healthcarereimagined

• Amy C. Edmondson,
• Sujin Jang,
• Tiziana Casciaro

From the Magazine (May–June 2019)

Summary

Today the most promising innovation and business opportunities require collaboration among functions, offices, and organizations. To realize them, companies must break down silos and get people working together across boundaries. But that’s a challenge for many leaders. Employees naturally default to focusing on vertical relationships, and formal restructuring is costly, confusing, and slow. What, then, is the solution? Engaging in four activities that promote horizontal teamwork: (1) developing cultural brokers, or employees who excel at connecting across divides; (2) encouraging people to ask questions in an open-ended, unbiased way that genuinely explores others’ thinking; (3) getting people to actively take other points of view; and (4) broadening employees’ vision to include more-distant networks.

By supporting these activities, leaders can help employees connect with new pools of expertise and learn from and relate to people who think very differently from them. And when that happens, interface collaboration will become second nature.

Though most executives recognize the importance of breaking down silos to help people collaborate across boundaries, they struggle to make it happen. That’s understandable: It is devilishly difficult. Think about your own relationships at work—the people you report to and those who report to you, for starters. Now consider the people in other functions, units, or geographies whose work touches yours in some way. Which relationships get prioritized in your day-to-day job?

We’ve posed that question to managers, engineers, salespeople, and consultants in companies around the world. The response we get is almost always the same: vertical relationships.

But when we ask, “Which relationships are most important for creating value for customers?” the answers flip. Today the vast majority of innovation and business-development opportunities lie in the interfaces between functions, offices, or organizations. In short, the integrated solutions that most customers want—but companies wrestle with developing—require horizontal collaboration.

The value of horizontal teamwork is widely recognized. Employees who can reach outside their silos to find colleagues with complementary expertise learn more, sell more, and gain skillsfaster. Harvard’s Heidi Gardner has found that firms with more cross-boundary collaboration achieve greater customer loyalty and higher margins. As innovation hinges more and more on interdisciplinary cooperation, digitalization transforms business at a breakneck pace, and globalization increasingly requires people to work across national borders, the demand for executives who can lead projects at interfaces keeps rising.

Our research and consulting work with hundreds of executives and managers in dozens of organizations confirms both the need for and the challenge of horizontal collaboration. “There’s no doubt. We should focus on big projects that call for integration across practices,” a partner in a global accounting firm told us. “That’s where our greatest distinctive value is developed. But most of us confine ourselves to the smaller projects that we can handle within our practice areas. It’s frustrating.” A senior partner in a leading consulting firm put it slightly differently: “You know you should swim farther to catch a bigger fish, but it is a lot easier to swim in your own pond and catch a bunch of small fish.”

One way to break down silos is to redesign the formal organizational structure. But that approach has limits: It’s costly, confusing, and slow. Worse, every new structure solves some problems but creates others. That’s why we’ve focused on identifying activities that facilitate boundary crossing. We’ve found that people can be trained to see and connect with pools of expertise throughout their organizations and to work better with colleagues who think very differently from them. The core challenges of operating effectively at interfaces are simple: learningabout people on the other side and relating to them. But simple does not mean easy; human beings have always struggled to understand and relate to those who are different.

Leaders need to help people develop the capacity to overcome these challenges on both individual and organizational levels. That means providing training in and support for four practices that enable effective interface work.

1. Develop and Deploy Cultural Brokers

Fortunately, in most companies there are people who already excel at interface collaboration. They usually have experiences and relationships that span multiple sectors, functions, or domains and informally serve as links between them. We call these people cultural brokers. In studies involving more than 2,000 global teams, one of us—Sujin—found that diverse teams containing a cultural broker significantly outperformed diverse teams without one. (See “The Most Creative Teams Have a Specific Type of Cultural Diversity,”HBR.org, July 24, 2018.) Companies should identify these individuals and help them increase their impact.

Cultural brokers promote cross-boundary work in one of two ways: by acting as a bridge or as an adhesive.

A bridge offers himself as a go-between, allowing people in different functions or geographies to collaborate with minimal disruption to their day-to-day routine. Bridges are most effective when they have considerable knowledge of both sides and can figure out what each one needs. This is why the champagne and spirits distributor Moët Hennessy España hired two enologists, or wine experts, to help coordinate the work of its marketing and sales groups, which had a history of miscommunication and conflict. The enologists could relate to both groups equally: They could speak to marketers about the emotional content (the ephemeral “bouquet”) of brands, while also providing pragmatic salespeople with details on the distinctive features of products they needed to win over retailers. Understanding both worlds, the enologists were able to communicate the rationale for each group’s modus operandi to the other, allowing marketing and sales to work more synergistically even without directly interacting. This kind of cultural brokerage is efficient because it lets disparate parties work around differences without investing in learning the other side’s perspective or changing how they work. It’s especially valuable for one-off collaborations or when the company is under intense time pressure to deliver results.

Employees who can reach outside their silos learn more and sell more.

Adhesives, in contrast, bring people together and help build mutual understanding and lasting relationships. Take one manager we spoke with at National Instruments, a global producer of automated test equipment. He frequently connects colleagues from different regions and functions. “I think of it as building up the relationships between them,” he told us. “If a colleague needs to work with someone in another office or function, I would tell them, ‘OK, here’s the person to call.’ Then I’d take the time to sit down and say, ‘Well, let me tell you a little bit about how these guys work.’” Adhesives facilitate collaboration by vouching for people and helping them decipher one another’s language. Unlike bridges, adhesives develop others’ capacity to work across a boundary in the future without their assistance.

Company leaders can build both bridging and adhesive capabilities in their organizations by hiring people with multifunctional or multicultural backgrounds who have the strong interpersonal skills needed to build rapport with multiple parties. Because it takes resilience to work with people across cultural divides, firms should also look for a growth mindset—the desire to learn and to take on challenges and “stretch” opportunities.

In addition, leaders can develop more brokers by giving people at all levels the chance to move into roles that expose them to multiple parts of the company. This, by the way, is good training for general managers and is what many rotational leadership-development programs aim to accomplish. Claudine Wolfe, the head of talent and development at the global insurer Chubb, maintains that the company’s capacity to serve customers around the world rests on giving top performers opportunities to work in different geographies and cultivate an international mindset. “We give people their critical development experiences steeped in the job, in the region,” she says. “They get coaching in the cultural norms and the language, but then they live it and internalize it. They go to the local bodega, take notice of the products on the shelves, have conversations with the merchant, and learn what it really means to live in that environment.”

Matrix organizational structures, in which people report to two (or more) groups, can also help develop cultural brokers. Despite their inherent challenges (they can be infuriatingly hard to navigate without strong leadership and accountability), matrices get people used to operating at interfaces.

We’re not saying that everyone in your organization needs to be a full-fledged cultural broker. But consciously expanding the ranks of brokers and deploying them to grease the wheels of collaboration can go a long way.

2. Encourage People to Ask the Right Questions

It’s nearly impossible to work across boundaries without asking a lot of questions. Inquiry is critical because what we see and take for granted on one side of an interface is not the same as what people experience on the other side.

Indeed, a study of more than 1,000 middle managers at a large bank that Tiziana conducted with Bill McEvily and Evelyn Zhang of the University of Toronto and Francesca Gino of Harvard Business School highlights the value of inquisitiveness in boundary-crossing work. It showed that managers with high levels of curiosity were more likely to build networks that spanned disconnected parts of the company.

But all of us are vulnerable to forgetting the crucial practice of asking questions as we move up the ladder. High-achieving people in particular frequently fail to wonder what others are seeing. Worse, when we do recognize that we don’t know something, we may avoid asking a question out of (misguided) fear that it will make us look incompetent or weak. “Not asking questions is a big mistake many professionals make,” Norma Kraay, the managing partner of talent for Deloitte Canada, told us. “Expert advisers want to offer a solution. That’s what they’re trained to do.”

Leaders can encourage inquiry in two important ways—and in the process help create an organization where it’s psychologically safe to ask questions.

Be a role model.

When leaders show interest in what others are seeing and thinking by asking questions, it has a stunning effect: It prompts people in their organizations to do the same.

Asking questions also conveys the humility that more and more business leaders and researchers are pointing to as vital to success. According to Laszlo Bock, Google’s former senior vice president of people operations, humble people are better at bringing others together to solve tough problems. In a fast-changing business environment, humility—not to be confused with false modesty—is simply a strength. Its power comes from realism (as in It really is a complex, challenging world out there; if we don’t work together, we don’t stand a chance).

Gino says one way a leader can make employees feel comfortable asking questions is by openly acknowledging when he or she doesn’t know the answer. Another, she says, is by having days in which employees are explicitly encouraged to ask “Why?” “What if…?” and “How might we…?” (See “The Business Case for Curiosity,”HBR, September–October 2018.)

Teach employees the art of inquiry.

Training can help expand the range and frequency of questions employees ask and, according to Hal Gregersen of the MIT Leadership Center, can reinvigorate their sense of curiosity. But some questions are better than others. And if you simply tell people to raise more questions, you might unleash interrogation tactics that inhibit rather than encourage the development of new perspectives. As MIT’s Edgar Schein explains in his book Humble Inquiry,questions are the secret to productive work relationships—but they must be driven by genuine interest in understanding another’s view.

How to Ask Good Questions

COMMON PITFALLSEFFECTIVE INQUIRY

Start with yes-or-no questions.Start with open-ended questions that minimize preconceptions. (“How are things going on your end?” “What does your group see as the key opportunity in this space?”)Continue asking overly general questions (“What’s on your mind?”) that may invite long off-point responses.As collaborations develop, ask questions that focus on specific issues but allow people plenty of room to elaborate. (“What do you know about x?” “Can you explain how that works?”)Assume that you’ve grasped what speakers intended.Check your understanding by summarizing what you’re hearing and asking explicitly for corrections or missing elements. (“Does that sound right—am I missing anything?” “Can you help me fill in the gaps?”)Assume the collaboration process will take care of itself.Periodically take time to inquire into others’ experiences of the process or relationship. (“How do you think the project is going?” “What could we do to work together more effectively?”)

It’s also important to learn how to request information in the least biased way possible. This means asking open-ended questions that minimize preconceptions, rather than yes-or-no questions. For instance, “What do you see as the key opportunity in this space?” will generate a richer dialogue than “Do you think this is the right opportunity to pursue?”

As collaborations move forward, it’s helpful for team leaders or project managers to raise queries that encourage others to dive more deeply into specific issues and express related ideas or experiences. “What do you know about x?” and “Can you explain how that works?” are two examples. These questions are focused but neither limit responses nor invite long discourses that stray too far from the issue at hand.

How you process the answers also matters. It’s natural, as conversations unfold, to assume you understand what’s being said. But what people hear is biased by their expertise and experiences. So it’s important to train people to check whether they’re truly getting their colleagues’ meaning, by using language like “This is what I’m hearing—did I miss anything?” or “Can you help me fill in the gaps?” or “I think what you said means the project is on track. Is that correct?”

Finally, periodic temperature taking is needed to examine the collaborative process itself. The only way to find out how others are experiencing a project or relationship is by asking questions such as “How do you think the project is going?” and “What could we do to work together more effectively?”

3. Get People to See the World Through Others’ Eyes

Leaders shouldn’t just encourage employees to be curious about different groups and ask questions about their thinking and practices; they should also urge their people to actively consider others’ points of view. People from different organizational groups don’t see things the same way. Studies (including research on barriers to successful product innovation that the management professor Deborah Dougherty conducted at Wharton) consistently reveal that this leads to misunderstandings in interface work. It’s vital, therefore, to help people learn how to take the perspectives of others. One of us, Amy, has done research showing that ambitious cross-industry innovation projects succeed when diverse participants discover how to do this. New Songdo, a project to build a city from scratch in South Korea that launched a decade ago, provides an instructive example. Early in the effort, project leaders brought together architects, engineers, planners, and environmental experts and helped them integrate their expertise in a carefully crafted learning process designed to break down barriers between disciplines. Today, in striking contrast to other “smart” city projects, New Songdo is 50% complete and has 30,000 residents, 33,000 jobs, and emissions that are 70% lower than those of other developments its size.

In a study of jazz bands and Broadway productions, Brian Uzzi of Northwestern University foundthat leaders of successful teams had an unusual ability to assume other people’s viewpoints. These leaders could speak the multiple “languages” of their teammates. Other research has shown that when members of a diverse team proactively take the perspectives of others, it enhances the positive effect of information sharing and increases the team’s creativity.

Creating a culture that fosters this kind of behavior is a senior leadership responsibility. Psychological research suggests that while most people are capableof taking others’ perspectives, they are rarely motivated to do so. Leaders can provide some motivation by emphasizing to their teams how much the integration of diverse expertise enhances new value creation. But a couple of other tactics will help:

Organize cross-silo dialogues.

Instead of holding one-way information sessions, leaders should set up cross-silo discussions that help employees see the world through the eyes of customers or colleagues in other parts of the company. The goal is to get everyone to share knowledge and work on synthesizing that diverse input into new solutions. This happens best in face-to-face meetings that are carefully structured to allow people time to listen to one another’s thinking. Sometimes the process includes customers; one consulting firm we know started to replace traditional meetings, at which the firm conveyed information to clients, with a workshop format designed to explore questions and develop solutions in collaboration with them. The new format gives both the clients and the consultants a chance to learn from each other.

One of the more thoughtful uses of cross-silo dialogue is the “focused event analysis” (FEA) at Children’s Minnesota. In an FEA people from the health system’s different clinical and operational groups come together after a failure, such as the administration of the wrong medication to a patient. One at a time participants offer their take on what happened; the goal is to carefully document multiple perspectives before trying to identify a cause. Often participants are surprised to learn how people from other groups saw the incident. The assumption underlying the FEA is that most failures have not one root cause but many. Once the folks involved have a multifunctional picture of the contributing factors, they can alter procedures and systems to prevent similar failures.

Hire for curiosity and empathy.

You can boost your company’s capacity to see the world from different perspectives by bringing on board people who relate to and sympathize with the feelings, thoughts, and attitudes of others. Southwest Airlines, which hires fewer than 2% of all applicants,selects people with empathy and enthusiasm for customer service, evaluating them through behavioral interviews (“Tell me about a time when…”) and team interviews in which candidates are observed interacting.

4. Broaden Your Employees’ Vision

You can’t lead at the interfaces if you don’t know where they are. Yet many organizations unwittingly encourage employees to never look beyond their own immediate environment, such as their function or business unit, and as a result miss out on potential insights employees could get if they scanned more-distant networks. Here are some ways that leaders can create opportunities for employees to widen their horizons, both within the company and beyond it:

Bring employees from diverse groups together on initiatives.

As a rule, cross-functional teams give people across silos a chance to identify various kinds of expertise within their organization, map how they’re connected or disconnected, and see how the internal knowledge network can be linked to enable valuable collaboration.

At one global consulting firm, the leader of the digital health-care practice used to have its consultants speak just to clients’ CIOs and CTOs. But she realized that that “unnecessarily limited the practice’s ability to identify opportunities to serve clients beyond IT,” she says. So she began to set up sessions with the entire C-suite at clients and brought in consultants from across all her firm’s health-care practices—including systems redesign, operations excellence, strategy, and financing—to provide a more integrated look at the firm’s health-care innovation expertise.

Those meetings allowed the consultants to discover the connections among the practices in the health-care division, identify the people best positioned to bridge the different practices, and see novel ways to combine the firm’s various kinds of expertise to meet clients’ needs. That helped the consultants spot value-generating opportunities for services at the interfaces between the practices. The new approach was so effective that, in short order, the leader was asked to head up a new practice that served as an interface across all the practices in the IT division so that she could replicate her success in other parts of the firm.

Urge employees to explore distant networks.

Employees also need to be pushed to tap into expertise outside the company and even outside the industry. The domains of human knowledge span science, technology, business, geography, politics, history, the arts, the humanities, and beyond, and any interface between them could hold new business opportunities. Consider the work of the innovation consultancy IDEO. By bringing design techniques from technology, science, and the arts to business, it has been able to create revolutionary products, like the first Apple mouse (which it developed from a Xerox PARC prototype into a commercial offering), and help companies in many industries embrace design thinking as an innovation strategy.

The tricky part is finding the domains most relevant to key business goals. Although many innovations have stemmed from what Abraham Flexner, the founding director of the Institute for Advanced Study, called “the usefulness of useless knowledge,”businesses can ill afford to rely on open-ended exploratory search alone. To avoid this fate, leaders can take one of two approaches:

A top-down approach works when the knowledge domains with high potential for value creation have already been identified. For example, a partner in an accounting firm who sees machine learning as key to the profession’s future might have an interested consultant or analyst in her practice take online courses or attend industry conferences about the technology and ask that person to come back with ideas about its implications. The partner might organize workshops in which the junior employee shares takeaways from the learning experiences and brainstorms, with experienced colleagues, potential applications in the firm.

You can’t lead at the interfaces if you don’t know where they are.

A bottom-up approach is better when leaders have trouble determining which outside domains the organization should connect with—a growing challenge given the speed at which new knowledge is being created. Increasingly, leaders must rely on employees to identify and forge connections with far-flung domains. One approach is to crowdsource ideas for promising interfaces—for example, by inviting employees to propose conferences in other industries they’d like to attend, courses on new skill sets they’d like to take, or domain experts they’d like to bring in for workshops. It’s also critical to give employees the time and resources to scan external domains and build connections to them.

Breaking Down Silos

In today’s economy everyone knows that finding new ways to combine an organization’s diverse knowledge is a winning strategy for creating lasting value. But it doesn’t happen unless employees have the opportunities and tools to work together productively across silos. To unleash the potential of horizontal collaboration, leaders must equip people to learn and to relate to one another across cultural and logistical divides. The four practices we’ve just described can help.

Not only is each one useful on its own in tackling the distinct challenges of interface work, but together these practices are mutually enhancing: Engaging in one promotes competency in another. Deploying cultural brokers who build connections across groups gets people to ask questions and learn what employees in other groups are thinking. When people start asking better questions, they’re immediately better positioned to understand others’ perspectives and challenges. Seeing things from someone else’s perspective—walking in his or her moccasins—in turn makes it easier to detect more pockets of knowledge. And network scanning illuminates interfaces where cultural brokers might be able to help groups collaborate effectively.

Over time these practices—none of which require advanced degrees or deep technical smarts—dissolve the barriers that make boundary-crossing work so difficult. When leaders create conditions that encourage and support these practices, collaboration across the interface will ultimately become second nature.

A version of this article appeared in the May–June 2019 issue (pp.130–139) of Harvard Business Review.

• Amy C. Edmondson is the Novartis Professor of Leadership and Management at Harvard Business School. Her latest book is Right Kind of Wrong: The Science of Failing Well (Atria Books, forthcoming in September 2023).
• Sujin Jang is an assistant professor of organisational behaviour at INSEAD. Her research focuses on global teams and the challenges of working across cultures.
• Tiziana Casciaro is a professor of organizational behavior and HR management and holds the Marcel Desautels Chair in Integrative Thinking at the University of Toronto’s Rotman School of Management. She is the co-author of Power, for All: How It Really Works and Why It’s Everyone’s Business (Simon & Schuster, 2021).

Article link: https://hbr.org/2019/05/cross-silo-leadership?utm_medium=social&utm

By Kashia Simmons / Office of Strategic Communication and Public Affairs

Defense Information Systems Agency and National Security Agency officials met in Annapolis Junction, Maryland, July 20, to celebrate the final transition of a critical boundary defense tool for the United States Department of Defense.

SHARKSEER officially transitioned from NSA on June 30, marking the beginning of a new era in cybersecurity for the DOD Information Network, as DISA assumes responsibility for the program’s operations and management.

“DODIN is a no-fail mission, so many are dependent on this success,” said Catherine Aucella, NSA executive director. “Thank you to DISA for taking this mission and keeping it going.”

SHARKSEER is a system of commercial, government and open-source systems that actively detects, alerts and blocks malicious, suspected or anomalous network traffic through automated and analyst-driven blocking mechanisms. The program was developed and engineered by the NSA in 2015 and was developed as an adaptive platform, capable of quickly integrating new technologies wherever SHARKSEER systems are deployed.

DISA has been an active partner in SHARKSEER since the beginning and was designated as the transition organization for the program in the 2019 National Defense Authorization Act.

“The fact that NSA and DISA were able to work together over the past four years to successfully transition the SHARKSEER program from one agency to another – not a common action or request – with minimal breaks in service is a testament to this relationship,” said James L. Cody, NSA Cross Access Front End Solutions chief.

There have been multiple DISA employees who have supported SHARKSEER over the years to lead up to this day, said Olanrewaju J. Bucknor, DISA SHARKSEER program engineer, who’s worked on the program for three years. Bucknor explained that NSA remains an integral partner in SHARKSEER, providing software and applications within the environment.

“Ensuring the sustainability and functionality of the SHARKSEER DODIN Boundary Cyber Defense systems ensures all DOD mission partners have a dynamic internet facing protective shield from known and emerging adversarial cyber threats,” Cody said.

SHARKSEER complements existing defense-in-depth capabilities of DISA Global’s defensive cyber operations mission by providing an orchestrated, behavioral analytic platform capable of actively blocking suspicious or potentially malicious objects. SHARKSEER also provides unique threat data content to inform other defensive systems for mitigation.

“Geographically deploying the SHARKSEER capability at the 10 DISA-managed internet access points to monitor traffic provides an unprecedented level of visibility to the warfighter supporting the DOD cyber network defense incident response mission,” said Alexis Grayson, DISA SHARKSEER program manager.

DISA will continue to develop and evolve SHARKSEER systems, with plans to add multifactor authentication, transition to a zero-trust model and utilize more cloud-based security solutions to improve scalability, flexibility and centralized management among other capabilities, Grayson said.

Visit DISA.mil for more agency news and updates.

Article link: https://www.linkedin.com/pulse/disa-takes-over-premier-cyber-defense

By ALEXANDRA KELLEYAUGUST 4, 2023

The Cybersecurity and Infrastructure Security Agency’s 2024-2026 cybersecurity roadmap focuses on public-private partnerships and using metrics to gauge the effectiveness of cybersecurity measures.

The Cybersecurity and Infrastructure Security Agency is prioritizing addressing immediate threats, hardening digital terrain and implementing security at scale among nine other objectives as outlined in the agency’s new Cybersecurity Strategic Plan.

Released on Friday, the plan marks CISA’s roadmap for the next three years as the agency works with the larger Biden administration to safeguard America’s digital networks from the increased onslaught of malicious cyber attacks. 

“Now is the moment where our country has a choice: to invest in a future where collaboration is a default rather than an exception; where innovation in defense and resilience dramatically outpaces that of those seeking to do us harm; and where the burden of cybersecurity is allocated toward those who are most able to bear it,” the executive summary of the report reads. “Cyber incidents have caused too much harm to too many American organizations. Working together, we can change this course.”

The nine objectives underpinning the strategy and its three overarching goals include prioritizing coordinated threat disclosure, proactive vulnerability analyses and implementing cybersecurity investments, among other tenants. 

The plan will focus on outcome-based measures for institutions working to reduce their cybersecurity risk. Some of these metrics are centered around reducing incident response time, particularly for federal agencies and critical infrastructure partners.

Other metrics focus on strategic increases. In measuring the efficacy of agency collaborations, CISA is focused on analyzing the increases in the volume of relevant information, in addition to more specific actionable plans and post-incident reports. 

Notably, the strategy  also focuses on implementing the federally-backed secure-by-design concept. 

“As a society, we can no longer accept a model where every technology product is vulnerable the moment it is released and where the overwhelming burden for security lies with individual organizations and users,” the report reads. “Technology should be designed, developed, and tested to minimize the number of exploitable flaws before they are introduced to the market.”

Absent federal mandates and legislation, tech companies still operate under a voluntary and trust-based model of collaboration. CISA said it “will strive to ensure that regulators and other government entities with compulsory authorities leverage technically sound and effective practices developed together with our partners across the private sector, ideally enabling harmonization across both U.S. and global regulatory regimes.”

The report also notes that CISA will produce and regularly update criteria to develop and maintain secure-by-design products and ensure cooperation from manufacturers. 

Artificial intelligence software and quantum computing are highlighted as potentially risky technologies that threaten current cybersecurity protocol, particularly with the coming of an operational quantum computer.  

CISA’s strategy to mitigate these emerging threats is to work with the developers of these more nascent technologies and prepare digital systems, namely through post-quantum cryptographic migrations.

Article link: https://www.nextgov.com/cybersecurity/2023/08/cisa-unveils-plan-measure-cybersecurity-success/389156/

By ADAM MAZMANIAN. August 3, 2023

The Defense Department’s top tech official directed defense agencies to tap the multi-vendor Joint Warfighting Cloud Capability contract for new cloud acquisitions and is requiring all top-secret cloud buys across the Pentagon and military services to use the vehicle for top secret capabilities.

The Defense Department’s chief information officer directed defense agencies and Pentagon components to begin using the $9 billion, multi-vendor Joint Warfighting Cloud Capability cloud contract for new cloud buys. 

The JWCC was awarded last year and offers cloud services through Microsoft, Amazon Web Services, Google and Oracle. The contract was the replacement for a controversial single-vendor contract that was awarded and then scrubbed amid protests and lawsuits.

In a memo publicly released on Thursday, CIO John Sherman said that existing cloud contacts must be transitioned to JWCC upon expiration. The memo covers defense agencies, including the Defense Information Systems Agency and other components covering accounting, counterintelligence, contract management, healthcare and logistics, as well as the Joint Chiefs of Staff.

The memo also carves out an exception for DOD-based intelligence agencies including the National Security Agency and the Defense Intelligence Agency, which will stick with the multi-vendor Commercial Cloud Enterprise vehicle known as C2E.

Sherman also directs the military services to adopt JWCC for secret or top secret cloud capabilities. The service branches are permitted to use their own existing contract vehicles, but the memo “encourages” the services to consider JWCC for cloud procurement.

Additionally, DOD is restructuring and renaming its cloud governance organization “to provide a broader forum to continue with existing and expanding digital modernization activities relevant to the department’s information enterprise.” The new organization, called the DOD Information Enterprise Portfolio Management and Capabilities Council, will tackle governance issues arising from oversight of classified clouds and cloud contract language.

As a first implementation step, Sherman is tasking fourth estate agencies with delivering information on existing cloud contracts, cloud providers, pricing data, use of integrators and resellers and future plans for obtaining cloud services. That information is due to the Office of the Chief Information Officer in 60 days.

Article link: https://www.nextgov.com/defense/2023/08/dod-pushes-cloud-buyers-jwcc/389101/

By Jonathan Shiery, Hoan Wagner

JULY 28, 2023

Welcome to the Q2 2023 edition of Weather the Disruption, a quarterly newsletter intended to highlight the importance of business resiliency in today’s world. Our goal is to provide global regulatory updates, industry trends, best practices, and detect threats with potential to impact our clients and sector. In this edition, we discuss how AI can aid resilience, the implementation of resiliency strategies, and the impact of environmental changes.

Artificial Intelligence

As AI continues to grow rapidly, one of its commonly discussed use cases is its application in improving business resilience:

Resilience AI — The goal of Resilience AI is to create systems to combat unprecedented scenarios¹ to avoid both minor and catastrophic system failures. AI can improve business resiliency by maintaining functionality during situations such as hardware failures, cyberattacks, and environmental changes. AI improves current resiliency methods by improving efficiency and automation to reduce the need for manual labor.

AI in Business Resiliency Framework — The fast growth of AI will push firms to implement AI as part of their business continuity framework². Incorporating AI in business resiliency frameworks can reduce repetitive tasks and promote consistency, creating more efficient processes. While AI can be extremely beneficial, it will be necessary to ensure a balance between automation and the level of human involvement to prevent algorithm bias, unintended consequences, programming errors, reputational aspects, and more.

AI and Predictive Analysis — AI can provide predictive analysis using algorithms and machine-learning capabilities to process large amounts of data. Modern predictive analysis tools shift data analytics from a small team of data scientists exploring hypothesis, to tools that can be used by both data analytics experts and regular business users³ in day-to-day business. In light of ongoing economic uncertainty, having tools to adapt quickly allows organizations to remain resilient. Incorporating AI into predictive analysis can help organizations navigate the pace of change and respond quickly.

Regulatory Insight

There have been major regulatory changes surrounding Business Resiliency of late:

Cyber Resilience Act Proposal — The EU proposed the Cyber Resilience Act (CRA)⁴ with a goal to increase Europe’s defense against cyberattacks. Some of the proposed legislation comes with concerns, including the implications of penalizing open-source developers who receive monetary compensation. Concerned stakeholders argue that this legislation threatens the operation of any organizations that provides open-source codes to the public, if those organizations receive even just a bit of financial compensation.

Collaborative Digital Regulation Country Reviews — Tech development regulators increasingly want to assure the development of digital infrastructure securely reaches people everywhere. New Collaborative Digital Regulation Country Reviews⁵ for Brazil, Colombia, Egypt, and Kenya were published during The International Telecommunication Union’s Global Symposium for Regulators (GSR-23).

Prudential Regulation Authority Business Plan 2023-24 — The UK Prudential Regulation Authority (PRA) recently published Prudential Regulation Authority Business Plan 2023/24⁶ with their plans to regulate operational resilience for 2023-24. This plan will further enforce regulation previously published to achieve timely implementation with a consistent approach. The PRA will continue monitoring threats to firms’ resiliency, firms’ ability to manage cyberthreats, and firms’ execution of large and complex IT change programs.

Major Breaches and Disruptive Events

Recent notable events that have disrupted the industry this quarter include:

Wildfire Impacts — The recent wildfires in Canada have left devastating impacts throughout North America, causing businesses to reduce operations, close offices, and delay normal business processes. Preparing for wildfires with continuity plans, mitigations strategies, and adequate communication systems⁷ can prevent major disruption in an organization’s operation.

Suncor Breach — Suncor Energy experienced an unauthorized breach to its IT department⁸.  The breach halted debit and credit processing at Petro-Canada gas stations across the country, causing numerous customer complaints and damage to the company’s reputation. As a result, Suncor is replacing employee computers with new computers in efforts to prevent future breaches.

Ransomware Attacks — A Russian ransomware group recently began exposing flaws in the file transfer software⁹ MOVEit. Multiple government agencies and universities were breached in this global hacking spree and experts believe other groups may have access to software code to attack as a result.

Business Resiliency Trends and Best Practices

Here are considerations for business resiliency program structuring and enhancements to make in 2023:

Preparing to Implement Regulations — With the EU’s Digital Operational Resilience Act and other regulations, resiliency is being prioritized more than ever¹⁰, giving executives the opportunity to lead transformative changes by investing in operational resilience. Organizations should focus on prioritizing critical business services, mapping their assets and vulnerabilities, and fostering integration and interoperability. Utilizing regulatory guidance to enhance their programs and create robust frameworks is key to remaining resilient. 

Prepare for Increased Ransomware Attacks — Businesses should expect and prepare for potential challenges such as ransomware attacks¹¹  that can cause financial and reputational damage. Combating ransomware attacks with cybersecurity strategies, backup systems, and adequate employee training is essential to remain resilient and recover quickly from unexpected attacks.

Increase Organizational Resilience — As business continues to evolve, so should the methods of resilience¹².  Adapting new technologies, implementing process automation, increased agility, and continuous improvement of competencies and skills for leaders all contribute to organizational resilience. Continuing to stay up to date with the latest trends reduces risk and allows organizations to stay competitive.

Resiliency in a Net-Zero World

Firms not only have to navigate a changing risk environment, but also a changing social environment. As firms adapt to implement environmental and social change, they must also align their resiliency programs accordingly. 

Restoring Nature — Many experts argue that restoring nature is not only good for the environment, it’s also good for business. By integrating nature into business¹³ strategies and operations, companies can adapt to the changing climate, minimize risk, and ensure long-term sustainability. 

Renewable Energy — During the Net Zero Summit in 2022, the speakers emphasized the need to address climate change¹⁴, and saw integration of renewable energy with collaboration as the key factors in achieving it. Integrating supportive policies that pursue a net-zero emissions future can lead to environmental sustainability and economic prosperity.

Cybersecurity

Firms must manage cyber risks, security, and resiliency as technology continues to improve and threats evolve:

Cybersecurity AI — Businesses are utilizing AI to combat cyberattacks. They see AI  increasing process efficiency, reducing operational costs, and resolving issues related to scaling. While AI can provide businesses with more automation by analyzing vast amounts of data in real time to find threats, it requires human expertise to be most efficient. Creating a framework to follow and measure success is imperative to the success of implementing AI into cybersecurity.

Zero Trust Model — The Cybersecurity and Infrastructure Security Agency published Zero Trust Maturity Model Version 2¹⁶ to assist agencies to implement zero-trust strategies. Zero trust is an approach where access to data, networks, and infrastructure is kept to what is minimally required and the legitimacy of that access must be continuously verified.

This article is co-authored by Chris Chen with contributions from Devinne Cook and Melany Farinango.

---

^{1 “The Path to Resilient AI: Transforming Artificial Intelligence from Fragility to Agility.” 2023. http://www.linkedin.com. Accessed July 26, 2023. https://www.linkedin.com/pulse/path-resilient-ai-transforming-artificial-from-khaled-phd/.
2 BCI. 2020. “Artificial Intelligence (AI) – a Strategic Ally for Risk Management & Business Continuity.” http://www.thebci.org. 2020. https://www.thebci.org/news/artificial-intelligence-ai-a-strategic-ally-for-risk-management-business-continuity.html.
3 Lawton, George. 2023. “6 Top Predictive Analytics Tools for 2022.” Search Business Analytics. April 19, 2023. https://www.techtarget.com/searchbusinessanalytics/tip/6-top-predictive-analytics-tools.
4 Budington, Bill. 2023. “EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cybersecurity.” Electronic Frontier Foundation. May 30, 2023. https://www.eff.org/deeplinks/2023/05/eus-proposed-cyber-resilience-act-raises-concerns-open-source-and-cybersecurity.
5 News, Mirage. 2023. “Regulatory Leaders Agree on New Approaches for Digital Infrastructure Trust and Resilience.” Mirage News. June 8, 2023. https://www.miragenews.com/regulatory-leaders-agree-on-new-approaches-for-1023250/.
6 “Continuity Central.” 2023. http://Www.continuitycentral.com. May 5, 2023. https://www.continuitycentral.com/index.php/news/resilience-news/8486-pra-sets-out-future-steps-for-operational-resilience-regulation.
7 Kim, Juliana. 2023. “State Farm Has Stopped Accepting Homeowner Insurance Applications in California.” NPR. May 28, 2023. https://www.npr.org/2023/05/28/1178648989/state-farm-home-insurance-california-wildfires-inflation.
8 Duhatschek, Paula. 2023. “Suncor Swaps out Laptops after Cybersecurity Incident as Energy Sector Takes Stock of Risks.” CBC. July 6, 2023. https://www.cbc.ca/news/canada/calgary/suncor-cybersecurity-incident-energy-sector-1.6898118.
9 Lyngaas, Sean. 2023. “Exclusive: US Government Agencies Hit in Global Cyberattack | CNN Politics.” CNN. June 15, 2023. https://www.cnn.com/2023/06/15/politics/us-government-hit-cybeattack/index.html.
10 Shiery, Jonathan, and Hoan Wagner. 2023. “Global Regulators Unite: Operational Resilience Takes Center Stage.” Guidehouse.com. June 23, 2023. https://guidehouse.com/insights/financial-services/2023/operational-resilience.
11 Strawser, Bryan. 2023. “Business Continuity Trends in 2023.” Bryghtpath. June 5, 2023. https://bryghtpath.com/business-continuity-trends-in-2023/.
12 Vargas Pedroza, German. 2022. “New Trends in Organizational Resilience and Business Continuity • Disaster Recovery Journal.” Disaster Recovery Journal. April 29, 2022. https://drj.com/journal_main/new-trends-in-organizational-resilience-and-business-continuity/.
13 Owen-Burge, Charlotte. 2023. “Elizabeth Mrema: ‘Protecting and Restoring Nature Is Good Business – It Generates Value, Builds Resilience, and Supports Net Zero Plans.’” Climate Champions. May 22, 2023. https://climatechampions.unfccc.int/elizabeth-mrema-protecting-and-restoring-nature-is-good-business-it-generates-value-builds-resilience-and-supports-net-zero-plans/.
14 Fleck, Matt. 2023. “Pursuing a Future of Net-Zero Emissions and Net-Positive Economic Solutions.” Resources for the Future. May 18, 2023. https://www.resources.org/archives/pursuing-a-future-of-net-zero-emissions-and-net-positive-economic-solutions/.
15 Sindhu, Saugat. 2023. “AI’s Evolving Role in Strengthening Enterprise Cybersecurity Efforts | Security Magazine.” http://www.securitymagazine.com. June 15, 2023. https://www.securitymagazine.com/articles/99479-ais-evolving-role-in-strengthening-enterprise-cybersecurity-efforts.
16 “CISA Releases Updated Zero Trust Maturity Model | CISA.” 2023. http://www.cisa.gov. April 11, 2023. https://www.cisa.gov/news-events/news/cisa-releases-updated-zero-trust-maturity-model.}

Article link: https://guidehouse.com/insights/financial-services/2023/ai-for-resilience?

An internet protocol called C2PA adds a “nutrition label” to images, video, and audio.

• Tate Ryan-Mosleyarchive page

July 28, 2023

The White House wants big AI companies to disclose when content has been created using artificial intelligence, and very soon the EU will require some tech platforms to labeltheir AI-generated images, audio, and video with “prominent markings” disclosing their synthetic origins. 

There’s a big problem, though: identifying material that was created by artificial intelligence is a massive technical challenge. The best options currently available—detection tools powered by AI, and watermarking—are inconsistent, impermanent, and sometimes inaccurate. (In fact, just this week OpenAI shuttered its own AI-detecting tool because of high error rates.)

But another approach has been attracting attention lately: C2PA. Launched two years ago, it’s an open-source internet protocol that relies on cryptography to encode details about the origins of a piece of content, or what technologists refer to as “provenance” information. 

The developers of C2PA often compare the protocol to a nutrition label, but one that says where content came from and who—or what—created it. 

The project, part of the nonprofit Joint Development Foundation, was started by Adobe, Arm, Intel, Microsoft, and Truepic, which formed the Coalition for Content Provenance and Authenticity (from which C2PA gets its name). Over 1,500 companies are now involved in the project through the closely affiliated open-source community, Content Authenticity Initiative (CAI), including ones as varied and prominent as Nikon, the BBC, and Sony.

Related Story

A watermark for chatbots can expose text written by an AI

The tool could let teachers spot plagiarism or help social media platforms fight disinformation bots.

Recently, as interest in AI detection and regulation has intensified, the project has been gaining steam; Andrew Jenks, the chair of C2PA, says that membership has increased 56% in the past six months. The major media platform Shutterstock has joined as a member and announced its intentionto use the protocol to label all its AI-generated content, including its DALL-E-powered AI image generator.

Sejal Amin, chief technology officer at Shutterstock, told MIT Technology Review in an email that the company is protecting artists and users by “supporting the development of systems and infrastructure that create greater transparency to easily identify what is an artist’s creation versus AI-generated or modified art.”

What is C2PA and how is it being used?

Microsoft, Intel, Adobe, and other major tech companies started working on C2PA in February 2021, hoping to create a universal internet protocol that would allow content creators to opt in to labeling their visual and audio content with information about where it came from. (At least for the moment, this does not apply to text-based posts.) 

Crucially, the project is designed to be adaptable and functional across the internet, and the base computer code is accessible and free to anyone. 

Truepic, which sells content verification products, has demonstrated how the protocol works with a deepfake video with Revel.ai. When a viewer hovers over a little icon at the top right corner of the screen, a box of information about the video appears that includes the disclosure that it “contains AI-generated content.”

Adobe has also already integrated C2PA, which it calls content credentials, into several of its products, including Photoshop and Adobe Firefly. “We think it’s a value-add that may attract more customers to Adobe tools,” Andy Parsons, senior director of the Content Authenticity Initiative at Adobe and a leader of the C2PA project, says. 

C2PA is secured through cryptography, which relies on a series of codes and keys to protect information from being tampered with and to record where information came from. More specifically, it works by encoding provenance information through a set of hashes that cryptographically bind to each pixel, says Jenks, who also leads Microsoft’s work on C2PA. 

C2PA offers some critical benefits over AI detection systems, which use AI to spot AI-generated content and can in turn learn to get better at evading detection. It’s also a more standardized and, in some instances, more easily viewable system than watermarking, the other prominent technique used to identify AI-generated content. The protocol can work alongside watermarking and AI detection tools as well, says Jenks. 

The value of provenance information 

Adding provenance information to media to combat misinformation is not a new idea, and early research seems to show that it could be promising: one project from a master’s student at the University of Oxford, for example, found evidence that users were less susceptible to misinformation when they had access to provenance information about content. Indeed, in OpenAI’s update about its AI detection tool, the company said it was focusing on other “provenance techniques” to meet disclosure requirements.

That said, provenance information is far from a fix-all solution. C2PA is not legally binding, and without required internet-wide adoption of the standard, unlabeled AI-generated content will exist, says Siwei Lyu, a director of the Center for Information Integrity and professor at the University at Buffalo in New York. “The lack of over-board binding power makes intrinsic loopholes in this effort,” he says, though he emphasizes that the project is nevertheless important.

What’s more, since C2PA relies on creators to opt in, the protocol doesn’t really address the problem of bad actors using AI-generated content. And it’s not yet clear just how helpful the provision of metadata will be when it comes to media fluency of the public. Provenance labels do not necessarily mention whether the content is true or accurate. 

Ultimately, the coalition’s most significant challenge may be encouraging widespread adoption across the internet ecosystem, especially by social media platforms. The protocol is designed so that a photo, for example, would have provenance information encoded from the time a camera captured it to when it found its way onto social media. But if the social media platform doesn’t use the protocol, it won’t display the photo’s provenance data.

The major social media platforms have not yet adopted C2PA. Twitter had signed on to the project but dropped out after Elon Musk took over. (Twitter also stopped participating in other volunteer-based projects focused on curbing misinformation.)

C2PA “[is] not a panacea, it doesn’t solve all of our misinformation problems, but it does put a foundation in place for a shared objective reality,” says Parsons. “Just like the nutrition label metaphor, you don’t have to look at the nutrition label before you buy the sugary cereal.

“And you don’t have to know where something came from before you share it on Meta, but you can. We think the ability to do that is critical given the astonishing abilities of generative media.”

This piece has been updated to clarifythe relationship between C2PA and CAI.

Article link: https://www.technologyreview.com/2023/07/28/1076843/cryptography-ai-labeling-problem-c2pa-provenance/

By EDWARD GRAHAMJULY 25, 2023

VA Chief Information Officer Kurt DelBene told Nextgov/FCW that the department “faces a unique challenge” in adopting zero trust because of the need to secure veterans’ personal information.

The Department of Veterans Affairs has “made significant progress” toward adopting a zero trust model, the department’s chief information officer recently told Nextgov/FCW, with VA focusing in large part on efforts to safeguard veterans’ sensitive data. 

In emailed comments, VA CIO Kurt DelBene said zero trust adoption is particularly vital for the department’s mission, since it “enables us to know who has access to veteran data, and how and when they accessed it.”

In addition to VA’s vast IT network — which includes more than 500,000 desktops, 2,000 different physical locations and over 1,000 systems — DelBene said the department also “faces a unique challenge that other federal agencies simply don’t encounter, in that we’re charged with protecting millions of veterans’ data.

“Nowhere else is there a more complex landscape than the cybersecurity landscape of an organization like VA,” he added.

To enhance the security of veterans’ data and departmentwide systems as part of its approach to zero trust, DelBene said VA is leveraging “cybersecurity telemetry and analytics” to provide greater insights on its digital operations.

“This is a critical capability in an agency with as many endpoints and users as VA because those users and devices must demonstrate solid cyber hygiene before we take the next step of direct authentication to applications,” he said. 

DelBene said VA is “guided by a zero trust North Star,” with the department using federal guidance and regulations as an initial framework for securing its systems and veterans’ data. 

President Joe Biden issued an executive order in May 2021 that directed all federal agencies to develop a plan for implementing zero trust strategies. The Office of Management and Budget subsequently issued a memo in January 2022 that, in part, required agencies to undertake a series of steps by the end of fiscal 2024 “intended to form a starting point to implementing zero trust architecture.”

Since the release of Biden’s executive order, DelBene said VA “has made significant progress in transforming the department’s cybersecurity posture from traditional perimeter-based protection to one based on zero trust principles.”

He cited the notable strides VA has made “on our first goal of enforcing strong identity verification,” with the department implementing multifactor authentication for more than 90% of VA user accounts through the use of personal identity verification cards.

As of February 2023 — the last month for which VA was able to provide data — DelBene said the department had met 27% of the requirements in Biden’s executive order and 50% of OMB’s zero trust strategy. 

But he noted that Biden’s order and OMB’s guidance are “a set of baseline expectations,” with the VA’s strategy — dubbed “Zero Trust First” — comprised of seven goals that align with the Cybersecurity and Infrastructure Security Agency’s zero trust maturity model, as well as additional zero trust-focused efforts to secure the department’s IT supply chain. 

And when it comes to adopting emerging technologies and automated tools to bolster existing departmentwide services, DelBene said VA is “updating and standardizing” its automation and orchestration initiatives with a “new and comprehensive” plan tied to its zero trust efforts. 

“We continue to work with industry leaders to implement new or enhanced automated capabilities to deploy across VA,” he added. “We’re working to ensure that access to VA resources from ‘nonhuman’ end points (e.g., machine-to-machine communication) are strictly controlled.”

Article link: https://www.nextgov.com/cybersecurity/2023/07/va-cio-says-zero-trust-north-star-essential-secure-veteran-data/388814/

The DOD’s principal director of FutureG articulates better than most the real value 5G and MEC bring to enterprises like the Defense Department, says a Verizon executive.

BYLAMONT COPELAND

JULY 26, 2023

Breakthrough technology developments often have a knack for catapulting onto the world stage only after years of research, testing and commercial piloting. That’s probably never been more apparent than with the recent eruption of generative AI. However, the pattern is familiar to those of us who watched the emergence of cloud computing, mobile smartphones, GPS, the Internet and many other technology developments.

What often gets lost in the spotlight is the hard but essential work of integrating these breakthrough developments into the fabric of existing technologies — and reimagining entirely new ways of creating and delivering value for the federal government and businesses.

We’ve seen that firsthand with 5G. There are many reasons why the commercial release of 5G represents a significant breakthrough over the wireless protocols that came before it.  5G made it possible to deliver data faster, with higher bandwidth and lower latency between devices and servers for edge computing services. Such breakthroughs enable next-generation technologies such as smart mobility, autonomous vehicles, and AR/VR training to the advancement of operations for smart manufacturing, facilities, military bases, ports, the continual growth of the Internet of Things (IoT) and more.

While 5G is now familiar to most of us, its promise, as some people see it, is still taking shape. It was easy to explain how 5G would allow users to download their favorite movie in seconds — or up to 100 times faster than 4G. What’s been harder to appreciate is not only the massive infrastructure investment required to make 5G a reality but also the fact that the 5G device ecosystem is continually evolving and being developed. The same is true for applications that must be developed and integrated with existing systems before 5G becomes genuinely transformational.

The real value of 5G isn’t just about high-capacity data downloads, though that’s a great benefit. Instead, it’s in the power and potential of real-time remote data capture, analysis and decision-making that organizations are on the threshold of achieving that wasn’t possible before 5G.

Among the many organizations that understand that, and are investing accordingly, is the Department of Defense. Thomas Rondeau, the principal director for FutureG and 5G in the Office of the Undersecretary of Defense for Research and Engineering, articulated better than most what 5G represents at a recent Defense Talks summit, where he said:

“One thing we want to make clear when it comes to 5G — and everything that’s going to be based off of where we are with 5G — is that it’s not just another transport layer,” he told an audience of government and defense IT leaders. “It is that edge computing. It’s the local compute. It’s computing through the network. It’s not just tying things together; it’s part of the entire compute fabric.”

Rondeau made two critical points in that regard: One was recognizing the need to integrate 5G into DOD’s existing infrastructure. 5G isn’t simply about having a more efficient pipeline for delivering data. It’s about what 5G can accomplish by expanding the capabilities of the military’s many existing systems.

The other point was, “How do we actually bring our infrastructure to the field?” And the key to that objective is taking advantage of software-defined Radio Access Network (RAN) technology and software-defined networking in ways that can ultimately create interoperable connections among 5G networking components.

Consider the data streaming to command-and-control centers from sensors and surveillance devices worn by warfighters moving toward a target or from transponders attached to materials and parts moving through supply lines. DOD sees 5G and the power of mobile edge computing (MEC) as the glue that can hold — and link — its communications networking and situational awareness together. That capability, and the ability to communicate across all domains and with allied partners, is central to DOD’s Combined Joint All-Domain Command and Control (CJADC2) strategy.

There are still a lot of questions and development work that need to be considered as DOD looks at harnessing 5G and future-G technologies: Questions like, how do we enable innovation by leveraging existing infrastructures and radio spectrum? And how do we do it securely in CONUS and across the globe?

We’re working diligently with DOD and other federal agencies, as well as all of the standards bodies and other vendors, to address these critical questions, not only to support DOD’s mission but to protect consumers as well.

So yes, the promise of 5G is on a continual growth path from when it became part of the mainstream conversation, but the promise is unfolding in ways that are already revolutionizing enterprises as large as the Department of Defense.

Article link: https://defensescoop.com/2023/07/26/how-5g-and-mobile-computing-at-the-edge-are-revolutionizing-dods-future/?

The Department of Defense’s (DoD) Chief Digital and Artificial Intelligence Office (CDAO) plans to release an updated framework for how the department will develop and adopt data analytics and AI capabilities by the end of the summer, according to Deputy CDAO Margie Palmieri.

During an event hosted by the Center for International and Strategic Studies on July 21, Palmieri explained that the document will provide organizations within the DoD with some guidance on how to develop solutions related to data analytics and AI capabilities.

The document will detail how DoD organizations “have to approach [these technologies] in an iterative and agile way,” Palmieri said. “[In building the new strategy,] we asked ourselves why. And so, a lot of that had to do with, where are we really thinking through agile processes and were we paying attention to that.”

“And then, it’ll not necessarily have specific milestones … it’s going to be something where organizations can nest inside of it and start to put their plans inside,” she said, adding that the new strategy builds on previous guidance published by the Joint Artificial Intelligence Center (JAIC).

The guidance published by the JAIC outlined “near-, mid-and long-term goals – many of which the department hit and some of which we didn’t,” Palmieri said.

She explained that a cornerstone to an effective new strategy is recognizing that AI, unlike traditional software, requires even more constant iterative updates.

“We want the user inside of the system that has artificial intelligence to be constantly correcting and guiding the system in terms of feedback,” she said. “So, this idea that we’re much more iterative is a key anchor point.”

On the data front, the strategy will include specific guidelines on interoperability and the exchange of data. The department has already launched a series of experiments to inform the DoD on the development of an interoperable data-sharing network as well as bring together industry partners and international allies.

“We’re trying to think through, ‘how can we democratize data access?’” Palmieri said. And part of that work includes considering how the DoD can have industry partners “develop on top of government data to support a wide variety of users for their specific applications,” she said.

The series of experiments also intends to help identify the benefits and challenges of using emerging technologies.

Article link: https://www.meritalk.com/articles/dod-cdao-updated-data-analytics-ai-strategy-coming-soon/

July 28, 2023

By the Office of Strategic Communications and Public Affairs / Media Relations Branch

Today, the Defense Information Systems Agency awarded a follow-on production other transaction authority agreement for Thunderdome, DISA’s zero trust network access and application security architecture.

Thunderdome will harden United States Department of Defense networks and help warfighters defend against adversarial activity by employing network and resource access tools along with segmentation technologies. DISA’s Thunderdome capabilities work in concert with identity and endpoint cybersecurity capabilities, and align to the president’s Executive Order on Improving the Nation’s Cybersecurity and the DOD’s Zero Trust Strategy.

“Awarding this Thunderdome production agreement is an important step on our zero-trust journey and furthers DISA’s mission to provide warfighters with a more secure operating environment,” said United States Air Force Lt. Gen. Robert J. Skinner, DISA director and Joint Force Headquarters-Department of Defense Information Network Commander. “While DISA leverages these capabilities on our cyber terrain, this full-scale production agreement can be used to assist the military services and other DOD components in implementing key zero-trust activities.”

This follow-on agreement to Booz Allen Hamilton is to broadly implement and operate Thunderdome’s zero trust network access and application security architecture and comes after successful completion of an 18-month prototype. The period of performance for this follow-on OTA is for a one-year base period, with four one-year option periods for a total agreement lifecycle of five years (August 2023 through August 2028).

“The experience gained in partnership with industry as we implemented the prototype solution over the last 18 months has been invaluable, and we believe this award positions the department to meet critical zero trust adoption timelines in support of our warfighters,” said Christopher Barnhurst, DISA deputy director. “We look forward to accelerating implementation activities and partnering across the department to expand access to the zero-trust capabilities Thunderdome provides.”

For more information and pricing details, please contact DISA’s Mission Partner Engagement Office.

Article link: https://www.linkedin.com/pulse/disa-awards-thunderdome-production-agreement