For the first time, classified cloud capacity will be shared between the Defense Department and the intelligence community. The two organizations recently signed a memorandum of agreement that will let them intermingle title 10 and title 50 funding in a top-secret cloud environment.
The service, part of DoD’s new Joint Warfighting Cloud Capability (JWCC), will be available in the continental U.S. (CONUS) first, with plans to eventually make it available outside the continental U.S. (OCONUS).
“That’s going to be huge moving forward, as an enablement for [Combined Joint All-Domain Command and Control] CJADC2 to five eyes and the [defense industrial base] — just in general, classified cloud CONUS and OCONUS. I would say the partnerships, both for the five eyes and third-party capabilities, that’s going to be a huge one,” Ryan McArthur, Defense Information Systems Agency’s program manager for Joint Warfighting Cloud Capability (JWCC) said at a National Defense Industrial Association JADC2 conference Tuesday.
CJADC2 is the DoD’s concept for taking data from sensors and quickly converting it to actionable information used to make command decisions for military leaders and allies. Interoperability is one of the biggest challenges in making CJADC2 a reality. Creating secret cloud services that can be used by both the DoD and the intelligence community is a step forward for CJADC2 because it helps the two organizations move away from stove-piped systems.
One question that still needs to be worked out as the two organizations move towards sharing secret cloud access is authorizations. McArthur says DoD wants to get away from reciprocity agreements with the IC.
“What we’re working through between TS [top secret] and secret is who should own authorizations from a TS and secret perspective. Right now, we’ve done reciprocity on the AWS [Amazon Web Services] side,” McArthur said. “We’re actually working through agreements of who should have authorization if DoD transitions to having full authorization on the secret side, and I see maintaining full TS. But those are just in the beginning stages.”
The Pentagon awarded Amazon, Microsoft, Google and Oracle JWCC contracts in December as part of a multiple-award contract vehicle that allowed the department to acquire commercial cloud capabilities and services directly from commercial cloud service providers. Moving forward, McArthur said having JWCC in place with a finite number of cloud providers will help standardize requirements and ensure that capabilities are interoperable and connected.
“Where historically we’ve had the entire responsibility for transport on our side, we can let some of the transport functions happen on the back end from the cloud service providers. They have robust worldwide networks and the technology that has been put in place will enable us to take advantage of those while still having our own native capability,” McArthur said.
Over the next five years, McArthur said he wants to see changes to enable JWCC to take advantage of third-party services to enhance the cloud provider capabilities.
“I’m doing a modification right now to the contract that is going to put in third-party marketplace software as a service (SaaS) for JWCC so you can come to the contract work through the cloud service providers to have access to SaaS offerings,” he said.
As DISA moves to test and expand its cloud capabilities, it devised ways to use a DevSecOps model to change the way acquisition teams worked and make them more agile by automating the integration of security in the software development lifecycle. It also simplified the task order process to make it user-friendly and less time-consuming.
“What we’re trying to do with our task order process is change how we’re doing normal acquisitions from the paper process. And we’re changing it to an actual front end application process,” McArthur said.