Perspecta’s View: How to de-risk the Defense Enclave Services Program

Being in the risk business, the U.S. Department of Defense (DOD) is familiar with the challenges of cost overruns, missed milestones and a lack of mission readiness. Every program strives to manage these well, from critical weapons programs like the F-35 to mission-critical information technology (IT) programs including the network-focused Global Solutions Management – Operations (GSM-O), the collaboration and storage-enhancing Defense Enterprise Office Solution (DEOS) and the cloud-based Joint Enterprise Defense Infrastructure Project (JEDI). For these programs and the upcoming Defense Enclave Services (DES), the ability to manage risk and address it by applying the right resources with the right skills will keep execution on track and secure while meeting the mission requirements.  

For the Defense Information Systems Agency (DISA), as the overseer of DES, risk management starts with every service member, DOD civilian and contractor understanding how foundational the program is to the DOD and what’s at stake if performance is poor.

DES will consolidate 22 networks among defense agencies, provide common-use IT and ensure cybersecurity—all functions that support warfighters—meaning that program performance has a strong ripple effect across agencies and military departments. Staff in the Defense Logistics Agency, for example, may need service desk support to get critical warfighting systems running as they acquire fuel, weapons, repair parts and other materials that are part of their overarching mission. Similarly, systems in the Defense Health Agency need always-on, secure network access to ensure that medical supplies make it to combat zones.

After establishing the foundational awareness of risks, DISA can get specific about program elements and management for the targeted 22 Defense Agencies and Field Activities (DAFAs) collectively known as the Fourth Estate. A case in point is identifying the chokepoints that can occur with the multiple, simultaneous modernization programs underway. When end users need additional email storage under the DEOS program, for example, there must be integration with the DES-based functions for ordering extra capacity. Adding collaborative mechanisms allows DES to operate as an enterprise and fulfill the objectives of DOD’s IT modernization programs. With cross-program collaboration around an integrated set of services, the DAFAs will be more effective at supporting the mission-enabling commodity IT. Moreover, another consideration for DISA is a support team’s ability to scale and meet the DES requirements when DISA is already obligated to existing modernization efforts.

Other inputs and outcomes infused with risks include: 

• Transition planning. Lack of documentation, retirements of subject matter experts at the DAFAs, system access, process structure and schedule slippage all can complicate the migration to a single network. For DES to overcome these, the plan must start with an accurate assessment of the as-is environment, then work toward the intended state. This will lead to DES to having the same level of efficiency as the systems used on the multi-domain battlefields, maintain DOD’s advantage over threatening groups and nations, and deter them from acting
• Innovation. There is inherent risk in continued use of manual data processing or the increasing obsolescence of legacy systems. Wherever possible, DES must apply automation and extract the value from accurate, high-quality data. Use of artificial intelligence and machine learning for predictive operations and maintenance present opportunities to introduce innovation and defuse risk
• Execution. Low-quality service or slow response times will decrease user satisfaction. To avoid this, the DES strategy must have carefully crafted service-level agreements, a focus on user experience and a process for continual service improvement. Satisfaction goes up when end users get their jobs done more effectively in an environment with standards and interoperability driven by innovative techniques and processes
• Optimization. Programs can operate on autopilot once they are mature and show success, but DES must have the flexibility for adjustments wherever combat-support functions are needed. It must be agile enough to scale up or down rapidly, depending on operational requirements and the threat environment
• Security. Any interconnected systems entail risk of cyber breaches. DES will enhance its defenses as it adopts the Joint Regional Security Stack environment for perimeter security and access control in a zero trust environment. Other improvements can occur by following DOD’s Risk Management Framework, which supports early detection and resolution
• Cost. External threats, technology developments, business conditions and other challenges can affect program costs. For DES, operating under a firm, fixed-price contract reduces the risk to DISA, while the use of standards-based technology and an innovation framework gives contractors the flexibility to adjust program elements and manage costs well

DOD recognizes the value of sharing technology, resources and secured data across an enterprise, and its vision for DES reflects that understanding. The Fourth Estate agencies will excel by combining and balancing these objectives: standards and innovation, DevSecOps and common-use IT, and a unified network with zero trust security. Orchestrating these concepts together—and with existing modernization programs—shows that DOD and DISA’s leadership are looking decades ahead, preparing for unknown but anticipated challenges and balancing opportunities with risks.

Brigadier General Chris Kemp (USA, Retired) is vice president for the defense agencies segment of the defense group at Perspecta. With expertise as a CIO and CISO, he leads initiatives in strategic planning, process improvement and program management. He also has experience as a forward-deployed commander of signal soldiers in support of combat operations, and he served as the director of DISA’s Defense Enterprise Computing Center in Montgomery, Ala. Contact him at christopher.kemp@perspecta.com.