National Security Leaders Weigh Changing Cloud Needs Amid JWCC

Defense Department leaders see a need to create standards for cloud and cloud security as the agency considers future iterations of the Joint Warfighting Cloud Capability (JWCC) contract.

Officials from the Air Force, Navy and the Department of Homeland Security discussed some of the shifting security implications of cloud computing during GovCIO Media & Research’s Defense IT Summit Friday.

“From a cloud security perspective, buying vehicles like JWCC don’t help or hurt one way or the other,” said Department of the Air Force CTO Jay Bonci. “We are looking at the several different ways of going to cloud, whether it’s one of the four [content security policies] on the JWCC contract or a [software as a service] vendor, being able to pull the data from those backplanes and pull them together into a set of common visibility is the real challenge above and beyond the purchasing pieces.”

Bonci spoke about the early days of cloud when it was viewed as an extension of data centers and how there are shifting needs for cloud now.

“We’re trying to move it left in the supply chain, and it’s a complete rethink of how you do the tooling, how you do the data integration layer, how you shift to the responsibilities from operational runtime security back through development,” Bonci said. “Across the DOD, we are going to be facing this challenge increasingly over the next few years as we continue to accelerate cloud rollout.”

Naval Information Warfare Center Atlantic DevSecOps Lead Engineer Edmund Kuqo called on industry leaders to help agencies by creating a set of standards for cloud and cloud security.

“[We don’t want] five different tools giving five different results, because then that becomes problematic and challenging for us to accept the product [when it’s presented] as an authorized product,” Kuqo said. “Your product can give me 50% of the coverage, this other product can give me 75%, but those two different sets of results are completely different. So how do I paint the picture to my authorizing official that this is better than that?”

Maximus TCS Cloud Solutions Leader Frank Reyes echoed Kuqo and asked other industry leaders to create a graceful shift over to cloud. Reyes used the example of mobile phones and how their applications can smoothly transition from using Wi-Fi capabilities to using 5G or LTE while still working properly.

“How do we develop applications that consider data and move it securely, dynamically as you need to as it’s starting to learn that the atmospherics are changing on their behalf? I think that’s an area where government and industry can really work and research for that specific use case,” Reyes said.

Department of Homeland Security Director of the National Security Cyber Division Don Yeske talked about these needs as agencies shift amid growing artificial intelligence priorities and the challenges around the emerging technology.

“In our CTO organization, right now we have 50 [job] openings that we just created. … The reason is because we recognize the size, shape and scope of the challenge,” Yeske said. “Over the last year or so, things have changed so radically, so quickly, that all of us, industry, government, everyone, haven’t really been able to keep up with the new opportunities that we’re creating and the new threats we’re realizing.”