Cloud technology concept (Getty images)
WASHINGTON — The Pentagon should revamp some of its policies and place a higher emphasis on trust in order to best leverage the $9 billion Joint Warfighting Cloud Capability (JWCC) to integrate international partners, according to an official from the Defense Information Systems Agency (DISA).
“I’ll start off by saying in the JWCC world and with the other cloud efforts…going on across the department, we find ourselves in a hybrid, multi-commercial cloud and [on-premises] environment for…most data applications. That’s the reality,” Brian Hermann, cybersecurity and analytics director at DISA, said on Tuesday at the National Defense Industrial Association’s Joint All Domain Command and Control (JADC2) All Domain Warfare Symposium.
“And so as part of that reality, to make cloud useful,…there are certain necessary enabling functions inside of those capabilities,” he continued. “Many of them are native functions that the cloud service providers can make available to us, but we have to make some of those investments in each of the cloud environments in order to make CJADC2 possible.”
Last December, Microsoft, Google, Oracle and Amazon Web Services all won a piece of the JWCC contract, which is viewed as the backbone of moving DoD systems to virtual servers.
Hermann didn’t expand on the specific functions he mentioned, but he said that DISA will have to look beyond just “technical solutions” to help integrate partners and focus on things like updating policy related to identity, credentialing and access management, or ICAM, which is intended to create a secure environment for users to access authorization sources while letting DoD know who is on the network, also a part of DoD’s zero trust push,
“It’s hard enough to do in the Department of Defense, it’s hard enough to do in the federal government, and doing that with our allies and coalition partners requires some policy changes, frankly,” Hermann said. “And it also implies a level of trust. So establishing a level of trust in the identities of the people and the systems that you’re working for is absolutely essential.”
In March this year, DoD formally added “combined” to the front of JADC2 (CJADC2) to reflect a renewed emphasis on partners. The term was first used back in 2020 when the Army and Air Force inked an agreement to build out a network that would pull data from all domains for the effort; however, it hadn’t really caught on until top OSD leadership began using the phrase until the joint staff reenergized it earlier this year.
Lt. Gen. Mary O’Brien, director of the C4 and cyber and chief information officer, JG of the Joint Staff, said in March the J6 was working closely with the Five Eyes intelligence-sharing alliance on how to share applications and data. The J6 was also working with NATO on how to “influence our CJADC2 reference architecture.”
“We’re working very closely with a lot of our partners who want to know what are we going to build to so that their capabilities will be complementary,” she said at the time. “And so the ‘C’ is absolutely for combined, highlighting that we can’t build something and then reverse engineer some sort of all interoperable bolted-on piece — it’s just not going to work in the way we’re designing the command-and-control capabilities for the future.”
