Feb 24 2023
Cloud

RMCS23: Outgoing Air Force, Navy CIOs Talk Network Consolidation and Cloud

Both service branches have begun implementing zero-trust tools and pilots as they work toward a single warfighting environment.

The Air Force should be able to collapse secret and secret root logins in several years as it nears its zero-trust “end state,” a single warfighting environment with partners and allies, according to Lauren Knausenberger, CIO for the service branch.

Knausenberger and Navy CIO Aaron Weis, both of whom announced their resignations this week, chatted on stage Wednesday at the Rocky Mountain Cybersecurity Summit 2023. The two explored how they’ve accelerated the implementation of zero-trust security architectures, including network consolidation.

The Department of Defense published its Zero Trust Strategy and Zero Trust Capability Execution Roadmap in November, the latter offering a detailed path to implementation of pillars including networking. The Navy already has consolidated its separate network for nuclear propulsion, containing confidential and highly secure data, into its Impact Level 5 network for controlled unclassified information and unclassified national security information and is red-teaming the security.

“We can’t have 22 networks at Ramstein. We can’t have multiple ways to log in to secret and secret root,” Knausenberger said. “We have to collapse as much as we can, and I do believe, with a little bit of effort, in the next two to three years, we should be able to collapse secret and secret root.”

Consolidating secret and unclassified logins should be possible in the next five years, and despite policy hurdles, top secret logins also will be included, with industry’s help and DOD CIO support, she added.

Click the banner below to follow our coverage of RMCS 2023 on Twitter.

How DEOS Paved the Way for Zero Trust

Knausenberger and Weis helped cement the multibillion-dollar Defense Enterprise Office Solutions cloud contract, with a Microsoft Office 365 capability called DoD365, in 2020. DEOS not only helps DOD purchase IT faster but also allowed the Navy to acquire zero-trust tools now protecting half a billion data points via the Navy Cyber Defense Operations Command in Suffolk, Va.

“They can completely command and control, manage, mitigate, quarantine, fix any endpoint, whether it’s on the node or not,” Weis said.

The Air Force has multiple zero-trust pilots of its own underway, and many of its new applications were built with zero-trust concepts in mind, Knausenberger said.

Her branch started with financial apps because financial improvement and audit readiness was already a funding priority for the Air Force.

“It’s almost a forcing function with more money and attention from DOD to accelerate modernization writ large,” Knausenberger said.

DOD zero-trust efforts are seeing unprecedented branch cooperation, she added.

While the Air Force would never post its entire Microsoft Azure backlog for foreign adversaries like China to scour, it’s made a curated version available to partners.

“There is a scrum or scrums that includes both of our service providers across the Navy and the Air Force,” Knausenberger said. “This has never been done before.”

LEARN MORE: How space force acquisition teams balance security with functionality.

Why Cloud Providers Must Be Integrators

Both CIOs went on an industry tour organized by the DOD CIO two weeks ago, where they spent time with all four Joint Warfighting Cloud Capability contract winners: Microsoft, Amazon Web Services, Google and Oracle.

Microsoft focused on its use of artificial intelligence, the GitHub Copilot tool specifically, to completely replatform legacy apps written in languages like COBOL in cloud containers.

Zero-trust pioneer Google lost out on DOD revenue for years due to differences in security philosophies, but “I think that they were right,” Knausenberger said.

At the end of the day, DOD needs cloud providers who are good at integrating multiple capabilities such as continuous monitoring, enterprise services and app migration so they’re consumable, she added.

Knausenberger said she feels “really good” about DOD’s fiscal 2024 budget containing funding for zero trust, sensors, addressing technical debt and operationalized user experience.

“This is about warfighting capacity,” she said.

To learn more about the 2023 RMCS event, visit our conference page, and follow us on Twitter at @FedTechMagazine to see behind-the-scenes moments.

alzay/Getty Images
Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.