resources needed for a better security posture. Having the right, top-notch talent to provide reliable information to those decision-makers will be essential.

Deasy has an enormous undertaking. The DOD’s top IT executive will be an important cog in DOD’s big push toward universal defense cloud adoption, facilitating organizational changes that will make the military’s cyber defense more streamlined and effective and actively promoting an expansive cyber workforce.

Welcome to the federal government, Mr. Deasy.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Winter 2018 issue of Security Smart