The Defense Information Systems Agency: Overview

The Defense Information Systems Agency, the bedrock of the Defense Department’s IT, has more than 19,000 employees and a nearly $10 billion annual budget. The agency’s role is especially consequential in 2021 as it pushes forward with plans to consolidate all the defense agencies and field activities, which DOD refers to as the Fourth Estate, onto a single IT network.

The Fourth Estate Network Optimization program began a four-year migration to a new DODNet in 2019 as part of an effort to consolidate commonly used IT services, such as help-desk support. The goal is to standardize the look, feel and implementation of common desktop applications while reducing costs and cybersecurity risks.

The first five agencies are expected to move to DODNet by the end of fiscal 2021. Along the way, IT personnel at those agencies will become DISA employees as part of efforts to make DISA the single service provider for DOD’s administrative support agencies.

Strengthening telework security

In its refreshed three-year strategy, DISA stresses cyber defense, cloud and enterprise services. Initiatives also include expanding the availability of secure telework options — such as the Cloud-Based Internet Isolation (CBII) program, which creates an air gap between DOD’s networks and internet browser activity to keep website vulnerabilities at bay, and an upgrade to the technical infrastructure for the Non-classified IP Router Network and the Secret IP Router Network.

The CBII program was DISA’s first successful use of an other transaction authority (OTA) to streamline the process for creating a prototype and moving it into production, which has whetted the agency’s appetite for OTAs.

Officials plan to increase the use of OTAs and other rapid contracting tools to bring new technology from the laboratory to the field more quickly. DISA has three prototype OTAs, which focus on identity, credential and access management; a field-deployable alert notification system; and artificial intelligence and machine learning.

DOD employees have been under mass telework orders for more than a year because of the pandemic, which has intensified the demand for secure solutions. As a result, “bring your own approved device” has become a top priority — especially as DOD moves to a permanent Microsoft Office 365 solution this summer.

To enhance the secure use of classified data during telework, DISA is exploring a potential gray network as an added layer of protection and testing a prototype of a virtual mobile infrastructure. Additionally, officials would like to have the ability to analyze encrypted traffic for anomalies so they can better detect malware, and they are exploring alternatives to network perimeter security that use zero trust principles.

Goals for 2021 and beyond

Earlier this year, DISA fully took over the operations of DOD’s Cloud Computing Program Office. Vice Adm. Nancy Norton, who was DISA’s director and commander of the Joint Force Headquarters-DOD Information Network (DODIN) at the time, said the move solidified DISA’s goal of becoming the implementation arm for DOD’s cloud strategy. Now all cloud offerings flow through DISA.

The move complements DISA’s plan to provide common IT services for the Fourth Estate under the $11.7 billion Defense Enclave Services contract. Moreover, DISA has been working with DOD components and the military services to buy cloud-based products through the Defense Enterprise Office Solutions contract.

Lt. Gen. Robert Skinner, who took over as DISA’s director in February, summed up the agency’s role as giving warfighters the technology they need to win. “We are the operational technologists who are bringing innovative technology to the warfighter each and every day…the backbone of these operational forces,” Skinner said in remarks during his initiation ceremony. “We are also the command and control experts who are maneuvering the DODIN and the forces on the DODIN to build, operate, secure and defend our department’s information networks.”

Those responsibilities will require DISA to harness data and find innovative and emerging technology solutions in 2021 and beyond. Consequently, by fiscal 2022, DISA plans to develop a DevSecOps framework and launch new data initiatives, including establishing a data governance council and using hyperautomation to weave data into decision-making processes.