“That’s the message Michael Brown, director of the Defense Innovation Unit, the Defense Department’s innovation arm, shared at a Brookings Institution virtual event May 8 on China’s technological impact worldwide.
“You’re never going to win in a technology race with defense,” Brown said. Instead, the U.S. needs to focus on being more productive and “invest in itself” with more basic research.
“What do we do to reform our business thinking and our capital markets to move away from short-term thinking to be more long-term oriented,” Brown said. Ways to focus U.S. companies on building and maintaining a competitive edge include stricter export controls and more scrutiny of foreign investments in U.S. companies, particularly technology startups.
Brown, formerly CEO of Symantec, said the corporate focus on quarterly earnings and stock prices is counterproductive to competing with China.
“They all feed into this short-term thinking in our business community,” said Brown, “we have to reform this or we’re not going to be successful in competing with China.”
Incentives could include tax advantages for focusing on long-term growth and research and development, Brown said. And on the punitive side, there is the possibility of establishing penalties for U.S. companies that off-shore manufacturing or spinning off hardware businesses whose domestic presence can support U.S. jobs and military production.
“The irony is that U.S. companies focus on profits often driven by market dominance ends up aiding China’s cause,” Tom Wheeler, former Federal Communications Commission chairman, said during the event. “The market control, market dominance that we’ve seen from the principal big tech companies thwarts competition driven innovation.”
“It is doubtful that we will be able to out implement China,” said Wheeler, referencing that country’s tightly controlled, one-party system of government. “But we can out-innovate China if we have policies that will encourage this competition driven innovation.”
The big question for DIU is whether it can take advantage of U.S. tech talent, startups and research dollars to maintain a long term advantage over China, which is able to dictate its priorities to industry.
“The Defense Innovation Unit spends all day every day trying to encourage innovative companies to work with the Defense Department,” Brown said. “And General Secretary Xi [Jinping] accomplishes this by fiat. So we have to recognize that there are some advantages to their system.”
Brown said he maintained some doubts about the ultimate success of the “civil-military fusion” practiced in China.
“I don’t know how well that’s going to work for them, but that certainly keeps me up at night,” he said.”
“According to the GAO, the number of F-35 parts delivered late skyrocketed from less than 2,000 in August 2017 to upward of 10,000 in July 2019. At one point in 2019, Pratt & Whitney stopped deliveries of the F135 for an unspecified period due to test failures, which also contributed to the reduction of on-time deliveries.
And those supply chain problems could get even worse as Turkish defense manufacturers are pushed out of the program, the Government Accountability Office said in a May 12 report.“
“Lockheed Martin’s F-35 Joint Strike Fighter is on the verge of full-rate production, with a decision slated for early 2021. But a congressional watchdog group is concerned that as the company ramps up F-35 production, its suppliers are falling behind.
The number of parts shortages per month also climbed from 875 in July 2018 to more than 8,000 in July 2019. More than 60 percent of that sum was concentrated among 20 suppliers, it said.
“To mitigate late deliveries and parts shortages — and deliver more aircraft on time — the airframe contractor has utilized methods such as reconfiguring the assembly line and moving planned work between different stations along the assembly line,” the GAO said.
“According to the program office, such steps can cause production to be less efficient, which, in turn, can increase the number of labor hours necessary to build each aircraft,” which then drives up cost, the GAO added.
Those problems could be compounded by Turkey’s expulsion from the F-35 program, which was announced last year after the country moved forward with buying the Russian S-400 air defense system. Although Turkey financially contributed to the development of the F-35 as a partner in the program, the U.S. Defense Department has maintained that Turkey cannot buy or operate the F-35 until it gives up the S-400.
Ellen Lord, the Pentagon’s undersecretary for acquisition and sustainment, had hoped to stop contracting with Turkish suppliers by March 2020, but in January she said that some contracts would extend through the year, according to Defense One.
While the Defense Department has found new suppliers to manufacture the parts currently made in Turkey, it is uncertain whether the price of those components will be more expensive. Furthermore, as of December 2019, the new production rates for 15 components were lagging behind that of the legacy Turkish producers.
“According to program officials, some of these new parts suppliers will not be producing at the rate required until next year, as roughly 10 percent are new to the F-35 program,” the GAO said.
“Airframe contractor representatives stated it would take over a year to stand up these new suppliers, with lead times dependent on several factors, such as part complexity, quantity, and the supplier’s production maturity. In addition, these new suppliers are required to go through qualification and testing to ensure the design integrity for their parts.”
The F-35 Joint Program Office disagreed with the GAO’s recommendation to provide certain information to Congress ahead of the full-rate production decision, including an evaluation of production risks and a readiness assessment of the suppliers that are replacing Turkish companies.
In its statement, the JPO said it is already providing an acceptable number of updates on the program’s readiness for full-rate production.
Hard times for the F-35’s engine supplier
Not all F-35 production trends reported by the GAO were bad for the aircraft. Since 2016, Lockheed has made progress in delivering a greater proportion of F-35s on schedule, with 117 of 134 F-35s delivered on time in 2019.
However, one of the biggest subsystems of the F-35 — the F135 engine produced by Pratt & Whitney — drifted in the opposite direction, with a whopping 91 percent of engines delivered behind schedule.
At one point in 2019, Pratt & Whitney stopped deliveries of the F135 for an unspecified period due to test failures, which also contributed to the reduction of on-time deliveries.
According to the Defense Contracts Management Agency, “there have been 18 engine test failures in 2019, which is eight more than in 2018, each requiring disassembly and rework,” the GAO wrote. “To address this issue, the engine contractor has developed new tooling for the assembly line and has established a team to identify characteristics leading to the test failures. Plans are also in place for additional training for employees.”
“It’s crucial that any such network be independent of governments and left in the hands of public health officials. The data it gathers should not be filtered through bad actors such as the Chinese Communist Party, or elected officials who may have a political agenda.
One day — hopefully soon — big international meetings will return and the next Biosurveillance Conference will be held in a bigger venue with a lot more participants.”
“It was Aug. 28, 2012 in a Washington, D.C., hotel near Union Station where the National Defense Industrial Association held its first and only Biosurveillance Conference.
It was lightly attended — if memory serves. I’ll be charitable and say there were 75 attendees in the smallish room.
At least one of them — myself — was in the wrong place. Biosurveillance? I thought it would be about sensors. I was expecting to hear about typical defense and homeland security technologies designed to detect bioweapons — something akin to the Department of Homeland Security’s BioWatch program, or what the Joint Program Executive Office for Chemical and Biological Defense wanted. The agenda included Defense Threat Reduction Agency personnel.
No, actually, the attendees were mostly in the public health field, and they were talking about a worldwide database where doctors, public health officials, veterinarians and the like could report what they were seeing as far as new infectious diseases.
They likened the concept to weather reports. The world has a network of sensors that tells meteorologists what’s happening in the atmosphere. With the data, they can warn people if a storm is coming and citizens can prepare. The public health officials wanted to do the same for infectious diseases: manmade or natural. And the far-term goal would be to do predictive analysis — just like weather forecasts.
Here is an example: let’s say a doctor in China — let’s just say Wuhan, China — noticed an unusual number of cases of patients with a new respiratory disease marked by an unusually high fatality rate. He would then input that information into a database accessible to public health officials throughout the world. Then, let’s just say, doctors in South Korea or Italy, noticed the same thing. Analysts could connect the dots and sound the alarm. Hospitals could stock up on items such as, let’s say, face masks and respirators.
What I learned at that one-day conference ended up being part of a story that ran in the November 2012 issue. NDIA members with their expertise in information technology could have a lot to offer building such a network, I reasoned, so it was worth reporting.
Let’s pull some quotes out of that 2012 story.
Harshini Mukundan, a scientist at Los Alamos National Laboratory, said diseases emerge from people, plants and animals.
“They are all interconnected, and having separate agencies monitoring each one defeats the cause.”
Laurie Garrett, an analyst at the Council on Foreign Relations, said the technical part of setting up a biosurveillance network could be completed in five to 10 years. Policies and procedures were the roadblocks. “I don’t believe we have the capacity or the will to implement” it, she said. U.S. political gridlock would prevent the idea from moving forward, she predicted.
Jason Pargas, special assistant to the DTRA director, sounded an optimistic tone. It could all come to fruition in five to 10 years. Prediction models, applied math and advanced computing would make it so.
The reporting that emerged from this conference ended up in the article, “Top Five Threats to National Security in the Coming Decade.” We ranked “Bio-Threats” as No. 1. Yikes. I don’t even want to mention what the other four were for fear of a jinx.
I would like to say that National Defense consistently reported on this issue and that we kept up a constant drumbeat for the need of a worldwide biosurveillance network, but that is not the case. Public health really isn’t in our wheelhouse.
However, two years later in 2015, we did an update online, which was reported from an Armed Forces Communications and Electronics Association homeland security conference.
No progress had been made on a biosurveillance network, Jeff Runge, former chief medical officer at DHS, said at the conference. That year saw a deadly strain of the flu that killed many children and an Ebola outbreak.
“The rate and scope and spread of the illnesses were not detected before severe consequences occurred,” he said. “These are cautionary tales underscoring the need for better biological intelligence.”
Navy Cmdr. Janka Jones, then the director of medical programs in the office of the assistant secretary of defense for nuclear, chemical and biological defense, said, “We’ve got a lot of capability. We don’t have a lot of money to build new capability.”
Transparency, openness and data sharing would be key, she said. Jones helped the Obama administration in 2012 put together the first-ever national strategy on biosurveillance. It was released in July, shortly before the NDIA Biosurveillance Conference. It included a technology roadmap on how to build the information-sharing network.
“Biosurveillance — including early detection — is one of our first lines of defense against these threats,” President Barack Obama wrote in the introduction to the strategy.
National Defense took its eye off the ball when it comes to biosurveillance — but so did a lot of people, apparently. That won’t be the case in the future.
Granted, there are policy, procedure and diplomatic hurdles to overcome, but how much funding would it have cost to set up an initial biosurveillance network — $100 million, $200 million? Seems like a paltry investment when more than $1 trillion is being spent on an economic bailout, lives have been lost and entire industries brought to their knees.”
“As coronavirus has disrupted society over the last few weeks, some of the distancing measures that once seemed drastic have become acceptable — in a few cases even preferable to the way things worked before.
Nowhere has this been truer than the workplace, where companies and employees have found remote operations far more feasible than expected.”
“University of Chicago researchers recently analyzed government employment and income data by industry and concluded that 34 percent of U.S. jobs can “plausibly be performed at home.” Journalist Liz Farmer predicts that “the long-expressed resistance of companies and individual bosses to WFH arrangements will decline markedly after they see how well the arrangement has worked.”
But COVID has also taught us that leading an entire organization through the transition to distance work in a matter of days or weeks can be wrenching, akin to passing through the five stages of grief. In an article about how corporations are adjusting to COVID-mandated remote working arrangements, Australian start-up accelerator Steve Glaveski sees a broad spectrum of adaptation beyond pre-COVID practices:
No deliberate action. This is where most companies were at the beginning of the COVID-19 outbreak, with little to no capacity for widespread remote work.
Recreating the office online. This is where most traditional organizations have landed. More effective companies offer access to e-tools, but without any redesign of how work gets done.
Adapting to the medium. These companies are investing in better equipment (for example, they may provide employees a cash grant to improve their lighting for video calls). Their work favors text-based communication, with fewer meetings that have clear agendas and include only ‘must have’ participants.
Asynchronous communication. These companies are structured more in line with how work gets done than where or when. They are typically global and recognize that presence does not equate to productivity.
These companies field purely distributed teams that work better than in-person teams. There are a handful of companies like this, and most are in the tech industry.
Glaveski acknowledges that moving across this spectrum won’t work for all industries, and he notes three common challenges to effective distance work that need to be addressed: team building and bonding, the value of informal office communication, and endpoint security.
How IBM Made the Transition
Fletcher Previn — IBM’s chief information officer — recently offered a candid description of how he and his colleagues grappled with these challenges and others as they pivoted the organization’s global workforce of 350,000 people to working from home over a four-week period this spring. Pre-COVID, Previn said, about 30 percent of IBM’s global workforce predominantly worked from “other than a traditional office” (i.e., from a client site or home). This figure shifted to about 95 percent within a matter of days.
He explained that there were two key components to this transition – technological and cultural.
Previn says that the company benefited from having a longer-term internal IT strategy to enable workers to self-service. This began with mailing employees their mobile devices instead of delivering them in person, and creating an internal app store to distribute software. Those measures meant that all employee hardware and software could be delivered outside the office, making it easier to transition quickly to remote work.
IBM had also adopted a standardized set of tech tools to enable collaborative work across the globe through remote meetings, file sharing, remote access and cybersecurity (the company is shifting from a VPN-based to a zero-trust model). Over the past year, Previn created a common “tool box” that employees can access based on their job function (e.g., consultant, scientist, analyst):
In terms of security, Previn says that his team detects a lot more cyberattacks and fraud attempts on home-based workers. In response, they’ve increasing training to identify phishing and tightened endpoint controls on inbound emails and other traffic. In addition, they are using AI to look for unusual behavior based on a user identity, location and the device being used.
While the tech tools are a necessary prerequisite for working from home, Previn noted that there are also cultural issues. For example, traditional ways of balancing work and personal life need to be redefined as employees work in new settings with new routines. He advocated a model of small three-person teams interacting with each other and with other teams not only through scheduled meetings but spontaneous communications that help maintain human bonds and trust. Previn said he schedules virtual happy hours with his team to bring people together informally rather than just for agenda-driven meetings.
To help ease the cultural transition to distributed teams, IBM HR developed a series of training guides and online modules on how to lead remotely, and tips for remote workers and their managers.
Long-Term Benefits of the Transition
One factor that enabled IBM and many other companies to respond quickly to COVID was the longtime use of distance work tools to improve cross-organizational collaboration, even when the parties at both ends of the line sat in offices. A 2013 survey by McKinsey Consulting found multiple expected benefits to these measures, such as reduced travel costs and increased employee satisfaction.
But the survey also discovered that there was faster access to internal experts and corporate knowledge when using collaborative tools. This implies that in both the private sector and government contexts, it’s less important where you do knowledge-based work than it is how you do it – using collaborative tools in a team-based work environment.
In the last two months, the corporate world has gradually come to realize that it cannot wait to adapt these tools fully to an at-home workforce. Companies have shifted from a strategy of “do what is most urgent and feasible now and postpone everything else until we return to the office” to “we have to make everything work remotely because who knows how long this will last and we can’t push things off any longer.”
For most companies, that means mastering levels three and four of Glaveski’s remote work hierarchy by embracing text-based communication, fewer meetings and asynchronous schedules.
And a few small tech companies have even reached the “nirvana” state that Glaveski describes. For example, Pipedrive, a new software company with staff in both the United States and Europe, responded to COVID by becoming a completely virtual company inside of 24 hours, according to futurist Heather McGowen. And one tech company, Automattic (the company behind WordPress, which powers 35 percent of all websites on the internet), beat COVID to the punch. It is 15 years old and has nearly 1,200 staff scattered across 75 countries – and no offices!
It is easy to think of the current disruption in workplace operations as a temporary shift that will reverse itself after the COVID threat recedes. But as McGowan suggests in Forbes, this pandemic “might be the great catalyst for business transformation,” producing changes in months that might have otherwise taken years to transpire.
“We’re seeing changes that affect work, learning, and daily life,” she writes, “changes that will become a new normal and that take place against a backdrop of several fundamental shifts.”
For example, a slow evolution in corporate culture even before COVID was giving employees greater autonomy and an increased role in meeting business goals. Companies are beginning to recognize culture, creativity and innovation as ingredients of success, and managers increasingly trust their people to “do the right thing.” Corporations have started to consider employee welfare as a central goal in addition to profit. These trends too are bound to accelerate as social distancing continues, and will persist long after it ends.
Future columns will explore these distance work approaches further and how they can be adapted to a government context.”
“Adversarial capital” is the latest buzz phrase used to describe the security problem that can occur when foreign rivals, especially China, take advantage of the relatively open U.S. investment marketplace.
“We simply cannot afford this period of economic uncertainty to lead to loss of American know-how on critical technologies,” – Jennifer Santos, DOD’s deputy assistant secretary of defense for industrial policy.”
“The Defense Department is hoping steadily engaging small businesses will help shield them from shady foreign investments during the global COVID-19 crisis.
[At risk are] nascent technology firms whose work may have security applications but don’t yet fall under the aegis of the cross-agency Committee on Foreign Investment in the United States (CFIUS).
“We simply cannot afford this period of economic uncertainty to lead to loss of American know-how on critical technologies,” Santos said during an April 28 webinar on coronavirus supply chain challenges hosted by the Intelligence and National Security Alliance.
Additionally, DOD has been hosting teleconferences multiple times per week with industry trade associations and continued to host virtual Trusted Capital Marketplace events to help ensure companies have access to “clean capital” and avoid foreign investment conflicts.
Ellen Lord, DOD’s acquisition chief, warned in March that the defense industry base, their technology, and intellectual property were vulnerable to “nefarious” foreign investors.
As the coronavirus pandemic worsened, DOD has struggled with multiple plant closures — 93 out of 10,509 prime companies with 141 that closed and reopened and 427 out of 11,413 vendors, with 237 that have closed and reopened. Those closures have significantly affected aviation, shipbuilding and small space launch supply chains.
Santos said several companies in Mexico have “impacted our major primes” and DOD is working to identify those companies and work with the Mexican government supporting various technologies, including airframe production.
But foreign investment remains one of the more pressing priorities in defense acquisition, Santos said, adding that suspicious transactions in vulnerable areas are mitigated or blocked if a risk is found regardless of the pandemic.
That is an acute problem for small manufacturers, Lord said.
“Typically the most problematic areas we have now are some of the smaller manufacturers who, maybe from a dollar value, don’t do huge numbers but they are providing critical components across aircraft and naval applications. That’s where my biggest concern is; sort of the weakest link in the system,” Lord told reporters April 30.
The acquisition chief also worried some smaller companies “might end up with some significant financial fragility” and is looking across interagency and in the Trusted Capital Marketplace, a partnership that links private investors with defense companies, to keep those with “critical technology, talent, and facilities together with those investors.”
Lord’s concern extends overseas, as well, particularly in Europe, regarding what Lord called “nefarious” mergers and acquisition, where shell companies have known U.S. adversaries as beneficial owners. To protect against that, the Pentagon wants stronger foreign legislation from Congress to make the CFIUS process more stringent, Lord said.
In addition to pursuing stronger legislation, DOD has bolstered and expanded national security investment reviews, which can take 45 days and are reviewed by the Director of National Intelligence, and increased engagement with businesses using the newly stood up industrial base council.
Santos said the council helps address the industry base’s existing gaps and risks by aligning their priorities with DOD’s, identifying authorities that can be used to solve any issues, and drawing up policy as needed.
“We need to protect our industrial base from what could be adversarial capital and during COVID, we maintain the same due diligence,” Santos said, “It’s what keeps me up at night most nights.”
“From supply chain, to acquisition, to automation, the federal response to COVID-19 is changing what IT means to agencies, according to several top federal IT managers.
As the pandemic grew, the Small Business Administration ramped up its telework efforts and surged its personnel and IT to support disaster and small business loan portals, the agency was told there were potential shortages desktop and laptop computers and lagging supplies of peripheral devices such as mice and monitors, according to agency CIO Maria Roat. That shortage, however, didn’t slow the efforts down, as the General Services Administration and NASA’s SEWP contract had enough to support SBA’s efforts, she said, but it showed a potential problem.
With other agencies, including Health and Human Services and the Veterans Administration looking for similar IT gear, “the supply chain on the hardware side was stressed,” said Roat during an April 30 ACT IAC teleconference.
Cross-agency teamwork, she said, is a critical piece of such a huge response. SBA’s dozens of field offices, for instance, can now rely on IT support from GSA and Agriculture Department IT field personnel because of collaboration through the Federal CIO Council, according to Roat. “I haven’t used that yet,” she said, but it’s helpful to know the help is there.
In setting up its telework and loan platform efforts, Roat said SBA has leveraged software defined networking, collaborative technologies, such as Skype, and Microsoft Teams.
In support of the loan platforms, said Roat, SBA has turned up its Gigabit bandwidth on Ethernet backbone circuits to handle the traffic on the portals. The agency, she said, plans to add more capabilities, as well hone existing capabilities in the coming weeks.
“We’re now getting ready for release five” of those portal efforts, she said. The agency will add additional features, such as chat boxes, a way to view active cases and additional workflow refinements, as well as additional personnel, she said.
The COVID-19 response, said Harrison Smith, deputy chief procurement officer, at the IRS, has shown the federal government needs faster, more responsive methods to get what it needs in times of crisis. The pandemic response has shown the traditional 12 to 36 month acquisition planning cycle “is not how we need to do things,” he said.
COVID-19 “has underscored the need for us to move ahead in a more agile manner” but also balance that quicker capability with responsible spending, he said.
That could mean making a way for agencies to shift to more creative ways of getting things on the fly, possibly forgoing interagency agreements for say, shared services, for instance, according to Smith.
GSA, said Beth Killoran, the agency’s deputy CIO, is learning to leverage drones, data analytics and virtual capabilities to handle more of its federal building management duties. The agency is using geotagged images to track contractors’ construction or repair work on its buildings, to save local and federal building inspectors from having to make a trip to sites, she said. The agency is tasking drone aircraft to do exterior building inspections, as well. GSA has also tapped public data of COVID-19 hotspots at federally-owned medical facilities, to inform where its cleaning crews can safely do their work.
Modernized IT, said Roat, Killoran and Smith, is key to responding to such a huge crisis. The workforces at GSA, SBA and IRS, they said, have adapted quickly to telework because they had begun to move toward telework before the crisis.
House lawmakers previously proposed a $3 billion bump for the Technology Modernization Fund in a COVID-19 bill that ultimately went nowhere, but future additions are possible. Roat, who is on the TMF board that approves projects for funding said it’s unclear if any new funding will be approved.
SBA, she said, spent 50 intense days planning and executing a plan to implement IT to support public-facing portals and services for COVID-19 response.
“From where I sit, I’d bet other agencies are doing the same” reflection on how to move ahead from here, she said. “How would we use that $3 billion to look at the bigger picture?” Should it concentrate on shared services, she wondered. “Everyone is at home right now. Everyone is digital. We need to ramp up out digital citizen interaction.”
“The Navy has been awarding contracts faster since the start of the coronavirus pandemic, but one of the biggest gains have been systems that can assess supply chain weaknesses, according to James Geurts, the Navy’s acquisition chief.
Geurts said doing that allows the Navy to “see what suppliers are at risk. When we understand that, we can start managing those potential delays into our supply system.” That information is then used to inform continuing operations, move supplies if needed and understand when suppliers are back online.
Geurts also said the Navy has geographically networked all of its 3D printers, which provides insight into where the need is on the local levels, “ensuring that we’re not competing or conflicting with each other.” Many organizations are using 3D printers to fabricate parts for medical devices and other needed materials that are not readily available through existing supply chains.
With contracts going out faster than anticipated, Geurts also said the Navy has been examining its business practices, learning how to better collaborate, reduce backlogs and not duplicate functions. All of that will hopefully aid in a faster recovery from the coronavirus, he said.
“Ships still have to come out on time, we’ve got to do the maintenance and continue to supply lethal capabilities to our sailors and Marines, and we can’t afford to lag the recovery.”
“It now has 900,000 user accounts with 250,000 added in a single day, officials said at an April 13 briefing. CVR is a collaboration suite based on Microsoft Teams that enables video, voice and text communications.
“The department has always been telework-ready long before the pandemic,” DOD CIO Dana Deasy said, but noted full-time telework was the exception and not the rule, so that a lot of education about tools and best practices was needed.
“There will be some permanency to what we have here. Specifically, I think more on the network side, and we will also have to create a base of teleworking equipment that we’ll be able to, in some cases, reuse for other purposes,” Deasy said. “There is going to be an enhanced teleworking capability that will be sustained at the end of COVID-19,” he added.
About 2,000 DOD personnel have gotten additional devices, officials said, with virtual internet service provider connections increasing 30%. Call capacity in the Pentagon has increased 50% and the Defense Information Systems Agency has increased end point capability three-fold.
The Navy’s telework capacity has exploded with 65,000 new telework users on mobile and desktops. The Navy’s telework capacity grew 150% to 250,000 workers due to COVID-19 measures, and there are additional plans to bring the total to 500,000 remote workers. The Marines increased their virtual private network capacity to 60,000 simultaneous workers, up about 80%.
This activity is creating a surge of data, and it’s still unclear what happens to CVR information after the crisis.
“We recognize that a lot of data is being created, it’s going onto an unclassified environment,” DOD CIO Dana Deasy said, in response to a question about how CVR data will be treated after the COVID-19 crisis is over. “We are looking at options on how do we take this data and preserve it and-or port it into other collaboration environments, going forward. That decision has not been taken, but I would also not pre-conclude that we’ve taken the decision the data will just be flat-out destroyed.”
Cybersecurity concerns, and the increased data risk, have risen in tandem with teleworking and is compounded by DOD not implementing all of its cyber hygiene initiatives.
Air Force Lt. Gen. Bradford Shwedo, Joint Staff CIO, said DOD has seen a “surge of spearphishing related to COVID-19” across the organization.
Essye Miller, DOD’s principal deputy CIO, first noted the uptick in cyberattacks in March when the department began encouraging mass telework, discouraging personnel from using streaming services on DOD’s network and encouraging better cyber hygiene practices.
A Government Accountability Office report released April 13 found that DOD has fallen short when it comes implementing proper cyber hygiene methods across the organization.
The GAO said DOD had not fully implemented cyber training briefings for DOD leadership or developed educational and training requirements for cyber workers. Additionally, a component of Cyber Command charged with network operations, the Joint Force Headquarters Department of Defense Information Network, hadn’t developed a plan for scheduled and unannounced cybersecurity inspections, according to the report.
In a letter responding to the report, Deasy said DOD would combine existing scorecards to improve data needed for senior leadership’s decision making, but that it was not possible to eliminate risk.
“Risk is a function of multiple variables and these variables are continually evolving,” Deasy wrote to GAO. “Timely, relevant, and correlated information is the best that can be expected.”
“The coronavirus pandemic separated thousands of U.S. service members, Defense Department civilians and contractors from the highly classified information they need to do their jobs each day — data they can’t just bring home or access on the unsecured internet.
AFRL calls the initiative deviceONE. This month contractors authorized to handle classified equipment began home deliveries of jump kits consisting of modified off-the-shelf laptop computers. The laptops are loaded with software developed under a National Security Agency project to securely connect users to classified networks hosted on servers in Hawaii. About 20 kits have gone out so far from an initial batch of 40.
The uses will be myriad. At AFRL, for example, engineers or other professionals could log onto deviceONE to help prepare computer models of aircraft or projectiles for wind tunnel tests, said John Woodruff, the program manager for the SecureView laptops who is based at AFRL’s Rome, New York, site.
Thousands more deliveries will follow, as vendors such as Dell, HP and Panasonic deliver more laptops to AFRL for modification. Those won’t just go to AFRL workers, but also staff at dozens of other Air Force organizations, and possibly other military organizations, Woodruff told me in a phone interview.
The program could last far beyond the COVID-19 lockdowns, potentially giving airmen and troops who depend on classified data a convenient new way to access those networks at far-flung, austere locations in Afghanistan, countries in Africa and elsewhere.
DeviceONE is part of the Air Force’s Advanced Battle Management System effort, which seeks to find new ways to connect aircraft, satellites and operations centers and share data in the field. The initiative has three elements:
Virtual Desktop Information, or VDI, a series of cloud-type servers at Pacific Air Force’s Hawaii headquarters that store data and applications such as Microsoft Outlook — basically everything to run a user’s entire desktop remotely.
SecureView, the lightweight, thin client-style laptops that do little more than access the classified network and don’t allow anything to be saved to the hard drive.
Commercial Solutions for Classified, or CSFC, program, which connects the SecureView laptops with the VDI servers. CSFC, based on technology developed roughly six years ago by the National Security Agency, combines virtual private networks to process classified information.
AFRL was already working on combining those preexisting technologies, but the coronavirus pandemic made the need to get it into the field even more pressing.
AFRL hurried to release the latest version of SecureView, and then worked with several Air Force organizations to get deviceONE approved for rollout at the end of March. The approval process took place at “unprecedented speed,” Woodruff said. “What normally takes months was compressed to five days.”
Now that the first 40 kits have been prepared with the proper security and other software, Woodruff expects the next thousand laptops to arrive by late April.
The next phase of the project will lay the groundwork for deploying several thousand more deviceONE units. Each user’s computer costs less than $2,500, Woodruff said, and adding thousands of more users to Pacific Air Force’s infrastructure will likely cost between $6 million and $10 million.
A nontechnical roadblock could lie ahead, Woodruff suspects. Suitable laptops could become scarce as governments, schools and companies around the world shift to teleworking.
Woodruff said AFRL has kept good relationships with top officials at vendors such as Dell, to try to convince them to prioritize their orders as much as they can.
“We’re all trying to work remotely all of a sudden,” Woodruff said. “It’s very difficult to get the quantity of laptops that we’re discussing, quickly, from the manufacturers.”
“Social distancing, masks and virtual meetings are the new normal across government, including at the Department of Defense. But what will working in DOD look like on the other side of the COVID-19 curve?”
“I don’t think the world’s going back,” Dave Mihelcic, the Defense Information Systems Agency’s former CTO who now consults with DMMI, told FCW, noting that he’s already setting up virtual meetings on mobile devices to keep business going domestically and internationally. “There’s some big advantages to letting people work from home.”
Lower facility costs and better recruiting capabilities are easy wins with the majority of a workforce being remote. And there are several areas that will see significant changes in the near future: The explosive demand for secure devices being chief among them.
“You will see more interest in general in mobility and telework, specifically within organizations other than DOD that have to deal with very sensitive information. And much more interest in better security, and the ability to do multiple levels of security on single devices,” said Terry Halvorsen, a former DOD CIO and now Samsung’s CIO and executive vice president for IT and mobile business.
Mihelcic said with that demand will come the need for IT workers to provision devices without touching them.
“DOD may need to rethink parts of how it does IT and be better prepared for how to do things remotely in a no-touch environment,” he said. “How do you minimize the number of people who have to touch an item?”
Mihelcic predicted those solutions, whatever they are, will not only need to work with all of DOD’s mission partners but support a culture shift where data collection, sharing and analysis are all more precise.
Data access and processing at edge environments will become paramount post-pandemic, . Halvorsen said, because “you’ve got the ability now to store amazing amounts of data at the edge…. The phone I’m talking to you on, I’ve got a terabyte of storage on it.”
The computing power now available for edge devices paired with “augmented intelligence” that can be used to “filter the big volumes of data” will make working remotely much easier, he said.
“One of the other problems you’ve got when people are all working on edges, some of the tools that help people filter in and cut the data down are not available,” he said. “Today we flood people generally with data, not so much valuable information, but lots of data.”
Halvorsen said applications and data access aren’t guaranteed even when the network is available — an issue for government and industry.
“I think you will see an explosion in secure applications that allow this to be done more securely and to actually do more with the data, more analytical tools that can operate in a mobile fashion,” he said.
But there’s no large-scale data sharing without cloud, which will definitely become more important in future emergency events, Mihelcic said.
“If there was an environment that supports edge computing and edge cloud better — that’s the future and that’s helpful,” he said.
When asked how the Joint Enterprise Defense Infrastructure, the Pentagon’s embattled $10 billion cloud effort that’s under protest, would be helpful if it were already in place and running before the coronavirus infections spread throughout the U.S., Halvorsen said DOD is already on the path to more edge computing power and cloud usage.
“If there was an environment in place that supported edge computing and edge cloud better, and I think that’s where DOD is going to go, regardless of how JEDI turns out.”