DISA calls for end to ‘institutional silliness’ in military cyber

The Defense Information Systems Agency (DISA) recently released a new strategy to accelerate cyber-protection efforts for US warfighters and banish what its director, Lt Gen Robert Skinner, has described as ‘institutional silliness’.

In a public letter to accompany the 27 October launch of the strategy, Skinner set out his view of the best approach for DISA: 'Achieving our strategic vision requires consolidating and standardising IT services, adopting proactive early-warning monitoring or sensing practices, automating responses, migrating legacy services and capabilities to cloud-based offerings, and developing mobile capabilities at all classification levels so that our support to the mission is never diminished, regardless of work location'.

For DISA and the Joint Force Headquarters Department of Defense Information Network (JFHQ-DODIN) — the C2 hub for US military cyber — the mission is to enable lethality at a multidomain operation level by implementing a new network, infrastructure and capabilities in the next three years to gain an advantage over peer adversaries.

The official document outlines five lines of effort for a successful outcome: prioritisation of C2; implementation of next-gen technologies; leveraging data gathered by the DoD; building a new network architecture; and empowerment of the workforce.

Elaborating on the importance of C2 as a keynote speaker at the AFCEA TechNet Cyber conference on 27 October, Skinner said that DISA 'cannot [afford to] fail' in the ability to deliver C2 to senior leaders such as the President and the Secretary of Defence.

He added: 'I would offer there is no mission in the in the department that is not going to require the ability in some form or fashion with the capabilities that are provided under command and control. That's why we are prioritising command and control.'

Skinner also outlined that DODIN today covers forty-five Areas of Operation (AOs), arguing that it is crucial to exercise C2 across all of them. AOs define boundaries across the physical layer of the DoD cyberspace.

The new strategy is undoubtedly ambitious. A commitment to create a 'zero trust' security and network architecture, implementation of the Joint Warfighting Cloud Capability (JWCC), and the modernisation of the DODIN backbone by leveraging software-defined technologies, are only some of the aspirations outlined in the paper.

As for DISA, the agency believes the way forward is to tick all the boxes faster with greater collaboration between government, industry, academia and foreign allies.

'We have a phrase that we call institutional silliness' said Skinner.

'How do you drive institutional silliness out of organisations, because that makes you ineffective, and it makes you inefficient? I would offer [that] industry can help us by helping us identify those things… help us to try and get after the policies and the guidance, whether it's acquisition related or other things. That how do we get rid of institutional silliness.'