DOD Prioritizes Data Agility with Risk-Based Shift, SWFT Program

The Defense Department is shifting its cybersecurity and data management posture away from rigid compliance toward risk-based decision-making, which leaders say is essential for modern warfare and digital readiness.

“How do you actually target [data] and serve that up to the user or the consumer or the stakeholder appropriately? And to do that as you’re transforming from an analog to the digital is a hard problem,” Young Bang, former principal deputy assistant secretary of Army Acquisition, Logistics Technology said during Nutanix .NEXT on Washington, D.C. on Wednesday.

Historically burdened by a complex and highly regulated environment, agencies are addressing governance policies, talent gaps and data silos that hinder innovation and security.

“There’s inconsistent governance policies which increases risk for data security and humbles AI efforts, because what we all know AI requires data to be successful,” said Sherry Walshak, director of Nutanix’s Public Sector Industry Solutions Marketing, during the event.

Bang explained how, while at the Army, he took a hybrid approach to the service’s data strategy because different environments — between strategic, operational and tactical — require different amounts of data.

“We want to create data liquidity across the enterprise, and we have data that’s unintentionally trapped, or, in other scenarios, way too much [data] that it would actually create a flood,” Bang said. “We were looking at vertically integrated stacks. How do we create abstractions at every level across the board, infrastructure, apps and data, then you can get a little bit closer to this whole data liquidity notion.”

The military services also have to balance compliance with risk when it comes to data-informed decision-making.

The department’s Risk Management Framework (RMF) also assists with moving away from compliance-based decisions toward risk-based decisions, which “is critical.”

“The DOD is shifting a little bit more that way, and they’re actually putting in something called SWFT and insisting that vendors and applications provide a desktop or software bill of materials to help reduce some of that risk, so then commanders can actually make that risk-based decision,” Bang said.

DOD’s Software Fast Track (SWFT) program is one effort the agency is taking to speed up acquisition. It replaces legacy authority to operate and RMF processes when buying software.

“The SWFT is to make more software available for the for the secretary’s software acquisition pathway, and blowing up the RMF will make the use of the SWFT and the software acquisition pathway more adaptable, so that we can be more lethal, more efficient and provide readiness to the warfighter,” DOD Acting CIO Katie Arrington told GovCIO Media & Research at TechNet in Baltimore, Maryland, Wednesday.