Department of Defense officials are looking to new budget authorities for its chief information officers (CIO) and improved industry partnerships to meet its top information priorities for 2018, including pressing network management and communication needs.

Brig. Gen. Kevin Kennedy, principal director the DoD deputy CIO, addressed the top priorities for his office over the next year at an event Wednesday, with the hopes that newly empowered authorities in the latest defense authorization bill will help address the department’s top cyber projects.

Brig. Gen. Kevin Kennedy, principal director the DoD Deputy CIO
Brig. Gen. Kevin Kennedy, principal director the DoD Deputy CIO

The DoD CIO’s primary objectives include modernizing the nuclear command, control and communication system (NC3), improving the cyber resiliency of Position, Navigation & Timing (PNT) capabilities, refining the SATCOM Evolution Framework, implementing the Cybersecurity Scorecard 2.0 and reworking the Cybersecurity Risk Management Framework, Kennedy said at an AFCEA NOVA IT conference in Falls Church, Va.

Kennedy pointed to NC3 and PNT anti-jamming capabilities as two areas where DoD will need to increase its industry engagement.

“We have a system that works, but it’s a system that has been fielded many, many decades ago. We need to upgrade and modernize it, and look at the deterrent so its not susceptible to a cyber attack,” Kennedy said on the current NC3 system, which will need cyber resiliency solutions in the near future.

With adversaries rapidly building their capacity for jamming GPS systems and disrupting PNT environments, Kennedy believes DoD will need private sector partners to develop capabilities to prevent disruptions to these networks.

The DoD CIO office would also like to see new capabilities that allow for Global Navigation Satellite Systems to be integrated with U.S. military satellites, while reducing the risk of accepting vulnerabilities, according to Kennedy.

Kennedy also wants to engage CIO offices across the services on how empowered authorities in the latest National Defense Authorization Act bolster their ability to influence cyber-related budget decisions and improve engagement with industry partners.

Maj. Gen. Patrick Higby, director of cyberspace policy for the Air Force’s CIO office, wants to leverage the new authorities in the NDAA to build stronger cyber enterprise partnerships with the private sector.

“I would give our Air Force a not very high grade on how we do with our industry partners. A lot of that is sometimes where we struggle with viewing industry as an adversarial relationship, and God forbid they make a profit,” said Higby, during a panel at the IT conference Wednesday. “There are also some externally-conflicted constraints there, like the Budget Control Act. We’re working on how do we engage in a long-term strategic relationship to trust our industry partners when I can’t ensure them that I’m going to pay them in time for their next quarterly report.”

Maj. Gen. Garrett Yee, acting director of cybersecurity and information assurance for the Army CIO, views the new empowered authorities for his office as an opportunity to securing network modernization priorities with industry.

“We need this network to be survivable, protected, intuitive, standards-based, inter-operable with our sister services and partners, and sustainable. And it has to keep pace with the threat,” Yee said at the IT event.

Greater authority over budget concern allows the Army to pursue its new network strategy of halting programs that don’t meet future operational needs, fixing programs needed to fight right away, and pivoting to a more adaptable acquisition strategy.

Kennedy hopes the new authorities will help DoD-wide efforts meet capability needs, including tools developed in Silicon Valley under the department’s accelerated commercial technology program, Defense Innovation Unit Experimental (DIUx).

“I don’t want to minimize anything we’re doing with DIUx, but where we are right now is how do we scale it. We’re all in as a department with DIUx out in Silicon Valley, but now we’ve got to figure out how to scale out the proof of concepts they’re developing,” Kennedy said.