The Defense Department is moving ahead quickly on the adoption of cloud computing and implementation of a "zero trust" computing environment, the Defense Department's chief information officer told lawmakers today on Capitol Hill.
"At last, the department has access to enterprise cloud capabilities from four world-class U.S. vendors at all three security classification levels from the continental United States to the tactical edge," said John B. Sherman during testimony before the Senate Armed Services Committee's cybersecurity subcommittee.
The enterprise cloud, Sherman told senators, will help the department advance its Joint All Domain Command and Control effort and will further enhance efforts involving artificial intelligence and machine learning efforts, software modernization and cybersecurity.
In December, the Defense Department awarded contracts to four technology companies to provide services in support of its Joint Warfighting Cloud Capability. The four companies include Amazon Web Services Inc., Google Support Services LLC, Microsoft Corp and Oracle.
The JWCC is a multiple-award contract vehicle that allows the department to acquire commercial cloud capabilities and services directly from commercial cloud service providers.
"To help facilitate the rapid adoption of cloud, we've deployed several accelerators, which streamline the cloud adoption process from a normal 45-day timeline to within hours or minutes," Air Force Lt. Gen. Robert J. Skinner, director of the Defense Information Systems Agency, said. "This is helping to accelerate our pace to the cloud to improve our overall user experience, while also increasing our cyber security."
Sherman also discussed the DOD's shift away from perimeter security of its networks toward a "zero trust" environment.
"[Zero trust] is predicated on the assumption that an adversary might already be on our network, and we must prevent them from moving laterally and gaining access to our most critical data," Sherman said.
In October the department released its strategy on zero trust, Sherman said, and that strategy has since become a "North Star document" for the DOD and other federal agencies, as well. The DOD plans to implement zero trust by 2027, he said.
The Zero Trust Strategy and Roadmap spells out how the department plans to move beyond traditional network security methods to achieve reduced-network attack surfaces, enable risk management and effective data-sharing in partnership environments, and contain and remediate adversary activities over the next five years.
"We have made great strides on our zero trust journey. When the DOD released the zero trust strategy, we had already started our Thunderdome initiative, which brings modern and commercial zero trust technologies to the department," Skinner said. "We recently completed our successful prototype and are working with Honorable Sherman's team on the acquisition strategy and expansion of these capabilities across the enterprise."
It's not just technology, but the people who run that technology who are critical to the department's network efforts. Sherman said the DOD is making strides as well in ensuring the right personnel are in place to implement and manage the department's ongoing network modernization efforts.
"The best technology in the world means nothing without a trained, motivated and diverse workforce," Sherman said. "We recently released a cyber workforce strategy that will continue to drive us to new and more effective approaches to how we identify, recruit, retain and upskill our cyber digital personnel."