Cyber, cloud lead DOD budget priorities
- By Lloyd McCoy Jr., Stephanie Meloni, immixGroup
- Feb 10, 2016
With the omnibus appropriations deal reached in late December, technology companies selling to the Defense Department can breathe a collective sigh of relief — the deal will allow for new program starts and many IT modernization initiatives.
DOD was appropriated $514 billion in fiscal 2016 for its base budget, which is about a 5 percent increase from 2015t. The IT budget request is $37 billion, up about 1.5 percent from the previous year. That also includes defense agencies outside of the service branches, such as DISA and the Defense Logistics Agency.
The initiatives driving DOD IT budgeting for fiscal 2016 and the foreseeable future are cybersecurity, cloud, infrastructure, and unified capabilities. We’ll delve into what this means for the traditional IT insertion points in the department, namely the service branches and DISA.
With the Joint Information Environment (JIE) serving as the department’s vision for security, interoperability and enterprise services, effective messaging should continue to be focused on how tools and technologies fit within the JIE concept.
Let’s dive into some of the major priorities and initiatives we expect to see through the remainder of the fiscal year and into fiscal 2017.
Cybersecurity, Cloud, and Unified Capabilities
Across the entire DOD, cybersecurity remains the highest priority. Because of the increasing severity and sophistication of cyber threats, the department must take aggressive steps to defend its networks, secure its data, and mitigate mission risks. Security considerations will affect almost every DOD IT investment.
We see the JIE manifested in the recent shift from localized network protection to a more enterprise approach for securing the DOD enterprise with the Joint Regional Security Stacks (JRSS).
Along with consolidating security stacks, DOD is standing up the new Joint Force Headquarters (JFHQ) organization. It will be charged with synchronized defense of DOD’s networks. Expect continued heavy demand for collaboration tools, testing technologies, and training programs for the new cyber workforce.
DOD will continue to press forward with cloud adoption as part of the JIE. In early 2015, DOD opted not to rely on DISA as its cloud broker, and revised security standards. Now FedRAMP-approved vendors can more easily host and process DOD data without jumping through more hoops – at least for unclassified data.
DISA will still remain in charge of cloud standards and security requirements for the DOD, and its Cloud Access Points (CAPs) initiative aims to reinforce the gateways between internal networks and the web.
CAPs are designed to perform intrusion detection, firewalling, and data loss prevention. DOD wants to scale CAP usage across the department, so commercial cloud providers looking at DOD sales will likely have to customize solutions based on CAP requirements.
In fact, if you build out a tool that works seamlessly with the CAPs, you may have a leg up on competitors.
In terms of shared services, Unified Capabilities (UC – providing voice, video, and various collaboration tools over the Internet) is an area the Army, Air Force, and DISA are working on together as part of a DOD wide effort to move away from older, hardware based systems.
Interoperability will remain a priority at DOD — whether that means ensuring the new electronic health record can talk to the VA or verifying that systems are interoperable not just with internal DOD mission partners but our allies as well.
DISA’s fiscal 2016 base budget request is about $9.4 billion. Of that, IT spending accounts for $4.6 billion – a 1.9 percent decrease from last year due to expected drops in fees the rest of DOD pays DISA for the services it provides.
In terms of priorities, IP-based collaboration will be an increasingly important service DISA provides to the branches. With a goal of true interoperability, DISA will be looking to invest in real time data sharing, speech recognition, VOIP, and state of the art collaboration tools.
Also, despite it having a reduced role in cloud procurement for DOD, cloud vendors should note that DISA is exploring a variety of off-premise and on-premise hybrid cloud approaches, which should gain momentum and adoption in 2016 and 2017.
On the cyber front, DISA wants to pursue a robust and layered defense approach to security, from the Internet access point down to the endpoint, marrying cyber and analytics to analyze changes and forecast over-the-horizon threats.
The Army has budgeted $7.6 billion for IT out of its $127 billion operating budget, which represents a 3 percent increase to the IT budget request, due to increased investment in communications and infrastructure.
One of the Army’s biggest IT initiatives will be increased use of the commercial cloud. Army’s overall goal is to migrate all enterprise applications to the cloud by the end of fiscal 2018.
With its new cloud strategy, the Army has been able to make more progress with Unified Capabilities. The RFP for UC is expected to come out by the end of fiscal 2016. Also tying into cloud are Home Station Mission Command Centers for standardized tactical communications to overcome remote deployment limitations, demonstrating the Army’s emphasis on developing mobile solutions for deployed warfighters.
The other biggest IT efforts for fiscal 2016 within the Army will relate to cybersecurity. Army is trying to shore up and improve its existing cybersecurity efforts with a few big initiatives. The first is “Information Technology Box” for cyber. The Army is depending on this acquisition method to help it get cyber products quickly. IT Box will look to COTS for cyber tools like insider threat and discovery software.
Air Force spending
The Air Force’s fiscal 2016 IT budget request is $5.3 billion out of an overall budget request of $122 billion. That’s a 5 percent decrease over last year, due to realignment of portfolios and priorities. The decline comes out of operations and maintenance funding; however, the service is actually seeing a $300 million increase in capital expenditure budgeting, as it’s an organization that is dedicated to developing or purchasing more innovative and newer capabilities.
The most pressing of the Air Force’s new technology priorities is integrating cyber and intelligence to help plan for offensive cyber warfighting. Now that the 25th Air Force reports to Air Combat Command, it is looking for ways to more effectively plan operations and defend air and cyberspace.
Vendors should make information protection, secure storage, and availability part of their strategies with Air Force customers.
The Air Force also is paying increased attention to cybersecurity for weapons systems, especially protection of command and control systems like aircraft. Many of these systems were designed and built before the Internet existed, so cybersecurity was not a concern. Now the service needs help identifying and categorizing risks and baking in cybersecurity requirements to correct this issue. Look to assist them in identifying vulnerabilities for networked systems – from supply chain and maintenance up to weapons systems sensors, including software code.
The Air Force is a step ahead of the Army when it comes to JIE initiatives like UC and the cloud. Its Collaboration Pathfinder cloud platform is used for email, collaboration tools, and storage capabilities. This commercial cloud work doesn’t mean the Air Force has abandoned DISA, however; the service wants the most cost-effective solution, mixed with the appropriate security, whether that’s through commercial sources or DISA.
The Navy’s 2016 base budget request is about $161 billion. Of that, $6.5 billion is requested for IT – a 3.9 percent increase – due largely to cyber spending for next generation and tactical command and control systems.
The Navy’s Innovation Cell will serve as a platform allowing the service to rapidly and efficiently introduce new technologies. Among its first challenges for industry is data analytics. The Navy’s ability to conduct detailed data modeling, mining, and predictive analytics is limited, although almost every activity within the service has expressed the need for these solutions.
The Navy is also using the Innovation Cell to seek out ways to scale up virtualization and increase wide area network storage capacity to accommodate voice, video, and data carried over IP.
Of course the Navy’s largest investments are CANES and NGEN (the service’s consolidated afloat and ashore networks). NGEN has three top priorities: its tech refreshes (conducted every six months as the primary vehicles for modernization), preparing for the contract’s recompete, and consolidating to 15 NGEN data centers. For CANES, expect installations to finally start ramping up this fiscal year.
The Navy sees cloud computing as a critical enabler of the JIE’s emphasis on secure and efficient access to information and IT services anytime, anywhere, and on any secured device.
Cloud computing will also allow networks to be more interoperable, a key tenet of the JIE. Right now the focus is on the low-hanging fruit: unclassified or lightly sensitive data.
The Navy needs assistance with establishing trust between systems – and that challenge becomes more complex with commercial cloud hosting thrown into the equation. Disaster recovery, patching, and scanning are also key issues. Vendors should remember these concerns as they help the Navy figure out the right mix of commercial, private, or hybrid adoption.
The three biggest priorities for the DOD in fiscal 2016 — cybersecurity, cloud adoption, and shared services— are nothing new, but the DOD is trying to update its acquisition strategies, pilot more projects, and issue more challenges to drive innovation and get access to newer capabilities more quickly.
Vendors selling to the DOD need to be aware of their customers’ pain points and how their IT projects relate to the overall DOD mission. Having a continual dialogue between program managers, CIOs, and end users will continue to be vital to achieving success.
Lloyd McCoy Jr. is a Market Intelligence Consultant with immixGroup, which helps technology companies do business with the government. Lloyd focuses on Defense Department agencies, as well as public sector cybersecurity. He can be reached at Lloyd_McCoy@immixgroup.com or connect with him on LinkedIn at www.linkedin.com/in/lloydmccoy
Stephanie Meloni is a senior analyst with immixGroup. She can be reached at Stephanie_Meloni@immixgroup.com.