From announcing a multi-cloud effort to provide enterprise cloud capabilities for the Department of Defense (DoD) at all three security classifications, to implementing ambitious cyber-related goals to improve its security posture, it’s clear the DoD has certainly had a very busy year on the year on the tech front.
As the year comes to an end, MeriTalk is taking a look back at the top DoD moments of 2022:
Senate and House Pass FY2023 NDAA
The Senate and House passed the Fiscal Year (FY) 2023 National Defense Authorization Act (NDAA), which features $858 billion for defense-related purposes, including numerous technology and cybersecurity provisions.
Among the cyber funding provisions is a $44.1 million investment to support the U.S. Cyber Command’s (CYBERCOM) Hunt Forward Operations, as well as an increase of $56.4 million for CYBERCOM Joint Cyber Warfighting Architecture development.
Provisions specific to strengthening the DoD’s cyber posture include:
- An increase of $10 million to support cyber consortium seed funding;
- An increase of $20 million for the National Security Agency Center of Academic Excellence cybersecurity workforce pilot program;
- An increase of $20 million for the Defense Advanced Research Projects Agency’s (DARPA) enhanced non-kinetic/cyber modeling and simulation activities;
- An increase of $168 million for Cyber Mission Force operational support, including intelligence support to cyberspace operations; and
- An increase of $50 million for artificial intelligence systems and applications development at CYBERCOM.
Sources told MeriTalk that President Biden is expected to sign the NDAA bill soon.
Pentagon Awards Cloud Contracts to AWS, Google, Microsoft, Oracle
DoD on Dec. 6 awarded the Joint Warfighting Cloud Capability (JWCC) cloud contracts to four bidders that have been in the mix for sizable chunks of the $9 billion contract since the beginning of the process – Amazon Web Services, Google Support Services, Microsoft, and Oracle.
The agreements comprise a three-year base with one-year options, meaning work could be conducted through 2028. Each company is only guaranteed $100,000 of business, according to the terms of the deal. The four vendors will duke it out for task orders in the coming weeks. The exact number of task orders is still unknown, but the competition process should take weeks to as long as a few months to execute.
Announcements of who would be selected for the Pentagon’s JWCC contracts were initially to be announced in April. However, the DoD delayed the announcement to December because it realized its schedule “was maybe a little too ahead of what we thought,” DoD Chief Information Officer (CIO) John Sherman previously stated.
The JWCC is a multi-cloud effort that will provide enterprise cloud capabilities for the DoD at all three security classifications – unclassified, secret, and top-secret – from the continental United States out to the tactical edge. DoD announced its plans to solicit bids for the JWCC contract after canceling its single-vendor $10 billion Joint Enterprise Defense Infrastructure cloud services contract that had been tied up in protests back in July 2021.
DoD’s Ambitious Zero Trust Goal
On Aug. 31, DoD CIO John Sherman announced the department’s plan to implement a zero trust architecture across the entire department by 2027. Later on Nov. 22, the Pentagon released an implementation strategy and roadmap with further details of how it would reach its 2027 zero trust goal.
During his initial announcement Sherman acknowledged that the plan was an ambitious one, but the adversary capability the department continues to face left them no choice but to move at a fast pace.
DoD’s zero trust strategy and roadmap envision an information enterprise secured by a fully implemented department-wide zero trust cybersecurity “target level” framework that will reduce the attack surface, enable risk management, make data-sharing effective in partnership environments, and quickly contain and remediate adversary activities.
The roadmap – released along with the strategy – lays out a baseline approach to zero trust using the department’s current IT infrastructure and capabilities.
The Pentagon does plan to develop future zero trust roadmaps pertinent to both commercial and private cloud, which are expected to achieve zero trust “quicker” than the five-year, baseline approach, according to DoD officials.
Moving forward, DoD plans on piloting its zero trust approach with the four major commercial cloud providers awarded the JWCC cloud contracts: Google, Oracle, Microsoft, and Amazon Web Services.
DISA’s Thunderdome Zero Trust Project
On Jan. 25, the Defense Information Systems Agency (DISA) announced that it awarded Booz Allen Hamilton a $6.8 million contract to implement a Thunderdome Prototype – which will be DISA’s zero trust security and network architecture.
Thunderdome is meant to modernize DISA’s cybersecurity infrastructure to improve the nation’s cybersecurity posture and improve user access to cloud-hosted applications by enabling dynamic, adaptable security from the user to the data and application edge.
The contract originally had a timetable of six months, but as the project deadline was nearing DISA announced an extension, increasing the total length of the pilot program to 12 months with a new expected completion date of January 2023.
According to officials, the extension was a result of the agency’s desire to expand the Thunderdome pilot to include the agency’s classified network – the Secure Internet Protocol Router Network, which was not originally included in the contract.
DISA officials remain confident that they are on track to complete work on its Thunderdome Prototype zero trust security project by January 2023.
DoD Releases JADC2 Implementation Plan
On Mar. 17, the Pentagon released the implementation plan for the military’s Joint All-Domain Command And Control (JADC2) initiative.
The JADC2 strategy envisions a massive “network of networks,” sharing intelligence, surveillance, and reconnaissance from sensors across air, land, sea, space, cyberspace, and the electromagnetic spectrum, identifying the proper units or platforms to deal with threats, and connecting them with the necessary information.
According to DoD officials, JADC2 is a warfighting necessity to keep pace with the volume and complexity of data in modern warfare and to defeat adversaries decisively.
While the details for the JADC2 implementation plan are classified, the Pentagon released an unclassified version of the strategy, offering a glimpse of the DoD’s vision for a vast, interoperable communications network.
In the summary of that plan, the DoD explained that the strategy centers on six guiding principles:
- Designing universal and continuous information sharing at an enterprise level;
- Making it secure with a “layered” and “strong cyber defense”;
- Having an interoperable and standardized data fabric;
- Making it operational and resilient in a degraded environment;
- Improving command and control capability development broadly; and
- Delivering JADC2 capabilities quickly through acquisitions and development.
The Pentagon initially named 27 JADC2 contractors but has since added more vendors to support the program.
DoD Launches Technology Vision With 14 Critical Tech Areas
On Feb. 3, the DoD announced a new technology vision with a long list of critical technologies which the Pentagon will focus on going forward for evaluation and rapid fielding.
The vision aims to strengthen the DoD’s technological superiority in an era of global competition and is structured around three strategic pillars: mission focus, foundation building, and success through teamwork.
The document outlines 14 critical technology areas the DoD wants to pursue that are vital to national security, including biotechnology, quantum science, future generation wireless technology, advanced materials, trusted AI and autonomy, integrated network systems-of-systems, microelectronics, space technology, renewable energy generation and storage, advanced computing and software, human-machine interfaces, directed energy, hypersonic, and integrated sensing and cyber.