DISA refreshes strategic plan for 2022

The Defense Information Systems Agency has refreshed its three-year strategy to better emphasize cyber defense, the role of cloud and enterprise services.

"Because of the planning efforts we undertook in 2019, DISA was able to turn on a dime to support the Department of Defense and the whole-of-government response to the COVID-19 pandemic," said Navy Vice Adm. Nancy Norton, director of DISA and commander of Joint Force Headquarters-Department of Defense Information Network. "But we had to accelerate implementation at a very rapid pace."

Technology solutions, such as the cloud-based internet isolation (CBII) browser, that emerged from the pandemic response are now foundational to DISA's strategy, which aims to provide a framework for what and how the agency acquires products and services in the coming years.

"We knew that we had significant issues with web browsing in particular as an attack vector," Norton said during remarks at AFCEA's TechNet Cyber event Dec. 1. "The team jumped on this as a way to do some testing to figure out whether or not it was going to be effective at scale and at speed."

CBII was DISA's first taste of a successful other transaction authority acquisition that moved to production this year as it rolled out a tool that helps protect DOD's network from cyber vulnerabilities that come from web-browsing.

Norton also noted that using other transaction agreements "gives us a lot of flexibility on, particularly, those new solutions" and piloting projects. The admiral then added that DISA will definitely use the rapid contracting vehicle again as it continues to learn how the agency can best apply it.

DISA released its 2019-2022 updated strategy Nov. 30 ahead of its annual AFCEA TechNet Cyber conference.

In addition to cyber, the document also stresses the need for modernized infrastructure, including a plan to stand up a capability to improve endpoint security through user activity monitoring for Fourth Estate organizations in fiscal 2021.DISA is also working on "an infrastructure technical refresh" for its unclassified (NIPRnet) and secret (SIPRnet) networks in 2021 to improve computing abilities.

DISA has also been working on becoming a single service IT provider for defense agencies and field activities through its Fourth Estate Network Modernization initiative -- an effort that combines increased cybersecurity and cloud needs.

John Sherman, the Defense Department's principal deputy CIO, said in pre-recorded keynote remarks that the overall effort would take strides in 2021.

"Over the course of the next year, we'll migrate the majority of the DAFAs to the Global Service Desk and begin the transition to the next set of organizations to DoDNet," he said.

DISA's updated strategy also calls out the program's intent to improve daily IT operations by 2025.

"We are onboarding 14 organizations between fiscal years 2020-2025 onto DoDNet, and 800 IT government personnel will join DISA over a period of six years," the strategy states.