The Department of Defense’s enterprise cloud capability could help the Pentagon integrate international partners and allies into its efforts to connect all of the armed forces’ sensors and shooters under a single, unified network. But only if the Pentagon can get over some technical and policy hurdles first, Brian Hermann, director of cybersecurity and analytics at the Defense Information Systems Agency, said Tuesday.
Now referred to as Combined Joint All-domain Command and Control (CJADC2), the department’s rebranded JADC2 efforts places additional emphasis on the fact that a majority of the U.S. military’s battles are fought with a coalition and not alone. That means JADC2 initiatives across the Pentagon should also stress the importance of integrating partners and allies in early stages.
“Part of the reality of making cloud useful … [is] there are certain necessary enabling functions inside of those capabilities. Many of them are native functions that the cloud service providers can make available to us, but we have to make some of those investments in each of the cloud environments in order to make CJADC2 possible,” Hermann said during a panel at the annual JADC2 Warfare Symposium hosted by the National Defense Industrial Association.
Google, Oracle, Amazon Web Services and Microsoft each were awarded contracts for JWCC in December and began receiving task orders in the unclassified environment in March. The multi-service, enterprise cloud capability will also have opportunities for secret and top-secret offerings and is seen as a key enabler for the Pentagon’s JADC2 efforts.
CACI International Senior Vice President Peter Gallagher, who moderated the discussion, pointed to zero-trust cybersecurity and its enabling identity, credential and access management (ICAM) as some examples of department-wide technical solutions that could help JWCC integrate partners and allies.
While Hermann agreed, he emphasized that DISA isn’t starting with technical solutions.
“It’s not just the technical solutions that are necessary, but things like real collaboration on changing policy associated with identity and credentialing and access management,” he said. “It’s hard enough to do in the Department of Defense, it’s hard enough to do in the federal government, and doing that with our allies and coalition partners requires some policy changes, frankly, and it requires a level of trust.”
ICAM generally comprises a set of IT policies and systems that verify whether or not users have the right credentials to access certain parts of a network. The solution is a key part of the Defense Department’s journey to embracing zero trust, which requires everyone on a network to be continuously authorized while moving through it.
A provision in the Senate Armed Services Committee’s version of the fiscal 2024 National Defense Authorization Act would require the department to transition existing ICAM initiatives into an enterprise-wide program of record and address needs for managing multi-domain operations that leverage information and systems across varying classification levels.
“Establishing a level of trust in the identities of the people and the systems you’re working for is absolutely essential,” Hermann said. “You have to have that available if you’re going to enable automated connectivity, as well as even shared data for the purposes of understanding the common operational picture. And I think that’s a tremendous challenge.”
Hermann noted that some of the United States’ most robust alliances — such as the Five Eyes intelligence-sharing alliance that includes the U.S., Australia, Canada, New Zealand and the United Kingdom — might have some trust already established based on historical precedence.
But many combatant commands also have strong relationships with partners in their regions that would need to be addressed, he added.
“I think we have to make all of those functions available in the commercially hosted cloud, and then we have to take advantage of what cloud can bring,” he said.