TECHNET CYBER 2024 — The Defense Information Systems Agency (DISA) is dealing with a mountain of “technology debt,” and it’s only getting worse as new technology evolves, DISA leaders at TechNet Cyber in Baltimore said Wednesday.
Technology debt happens when there are already heaps of outdated technology within an organization, and then new technology is piled on top. That, DISA leaders explained, means updating the old technology gets kicked to the back of the queue, leaving it to grow older and older even as it remains used on a regular basis.
“If we are not updating and modernizing the way that we should be along the way, we tend to build out that technical debt so it becomes more expensive,” said Caroline Bean, director of joint enterprise services at DISA, during a media roundtable here in Baltimore Wednesday.
“We need to make sure that technical debt is not pre-framed as just cost. There’s a lot more that comes with technical debt. There’s people, there’s operational aspect, there’s efficiencies.”
The technology debt within DISA is so extreme that Bean said they are still running a system that was created in the 1970s. She explained that the problem with such legacy systems is that they are no longer sustainable, with the people who know how to sustain them becoming a rarity and original parts hard to find.
Those legacy systems also pose cybersecurity risks, Brian Hermann, cybersecurity and analytics director at DISA, said during a panel discussion Wednesday.
“It [technology debt] amounts to, essentially, cyber risks when we have capabilities that have not evolved over the course of the last 10 years,” Hermann said.
Bean echoed this, saying that such risks can cause not only cybersecurity vulnerabilities but can also hinder the warfighter from being battle-ready.
“We’ve got an adversary that is also in there with us and looking for data … right there watching, or listening to us. It’s really important for us to get the speed of data to the warfighters so that way, they’re able to defend boots on the ground,” she said.
To combat the mounting issue of technology debt, Bean said the program office’s transport layer — the framework that provides the transfer of data between end users — needs to be simplified. Right now, she said how data transfers from one area to another within DISA is too complicated.
“The overall challenge is we’ve got to become a lot simpler in the way that we move out on all of our technology. We’ve got to make it so that way it is not complicated. We have a lot of complex environments and complexity adds additional hops for users to have to go through, which adds latency,” Bean said.
If the transport layer is simplified, DISA will have a much easier way of modernizing its technology while also eliminating old systems, Bean said.
“Ideally, from the services piece, is making sure that there’s agnostic capabilities, that I can have flexibility. So that way I can move when technology moves. I can evolve as technology evolves, without too much modernization, and modernizing once is ideal. I don’t want to keep modernizing every 2, 3, or 4 years. So being able to understand that as we’re building in the capabilities from the onset from the beginning, so that way, it’s pretty flexible and elastic,” she said.
Though Bean and Hermann said they hope to catch up technologically as much as possible, they both said technology debt will never fully be eliminated. They said the key to this is a balance between maintaining old technology and new.
“Let’s continue to still have clear resources on legacy [systems] to make sure that they’re secure and defending our DODIN [DoD Information Network], but in the meantime, also rushing to the horizon to say now, ‘How do we move off of this so we can do better?’ So we can free up capacity and resources to be able to do the things that our warfighters need.”