WASHINGTON — The U.S. Department of Defense is forging ahead with IT projects despite the absence of a Senate-confirmed chief information officer, grappling with cybersecurity after a government hack and a cloud infrastructure with an uncertain future.
Leading the efforts in an acting capacity until President Joe Biden settles on the next CIO is John Sherman, the principal deputy under former DoD CIO Dana Deasy. He told C4ISRNET that he’s “not just keeping the seat warm here.”
Though it’s uncertain how long he’ll hold the job, cybersecurity is his top priority in the aftermath of the SolarWinds breach discovered in December that infected networks across the federal government, he said.
Sherman, who led major IT initiatives for three years as CIO of the intelligence community, will also carry on efforts to implement the DoD’s 2019 digital modernization strategy.
“One of my main areas is keeping up the press on all of our key initiatives that did start with our digital modernization strategy,” said Sherman, who served about seven months as Deasy’s top deputy.
Here are four pressing issues he faces.
JEDI: Not afraid to make big decisions
In a recent memo to Congress, the Defense Department disclosed that its enterprise cloud procurement, the Joint Enterprise Defense Infrastructure cloud, is potentially on the chopping block, pending a decision in the U.S. Court of Federal Claims.
The court is set to rule on a request to dismiss allegations of political interference by former President Donald Trump in the JEDI cloud award to Microsoft in 2019. If the court allows the case to continue forward, that would “bring the future of the JEDI Cloud procurement into question,” the memo said.
While Sherman would not discuss the future of the DoD’s cloud environment if JEDI fails, he said that any major decision needed on the project likely wouldn’t wait for a permanent chief information officer.
“My view is to work closely with DoD leadership on this, and while I’m vested with the acting role, we can’t wait, whether it’s on a big decision like that [JEDI] or other big decisions that may not be of a procurement nature,” Sherman said.
Top DoD technology officials have long asserted the pressing need for an enterprise cloud capability for artificial intelligence and other advanced computing.
Increased cybersecurity worries
Remote working during the pandemic accelerated the DoD’s goal to adopt a zero-trust cybersecurity architecture with strict identity verification requirements. Then, the federal breach through vendor software and other entry methods added to the need for innovation in the department’s cybersecurity.
“One of my key areas is to really increase our focus on zero trust and to maintain our strong focus on cyber hygiene and cyber accountability,” Sherman said.
He wants to work with Cyber Command, the military departments and Joint Force Headquarters-Department of Defense Information Network to clearly identify needed investments to enable zero trust, he said.
Sherman will help the department continue to navigate its cultural shift away from perimeter defenses to an in-depth approach to strengthen cybersecurity. He wants the department to move away from signature-based analytics to behavior-based, segment networks better, and increase identity, credential and access management capabilities.
“I want to flesh out even more the steps we need to take and the investments we’re going to have to make in the near term,” Sherman said. “Especially as we do the FY23 [fiscal 2023 appropriations] bill ... what [do] we need to do to really flesh out those other areas of segmentation, do even more on ICAM [and] do even more on behavioral based analysis.”
Improving software development
Under Sherman, the department’s top IT office is committed to “really furthering” cloud-enabled software development using the service’s fit-for-purpose clouds, such as the Air Force’s Cloud One or milCloud 2.0.
“Our job ... [is] really to synchronize and accelerate that [software development], really being the shepherd,” Sherman said.
Software development is critical to modernizing legacy platforms, advancing weapons systems and developing artificial intelligence tools. Because of the delay to the general-purpose JEDI cloud, organizations like the Joint Artificial Intelligence Center have had to use the Air Force’s Cloud One for computing needs.
To ensure the department is delivering needed tools for the future fight, “we’re going to have to be even more agile on areas like software development and procurement,” Sherman said, echoing statements from Kathleen Hicks, the new deputy defense secretary, at her confirmation hearing.
“If cloud is our jet engine or car engine, data is ... our high-octane fuel; we’re going to need to really unlock the power of that computing capability,” Sherman said. “Which by the way, the software that we’re going to either purchase or write is going to have to leverage to do what it needs to do, as will AI algorithms.”
Focus on the pandemic
The DoD has renewed its focus on COVID-19 concerns as President Biden and his Pentagon team take over, Sherman said. For him and the DoD IT team, that means continuing efforts to enable remote work, Sherman said.
“Our telework capabilities for the department I see as a critical piece of that COVID response,” he said.
The department will continue with plans to roll out a new, permanent collaboration platform with higher cybersecurity standards than the current solution, the Commercial Virtual Remote Environment. The platform for video conferencing and file sharing recently surpassed 1.4 million users, Sherman noted.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.