John Sherman, the Defense Department’s principal deputy chief information officer, is the keynote speaker for the Digital Modernization and Response to COVID-19 event during the Red Hat Government Symposium 2020, November 10, 2020.
Transcript
D o. D. And it’s a pleasure to speak with you today. I would like to take a few minutes to highlight what we and D O. D have done in response to the cove it 19 crisis and how we’re moving forward with our digital modernization implementation. Our focus is on activities to empower our workforce during this critical time and to posture the department for future mission success First, the D. O D s Response Cove. It has certainly been one of the most significant challenges driving the national security establishment to adopt since the 9 11 attacks over 19 years ago. Like many crises before Cove, it has forced innovation and new ways of thinking that might not have otherwise been brought to bear, at least not so quickly at D. O d. The situation has prompted us in many areas like flexible collaboration capabilities, more robust networks and implementation of new principles like zero Trust to move beyond fixing to as my mom in Texas sometimes says to getting it done Now, at the outset of the cove it crisis Secretary Esper set out three main priorities for the department’s response. Protect the workforce, continue the mission and support whole of government response. D o d c i o empowered by the great work of the Cloud Compute Program Office or CCP Oh, the Defense Information Systems Agency, or DISA U. S. Cyber command Cyber Com The military departments and service CEOs and Joint Staff CEO responded by developing the commercial virtual remote, or CDR, capability based on Microsoft teams made available in mere weeks, CBR is now used by over a third of the department with over a million active users. CBR has enabled Tele work by providing a capability toe hold group calls, form virtual teams and host video conferences. All of this involved D o D users being able to communicate with others, not on the Department of Defense Information Network or Dodon, and crucially, with government furnished equipment or their own devices. This is important in multiple ways, not on Lee to provide maximum flexibility for uniformed and civilian personnel who are working from home, but also for those service members supporting crisis operations such as National Guard members deployed around the nation to support co vid response activities. Because CVR has been a success story thus far. We’ve extended its use until June 2021 in order to ensure maximum flexibility for the department as tele work continues in many areas. However, CBR does not currently operate at the level we need over the long term to ensure proper safeguarding of our sensitive information. We’ve always known we need to transition to a capability at a higher security level. Of course, cybersecurity has been foremost in our minds, especially as we pivoted to a tele work environment. Our partnership with DISA and U. S. Cyber com as well as with N S A. Has been critical to ensuring we’re postured to mitigate risks and deal quickly with threats. For example, as has been the case and other enterprises, we saw a rise in phishing attempts against D o D members. Ensuring our workforce is aware of these threats and being able to respond quickly when problems do occur have been critical to staying in front of these types of incidents. Because of this cyber security environment, we always knew that CBR would not be are forever solution. With this in mind, our current focus is on defining what are enduring capability is going to look like we want a solution with more robust security hosted on a government enclave cloud environment. We also want the functionalities of CVR, such as bring your own approved device and an ability to communicate with users not on the dote in and those operating in the current environment a tall order, to be sure, but one were committed to getting right. Now I want to discuss how we’re moving forward. I’m currently leading weekly senior level meetings with colleagues from Disa Cyber Com Joint Staff and the military military departments, all undergirded by amazing work done by a group of other forms to define the new way ahead for our post CVR capability. Back to my earlier comment about moving beyond the fixing to part of the key processes. This dialogue and planning, at least for me, has brought concepts like zero trust to the forefront in a riel non theoretical application. On that note, I’ve heard much about zero trust from a conceptual perspective, and I’ve always appreciated what it really means, namely not just trying to stop threats at the perimeter, as has been the default for so long. Rather, we should use more holistic access standards and verify identity and other aspects at every point in the process, and not just the front gate. Now we’re striving to implement zero trust concepts on areas like fine grained access, as well as different approaches at the perimeter and access to the cloud. All of which moves us closer to a zero trust footing all our foundational steps to enabling us to craft and up to date effect, a solution that entails CVR light capabilities. We’ve seen, however, that the newness of this concept and the related differing visions for implementation have created a healthy dialogue in our meetings, which in my book is a great thing. Innovation isn’t born OUT of groupthink. Even in the early days of CBR, we asked, decide to make wide ranging improvements to the department on areas like virtual private networks and Internet access point capacity. They came through on this with flying colors, but it didn’t happen overnight and it took significant effort and leadership focus. Would we be on this vector and working through these very tough questions? Had it not been a national emergency, I can’t say for sure, but I doubt it. This crisis is forces to think differently and on an accelerated pace in a way that it’s certainly going to put us into a more capable and advanced position than we were a year ago. None of this would have been possible had d o. D not already been a cloud centric organization before the crisis. Earlier, I mentioned the CCP Oh, and the critical role they played in developing and deploying CVR on a very compressed timeline. They were able to do this because of their deep involvement in all things related to crowd cloud within the department, including their increasingly critical role in helping to drive our work in software development, especially in terms of terms of Dev SEC ops. I’ve noted in many earlier engagements that moving to the cloud is as much about a cultural shift as a technological one, and the department has been well upon this path as a result of the CCP Oh Diese and our colleagues in the military departments. For example, with our focus on death set cops continuing unabated, CCP oh is leading continuous innovations in areas such as infrastructure is code, which capitalizes on the opportunities to change the way we operate thes sort of agile, forward leaning approaches will keep us ahead of our future adversaries and are underpinned by the pillars of our d. O d digital modernization strategy. These include the aforementioned Cyber Security and Cloud, as well as command control and communications, or C three data and Artificial Intelligence, or AI. We’re making great progress across all these areas, both in terms of impacts for the long term as well. A s’more immediate responses for Cove it, for example, the Joint AI Center or Jake, among many other efforts, has pioneered projects. SALIS, which brought a I to bear in support of US North, calms ability to attract the medical supply chain and related issues in support of covert response. This is in addition to the jakes other initiatives on areas ranging from predictive helicopter maintenance on to joint warfighting. Moreover, with the Jakes recent contract to establish the Joint Common Foundation as a repository for data and tools to support the department’s AI efforts, the sky is truly the limit on what this organization, now under the leadership of Lieutenant General might growing can accomplish to advance the department’s AI capabilities. Likewise, with the recent publication of the D. O. D data strategy and the appointment of Dave Spark as the CEO, we’re ensuring we can unlock the power of the department’s data. Dave has accurately described data as equal in value to ammunition. Put another way, if our growing cloud capability represents the world’s best race car thin, the data is the fuel which must be brought to high octane levels through proper tagging, discover ability and curation. It’s vital, especially for areas like AI. Also, our work on C three, although not as directly involved in some areas of the co vid crisis response, has progressed apace. Despite the crisis, our team routinely works with many departments stakeholders and has advanced departmental monetization priorities on areas like the electromagnetic spectrum superiority strategy, which we just published. Much like the imperative of data. Winning in the electromagnetic battle space will be critical for our military success in future conflicts. Cove. It has been our main crucible of late, but our progress has been built on a strategy of digital modernization, are moved to CVR reinforcement of networks, improvement in cybersecurity and plan to move to an enduring capability has required us to be agile and innovative within our enormous enterprise. All have shown d o d to be adaptive when it counts most. And this just might be the exact preview of how we will need to operate in our 21st century threat environment. Finally, I would be remiss if I didn’t highlight the critical partnership between industry and government in this entire response, especially in terms of technology for areas like tele work, collaboration and cybersecurity. Perhaps because of my background is a satellite image analysts. One of my favorite movies is 13 Days, which stars Kevin Costner and Bruce Greenwood and deals with the Cuban missile crisis in 1962. In one of my favorite scenes, Costner, playing White House special assistant Kenny O. Donnell, tells Greenwood playing President Kennedy that there are no wise old individuals in the crisis they faced. It was just the leaders of that time, learning as they went and doing their best to navigate a very tough situation. I think that’s a pretty apt metaphor for where we find ourselves as we adapt to cove. It in both industry and government were all blazing a path and is one we must take together on behalf of the team and D o d CEO. We truly appreciate your support and partnership, where we’ve all stepped up to this crisis have continued to modernize throughout and will be even that much more prepared for tomorrow’s events. Thank you.