DISA restructuring to provide more agile services

The Defense Information Systems Agency is in the middle of evolutionary and revolutionary changes. As Lt. Gen. Carroll Pollett, DISA’s director, approaches his second anniversary at the helm of the agency, operational and organizational change is the only constant in the equation for providing information systems support to the Defense Department’s military services and national leadership.

Several changes to DISA's structure and operations are pending, and the agency has shifted its strategy for taking on the challenges posed by ever-growing DOD operational needs, rapidly changing technologies and mounting budgetary pressure. DISA’s leaders are trying to transform the agency into an agile, flexible service provider that can rapidly respond to the mission needs of all its customers.

“Looking at the past eight years of war and natural disasters, what lessons have we learned?” Pollett asked in a speech that opened DISA’s Forecast to Industry and Customer Conference July 28. ”We don’t know where the next engagement is going to occur or when. But we know there’s huge demand for a technology environment that’s ready."

To meet that demand, Pollett and DISA's leaders are focusing on building the agency’s programs around a core enterprise infrastructure that is highly dependable, agile and capable of quickly adapting to support warfighters for any mission. Instead of creating long-running, expensive systems programs, the goal is to provide services that can work together to form mashups that quickly meet new demands.

There has also been a shift in program philosophy at DISA during the past year. The failure of far-reaching programs such as the Net-Enabled Command Capability, which Congress canceled in 2009, have also influenced DISA’s enterprise infrastructure approach as the agency increasingly focuses on creating building-block services for the services and national leadership and reducing the complexity of programs to reduce risk.

“We’re focused on making the enterprise infrastructure a given,” said Tony Montemarano, DISA’s component acquisition executive. “The enterprise infrastructure is there. They don’t have to worry about it.… That’s the focus. It’s not only a technology discussion; it’s a policy discussion and a financial discussion.”

A Challenge-Rich Environment

DISA’s strategic changes coincide with other structural and physical changes. In September, Pollett will relinquish one of his duties as the Joint Task Force-Global Network Operations is decommissioned and its responsibilities transfer to the Cyber Command. And in February 2011, the agency will begin to move headquarters operations to DISA’s new home in Fort Meade, Md., which could lead to significant attrition in its headquarters workforce.

But those aren't DISA's biggest challenges.

At the conference in July, Pollett outlined the four greatest problems that the agency faces:

• Increasing complexity of operations.
• Rapidly changing technology.
• Persistent threats to the network.
• Uncertainty about the nature of the next operating environment.

DISA's leaders recognize that to serve DOD's mission, the agency also must serve customers outside DOD. “We need to support other federal agencies, coalition partners" and nongovernmental organizations, said Dave Mihelcic, DISA's chief technology officer. “We can’t wall off DOD; it has partners across a variety of networks.”

Those challenges are growing, and DISA is considering its experiences from the past decade to handle each one. However, Pollett has brought a different approach, according to officials who have worked with him.

“There are two techniques he's used that are different,” said John Garing, former director of strategic planning at DISA, in an interview shortly before his retirement in June.

The first is the use of a quad chart that he sends to commanders. A quad chart is a one-page chart that explains services, similar to charts used to explain proposals in response to broad agency announcements. "It's like a tacit contract of what we're going to do for them,” Garing said.

Pollett also has changed how the agency prepares its long-term strategy. “He brought this notion of a campaign plan from the Army,” Garing said. “We've written one that's focused out about 10 years, and it has hundreds of actions and tasks. And unlike the strategy we did under Gen. [Charles] Croom, [Pollett’s immediate predecessor at DISA], this one is pretty specific. It takes the essence of what we did under Gen. Croom in the DISA Strategy Book and gives them structure in terms of what we're going to do and when we're going to do them. And then we associate them with what's in the financial planning.”

DISA is preparing a second version of its campaign plan, which is due for release in January, Garing said. “It's going to be more refined in that it will be colored by the pragmatics of funding, what we have and what we think we're going to have. And it will not be unconstrained, whereas the strategy book we did with Gen. Croom was more of a direction of where we wanted to go, and it wasn't grounded in the dollars. He didn't want to inhibit what we wanted to do. This [plan] has the best of both worlds.”

The Defense Cloud

The most important part of the campaign plan “is the enterprise infrastructure," Garing said. "You can call that the defense cloud [or] you can call it the defense platform.”

DISA's enterprise infrastructure covers more than just physical infrastructure, such as circuits, servers, data centers and satellites. The agency defines the enterprise infrastructure to include all the capabilities and services required to enable information sharing and joint operations across DOD. “We need to start taking down the titanium stovepipes and getting serious about net centricity and how it applies to enterprise infrastructure,” said Alfred Rivera, DISA's director of computing services.

In DISA’s vision, DOD's enterprise infrastructure is defined in the campaign plan as a “seamless blend of communications, computing, services, and information assurance, including seamless transport, gateways, wireless and satellite communications” based on IP and a standardized set of computing platforms, practices, and network and software interfaces.

“It’s all about getting net-centric services fully operational,” said Dave Bennett, now deputy program executive officer for Global Information Grid enterprise services at DISA. “We’re looking at ways to extend our presence further to the tactical edge.”

To create that standards-based environment, DISA needs what Bennett calls a holistic approach. Instead of focusing on specific programs, the approach requires a broader perspective. Instead of building large systems for specific programs, DISA will focus on creating capabilities that can be assembled as needed and acquired on demand by the agency's customers.

“We're looking at the enterprise infrastructure platform from two perspectives,” Bennett said. “The first part is enterprise services, storefront capabilities that users can interact with and use in their own environment. The other piece involves what are those machine-to-machine needs that will support users that are tied to operational assurance services and deal with net operations issues.”

Storefront Approach

The inspiration for DISA's new approach to providing services was the agency's attempt to provide an enterprise e-mail service. In 2009, the agency started to create a centralized enterprise e-mail system based on existing Microsoft Exchange licenses. However, Garing said, that effort foundered when it started to transform into a program.

“We got in our own way,” Garing said. “Had we approached it as a service that Mr. Rivera offers to whoever wanted to pay for it, we'd be well on our way by now. But we approached it as a program, internally to DISA, and it got so horrendously big that it represented an opportunity cost. We didn't have the bandwidth to do it. We're just so busy with so many things, it's hard to get the momentum with something as big as that.”

DISA is now looking to take a storefront approach to e-mail and other enterprise services. “If we approach this as a service that people want to buy, it will be something that people choose to use, and we won't have to worry about a mandate," Garing said.

He said enterprise services must have an attractive price. Offering e-mail and SharePoint services at a lower cost will likely appeal to agencies. A basic service fee might be assessed annually, and agencies with heavy use might be assessed a monthly fee based on the number of seats.

Although enterprise e-mail isn't explicitly on Rivera's road map for DISA's Computing Services Directorate, he does have Enterprise SharePoint as a Service targeted for the first quarter of fiscal 2012, in addition to another software-as-a-service offering, named DOD Virtual Office. Through VOffice, which is a Web-based version of Microsoft Office, DOD users who connect to the Global Information Grid would have instant access to Word, Excel, PowerPoint and OneNote, and they would also have Web-accessible personal storage space.

The VOffice program is part of DISA's DOD Enterprise User initiative and builds on the agency's experience with DOD Visitor, another customer-facing enterprise service that Henry Sienkiewicz, DISA's technical program director of computing services, cites as an example of the agency's new focus on agility.

“DOD Visitor is a piece of software developed by the DISA team that allows for a DOD user to go anywhere within the department, log on to a nonsecure computer and be productive,” Sienkiewicz said.

In addition to user-facing applications that would make up DISA's storefront approach, the agency is working on machine-to-machine services that lay the framework for more efficient joint operations among the military services.

Sienkiewicz pointed to the Global Content Delivery System as a prime example of how machine-to-machine enterprise services enhance the agility of the enterprise infrastructure.

“I believe that our continued efforts with GCDS is a great example of speed of delivery and capabilities within the infrastructure to the warfighter,” he said. “The GCDS team is aggressively increasing capabilities throughout the department, and we are constantly adding new users. Users have recognized the great benefits that GCDS provides to program managers and end-users.”

DISA also wants to become more agile by speeding the development of projects, Sienkiewicz said. DOD and DISA "have historically operated on 18- to 36-month release cycles for major IT projects,” he said. “DISA is now striving toward delivering smaller components in 30-day, 60-day and 90-day release cycles."

Four examples of agile development are the National Senior Leadership Decision Support System, Forge.mil, DISA Electronic Procurement System and Apps for the Army. Although Apps for Army is not a DISA project per se, it was an example of how DISA can partner with the military services to support agile development programs that don't span the entire DOD enterprise.

“Each of these projects develops in a very streamlined scrum, agile fashion,” Sienkiewicz said. "Software code is released in tight sprints, with a great deal of user and test community involvement continually through the process."

Another example of DISA's enterprise services is the Joint Enterprise Directory Services. DISA's people-finder service doesn't act as a directory service in itself because each military service and agency already has its own directory. Instead, DISA's system acts as a bridge among the services that accesses their global address lists.

The enterprise infrastructure model is critical to delivering basic enterprise services and DISA's two other lines of operation: command and control and network operations and assurance. DISA is trying to build resilient capabilities to deliver information sharing, collaboration and mission assurance into the enterprise infrastructure rather than viewing them as separate requirements.

In the future, the enterprise infrastructure will be vital to improving information sharing for joint operations and reducing the fragmentation of command and control systems, said Martin Gross, DISA’s new program executive officer for command and control and information sharing.

“I'm managing a lot of capabilities,” he said at DISA's conference in July. “We have [the Global Command and Control System] and multinational capabilities, and we can’t throw them away, but we're trying to evolve them so they share more. We want to leverage the enterprise infrastructure to do that going forward. A lot of work we do is developing software…that we won’t be able to support in the future. So we're looking at how we take some of the infrastructure and move it to the enterprise level and transition local environments away from needing to manage boxes.”

Mission assurance is another element that needs to be built into the enterprise infrastructure. As part of the shift in DOD's cyber strategy, DISA has changed the name and mission of its Program Executive Officer for Information Assurance. Mark Orndorff is now DISA's program executive officer for mission assurance.

“We have a program called NIPRnet Hardening,” Orndorff said. “But we had it wrong — it should be Unclassified Info Sharing.” Instead of focusing on network defenses, the goal should be to support missions that work across DOD's GIG and other networks. Orndorff said.

“So instead of blocking porn sites or avoiding malware, we have to lay in [the Transportation Command's plans, for example,] and make them successful in moving information across. So that’s the No. 1 challenge: how to move beyond protection and info assurance to mission assurance.”

Delivering the Cloud

To deliver on its enterprise infrastructure vision, DISA needs a physical infrastructure that can meet the challenge. The agency's networks and data centers must keep pace with any network or data center that is part of DOD and vice versa.

To streamline upgrades to the enterprise infrastructure and enterprise services, Rivera said, “we need the ability to look at DISA’s [Defense Enterprise Computing Centers] as an enterprise infrastructure component and bring in other data centers into the fold. So we're extending our management threads to a data center that’s not necessarily on DISA's books but put the technology and extensions out onto those in a global fashion.”

Garing said DISA is already discussing the possibility of remotely taking over management of some of the Army's data centers, using the Computing Services Directorate's technology to handle Army systems management and operations. Although those data centers would remain under the Army's control, DISA would handle their day-to-day operations, freeing Army personnel for other requirements.

However, those data centers are only as good as the networks that connect them to users. “While data centers are important, they disappear" into the enterprise infrastructure, said Cindy Moran, director of DISA’s Network Services Directorate. And the data center services are moot if users can’t connect to them. “If you need information, the network should be able to provide" it as needed, Moran said. "It shouldn’t mater whether you're on a commercial link, a military link, a foreign telecom — it’s about how quickly I can get information to you.”

Delivering a standardized, seamless experience is the primary goal of one of DISA's biggest upcoming programs, the GIG Services Management acquisitions. The program seeks to replace existing DISN Global Services capabilities and, if possible, improve them. In the process, the agency's leadership is looking to hand off most of the operation and maintenance of its portion of GIG — the DISN — to contractors. But unlike the Navy Marine Corps Intranet contract, the contractor that operates the network will support but not own the infrastructure.

DISA is looking to a performance-based model for portions of the acquisition. That is, the contract winners would be compensated based on the level of service they provide rather than a static rate.

DISA is taking a different approach for the Projects and Support segment of the GIG Services Management Acquisitions. That segment will provide incremental support, systems sustainment and other services. The agency is teaming with the General Services Administration to set up an acquisition strategy that is similar to the one it used with last year's Future Commercial Satellite Communications Services Acquisition. DISA will acquire the project and support services via GSA's Alliant Small Business governmentwide acquisition contract.

A number of other programs that affect DISA's computing services are up for recompetition in the coming year. They include the Capacity Services Processor program, one of DISA's six utility-computing contracts that support the Computing Services Directorate, and the GIG Content Delivery Service program, which provides forward staging of content on GIG to improve access speeds for Unclassified but Sensitive IP Router Network and Secret IP Router Network users. Both programs are targeted to start in the fourth quarter of fiscal 2011, Rivera said.

Although the agency is trying to structure its acquisition programs to make them more agile and responsive to changing requirements, DISA still faces some potential problems. TheFuture Commercial Satellite Communications Services Acquisition is still in the works, and the contracts it replaces are rapidly approaching their ends — including the Defense Information Systems Network Satellite Transmission Services-Global program. As a result, DISA will likely need to extend some of its existing programs as it works toward de-emphasizing program-based acquisitions.

However, the move toward an enterprise infrastructure model isn’t a radical departure from the strategy of the past decade. Rather, it’s built on the work that DISA has done during that time.

In his presentation to DISA customers and industry partners, Pollett said his predecessors laid the foundation for this latest strategic direction. Air Force Lt. Gen. David Kelly "was quite visionary about information assurance, protecting the networks, in ways no one was thinking about 10 years ago," he said. Then Lt. Gen. Harry Raduege "really got to the transport environment and building out the GIG and some of the attributes of the enterprise infrastructure. Then Gen. Croom [moved us to] leveraging enterprise services and Web-based technologies to help the warfighter."

"So all we’ve done is learn from that and build on that foundation. And that set us up to take advantage of new tech — to really be able to connect and integrate the force.”