Defense Department (DoD) Chief Information Officer (CIO) John Sherman said today that he is considering issuing strong, formal guidance to military service branches to get moving faster on the long-sought goal of reducing technical debt throughout the military and particularly on the IT and cybersecurity fronts.
Speaking at an event organized by AFCEA NOVA, Sherman ran through a long list of initiatives that his office is already pursuing across a range of priorities including cloud service, defense industrial base security, and the move to zero trust security architectures.
But the CIO made his strongest remarks about the need to reduce technical debt – specifically on IT and cybersecurity capability improvements.
“One thing I just brought up this week, to give you a little kind of breaking insight here, some of the tech refresh piece that we’ve let slide over the years – and I’m not going to call out specific components that haven’t done things in 9, 10, 11 years – no more,” he said.
“This is one thing the power of this office can do – and I’m going to do this in a cooperative way with the services … we may be sending out some guidance on this here in terms of how and what we expect,” Sherman said.
“We already have our budget certification where I can see how much they’re investing, but that doesn’t get the standards of periodicity of refresh, and I’m not just talking about where people are putting the hands on keyboards, I mean the stuff in the wall, the transport, the other things like that,” he said.
“So we’re going to work that just like we did our Joint Warfighting Cloud Capability guidance I signed out, which really led the way on [and] which was a paradigm shift to continue to move us towards enterprise cloud,” Sherman said. “This is going to be in that same vein of making sure we get this done across the department.”
Speaking to what has created technical debt throughout DoD, Sherman explained that the Pentagon focused a lot of investments over the past 20 years on active military campaigns and solutions and for challenges including intelligence, surveillance, reconnaissance, Special Operations support, and survivability against improvised explosive devices.
“But as we look at great-power competition now against the PRC [Peoples Republic of China] and Russia, we have to think differently about this, and IT cannot be the bill-payer anymore,” he said.
In describing areas of technical debt that need to be addressed, Sherman said “one on the tech debt front is hardening our weapons systems, our planes, our ships, our ground vehicles … and our IT systems that support this.”
Speaking of the U.S. fight against ISIS, Sherman said the insurgent group had information operations and remains a “wily adversary,” but said he “wasn’t as concerned about them being able to hack into an F-35, or hack into a HIMARS, or be able to use electronic interference to be able to interfere with our GPS or something like that.”
But because of the greater sophistication of the Chinese and Russian militaries and what DoD is seeing play out in Russia’s invasion of Ukraine, “we’re seeing a glimpse of what real third decade of the 21st century warfare looks like,” he said.
Speaking of the need to reduce technical debt, the CIO said, “working with the program offices and all the military services, these cannot be optional investments anymore.”
He said that the undersecretaries of the service branches “get it that IT and cybersecurity are not just blinking lights in the background, it’s not just something the CIOs, the J-6s, the CISOs have to handle – it is everybody’s responsibility.”
“You hear terms like cyber survivability now, and that is a critical thing we need to do but … still we’re in a resource-constrained environment, there are many investments we have to make to modernize, and cyber and IT has been one of them,” he said.
