Just two years after the Department of the Navy released its IT modernization strategy, the “Information Superiority Vision,” the Navy has almost fully integrated all its users in an Office 365 environment.
“We are now 450,000 seats into a 600,000-seat Office 365 deployment and we will be done this fiscal year. We couldn’t be happier with how that’s unfolded at the Navy,” said DON CIO Aaron Weis during GovExec’s Accelerating Naval Modernization event.
Weis said the COVID-19 pandemic surfaced the need for network modernization and helped supercharge the effort.
“It’s network modernization and network consolidation, architectural modernization, the drive to cloud and the deployment of pervasive telework capability,” he said.
The Navy is currently working on a program called “Operation Cattle Drive,” designed to retire legacy IT and accelerate modernization across the department.
“We have to create our own maneuver space, we have to free up dollars so we can harvest those not to cut costs but to reinvest and focus on the modernization that has to happen,” Weis said. “In order to do that we need to aggressively look to retire legacy infrastructure, legacy systems and legacy applications.”
Chris Cleary, Chief Principal Cyber Advisor at the Navy, said he’s a big fan of Operation Cattle Drive because it enhances security without straining Navy cyber professionals.
“It reduces the attack surface,” Cleary said at the GovExec event. “It’s one less thing you also have to worry about and pay for. As more things are decommissioned there are cost savings and those resources can be used for other things. It’s setting a framework that can be followed and applied to other environments within the Department of the Navy.”
Even though the Navy is making strides in its modernization effort, cybersecurity remains an urgent priority.
According to Weis, the DON should approach cybersecurity the same way it approaches military readiness.
“We want to shift our approach to cybersecurity from one of compliance, checklists and audits, to one that we’re actively managing and looking at more much ballistically,” he said.
Cleary believes cybersecurity, resiliency and survivability are things the DON will always be working towards.
“We have to acknowledge that this is an infinite game,” Cleary said. “Cybersecurity is not a problem that will be solved, it is a problem that will be managed and we have to ensure that we’re staying ahead of it. I think it’s also a misconception to think that any one thing is going to keep the adversary out of our chains. They are dedicated and determined and will find ways to get through those environments, it’s just something we have to be in tune with.”
Vice Admiral Jeffrey Trussler, Deputy Chief of Naval Operations for Information Warfare, said IT modernization comes with its own cyber risks and often creates new avenues for bad actors to infiltrate DON networks.
“The number of platforms we have, the systems that make up the platforms and the external connections we have with those and what we want them to be...there is never an answer, it’s implement one thing and what’s next,” he said at the GovExec event. “It will be a constant moving process because every opportunity, every solution will have a vulnerability and we must remain agile.”
There are multiple technologies helping the Navy move away from a compliance mindset. As the Navy pivots to cyber readiness, Navy leaders want to actively use new and emerging capabilities around auto red teaming.
“It's less about did you install a patch and more about show me that the vulnerability is not exploitable,” Weis said. “Let's drill it, train it, show it and then use that capability of auto red teaming to unearth the real risks we need to go after.”
Project Overmatch is another program supporting the Navy’s modernization efforts. It processes raw data rapidly then assimilates it into actionable insights aligned with appropriate weapon systems. Project Overmatch is not only a key effort for the Navy’s IT modernization, but also for the Defense Department’s broader push for interoperability via the Joint All Domain Command-and-Control (JADC2) initiative.
“This will take us from where we were and how we were built to what we can be and on to that North Star where everything we build now is going to be fused and linked together for interoperability,” Trussler said.