Modernizing DoD IT for CyberSecurity Raytheon http://www.mantech.com/Pages/Home.aspx www.esgjrconsultinginc.com to learn more.

1. E-book | December 2017
MODERNIZING
CYBERSECURITY
DoD IT FOR

2. 2 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
rom the time news broke of the hack of the Office of
Personnel Management through to the inclusion of the
Modernizing Government Technology (MGT) Act in the
2018 National Defense Authorization Act, the upgrading
of government technology systems has been at the center
of cybersecurity efforts throughout the executive branch.
The Department of Defense is no exception, though its
modernization efforts date back to before the OPM breach. The largest of
these efforts is known as the Joint Information Environment.
“The Joint Information Environment, or JIE, is a concept for a more
effective, streamlined, and secure IT infrastructure for the department,” said
John Zangardi, acting DoD CIO. “The Joint Regional Security Stack is an
important part of the overall JIE, and we have made exceptional progress
migrating the DoD components to the stacks.”
Currently, those efforts are centered on completing the DoD’s migration
to Windows 10 and the rollout of JRSS.
“The goals going forward for the JIE remain improving mission effec-
tiveness, increasing cybersecurity, improving interoperability, delivering
capabilities faster and realizing information technology efficiencies,”
according to a DoD spokesman.
This ebook will explore the DoD’s modernization efforts, from the link
between upgrading IT and cybersecurity, to the state of JIE and other
initiatives, to what the Pentagon can learn from efforts underway at the
branches and within the intelligence community.
Aaron Boyd
Editor, FifthDomain.com
Modernizing
DoD: JIE and
beyond
F
TECHNICIANS PERFORM ACCEPTANCE
TESTING ON CONSOLIDATED AFLOAT
SHIPS NETWORK ENTERPRISE
SERVICES RACKS IN SPAWAR’S
NETWORK INTEGRATION AND
ENGINEERING FACILITY.
PHOTOCREDIT:RICKNAYSTATT/NAVY
What’s inside
4 What’s in a name? JIE’s moniker, scope
prove problematic
5 Q&A: Essye Miller, DoD CISO,
Deputy CIO
7 Soup-to-nuts systems check
8 Culture clash: Army network
modernization challenged by funding,
culture
9 New Army CIO/G-6: Network should
support war fighter
10 Integrating information: ICITE is about
changing the way the intelligence
community does business
12 DISA updates network
13 Marine Corps applying rapid
acquisition
14 NATO looks to modernize IT
15 Cyber vs. IT: What’s the difference?
16 Sponsor essay: Military concept of
operations accelerates to the speed of
softwareCOVER PHOTO CREDIT: NINJAMONKEYSTUDIO/GETTYIMAGES

3. THE MODERNIZATION
SIDE OF
CYBER
CYBER RESILIENCY
@Raytheon
Raytheon
Raytheon.com/cybermodernization
From connected aircraft and ground vehicles to
multi-domain command and control, Raytheon
modernization solutions keep systems ready
for anything in the digital battlespace.
© 2017 Raytheon Company. All rights reserved.

4. 4 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:ALANLESSIG/STAFF
he Joint Information Environment, which is colloquially
and collectively the Department of Defense’s ongoing
IT modernization effort, has been marred in confusion
surrounding lexicon, purpose and scope.
One of the lessons learned from this process, said
outgoing DoD CIO Terry Halvorsen, is that names are really
important.
“I would never use JIE again,” Halvorsen, who retired in February 2017,
said during a media call taking responsibility for the way JIE was rolled
out. “JIE is the concept; it never gets delivered because if you said you were
delivering it and you were done, you’d be wrong. I did not deliver that the
right waywhen I started. If I could go back, that’s one thing I would change.
I would stress it is a concept; it is our vision architecture not something
that was going to roll out.”
With this conceptual framework, there is no formalized program of
record for JIE; rather, there are joint modernization initiatives forwhich the
military services bear funding responsibilities. By and large, many current
and former officials — both from DoD and the services — have confidence
in this structure and model that goes through each individual service.
Halvorsen expressed confidence in the governance structure for JIE
going forward.
“If you ask all the services, they’ll tell you this is the best it’s ever been,”
he said. This process involves the CIOs and 6s — or information offices —
of each service, along with the DoD CIO, the Defense Information Systems
Agency, Cyber Command and the NSA, to the point where they should all
be participating in the decisions.
The JIE executive committee, or EXCOM, continues to be the main
governance body, Halvorsen said. It comprises two-star generals and
senior civilian officials and is chaired by Randall Conway, deputy CIO
for information enterprise.
One of the important aspects of the EXCOM, according to Halvorsen,
was that decisions are reached in a collaborative manner, signifying
not agreement from all parties, but rather that all participants are able
to provide input. Oftentimes there is some disagreement, Halvorsen said,
but there is enough consensus to come to decisions within this process.
One of the keystone concepts under the JIE umbrella is the Joint Re-
gional Security Stacks, which is funded through the services. The next step
following its full implantation, which is still ongoing, will be autonomous
and artificial intelligence-based tools, Halvorsen said. “Given the volume
and where I see the threat moving, it will be impossible for humans by
themselves to keep pace,” he said.
In the past, Halvorsen has requested similar tools from industry to work
at machine speed.
“We can and we’re very close to being able to put more autonomy into
the security tools, and we will get to the point I think within the next 18
months where AI is becoming a key factor in augmenting the human
analyst” in making decisions about what to do, when to quarantine parts of
the network and what of the network’s structure can be changed, he said.
These tools, which he described as “an absolute real effort,”will be able to
isolate portions of the network that become infected and keep the network
running. These solutions will also allow for greater predictability, though
Halvorsen noted that will never be 100 percent.
FORMER DOD CIOTERRY HALVORSEN
SPEAKS DURINGTHE DOD CIO CLOUD
INDUSTRY DAY ON JAN.29,2015.
What’s in a name?
JIE’s moniker, scope prove
problematic By Mark Pomerleau
T
D
epartment of Defense officials in a document released August 2016
outlined a new plan for getting ahead in information technology,
focusing heavily on commercial capabilities, cybersecurity and
updates to how the Pentagon manages IT.
The DoD “Information Technology Environment Way Forward to
Tomorrow’s Strategic Landscape” includes eight core goals Pentagon
leadership is targeting amid “a decision cross-road facing an IT future
that is fast moving, connected, and highly contested,” the document states.
In a briefing with reporters, then-DoD CIO Terry Halvorsen emphasized
the glaring need for change in how the military handles and executes
IT, and promised that the document and new efforts such as a partner
environment, currently in the early planning stages, is only the beginning.
Much of the document targets cybersecurity, both directly and
indirectly. One of the core goals is titled “Ensure Successful Mission
Execution in the Face of the Cyber Threat,” and another is to “Provide a
Resilient Communications and Network Infrastructure.” Another aims to
“Exploit the Power of Trusted Information Sharing.”
The pervasive focus on cybersecurity, explicit and otherwise, isn’t an
accident, Halvorsen said.
“I hope this document makes sure everybody understands that cyber-
security is important, an ever-changing game. I don’t see anything in our
future indicating we can ever be comfortable in cyber. There is continual
change and [there must be] acceptance of continual change,” he said.
“Cybersecurity is data-dependent, information-dependent ... it is a risk
equation similar to the fiscal world. The baseline equation for cyber is
the same, but the way you evaluate it is different because of the pace of
technology and that’s another message you have to get out. The baseline
question, how risky is the risk … I think you’ll see us talk more about risk
factors.”
The need for the document emanates from years of layering systems,
hardware and software, creating an overly complex IT environment
that jeopardizes security and slows innovation and progress, Halvorsen
indicated.
“The department’s choice of cyber and IT capabilities lay the foundation
for success — from the battlefield, to business, and beyond,” the document
notes.
Doc outlines ‘way forward’ for DoD IT environment

5. 5 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:ALANLESSIG/STAFFs Department of Defense deputy CIO for cybersecurity —
and the Pentagon’s CISO — Essye Miller takes the reigns
on a range of initiatives, some already existing and some
her own. Regardless of their origin, expect to see DoD CIO
cybersecurity initiatives gaining traction across the
military: Miller means business when it comes to securing
networks and IT infrastructure. Amber Corrin spoke with
Miller about upgrading and investing in IT.
Migrating to the cloud has been a big effort for DoD CIO. What’s the
status?
We’re investing a fair amount of money in FY17, about $22 million;
and then I think we’re budgeted at about 180 million in FY18. But, we’re
tracking over 350 cloud efforts across the department.
All of course, in different aspects, everything from unclassified efforts
to some secure efforts as well on the classified side. I have been working
with what I call the Big Five cloud providers. Those that are doing industry
as a service, and software as a service, and platform as a service, all three
offerings.
There are five companies that do all three; we’re working with them to
identify any barriers as we transition. How may we need to look a little bit
differently at how we’re doing this? For example, we have requirements for
a cloud cybersecurity service provider to do the monitoring and security
work for any workload that goes to the cloud.
Some of that we determine is inherently governmental. But there are
some functions they have that our industry partners can probably do for
Department of Defense CISO, Deputy CIO
A
Essye Miller
“DoD
remains
the No. 1
targeted
entity when
it comes to
advanced
persistent
threat.”
Essye Miller,
Defense CISO
and deputy CIO
for cybersecurity

6. 6 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
us. We could focus on those roles that are truly inherently governmental.
What are some of the challenges that you’ve come up against so far in
your time at DoD CIO? How are you tackling those?
I don’t know that I would call it a challenge. But the main thing is
understanding that DoD remains the No. 1 targeted entity when it comes
to advanced persistent threat. Again, I go back to what I said earlier with
education of the workforce and actions to harden the network. Things like
Windows 10, and making sure that we have got not only the right attention
or the level of investment that we need.
Making sure that we’re doing IT updates and upgrades … Making sure
that we’re doing that in a timely manner; but even bigger than that, my
concern again is the culture shift. How do we move away from the normal
processes and security that is compliance focused to be a bit more agile?
It’s such that we’re doing the risk assessment piece versus focused on
yes and no compliance mode. How do I move away from an environment
where we’re in detect-and-response mode, to using autonomous techno-
logy to do automated patch management for us and to eliminate some of
the human interaction?
How do I maximize the use of technology to do some of the things that
will allow us to use the human resources to focus on those manpower
intensive areas where we need them?
How do you see JIE factoring into cybersecurity and what you’re doing
at DoD CIO?
We have the DoD and cybersecurity reference architecture that serves as
the framework to achieve the DoD objectives. It all goes back to the same
thing. How do we become agile with technology insertion and still promote
a secure and resilient network to face our adversaries? We have close ties
with Randy Conway and the Information Enterprise Directorate, and with
the implementation of the Joint Regional Security Stacks establishing a big
data platform for analytics.
At each step of the way, we are tied to this direction on JIE. Cloud
services is a big piece of that. We work the FedRAMP piece to make sure
that we have got a framework for security and capability requirements that
our customers can rely on as they establish service agreements. I see this
as very collaborative. I always tease about cybersecurity as part of the
foundation upon which everybody can build capability.
But, no matter what, it’s inextricably linked. If you were to walk in the
office, you would see a suite with me for the director for cybersecurity on
one side and Randy Conway who is the DCIO for Information Enterprise
on the other. Everything that we do is linked in that regard.
We don’t hear as much about JIE as we did a few years ago. Is it still a
priority?
I think it is still a priority. But, it is more about how we do business in
terms of information sharing and situational awareness. We look at it as
providing a framework. How do we standardize our way of business? What
do we have in place for our customers to build to? I don’t see the priority on
JIE changing. I think it just becomes a way of doing business for us.
THE DEFENSE INFORMATION
SYSTEMS AGENCY COMMAND
CENTER AT FORT MEADE, MD.
PHOTOCREDIT:JOHNKANDRAC/DEFENSEDEPARTMENT

7. 7 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:CAPT.MEREDITHMATHIS/ARMY
ed by its chief of staff, the Army is taking an end-to-end
look at its IT. While the Army for some time has been
undergoing a number of network modernization initiatives,
the service’s lead in that department, Maj. Gen. Garrett Yee,
said Army Chief of Staff Gen. Mark Milley has taken an
interest in the Army network.
Speaking at the 2017 AFCEA NOVA Warfighter IT Day,
Yee said the Army staff has scheduled acquisition-focused sessions every
Friday with the chief and the vice chief to look at the Army’s expenses and
how it can improve there.
During these reviews, Yee said Milley wants the information
technology aspect broken down, adding that everything is on the table —
strategic networks, Distributed Common Ground System-Army, General
Fund Enterprise Business Systems, Logistics Modernization Program
and so on.
In the first session, out of 145 slides, they got through 12 in four hours,
Yee said. The first session was mostly about understanding Milley’s initial
thoughts about the network.
Yee described these sessions as “soup to nuts, end to end, all the
systems, the business systems, mission command systems — you name it.”
Yee said Milley is looking for efficiencies and optimization, and is
questioning whether or not the Army is headed in the right direction.
One of the key modernization efforts — which while encouraged by the
Department of Defense’s chief information officer’s division is really being
undertaken and driven by each individual service — is the push to the Joint
Regional Security Stacks.
Yee said the Army now has 23 regional JRSS locations; 291 base, post
camp and station installations; and 45 Army organizations moved to JRSS.
“As of today, we have 9 JRSS stacks passing traffic around the world,” he
said. The eventual DoD-wide goal is 25 stacks.
Yee added that most of those stacks are based in the continental United
States, but some outside are active and ready.
“It’s happening,” he said of the move, telling the audience of mostly
industry that for those who have been watching for the past few years, this
is actually happening now.
L
Army reviews its IT as chief
of staff shows interest
By Mark Pomerleau
soup-to-nuts
systems check
A CYBER SOLDIER WITH THE 780TH
MILITARY INTELLIGENCE BRIGADE.

8. 8 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:CHUYN/GETTYIMAGES
he Army is undertaking an important effort to modernize
its legacy networks, though this is not without challenges,
Maj. Gen. Garrett Yee, who serves within the Army’s CIO/G-6
office and is leading the Army’s modernization efforts, said
during a modernization roundtable last year.
The Army stood up its networks years ago across
several installations, Yee said. This creates difficulties
within the modernization effort because as these networks are collapsed,
consolidated and brought together into one standard architecture,
this means that base camps and stations no longer have the control they
used to have over these networks from years ago, he said.
Culturally, this can be a big change, as a lot of control has to be given up
by the base, but now there will be a lot more standardized and centralized
modification work, he noted.
From a funding perspective, Yee said the current budgetary environ-
ment prevents the Department of Defense from moving as fast as it
would like. He offered that the Army is on track to meet DoD’s deadline of
modernization by 2019, which is a joint deadline.
While the Army is continuing to work with the other services in this
effort, continued partnering will pose additional challenges.
“When you talk about a deployment environment, we’re already there
especially with the JRSS,” Yee said, referring to Joint Regional Security
Stack.
JRSS is about security — not just about transport, but hardening, Yee
offered. JRSS takes over 100 points of presence and shrinks them down to
25 across the services to really tighten the security by shrinking the attack
surface.
T
UPDATINGTHEARMY’S
LEGACYTECH IS
A DIFFICULT BUT
NECESSARY CHALLENGE.
CULTURE CLASH
Army network modernization
challenged by funding, culture
By Mark Pomerleau

9. 9 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:ARMY
ith the dual-hat responsibility of being the Army’s
chief information officer and leading G-6, the Army’s
communication and C4 division, its new head intends
to focus heavily on the latter job.
“I want to make sure that I pay close attention to
the G-6 role,” Maj. Gen. (promotable) Bruce Crawford
said at TechNet Augusta in August in his first public
remarks since assuming the role from retired Lt. Gen. Robert Ferrell.
“I’m of the opinion that one of the major lifts for me as the G-6 and chief
information officer is ... I won’t call it a pivot because you’ve got both CIO
responsibilities and you’ve got G-6 responsibilities, but I am going to orient
and I am going to focus on the G-6 responsibilities because that’s where a
lot of our people are,” Crawford added.
“That’s where the young, hungry captains and lieutenants are. That’s
where the sergeant is, and that’s where the warrant officer lives.”
Crawford noted that he will need to know and understand their
problems and challenges in order to better serve them, especially at the
tactical level.
Instead of talking about the enterprise as its own separate entity, he
added, he has to be able to articulate the impact of the enterprise at the
tactical level as the area he can most help the 6s.
THEARMYNETWORK
The Army officer also emphasized how the network should work for the
soldier, not the other way around.
Crawford explained that the network must be viewed as a weapon
system and all of its mission areas should be evaluated to get at the
network the Army needs vice the network it has. These mission areas
include intelligence, business, warfighting and enterprise.
In terms of network characteristics Army seeks, Crawford said it should
be simple and intuitive; ready, available and resilient in all environments;
expeditionary, mobile and capable of voice, data and video on the move;
and it has to enable the soldier to observe, orient, decide and act.
From a technical standpoint, the network has to have a process of
mitigating electronic signatures, Crawford said.
“One of the things the Army is going to have to wrap its head around
is: Does everybody need the same capability?” said Gary Martin, program
executive officer for Program Executive Office Command, Control and
Communications-Tactical.
Martin added that the service performs technology refreshes every few
years and is just completing one.
“Next yearwe start the next cycle. TheArmy’s huge,” he said, adding that
to give a new capability to the entire service takes a long time.
The real issue the Army must address, he said, is whether everyone
needs to be equally equipped. The force will have to balance how long it
takes for a new capability to touch the entireArmyversus trying to spin out
more quickly and get at portions of the service. However, this model raises
concerns of variations across the force that could lead to compatibility
issues between units and in training.
W
NewArmy CIO/G-6: Network
should support war fighter, not
vice versa By Mark Pomerleau
Maj. Gen. Bruce
Crawford
“I want
to make
sure that I
pay close
attention
to the G-6
role.”
Maj. Gen.
(promotable)
Bruce Crawford,
Army CIO

10. 10 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:MARTINBARRAUD/GETTYIMAGES
he intelligence community’s IT modernization lift is more
than just a synchronized effort of various stakeholders and
service providers delivering technology solutions — it’s about
changing the way the intelligence community functions.
This is no easy feat, as the IC tends to dig its heels
into operating procedures that vary from agency to agency,
ultimately creating barriers to sharing vital information.
“We are learning our lessons from 9/11,” said Charles Rhodes, who
works within the Office of the Director of National Intelligence‘s chief
information officer unit. Speaking at the 2017 DoDIIS Worldwide
Conference in St. Louis, Missouri, in August, he was referencing one of the
key determinations from the 9/11 Commission Report — that government
agencies did not talk to each other and share information.
The IC’s massive IT modernization effort, known as IC IT Enterprise (or
ICITE), consists of three primary goals, Rhodes said: increased intelligence
integration, enhanced IT safeguards and greater efficiencies.
ICITE consists of a variety of service providers all working to integrate
agencies and data within the IC and the Department of Defense with the
means of treating data as an IC asset, which is a key point of departure
from previous years where intelligence derived from a particular agency
within a specific intel disciple was thought to be owned by that agency, not
the broader community.
“To share information, an agency had to sign a memorandum of
understanding with each sister agency,” Rhodes said of the pre-ICITE days,
adding that this is not great for national security.
“What ICITE has enabled is a tremendous opportunity to achieve
mission outcomes that would not have been possible with the legacy
infrastructure,” Sally Holcomb, deputy NSA CIO, said at DoDIIS.
The service providers include:
• Desktop environment: Essentially the foundation and starting point
of ICITE that serves as the user-interface portion, which is a joint effort
led by the Defense Intelligence Agency and the National Geospatial-
Intelligence Agency meant to deliver industry-grade desktop features to
IC users.
• Network requirements and engineer service provider: Implements
new site connectivity through franchised campus-area networks and
distributed wide-area network responsibilities led by the National
Reconnaissance Office.
• Data services architecture service provider: A joint NSA-CIA
venture that provides a set of targeted data-services solutions, as well as
management, distribution, conditioning and transport services into the IC
cloud throughout the data life cycle.
• Identification, authentication and authorization service provider:
Securely manages authorized access to info throughout ICITE services.
• IC cloud: Made up of both the commercial cloud services — known as
C2S and managed by the CIA — as well as the IC Gov Cloud — managed
by NSA — which provides elastic, on-demand utility data and storage
services.
• IC applications mall: Connects the entire IC, bringing together
people and data with an integrated applications marketplace accessible
from desktops across the workforce.
• Information transport service provider: Share information across the
T
integrating
information
ICITE is about changing the way
the intelligence community does
business By Mark Pomerleau
THE INTELLIGENCE COMMUNITY’S
MASSIVE MODERNIZATION
EFFORT HAS THREE PRIMARY
GOALS: INCREASED INTELLIGENCE
INTEGRATION, ENHANCED TECH
SAFEGUARDS AND GREATER
EFFICIENCIES.

11. 11 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
IC and domains with the DoD, U.S. government organizations and allies.
• Enterprise management services provider: Provides a consolidated
service desk and risk management across the ICITE service providers.
GETTINGTO UNCLASSIFIEDAND
WORKINGWITH DOD
At the heart of the ICITE project is allowing analysts and IC employees
to get anywhere; and to do that, they need a desktop.
They need a system to log into that’s got a cloud behind it that runs
email — in this case, SharePoint, said Peder Jungck, intelligence and
security sector chief technology officer at BAE Systems, during an
interview with Fifth Domain. BAE Systems is the prime contractor for the
desktop environment effort.
Acting CIO for ODNI Jennifer Kron said at the DoDIIS conference that
for the first several years of ICITE, the community focused on the top-
secret/secure, compartmentalized information domain and on available
services within the U.S., specifically within the Washington metropolitan
area.
“But clearly most of our colleges, our customers, our partners don’t live
on the TS/SCI fabric within the [Capital] Beltway within D.C.,” she said.
“So, we need to make sure that the ICITE services are available on the
secret and unclassified levels as well,” and availability without latency out
west and overseas, too.
This is especially prudent for DoD partners as, with the exception of the
intelligence staff, military operations function at the secret level and many
others at the unclassified level.
The second C2S region will launch in November 2017 and will be acces-
sible via the secret network fabric, said Ryon Klotz, a C2S representative.
This is in direct response to a mission demand of those DoD IC elements: a
cloud-hosting infrastructure to better support the war fighter.
Vickie Paytas, a representative for the data-services architecture, cited
during a panel at DoDIIS research into moving services to the secret and
unclassified networks as opposed to top secret. While this effort is still in
its infancy, the representative said the DoD has data in the cloud through
the data-services architecture’s data-ingest management systems, and
there’s an effort to work with the DoD to understand what the department
needs to get data to the cloud so it’s discoverable.
DoD is also using some services from the identification, authentication
and authorization (IAA) service provider, which helps with information
sharing because they get the persistent access control, said Pratiksha Shah,
an IAA representative.
IAA offers the capability to tag data in a cloud environment, only
allowing it to be viewable by authorized, tagged users enabling secure data
information sharing based on user access to the data.
On top of aforementioned efforts, Shah added, there’s support for an
expansion of services in which the DoD operates given IAA’s services will
eventually be available in the secret and unclassified domain as well.
PHOTOCREDIT:AIRFORCE
FOR ICITETOWORK,IT
NEEDSTOWORK OUTSIDE OF
WASHINGTON,D.C.

12. 12 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:ARMY
he Defense Information Systems Agency is undertaking a
comprehensive modernization effort for endpoint security.
DISA announced in late 2016 that it was rebranding its
Host Based Security System, or HBSS, which will be folded
into several other tools to provide an “evolved, holistic
approach to cybersecurity network defense,” to be known as
endpoint security solutions, or ESS.
The current HBSS system has been around for about a decade, and
modernization efforts are underway because the agency and DoD
recognize that greater efficiency can be attained by adopting newer
technologies as well as reducing the number of parts and pieces, said Seab
Herron, Endpoint Security Programs chief at DISA.
PRIORITIES
Herron said they can consolidate a lot of the work into smaller
applications and smaller tools, but to get there, there must be significant
collaboration and coordination with component counterparts as well as
the individual services, whose opinions, he said, are probably the largest
they subscribe to.
To that point, he noted his shop as well as counterparts within the
government are seeking to simplifywarfighter requirements and platforms.
Herron said the immediate challenge is the need to move more quickly and
get security in place to relieve the burden on troops for the sustainment of
some of the complex security tools.
The goal is to adopt capabilities that are more automated and that
require less intervention by the warfighter, a similar effort being
undertaken by other individual services. Simplifying the user experi-
ence by adopting tools that are less complex but still work well is a lesson
that has been learned over the last 10 years, Herron said. Specifically, the
government is after vendors to give them what they want and provide
solutions that are not overly complex and are not difficult to deploy and
sustain, he added.
Herron said his other priorities include adopting smarter technologies,
such as machine-learning-capable tools. These will allow applying tools to
more diverse networks, especially the tactical and disadvantaged networks
— or network that has limited connectivity — that aren’t able to use the full
capability of tools DISA and DoD have.
Adopting Windows 10, mandated by former DoD CIO Terry Halvorsen,
is also a priority.Windows 10 and its manufacturer, Microsoft, have taken a
more aggressive security posture within its operating systems, Herron said.
Third, Herron described the need to accelerate the acquisition process.
“We cannot continue to take as long as we have historically taken to put a
capability in play,” he said. “We have to be much, much quicker.”
As adversaries have become smarter and are increasingly able to
understand and get around defensive architectures, nothing is fool-
proof anymore, Herron said.
“Even if we figure something out and put something in place today,
it probably won’t be very long before the bad people find out how to get
around it,” he said.
As such, an acquisition cycle and rapid authority is imperative.
Herron described how DISA is leveraging vehicles such as other
transaction authority and the Defense Innovation Unit-Experimental
to move things forward.
DISA updates network
By Mark Pomerleau
T
DISA HAS REFOCUSED
CYBERSECURITY EFFORTS
ONTHE ENDPOINTS.

13. 13 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:U.S.MARINECORPSILLUSTRATIONBYJENNIFERSEVIER
he Marine Corps Forces Cyberspace
Command is a direct service link for U.S.
Cyber Command, but the Marines Corps
mission set in cyberspace is much more
expansive than just the man, train and
equip cyber mission force CYBERCOM
contribution.
MARFORCYBER, similar to the other service cyber
components, conducts cyber operations and secures,
operates and defenses the Marine Corps Enterprise
Network (MCEN).
MARFORCYBER commander Maj. Gen. Lori
Reynolds gave written congressional testimony on
how MARFORCYBER is helping add cyber capabilities
into the Marine Air Ground Task Force, or MAGTF.
The commandant of the Marines, in a recently
published operating concept outlining a modernized
focus for the Force Design 2025, “understands the
necessity to move forward quickly to build MAGTF
capability to operate in all five domains. This is not the
fight of the future, but the current fight we are in right
now,” Reynolds wrote.
In terms of the delineation between operations
and generic IT, “we see cyber as maneuver,
intelligence-driven operations and capabilities whether offensive
or defensive along with the analytics that go with that,” Gregg Kendrick,
executive director of MARFORCYBER, said during a March keynote
address. “IT, information technology, we see as the infrastructure side of
the house, whether hardware or software — it could be apps, it could be
just fiber — but the information technology would be the infrastructure
that you ride along or use.”
Separate from MARFORCYBER, the Marines, under Marines Corps
Systems Command, recently stood up a cyber advisory team (CAT),
which is made up of acquisition professionals and located at the command
deck as a command asset for program office to facilitate and expedite
acquisition and provide expertise on all things cyber.
The team developed two primary lines of effort under this program: an
emergency acquisition process, which focuses on fielding capabilities in
less than 30 days; and an urgency acquisition process, which is designed to
field capabilities between 30 and 180 days. Anything that might take more
than 180 days will be considered under the traditional acquisition process
as it is clearly not an urgent need.
Mike Cirillo, the CAT’s director at Systems Command, told Fifth Domain
in a recent interview that the emergency 30-day process was validated
back in the fall. They have fielded about $100,000 worth of IT that directly
supported a cyberspace operations capability needed by MARFORCYBER,
he said.
This process came out of a cyber task force stood up in 2015 at the
direction of then-commandant Gen. Joseph Dunford. One of the four
tasks outlined by the commandant sought to improve acquisition, Cirillo
said. The commander of Systems Command went after this by taking the
“the cream of the leadership and the command,” Crillo said, which
included cyber IT program managers, senior counsel, senior contract-
ing officers, senior logisticians, senior subject matter experts and senior
engineers. They collaborated for three months and developed 26
recommendations to improve acquisition within the Marine Corps.
Half of these recommendations, he said, dealt specifically with Marine
Corps Systems Command and Marine Corps central acquisitions
activity for ground weapons and IT — what Cirillo described as “little ‘a’”
acquisition. The other half dealt with “big ‘A’” acquisition, to include
capabilities for those in the field such as MARFORCYBER personnel.
Cirillo added that over the course of about a year or so, culminating
around the beginning of this year, Marine Corps Systems Command
more or less completed or implemented their half of those 26 recommen-
dations and saw a good amount of success changing the culture within the
command to understand the need as well as the “urgency of cyberspace
and threats that exist out there all the time everyday at all levels
touching Marines forward, touching Marines and civilians here at
Quantico and touching our family members at home; we’re all connected
to the same cyberspace and hence we’re all exposed to the same threats.”
Cirillo noted that while the three main cyber organizations within the
Marine Corps — MARFORCYBER; the C4 directorate, which houses the
service’s CIO; and Systems Command — are on the same page in terms of
countering threats, each has their own specific mission.
The CIO’s office is going to be concerned with things like investment
risk, standardization risk, procurement risk, while the MARFORCYBER
is focused on securing, operating and defending the MCEN. Systems
Command, on the other hand, is focused more on the acquisition and
equipping front and is more interested in cost, schedule and performance.
Brig. Gen. Dennis Crall, the service’s CIO, has described several times
how the service has been undergoing a network transition of sorts,
transitioning to one MCEN going from pre-Navy Marine Corps Intranet
to NMCI and now moving to a Marine-owned and -operated network.
“We haven’t fixes some of the vestiges of unification,” Crall admitted
during a March keynote address that was hosted by the Armed Forces
Communications and Electronics Association, “and we’re smack in the
middle of the Joint Information Environment bringing in things like the
Joint Regional Security Stacks.”
T
Marine corps applying
rapid acquisition
By Mark Pomerleau
MARFORCYBER HAS FIELDED MORE
THAN $100,000 INTECHTO SUPPORT
CYBERSPACE OPERATIONS.

14. 14 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:NATO
ince NATO’s declaration last summer deeming cyber a
domain of warfare, the alliance has looked at several ways
to bolster its cyber defenses.
The alliance has mainly taken concrete steps toward cyber
defensive efforts, as NATO’s offensive capabilities are still
nascent, despite calls for robust cyberattack solutions.
“In NATO, we need to figure out what cyber operations are
before we decide what the organizational construct is. We need to decide
what precisely cyberspace is as a domain for operations. Additionally, we
need to set down what the rules of engagement are because cyberspace is
a different and unique domain for operations,” said Brad Bigelow, the chief
technical adviser to the CIS/Cyber Defense (Communications Information
Systems/CD) staff at the Supreme Headquarters Allied Powers Europe, or
SHAPE, NATO’s strategic operational military command.
The NATO Communications and Information Agency, also known as
NCI, is working to modernize its IT posture as a means of keeping up with
threats and unburdening deployed forces downrange.
Gregory Edwards, director of infrastructure services at NCI, told Fifth
Domain in an interview that under a new contract, the agency isn’t focused
so much on technology but rather IT modernization.
“We in NATO see this as a fundamental change in how we will operate,
maintain, secure and sustain our services,” he said.
The modernization effort is focused on efficiency, resiliency and
flexibility.
Flexibility “is key because we don’t know where we will be deploying
forces,” Edwards said in regards to how IT modernization helps to better
posture NATO.
“It would be quite expensive to equip multiple forces with all of the
software and hardware that they might need, so this centralization and IT
modernization gives the ultimate flexibility to NATO at a cost that we’ve
already assessed to be a savings to NATO overall in our budget.”
The modernization effort looks at centralization and virtualization of
services.
For NATO, they must be able to deploy forces around the world to
defend the alliance’s interests. These deployed forces must be able to
have reach-back capability without overburdening them in the field with
tons of equipment.
As joint force commanders have missions they need to perform, with a
variety of nations that come together to achieve that mission, forces, troops
and equipment are provided by all participating nations. It is then NCI’s job
to configure a set of services they might need to include applications, voice
services or data, Edwards said.
The speed at which NATO can configure, reconfigure and change overall
services for missions is the major contribution that the IT modernization
program is going to bring for joint force commands and operators in the
field, he added.
S
NATO COMMUNICATIONS
AND INFORMATION
AGENCY IS UPGRADING
THE ORGANIZATION’S
TECHWITHAN EYE
TOWARD BETTER
SECURITY.
NATO looks to modernize IT
By Mark Pomerleau

15. 15 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:RICKNAYSTATT/NAVY
he delineation between “cyber” and “IT” is generally thought
to be operations within a maneuver space versus the
infrastructure that enables that to happen, respectively.
Moreover, Col. Brian Lyttle, program executive officer for
cyber at the Defense Information Systems Agency, referred
Fifth Domain to the joint publication that governs cyber
regarding the delineation between cyber operations and IT/
cybersecurity.
Speaking after his participation in a recent panel discussion, Lyttle
noted that the document divides this up into three specific areas: offensive
cyber, defensive cyber and network operations, which is where most
people would think IT rests, he said.
“We’re getting a little bit confused on infrastructure versus buying a
network weapon for the [cyber protection teams] to use. And we have
to make sure we understand when we’re weaponizing the network to
do [defensive cyber operations] or [offensive cyber operations] versus
maintaining the” network, said Gary Wang, deputy CIO of the Army at the
time, now acting, last May. “I mean, it’s the only place where you’re going
to run your business [operations] and you’re also going to fight a cyberwar
on the same infrastructure simultaneously.
“Where there’s some confusion is when we say IT infrastructure
for keeping the lights on and network running versus … how we can
weaponize the network to support defensive cyber operations or offensive
cyber operations.”
This delineation is best exemplified by the two core missions of Cyber
Command’s operational defensive arm Joint Force Headquarters-DoD
Information Networks. DoDIN operations are those that are executed daily
as part of running a network while defensive cyber operations/internal
are specific actions taken in response to either intelligence, a threat or an
incident.
DoDIN operations can be construed as classic IT work performed by a
computer network defense service provider, while cyber operations — in
this case on the defensive side — can be carried out by cyber protection
teams.
The service chief information officers are generally more focused on the
IT-network running/cybersecurity side as opposed to cyber operations.
However, there has been a recent shift in thinking, making the distinction
of “operationalizing” the network moving traditional IT work to a more
operations-centric task.
Beyond the operational side, which is mostly orchestrated from the
service cyber command components, the services are looking at basic
cybersecurity efforts among their ranks — ensuring warriors exhibit good
cyber hygiene and hardening installations and weapon systems.
Both subordinate units of the various service cyber commands seek to
perform basic IT functions as well as ensure cybersecurity, the services
in concert but separate from the service cyber components are pursuing
cybersecurity initiatives.
The most prominent of these efforts is focused on a DoD-wide initiative
to harden weapon systems, all of which, including legacy, rely upon some
cyber-enabled element that makes them vulnerable to cyberattacks.
DoD announced that it was repurposing $100 million for evaluating
cyber vulnerabilities in weapon systems.
What’s the difference? By Mark Pomerleau
T
cyber vs. IT
CONFUSION SOMETIMES ARISES OVER
THE DEFINITION OF INFORMATION
TECHNOLOGY INFRASTRUCTURE FOR
KEEPING THE NETWORK RUNNING
VS WEAPONIZING THE NETWORK TO
SUPPORT DEFENSIVE OR OFFENSIVE
CYBER OPERATIONS.

16. 16 DoD IT Modernization | December 2017 FIFTHDOMAIN.COM
PHOTOCREDIT:STAFFSGT.JOELAWS/AIRFORCE
hen the Civil War broke out in 1861, many early battles
featured state regiments standing in lines, firing mus-
kets, just like their forefathers did during the Revolu-
tionary War some 85 years earlier. That’s not surprising,
as battlefield technology historically has taken years or
even decades to evolve.
However today, with the rapid pace of technological change, we are wit-
nessing an evolution led by the speed of software. The modern battlefield
changes daily and even hourly. The pace of change is constant and relent-
less, and it presents new challenges for our military that require agility,
flexibility and even automation.
Because of the dynamic shifts brought about by the arrival of software
on the battlefield, speed is now the warfighter’s most valuable resource.
Battles will be won by those who have the latest technology and updat-
ed legacy systems capable of outmatching any modern threat brought into
any of the battlespace domains.
The threats we face in the cyberspace domain are a leading example
of this challenge. Every day we see significant cyber threats — some state
sponsored, some by non-state actors — across multiple platforms. Notice
how frequently iPhones and laptops are requesting a system upgrade. Soft-
ware updates are being pushed out faster than everwith an unspoken mes-
sage: “We’ve identified another cybervulnerability that has to be addressed
now.” As the Internet of Things grows, this is now the imperative we live
with.
Cyber in the battlespace and its associated threats to our systems are one
of the biggest challenges facing our military today. We still see the head-
lines every day about the grave danger our servicemen and women face
from kinetic warfare — bullets, missiles, bombs. However, the number of
cyber-attacks and breaches — against both civilian and military targets —
are also becoming regular newsmakers.
The concept of our collective operations must evolve to address all of the
modern threats we are facing, utilizing a holistic view of the multidomain
battlespace. Utilizing kinetic-only models isn’t enough anymore. To de-
vise the best strategy for any mission, every probability of kill and battle
damage assessment exercise must now also include cyberwarfare strategy
alongside kinetic models.
There’s a growing awareness that our concept of operations has to con-
tinually evolve in response to rapid changes in both kinetic and non-kinet-
ic fights. We can’t be complacent enough to just employ the right tools for
today’s fight; we also need to be ready for tomorrow’s fight too. So we work
with our customers to analyze, perfect and integrate kinetic and non-ki-
netic effects. Today, we’re building tools to model this new space, and ref-
erence them to accommodate today’s warfighters.
The proliferation of technology and the ever-changing threat landscape
have transformed the need for merging non-kinetic cyberwarfare with tra-
ditional bullets and bombs. Addressing this new reality and changing the
waywe plan and train will ensure ourwarfighters and their systems are not
only ready, but relevant.
Todd Probert is vice president of Mission Support and Modernization for
Raytheon Company’s Intelligence, Information and Services business.
THE PACE OF CHANGE ON
THE MODERN BATTLEFIELD
PRESENTS NEW CHALLENGES
FOR OUR MILITARY THAT REQUIRE
AGILITY, FLEXIBILITY AND EVEN
AUTOMATION.
Militaryconceptofoperations
acceleratestothespeedofsoftware
W
Sponsor essay

17. CYBER SOLUTIONS
@RaytheonCyber
Raytheon Cyber
Raytheon.com/cyber
PROTECTING
EVERY SIDE OF
CYBER
Raytheon delivers solutions that help
government agencies, businesses and
nations protect critical information, systems
and operations across every side of cyber
— to make the world a safer place.
© 2017 Raytheon Company. All rights reserved.