SOCOM Tech Chief Eyes Secure Cloud in Future Plans

Mobile, on-demand network access and cyber resiliency will drive U.S. Special Operations Command’s (SOCOM) IT modernization efforts, but CIO Joe Tragakis said pivoting to address real-time human needs continues to be his top priority.

“Every day my top priority is the people, followed by providing a reliable and secure network experience along with modernization,” SOCOM CIO Joe Tragakis told attendees Thursday at the Special Operations Forces Industry Conference (SOFIC) in Tampa, Florida.

SOCOM looks for technical solutions that are time- and cost-effective and will provide security to networks across the entire Defense Department.

A main focus area for SOCOM is zero trust and cyber resiliency.

“Everything we communicate across has to be defended and monitored,” Tragakis said. “Some of the tactics over the last 20 years need to be modified. I need to be able to inform commanders about the risk of mission that they’re using systems that don’t meet those standards.”

According to Tragakis, there has been a significant adjustment in tactical mission networks since he retired back in 2014. They are purpose-built mobile networks operating at the contact layer, whether it’s the operator, platform or sensor, and they can be established on demand or at the tactical edge.

“These networks also help minimize exposure and mitigate vulnerabilities to those strategic networks,” Tragakis said. “However, as a national security system, we still have to deploy these with cyber hygiene in place. They have to be monitored and automated, ideally cloud based, scalable, easily shared with coalition partners, quickly disabled, redeployed and refactored.”

Another priority for SOCOM is global mobility.

“While technology to develop multi-domain laptops and handhelds is common, getting them accredited for use on our networks is extremely challenging and takes a lot of time,” upward of 12 to 18 months, Tragakis said. “We have several accredited systems in use today, but we’re always looking to reduce size of packages, improve security and reduce the backside of resources required to manage them.”

Tragakis also mentioned how SOCOM is continuing to raise the bar on the compliance level of cross-domain solutions.

“With [cross-domain solutions], we’re looking for systems that will take commercial data feed and ingest them into an io2 commercial cloud environment, automatically scan data for vulnerabilities and then seamlessly transport that data into io4, io5 or even [top secret]-level cloud environment for further analysis and exploitation,” Tragakis said.

When it comes to cloud, SOCOM is planning to maintain a hybrid, on-prem multi-vendor commercial environment.

“We are currently working on identifying what goes into cloud and what stays on prem. We need to make sure we are looking at our regional surface centers are also enabled with the appropriate equipment,” Tragakis said. “We have to make sure that those systems and those teams are able to operate and function in either a denied, disrupted, intermittent or limited environment.”