IC looks to stand up a new enterprise IT program office

The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.  

John Sherman, the CIO for the intelligence community, announced at the Department of Defense Intelligence Information System (DODIIS) Worldwide Conference on in Tampa, Fla., on Aug. 20, that the IC was considering the new program office with full-time, in-person access to subject matter experts.

In 2018, the IC CIO stood up a virtual program office to coordinate the development of new capabilities, such as secure file transfer and chat. The new PEO would continue that work, Sherman said.

Additionally, the IC recently released its cloud strategy and is working on a data strategy. 

Sherman said the IC recently completed its cybersecurity implementation plan, which focuses on knowing, managing and sharing the state of the enterprise.

"Using a new approach that we call the cybersecurity performance evaluation model, we started just this last month to receive our first tranche of [critical infrastructure protection]-related asset inventory data into our IC security coordination center," Sherman said.

Earlier this year the IC CIO began requiring each of its 17 members to take comprehensive inventory of its "edge, backroom and so-called shadow IT that is resident in just about every organization."

The Defense Intelligence Agency is taking that strategy a bit further and overhauling the defense intelligence community’s top secret communications system now that its workload has increased.

The DIA runs the top secret network Joint Worldwide Intel Communications System (JWICS), on top of the Defense Information Systems Agency's DOD Information Network.

Jean Schaffer, the DIA’s cyber and enterprise operations chief, said that while JWICS is already hardened due to being a top secret network, DIA needs to raise its security posture to better protect it from insider threats as more people are added to the network.

Part of the overhaul, which includes revisiting the architecture and design, means transitioning  from a network protection model to a data protection model to understand the “on and off ramps for JWICS” and defining domain edges and data pathways, Schaffer said at DODIIS.

Schaffer also said DIA is looking to employ two-factor authentication on JWICS, a function already available on the non-classified internet protocol router (NIPRNET) network.

Schaffer said DIA’s digital transformation was less about “fixing something that’s broken and more about changing our mindsets.”

For cyber, this means developing a baseline of normal behavior so that anomalous actions activate an alert. It also includes configuring tools to pick up the alerts that feeds into a central source where cybersecurity analysts respond.