WASHINGTON — The U.S. Navy will review its $4 billion information technology portfolio to simplify and modernize, reducing vulnerabilities highlighted by recent cyber breaches.
The priority is to produce an inventory of existing IT infrastructure and allocated resources to better understand its networks and systems — as well as better secure them — as it prepares for battles in the digital age. Leaders signed the memo stating priorities of the IT infrastructure review just days before word surfaced that Russian hackers reportedly breached several U.S. civilian government agencies through a platform owned by a major federal IT contractor, SolarWinds, which does work with the Navy and other military services.
The Navy listed three other key goals: assessing the effectiveness of the capabilities in its inventory, modeling innovative technologies that reflect “modern, cloud-based technology standards,” and seeking portfolio recommendations to deliver end-to-end, cloud-enabled IT infrastructure.
“The purpose of the review is to identify potential courses of action to improve the value produced by the substantial annual IT spend in order to reinvest in IT priorities and return funds to the broader DON,” an announcement Monday from the Department of the Navy chief information officer stated. “The results of this review will inform decisions on the future Naval IT service delivery model and prioritization of effort to attain it.”
A spokesperson for the Navy CIO office told C4ISRNET that the review is underway and added that the results will be updated on a “rolling basis” through the second quarter of fiscal 2021
The portfolio review is part of the Navy CIO office’s push to integrate the Navy and Marine Corps IT systems. In the strategic memo, signed by Navy CIO Aaron Weis and Assistant Secretary of the Navy for Research, Development and Acquisition James Geurts, the service acknowledged that the systems the Navy and Marines operate on aren’t “fully networked or interoperable with each other, the Department of Defense (DoD), or our mission partners.”
“The current approach towards managing IT capability is stovepiped, duplicative and overly complex, making it difficult to operate, defend and apply resources to strategic modernization and transformation efforts,” the memo states. “Recent cyber events highlight the increasing vulnerability of the current DON information environment. The DON needs to simplify and modernize.”
The IT portfolio review focuses on four areas “at a minimum,” the memo states. First, the service will review its enterprise infrastructure, including transport, store, compute, identity and operations. The Navy will initially focus on its unclassified shore infrastructure, while the Marines will work on its end-to-end infrastructure.
The other three areas of focus are on software development Infrastructure, deployment and operations; data and analytics; and digital workplace.
The plan empowers cross-functional teams to collect data related to current requirements, capabilities and resources, the memo said. The Navy CIO is leading the cross-functional teams, made up of government experts and supplemented by contractors, the spokesperson said.
The review will also identify the Navy’s key cyber terrain, a key part of the 2018 cyber readiness review by the Department of the Navy that found glaring cybersecurity gaps across the department.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.