The risk-averse agency has cracked small-scale remote handling of secret and top-secret information. The challenge is doing it at scale.
Since the coronavirus reached pandemic status in March, the vast majority of remote work being performed by Defense Department employees is on the unclassified side. But the lingering pandemic is pushing the Pentagon and its agencies to launch various classified telework pilots that could forever change the way the department operates.
As of August, the Defense Department has expanded its remote work capabilities tenfold to approximately 1 million personnel through its Commercial Virtual Remote collaboration environment, which facilitates the exchange of low-risk, unclassified data and communications among users. The move to facilitating the exchange of classified information remotely among users, however, represents a giant step for the risk-averse Pentagon. Yet it’s already happening in some pockets across the Defense Department.
“In the secret and top secret realm, we have kind of cracked how to do telework in that way,” Lauren Knausenberger, chief transformation officer at the U.S. Air Force, said during an event hosted by Nextgov in early August. “It’s just that doing that at scale ... What does that scale mean? It’s not really a technical problem as much as it’s a, ‘Let’s make decisions and provision.’”
For decades, the Pentagon’s classified work—the handling of data designated at secret, top secret and other classification levels—has been done in physical facilities called SCIFs, or sensitive compartmented information facilities that provide physical barriers to ensure classified data is safeguarded. Increasingly, pilots across the Defense Department are looking for software to provide the same kinds of barriers in the digital realm, according to Stephen Wallace, systems innovation scientist within the Defense Information Systems Agency’s Emerging Technology Directorate.
“There’s generally more acceptance ... of software-oriented separation,” Wallace said, also speaking at Nextgov’s August 5 event. “Those kinds of things may drive some commoditization in that space where we’re using attributes about data or people or those kinds of things to help create separation versus physically having different stacks of equipment.”
Wallace said his team had been prototyping a classified remote Windows capability early in the COVID-19 crisis. The project was elevated from prototyping to “productizing,” he said, as the pandemic grew worse.
“Since then, we’ve put a tremendous more amount of capability out there with respect to how to deal with classified missions, both on premise and off,” Wallace said. “I’m pretty excited about where that’s gone.”
The pilots for classified remote work at the Air Force and DISA, which is the Pentagon’s IT arm, are among several others undergoing evaluations at Defense agencies in the coming months.
In late July, Defense Department Chief Information Officer Dana Deasy signaled the Pentagon’s intent to support sensitive telework by the end of the year. Currently, the Pentagon’s Commercial Virtual Remote Environment, developed with Microsoft Teams, operates at an Impact Level 2 security level, the minimum security level for Defense Department data that is unclassified and not particularly sensitive. Deasy’s goal is to get the environment up to Impact Level 5 by year’s end, which would allow it to host the Defense Department’s most sensitive unclassified data.
Any potential telework solutions to host data at the secret designation or above would have to meet Impact Level 6 security requirements.