Lt. Gen. Alan Lynn’s current role means he has two jobs. He’s in charge of fielding enterprise IT throughout the Department of Defense, while also protecting DoD networks across the military. Neither is a small task, but there’s an army of nearly 7,000 active duty and civilian employees, as well as industry partners and allies, charged with supporting the span of agency missions.
Those industry partnerships were front and center Nov. 6 at the Defense Information Systems Agency’s Forecast to Industry where agency officials described upcoming opportunities and emerging requirements. Lynn sat down with reporters, including C4ISRNET’s Amber Corrin, to discuss top priorities, pressing initiatives and his take on working with the private sector — including employing commercial technologies.
C4ISRNET: One of the initiatives that we heard about for a while is the Joint Information Environment. Then, for a while, we didn’t hear quite as much, other than about the development of the joint regional security stacks. What’s the current status of both JIE and JRSS?
LT. GEN. ALAN LYNN: It’s important to understand that JIE is not a program, it is a concept. That’s the key phrase: it’s a concept. So, it’s not [Acquisition Category I major defense acquisition] program, it’s a concept of going joint where it makes sense.
JRSS is the first instance where we have broadly agreed that this needs to be a joint capability. So JRSS provides that capability to protect in a regional fashion instead of at post, camp or station. The reason why that’s important is because once you have a complete regional picture with all the posts, camps and stations running through it, then you can centrally see across all of the Department of Defense, and once it’s [complete], what’s happening at any given time. With big data analytics on top of that, now you can properly defend the network in real time.
It’s not a thing, like one thing. JRSS is not one thing — it’s multiple, best-of-breed, different capabilities that provide different types of protection. There’s an A side and a B side; it can bounce between kind of the left and right sides. That’s just one part of the defense, because there are multiple layers of defense that go all the way up to the internet access point. We have the very best in internet access point capability; we have some very unique things that we’ve worked on with some of the three-letter entities that provide us that “secret sauce” that we need that nobody else has. And then it gets down to JRSS, which is the next layer of defense.
I like the phrase “decentralized,” because when it comes down at the post, camp and station they’re still able to get up into that JRSS and actually see things that are happening on their network. So they’re defending at that level … it’s not like it’s taken over from Big Brother. It’s interactive, it’s multi-tenancy — multiple tenants are reading what’s happening on JRSS.
C4ISRNET: DISA has a fair amount of upcoming contract action related to developing and deploying forward-looking command and control capabilities. What are your goals for these C2 capabilities, and what are you looking to do in the future that’s different from what’s been done in the past?
LYNN: A big piece of it is mobility. We’ve done a lot of work with virtualization … we think [what’s key is] the tactical piece we’re enabling in that level power in a smaller box. We need that piece to go forward when [troops are] disconnected; you’ll be able to operate to speed for the needs of the war fighter. Then, when they get reconnected back in they’ll be able to pull all of that information.
The second piece, looking toward the future, [is] we’re looking at those command and control systems and starting to design those to live in a mobile space so we can use them on the mobile platforms we’re using, whether that be a tablet or smartphone. We see that as what war fighters are going to be carrying around so we’re moving toward providing those command and control options in mobile platforms, as opposed to the older architecture of some server somewhere.
It’s been a challenge. It used to be that if you wanted to access the [classified SIPR network], you had to drive in to work; you had to go to a SCIF [sensitive compartmented information facility]. Senior leaders had [suitcase-based classified communications capability]. But this frees everybody up — it is a cost-effective way of getting SIPRNet [the Secret Internet Protocol Router Network] down to every user if need be. For those that need that capability, it’s available wherever they are, and that’s an important change.
C4ISRNET: Another big, recent contract for DISA is last summer’s $500 million award of milCloud 2.0. How do you balance the speed and technological edge of commercial cloud against your DoD-specific security requirements?
LYNN: As I switch my hat from DISA director to Joint Force Headquarters-DoDIN commander, responsible for the cyber protection of the entire DoD, from my perspective on the cloud when you’re talking about security is there’s an important part of DoD’s applications that need a lot of it. But there’s also a large group of them that do not, so we push those to a straight-up commercial cloud. That helps me because it’s a lot less that I have to defend. The more I push down that doesn’t need security, the better.
All of our cloud is commercial. There isn’t a DoD cloud that’s not commercial. The big difference really is, for ours, it’s on-premises which means we can wrap all our security around it, and the others are off-premises. Those are less secure. And we use those, too — we encourage that. Where it makes sense to be outside, it should be.
C4ISRNET: U.S. Cyber Command has talked about the idea of a defensive cyber operations concept of operations with the “Five Eyes” alliance that includes Australia, Canada, New Zealand, the United Kingdom and the United States. What does that mean for you in terms of sharing information with partners to help make the U.S. more secure?
LYNN: The problem with the Joint Force Headquarters-DoDIN side is that much of what we could talk about gets into high classification space.
I can tell you that we do work with our Five Eyes partners all the time; it’s non-stop. I don’t think that’s going to change in the future — if anything, I see growth in that area for other allies.
C4ISRNET: We’re at Forecast to Industry, which is obviously a major event for industry groups looking to do business with DISA. How do you view the partnership between DISA and the commercial sector as it stands right now?
LYNN: We’re working together with industry to provide effects. We’re not doing it just for our own interest — it’s really for the war fighter.
As we develop, we’re trying to look for things that are a win-win. A long time ago we developed ARPANET; it became the internet, and that was a huge win-win. Microwaves. We developed that and it became a household thing. We’re looking at the commercial side … what’s on the commercial side that can be a win-win? It will ultimately drive down the costs for the Department of Defense if it’s a win on the commercial side as well.