Operations Center at the NSA

UPDATED: Adds Specific CIO Authority To Determine If Budget Is OK 

The new digital modernization strategy by the DoD CIO office checks all the buzzwords you would expect from a Defense Department vision document about the digital future: artificial intelligence, Blockchain, cloud, Big Data, identity management, agile software development and DevSecOps, quantum computing, software defined networking, zero trust, and the Internet of Things are all in there.

Beyond the laundry list, though, is a power shift away from the services and agencies. Now all oversight of DoD-wide IT systems is done by the DoD CIO office itself.

This covers an enormous amount of money and technology.

“As a snapshot,” the report says, “some of DoD’s IT statistics include a budget of more than $46.4 billion in fiscal year 2019 (emphasis added), roughly ten thousand operational systems, thousands of data centers, tens of thousands of servers, millions of computers and IT devices, and hundreds of thousands of commercial mobile devices.”

That new power is the result of congressionally approved changes that expanded DoD CIO powers under Title 10. These include the power to conduct annual certifications of all DoD budgets, effective Jan. 1, 2019.

UPDATE BEGINS While the services and agencies will maintain their budget authority, the DoD CIO must determine if every budget is “adequate”, according to the statute. Budgets that the DoD CIO deem to be inadequate for any reason must be explained in a report by the Secretary of Defense to Congress that lays out actions the secretary proposes to take, together with any recommended legislation the secretary considers appropriate to address the inadequacy of the proposed budget(s). UPDATE ENDS

“Perhaps the most important piece of the strategy is how the DoD CIO will effectively direct the IT investment of the services and agencies,” says David Mihelcic, former DISA chief technology officer and now a consultant with DMMI. “(The report) discusses new authorities granted by Congress to include annual certification of military department and defense agency budgets. Will these be sufficient, or does DoD require more central authorities to achieve the strategy?

ADD “So it’s going to come down to how much the SECDEF and/or Congress back the DoD CIO. The reality is DoD will work hard to resolve any issues to avoid a negative report to Congress. So if (DoD CIO) Dana Deasy really wants to make a stand it comes down to how much the SECDEF is willing to back him.”ADD ENDS

This occurs as part of the report’s four stated goals for digital modernization: innovate for competitive advantage; optimize for efficiencies and improved capability; evolve cybersecurity for an agile and resilient defense posture; and cultivate talent for a ready digital workforce.

The digital modernization plan, the DoD Information Resource Management Strategic Plan FY19-23, summarizes its need for central authority over IT procurement thusly:

“This management system will enable continual, comprehensive department-wide IT modernization in a common, coordinated way. Furthermore, it will accelerate transition to foundational enterprise capabilities and services, freeing DoD components to focus on their mission-unique capabilities and services. Combined with policy and governance changes, it will shift the department from an opt-in approach to enterprise services.”

The DoD CIO office is probably aiming its quiver of arrows specifically at the Navy, which in recent years opted out of implementing the early phases of the Joint Regional Security Stacks, a Defense Information Systems Agency program to consolidate all the post, camp, and station networks into a series of regional networks. The Navy has since joined the program for its latter stages. 

Given the DoD CIO’s new oversight powers, Mihelcic suggests the office may want to add a fifth goal: “improve and execute DoD CIO’s control and oversight over service and agency IT spending to achieve a competitive advantage for the joint warfighter in the modern battlespace.” 

On that point, he expects pushback from the services and agencies. 

“Given this is a high-level document that includes the kitchen sink in terms of technologies, it will be interesting to watch for subsequent detailed plans to be released,” Mihelcic said. “These should include detailed directives from DoD CIO as well as implementation plans by the services and agencies. 

“I think the concept of moving to shared or enterprise services may seem reasonable, but there is potential for significant push back by the services and agencies that already have their own systems and plans with budgets against them.”

With its new Title 10 authority, however, the DoD CIO office seems to hold the upper hand. It cites the following benefits for implementing a central authority that can enforce an enterprise-wide approach to digital modernization. They are:

  • Increased speed and reduced duplication of effort resulting in better IT return on investment
  • Consistent, standardized enterprise IT architectures that support faster fielding of new capabilities, interoperability, usability, and improved cybersecurity risk exposure
  • Increased budget transparency for DoD IT expenditures
  • Convergence of network infrastructures for reduced complexity and cost
  • Elimination of fielding unnecessary capabilities and services to reduce program overhead
  • Enterprise acquisition/licensing discounts that reduce infrastructure and application licenses