Defense officials can’t project the program's cost because of its complexity, and because officials can’t even agree what is or isn’t included.
The Pentagon announced the Joint Information Environment in 2010 as a massive effort to consolidate an IT infrastructure that supports more than 2 million military active duty and civilian personnel around the world.
But a recent audit from the Government Accountability Office—released six years into JIE—suggests the modernization effort lacks a management plan: Defense officials can’t project what it might cost because of its complexity, and officials disagree over what is or isn’t included under JIE.
The Pentagon estimates it spent $900 million from fiscal 2013-2016 on JIE and anticipates another $1.6 billion will go toward it through fiscal 2021. But DOD has yet to develop an estimate of the cost to adopt JIE, according to GAO, because of the “size and complexity of DOD infrastructure and JIE’s implementation approach.”
Not knowing how much an effort as impactful as JIE costs essentially keeps Congress from providing meaningful oversight, GAO said.
In addition, “DOD has not effectively defined or managed JIE’s scope,” the audit states, referencing differences in what a 2013 JIE implementation strategy called for and what DOD officials told congressional staff two years later.
The implementation strategy called for software application rational and desktop virtualization as part of JIE, yet briefings to congressional staff and GAO did not include those elements. However, they did include new ones, including “mission partner environment” and “strategic sourcing.” That differs from what the current version of the JIE adoption plan says, GAO argues.
The audit makes clear that stakeholders—which include the U.S. military branches—already have plenty of questions. One of the key pillars to JIE is implementing the Joint Regional Security Stacks, which aim to replace some 1,000 legacy network security stacks with 48 standardized stacks at 25 worldwide locations. JRSS is vital to the Pentagon’s cybersecurity posture, cutting the number of networks vulnerable to cyberattacks and promoting a single security architecture.
But what about after JRSS is done?
“Marine Corps officials told us that they were concerned that a strategy was not in place to lay out what is next beyond the Joint Regional Security Stacks,” the audit states. “They also added that JIE is to include consolidation of applications and data into centralized data centers, but that it was not clear how this fits in with the overall strategy.”
In the audit, DOD contended it plans to revamp JIE’s governance structure, process, management and planning, yet GAO nonetheless included nine recommendations in the report. In its formal response, DOD “partially concurred” with GAO’s recommendations, outlining steps it is taking to adhere to them.
To conclude the audit, GAO expressed concern over the Pentagon’s outlined steps to meet the recommendations, suggesting they “may not be sufficient.”