SEEKING SOLUTIONS: Soldiers from the 3rd Squadron, 2nd Cavalry Regiment discuss equipment challenges with Raj Iyer, Ph.D., chief information officer for Information Technology Reform in the Office of the Secretary of the Army, during the 2022 Regimental Week Tech Demo July 27 at U.S. Army Garrison Wiesbaden, Germany. (Photo by Candy C Knight, 2d Theater Signal Brigade)
FROM THE ARMY
CHIEF INFORMATION OFFICER
RAJ IYER, PH.D.
An update from the Army CIO on the Army’s digital transformation journey.
The Office of the CIO established the Army’s first-ever digital transformation strategy a year ago to fuel innovation and enduring transformation to modernize the Army of 2030.
The strategy outlined the need to pivot the Army to a data-centric culture leveraging modern technologies such as the cloud to enable decision dominance—a critical requirement to enable joint all-domain command and control (JADC2). Since the release of the strategy, the Army secretary, the Hon. Christine Wormuth, and Gen. James C. McConville, the Army chief of staff, have continued to reemphasize the importance of digital transformation in driving Army modernization. The first step in that direction was the secretary establishing a data-centric Army as one of her top six objectives earlier this year.
She most recently issued six priorities for the Army to counter the pacing challenge of China, and each of these is underpinned by digital technologies. With this support has also come support for funding the appropriate priorities. A year in, digital transformation is not just a buzzword in the Army, but one that is actively pursued by every single command including operational units at corps and division. Commands are taking the opportunity to experiment and, through a campaign of learning, have started to assess how they will change warfighting doctrine. At the Headquarters Department of the Army, my office has led several reform efforts to fundamentally reform policy, processes and governance to benefit from digital transformation. A few recent successes are highlighted below.
CHALLENGES, BIG BETS
Recognizing that digital transformation requires a comprehensive reassessment of requirements, programs and policies, the office has led capability portfolio reviews to ensure our programs are on a sustainable strategic path. Chaired by the undersecretary of the Army, the Hon. Gabe Camarillo, and Gen. Randy A. George, the Army vice chief of staff, these reviews are addressing some of the toughest challenges in the Army that we have not addressed in a long time, leaving us with a sub-optimized portfolio.
The reviews are also identifying big bets that the Army can make to help accelerate transformation. We have now named this effort the Accelerate-Centralize-Transform (ACT) Now! campaign. The reviews focused on the digital technologies and processes with the greatest impact on transformation—the network, cloud, communications, data and software.
The Army is on a sustainable path to a hybrid cloud architecture through the integration of the commercial cloud called cARMY with the Army Enterprise Private Clouds to provide the resiliency needed for computing and storage. We will deliver a common set of services across the entire ecosystem from the tactical to the strategic.
This is expected to result in a common operating environment, standardizing services and access to data with a cloud-native approach. This will also result in the Army aggressively eliminating on-premise data centers and reducing the number of enterprise data centers from 12 to five. Savings harvested from data center closures will flow back into additional application migrations to the cloud and future data center closures.
The updated Army Cloud Plan focuses primarily on how we operationalize our very mature cARMY cloud to support exercises and experimentation in the Indo-Pacific, as well as support for current operations at the strategic, operational and tactical levels. The CIO team has partnered with several operational units such as the I Corps, 1st Multi-Domain Task Force (MDTF), U.S. Army Pacific (USARPAC), U.S. Army Europe and Africa’s (USAREUR-AF) 18th Airborne Corps and others. Together the established partnerships leverage various exercises and experimentation events to validate key cloud architectures in support of new operational doctrine, such as distributed command and control.
Establishing an enduring mission partner environment in the cloud for better integration and collaboration with our allies and partners is a top priority for the European Command theater in the 2023 fiscal year. Cloud migration activities also enabled the Army to rationalize our application portfolio through a “keep or kill” process to prevent bespoke legacy systems and other non-enterprise capabilities being lifted to the cloud. This process enabled the Army to sunset 66 business applications in the 2022 fiscal year, and a further 103 systems are expected to be sunset in the 2023 fiscal year.
The Army has committed to going all-commercial for unclassified data. We have worked the strategy to completely revamp the Installation Information Infrastructure Modernization Program, which has been focused on installation-level IT through hardware refresh and wired networking, to a fully commercial Army-operated model using commercial services. This program is expected to almost completely eliminate the NIPRNet as the only way to access controlled unclassified information. It allows for the leveraging of commercial internet service provider (ISP) and wireless technologies like 5G and WiFi for the local network, while at the same time maximizing the delivery of common services and access to the data from the cARMY cloud. This is expected to save the Army money but, more importantly, enhance user experience by enabling users to get ubiquitous access to data from any device and from any network. It will eliminate the need to be tethered to wired network drops using government-furnished equipment. Our current pilots in respect to bring your own device and virtual desktop infrastructure are the foundation for this capability. Our initial focus for this endeavor is with National Guard armories, reserve centers, recruiting centers, etc., areas that lacked attention in the past.
We expect to be fully divested of the NIPRNet by the 2027 fiscal year to coincide with the Defense Information Systems Agency’s sunset of the Joint Regional Security Stacks that currently provide perimeter security defense at Army installations. The initial success we have had in the 2022 fiscal year that brings all 42 organizational networks and domains under the operational control of Army Cyber Command and establishing U.S. Army Network Enterprise Technology Command as the single-service provider. This is a huge step in driving standardization of services across the Army, but also for the needed cybersecurity defense overwatch.
FIRST RATE SERVICE
Standardized support for our 1.2 million users worldwide requires a world-class service desk powered by the best customer service management software. In the 2023 fiscal year, the Army will implement our global service desk through the Army Enterprise Service Management Portal—powered by ServiceNow. We will start by converging all the installation-level help desks into the new program in the 2023 fiscal year and then extend this to other functional help desks in the 2024 fiscal year and beyond. The ServiceNow solution will enable users and leaders to manage and monitor service level metrics, as well as support self-service options through chatbots and other artificial intelligence tools. The Army will fully implement modules such as IT asset management, IT software management and IT operations management to give us full visibility into our network for troubleshooting end user issues.
For classified data access, while we continue to work with DOD to shape SIPR 2.0, we are already on a good path to implement the National Security Administration’s Commercial Solutions for Classified strategy for more than 150,000 Army users through virtual desktop for SIPR and NSA-accredited encryption for accessing this data over any commercial network. The Army currently hosts this virtual infrastructure on-premises, but expects to migrate to the cloud when appropriate encryption solutions are accredited in the cloud.
The key to the success of commercial networking is implementing the zero trust (ZT) reference architecture to eliminate installation-level physical routers, firewalls and other hardware-based security stacks to a cloud-native secure access service edge (SASE) solution. (See “Baked ZT” on Page XX.) To facilitate the acceleration of ZT, the Army is announcing the establishment of a new Integrated Program Office (IPO) for ZT under the oversight of the CIO. IPO ZT will bring together multiple cybersecurity solutions in the Army under a single architecture, integrate best-of-breed solutions, and align implementation plans and schedules with associated funding so we have greater transparency into these efforts.
This is one of the top priorities for the current fiscal year. We expect to start with the cARMY cloud to implement and deploy SASE, then extend this common service across the enterprise and tactical. The Army also prioritized identity credential and access management (ICAM) as one of the key enablers for ZT.
In the 2022 fiscal year, the Army implemented a scalable and resilient solution called Army ICAM that we plan on federating with DOD ICAM. Army ICAM will be integrated into our priority business systems in the 2023 fiscal year to support audit readiness in the 2024 fiscal year. My office, in partnership with assistant secretary of the Army for financial management and comptroller, has spearheaded efforts to remediate all IT notices of findings and recommendations by the 2023 fiscal year for priority systems. A single identity and authorization solution will finally enable Army users to access their data from any network, while at the same time enabling attribute-based access control and segregation of duties at a granular level to support ZT.
Also, a big shift for the Army from a cybersecurity perspective is prioritizing operational technology just as important as IT. The OT in the Army’s critical infrastructure—Industrial Control Systems, supervisory-control and data-acquisition devices, building management systems, and other controllers plays a critical role in operating some of the world’s most unique machines at our depots, arsenals, ammo plants and ports. These have especially come under attack in recent times leaving them vulnerable and unprotected unlike traditional IT on our networks. We established the first operational technology cybersecurity strategy last year to prioritize operational technology, and working with our partners at Army Materiel Command established a plan to monitor the operational technology at the Army’s twenty-three organic industrial-base sites through a security operations center-as-a-service.
The capability includes adding sensors to Army operational technology and analytics to identify anomalous behavior and other attack vectors. The Army’s initiative has been selected by the White House for $15 million in funding in the 2023 fiscal year through the Technology Modernization Fund established by President Biden. The Army is the first DOD service to be selected for funding through the fund and it demonstrates our commitment to protecting critical infrastructure.
The Army has prioritized the data fabric as a key enabler for JADC2. The data fabric can support several existing and evolving requirements including those that were initiated from our current operations by the 18th Airborne Corps in support of Ukraine. The data fabric is the key component of a joint common operating picture needed by our commanders for mission command and decision dominance.
This is even more important in multidomain operations where commanders will need the data to establish options for kinetic versus non-kinetic responses. The Army has deployed several prototypes—including our science-and-technology effort called Rainmaker and other existing solutions, such as Gabriel Nimbus—at Project Convergence 22 to validate the solutions, especially in contested and denied, degraded, intermittent or limited environments.
The Army will also assess the data fabric to see if it can meet Title 10 requirements for things like business health metrics and executive analytics that are currently performed by our Army Vantage data platform. Army Vantage saw the greatest adoption of the platform in the 2022 fiscal year, enabling data democratization to over 38,000 users worldwide who used the platform. To date, the users have built hundreds of dashboards and analytics products enabling readiness reporting, vaccine tracking, noncombatant evacuation operations tracking from Afghanistan, contract de-obligations, and most recently was used in support of operations in Ukraine by the 18th Airborne Corps. As the most robust data platform in the DOD, we have shown that getting a user-friendly tool to users can enable the Army to become data-centric at all echelons of the Army, not just for senior leaders.
The Army has committed to fully adopting and implementing DevSecOps. Whether this is for business systems or tactical systems, the advantages that come with Soldier-centered design and Agile software development to deliver operational capability in the hands of real users in short cycles are critical to ensuring that the eventual product meets user needs. A multiyear big-bang approach to software development has not worked well for the Army as evidenced by some of the struggles with programs like the Integrated Personnel and Pay System – Army.
DevSecOps is also a key enabler to ZT since the software can follow a continuous authority to operate model thereby eliminating the months of paperwork and the approval process before the system can be fielded. The Army CReATE DevSecOps platform built in cARMY is our accredited solution that can be used by Army and industry software development teams.
The Army Software Factory in Austin, an early adopter, has shown that, when CReATE is used, the applications can be in the hands of Soldiers in days instead of months. But for the Army to scale DevSecOps, we need to also reform other acquisition processes. This is where the Army will focus in the 2023 fiscal year to adopt the software-acquisition pathway and answer the question of whether the Army will ever transition a piece of software into sustainment if we accept that “software is never done.”
Our biggest pilot to validate DevSecOps in the 2023 fiscal year is through the Enterprise Business Systems – Convergence program. This pilot helped my office shape the strategy for DevSecOps. Through a non-traditional acquisition process my office leveraged a big bang approach that would be delivered by the 2027 fiscal year. At the conclusion of this period, Enterprise Data System Catalog (EDSC) will follow a continuous-delivery and continuous-integration model that will ensure software is continually modernized and will never transition to sustainment. Most recently, the Army was able to turn around a struggling program for tuition assistance called Army IgnitEd by following agile methodologies.
However, the success of digital transformation depends on how well the Army can reform our supporting institutional process. Greater centralization through the cloud requires a pivot from the historically decentralized nature of executing programs in the Army. It requires greater coordination and synchronization across stakeholders to achieve consensus-based decisions.
The Army Digital Oversight Council chaired by my office and established in the 2022 fiscal year has been the underpinning for many of the Army’s hard decisions. We have shown that governance can be successful through transparency and accountability. Two of the most recent reform efforts initiated through the council that have had tremendous impact relate to cybersecurity reform and budgeting reform.
The authority to operate and connect on an Army network requires continuous monitoring. The cybersecurity reform effort is converging the risk management framework process with directive authority to improve cyberspace operations. This standardization and realignment will result in the Army reducing the number of authorizing officials and, more importantly, at the appropriate levels where risk can be better assessed and managed. In conjunction with the Risk Management Framework 2.0 streamlined process that reduces the number of controls to the minimum required for continuous monitoring, a new governance structure called the Army Cyber Risk Management Council will enable the CIO and the Army’s G-3/5/7 to balance cyber risks against mission risks.
Likewise, the Army has established a new process called Army Resource Framework for IT to enable the CIO to better balance priorities within a subset of the Army’s $16 billion annual digital budget by fencing funding certain budget lines for program objective memorandum 2025-2029. This will help the CIO protect funding for priority programs established through the capability portfolio review process and balance any new requirements within the portfolio with agility while not having to compete against other Army priorities as has been the case with our former program evaluation groups. This year the process will set the foundation for eventual new digital program evaluation groups in the Army—one of the key priorities identified in the Army’s digital transformation strategy.
The linchpin for digital transformation is a digital workforce that is tech-savvy and data-savvy to innovate and transform the Army at scale. Digital tools and technologies are now common, and my office has made it much easier to adopt them through accredited implementations in the cloud.
The greatest impact, however, will not be realized until these tools and technologies are operationalized by the workforce. The Army digital human capital strategy is our attempt to establish a strategy focused on the digital workforce with several priority initiatives in each area, from developing new talent models to recruiting to retention. The Army was the first service in the 2022 fiscal year to implement the Cyber Excepted Service to provide greater opportunities for recruiting and retaining top-skilled cyber talent.
While initially focused on Army Cyber Command, it is expected to be scaled across the Army in the 2023 fiscal year. The Army has also leveraged other authorities offered by Congress such as direct-hire authority to recruit talent from the industry through nontraditional recruitment processes.
The Army is actively exploring opportunities to scale the Army Software Factory and establish the right mechanism for talent development and career paths for Soldiers and civilians. But much work remains to be done in this area and will continue to be a focus in the 2023 fiscal year and beyond.
Finally, the Army has established irreversible momentum on digital transformation in the 2022 fiscal year and it is truly an all-of-Army effort. The imperative is clear, and the road ahead is clear. Staying on target with the priority efforts but remaining flexible to keep up with the pace of changing technology will bring the agility and flexibility needed for continuous modernization. My organization is proud to have established this transformation and remain a trusted partner for the Army in the future.
For more information, go to https://www.army.mil/cio.
RAJ IYER, PH.D., is the U.S. Army chief information officer for information technology reform. Prior to his current role, Iyer served as the managing director for government and public services and senior manager, technology strategy, defense and national security for Deloitte Consulting. He has held various roles in information technology within the commercial and military space. His top civilian awards and professional achievements include the Meritorious Civilian Service Award, the International William Conroy Standards Professional Award, and dozens of published peer-reviewed papers. He holds a Ph.D. in electrical engineering from the University of Texas, an MBA from the Ross School of Business, University of Michigan, an M.S. in electrical engineering from the University of Texas and a B.S. in electrical engineering from India’s National Institute of Technology.