DISA's rebalancing act

The Defense Information Systems Agency has historically faced the challenge of distributing information and supporting the systems that deliver it all over the world — serving customers in locations ranging from the Oval Office to Afghanistan's Helmand province. During the past 10 years, DISA also has needed to find ways to provide more of those services faster and less expensively. So challenges are hardly new.

But a variety of new circumstances — many of them created by policy rather than technology — are rising to potentially disrupt DISA's forward march: the potential loss of staff during a headquarters move scheduled for 2010, setbacks to a next-generation command and control (C2) program, and organizational friction arising from the creation of the Cyber Command.

As a result, the agency faces significant hurdles in the coming year that could change the complexion of its role in defense information technology. At least, DISA needs to rebalance some of its efforts even as it keeps advancing its information services capabilities.

“Information dominance is right at the center of what we're doing today,” said Army Lt. Gen. Carroll Pollett, DISA’s director, at the agency's Forecast to Industry event Aug. 7. “Obviously, we're a technical organization. But what we deliver is capabilities,” he said. He added that DISA is in the business of combat support and that DISA and its service suppliers and contractors serve the senior national leadership and troops on the front lines every day.

The signature platform for combat support is the Global Information Grid. During the past few years, the GIG has grown into a global network, riding fiber, satellite and terrestrial radio networks to provide computing and communications services all the way to the tactical edge. The information demands of the wars in Iraq and Afghanistan have pushed the GIG from being a strategic support network to a tactical one.

But the buildup of GIG capabilities was a relative luxury compared to the demands of today.

“It took seven months to ramp up for the war in Iraq,” said John Garing, DISA director for strategic planning. “Today, we haven't got seven days often to prepare for whatever engagement. We don't know what it's going to be — disaster relief, humanitarian relief in the Swat Valley. Is it Somali pirates? So I think our job is to enable the DOD to do the country's bidding wherever in the world that is, whenever it happens. And that means something different for us than set-piece programs that deliver things in years.”

Pollett and DISA's senior leaders are working carefully to tweak the DISA platform. The potential adversity expected with the move of DISA's headquarters from Alexandria, Va., to Fort Meade, Md., offers Pollett the opportunity to rebalance DISA’s workforce and reformulate strategies to speed and simplify the acquisition of new capabilities.

Seeding the cloud

The center of DISA's efforts is a vision of a cloud of computing services and capabilities, in which the circuits, servers and software components are largely transparent to DISA's customers.

The driving force behind the cloud computing effort is what Garing calls the efficiency imperative, the need to reduce cost and overhead for systems by moving to shared, standard systems for common services, such as e-mail. To meet that imperative, the agency is pressing forward with programs to standardize technology platforms at its Defense Enterprise Computing Centers (DECCs). The goal, according to DISA senior executives, is to turn the agency's computing services as much into a utility — a “plug-into-the-wall” service, as Garing puts it — as possible.

Projects such as the Forge.mil collaborative software development platform and Rapid Access Computing Environment are the first steps toward Pollett and Garing's vision of collapsing the layers of networks, enterprise computing assets and IT services into an enterprise infrastructure that DISA can use to quickly connect and integrate customers within and outside the DOD network.

“Going forward,” said DISA Chief Technology Officer Dave Mihelcic, “we don't want to view [the DISA enterprise architecture] as layers. This is evolving toward an integrated, IP-based capability. We're going to move toward extending IP out to the warfighter.”

The result will be one global Internet-like network that delivers information, communications and collaboration regardless of where the user accesses it.

Creating a cloud computing information utility for DOD is an ambitious goal that will require DISA to not only stretch the agency's technical capabilities but also convince customers — the military services — to buy in. Garing said about 75 percent of DISA's operating budget comes from charges to DISA customers. With budgets tightening, DISA needs to convince the services — now more than ever — that it can deliver IT services as well as or better than they can develop themselves and at lower cost.

“The more standard the computing platfoms become, the greater the potential for virtualization and multitenancy of applications, where it's appropriate," Garing said in an interview with Defense Systems. "Things like medical records systems, we may not want to virtualize across machines. But there are other [groups] that would benefit, and the key to that is standardization.”

The nucleus of this standardization effort is DISA's embryonic RACE program, which is the first step toward creating a standardized computing environment. Limited to systems built on Linux and Windows, RACE is a pretested and approved configuration that makes it possible for new virtualized servers to be quickly provisioned.

“RACE allows a user to provision a virtual machine on demand,” Mihelcic said. “RACE is taking provisioning time [for new servers] from months to minutes,” he said. The turnaround time for a server provisioning is 24 hours because of financial controls, but the engineering process requires only seven minutes.

DISA has already performed information assurance certification on the hardware and operating system environments that run RACE servers, so customers don't have to worry about going through a lengthy Defense Information Assurance Certification and Accreditation Process. And DISA has already begun to offer precertified software services on RACE. The Air Force and Army are migrating their customer relationship management software for personnel services to a hosted software-as-a-service version of RightNow Technologies' software that runs on the RACE platform.

Alfred Rivera, DISA's director of computing services, said DISA is working on adding one or more Unix platforms to the RACE program, which will significantly expand its applicability to DISA customers' existing applications.

However, the main barrier is getting customers to start using standard platforms, Garing said.

“A customer comes to us with an application that an integrator is putting together,” Garing said. “There are things, sometimes, that hook it to a part of the operating system it runs on. When we host that, it's a one-off event. They don't get the chance to use the capacity of on-demand services and to virtualize it.”

Garing said DISA's goal is to move customers toward more standardization so that the agency can take advantage of those capabilities and lower the cost and time to deliver them in the process. DISA also wants to virtualize the capabilities across DECCs to gain continuity.

There are some signs that DISA's customers are biting. In addition to the use of RACE-hosted CRM software, the Army has signed on to DISA's plan to provide centralized hosting for Exchange e-mail, and the Air Force is also looking into that capability, DISA officials said.

It remains to be seen, however, if the Navy and Marine Corps will buy into DISA's virtualization vision. The Navy is still preparing its acquisition strategy for the Next Generation Enterprise Network (NGEN), the follow-on to the 10-year-old Navy Marine Corps Intranet outsourced to Hewlett-Packard's EDS. At the Navy's NGEN industry day March 31, Rear Adm. John Goodwin told Defense Systems that the Navy would consider services from DISA for NGEN on an equal footing with private-sector bids.

Standardization and virtualization are essential to making DISA's platform more efficient and less costly. The primary challenge, DISA officials say, is turning that platform into a comprehensive enterprise infrastructure, creating a set of networked services and capabilities that is flexible enough to deal with rapidly emerging needs.

That enterprise infrastructure would need to not only support the individual U.S. military services but also allow them to collaborate with one another and external partners. And the infrastructure can't be limited to users who have high-speed connections to one of DISA's DECCs.

Pollett said an enterprise infrastructure is “the way we'll be able to push out [information] enclaves globally and get rid of the myth that you have to hit one of our DECCs.”

By pushing systems toward standards such as service-oriented architecture (SOA) and other Web-based technologies, DISA is hoping to initiate a new class of applications that developers can rapidly assemble from the elements of an enterprise platform.

For example, Mihelcic pointed to the National Senior Leadership Decision Support Service, a mashup application that pulls together multiple decision support services into a single environment that White House and Pentagon leaders can use for situational awareness of developing events. They also can use it to quickly access analysis and information resources that help them act on that data. The application is designed to get that information to leaders wherever they are and on whatever device they have available, anything from a secure desktop PC to a smart phone.

Mihelcic also noted that DISA is working to create a Web 2.0 environment for the defense community — from Intellipedia's wiki and blogs, which DISA hosts, to DEFStar, a social-networking site for the defense community developed by SRA International on the open-source Drupal Web platform, with sponsorship from Mihelcic's office. The DEFStar test site, which went live April 16, is intended to help users build relationships and “discover people in their extended community of interest,” Mihelcic said. “Next year, we'll do a pilot on the SIPRnet as well.” The Secure IP Routed Network test project will be shared with the intelligence community.

Beyond the military services

DISA is also looking hard at how to solve the problem of collaborating beyond its core customers — and beyond the SIPRNet.

“The biggest demand we have is coalition information sharing for C2,” Garing said.

The options for information sharing are limited, especially for partners who fall outside traditional military-to-military relationships. And even information sharing with coalition partners is overly complex, DISA officials say.

DISA supports a collection of networks for information sharing with coalition partners, including the Combined Enterprise Regional Information Exchange System. “If we can have common services [for Centrixs] hosted centrally, it would save us significant time, money and infrastructure,” said Air Force Brig. Gen. Peter Hoene, program executive officer for C2 capabilities at DISA.

Garing said the challenge is even bigger when it comes to collaborating with nonmilitary partners, such as first responders and nongovernmental organizations.

“It's not going to be any day soon that we're going to allow allies or others we're working with into our internal DOD network as equals to us,” he said. “But there is the potential to carve out a collaboration environment that may be attached to our network with requisite guards that could be used for a collaborative situation without concern about getting into our network,” he said. That could include going to one of the collaborative social-networking companies … or to some network and [asking] them to carve out a space that we could reserve, so we could turn it on, turn it off. On the classified side, it's a little more rigorous.”

Speed bumps ahead

However, Pollett and his senior managers must grapple with more immediate concerns.

With the Senate's move to kill the Net-Enabled Command Capability program in its version of the 2010 Defense appropriations bill, effectively canceling the program, DISA's leadership must regroup on efforts to deliver a next-generation C2 system.

The creation of the Cyber Command, ordered by Defense Secretary Robert Gates in June, will also pose a new set of structural and technical challenges to the agency.

All of that is complicated by the agency’s scheduled move from its Arlington headquarters to Fort Meade starting in 2010.

The move to Maryland was mandated by the Defense Base Realignment and Closure Commission, and construction of the new headquarters started before Pollett took over as director last year.

Pollett said 65 percent of DISA's employees at its Arlington headquarters have said they will move with the agency to Maryland, but that means many key employees will leave the agency at a crucial time. Although Pollett said the agency has “put significant effort into the hiring processes” to fill the gaps, he said it's possible that the agency could lose as much as 25 percent of its headquarters staff as a result of the move.

Garing said he doesn't believe that the gap will have a major impact on DISA's customers. “All of the services DISA provides customers do not come from [Arlington]. They're all managed by systems management centers. They're not in Washington; they're hosted in the DECCs. And most of the contracting activity is done at Scott Air Force Base.” Garing said there would be some disruption to the agency's work because of the move but added that DISA has "gone out of our way to make sure that [the move] is as transparent to our customers as possible.”

Pollett said at the Forecast to Industry event that losing 25 percent of DISA's headquarters staff could also provide an opportunity to take another look at the structure of the workforce. “If we have to replace 25 percent of the positions, what's the right place to put them? I'm looking at how I restructure the workforce to balance the workload.”

At the same time, Pollett said he asked DISA executives to perform an analysis of the workforce's capability gaps.

In addition, the Cyber Command will absorb the network defense role of the Joint Task Force-Global Network Operations commanded by DISA's director. Some experts are concerned that the separation of network operations and network defense will weaken DOD's cyber defenses because much of the work of defending networks on a daily basis overlaps with or is dependent on operations and maintenance roles.

Garing said there would be strong ties between DISA and the command. “Cyber Command will be a subunified command, so DISA will have a field office with them to understand their needs and work with staff," he said. "That's what we do with all the other subunified and unified commands. In addition, we are going to continue to provide an element within Cyber Command that will be a support element.”

However, retired Air Force Lt. Gen. Harry Raduege, chairman of the Deloitte Center for Network Innovation and former DISA director, expressed concern about splitting cyber defense responsibilities from the network's operation.

“There's a lot of synergy that's required that's part of that network operations and defense of the networks,” Raduege said. The relationship between JTF-GNO and DISA evolved during the past decade, he said. “DISA's part of this equation has been the DOD tech arm for engineering, building and properly running the DOD network. Separating the JTF-GNO from what DISA was doing needs to be very carefully addressed. What really needs to happen is that we need to build a strong bridge between Cyber Command and DISA.”

At the same time, the agency's efforts to transform the Defense Department's C2 technology from existing client/server systems in a great leap forward to the Net-Enabled Command Capability have suffered a serious setback. NECC, a SOA-based re-engineering of the entire system, failed to pass a major milestone and now faces cancellation of funding under language in the Senate's version of the 2010 Defense appropriations bill.

That isn’t deterring Pollett. “I'm looking for a strategy going ahead for C2 for the Department of Defense, and I'm not going to get caught in a particular brand name,” Pollett said, referring to the Senate bill language about NECC. “We're going to look at every program we have and determine, 'Does the program have legs?' ”

“NECC tried to build out [the next generation of C2] as one joint solution,” Hoene said. “The long and the short of it is there's a lot of congressional and other pressure to cancel NECC and move to a more agile capability. With that challenge, there are great opportunities.” Hoene said DISA will take advantage of elements of NECC as it moves forward, especially because nearly 75 man-years of software engineering has already gone into the project to deliver a more incremental set of capabilities.