The Defense Department faces three new major management challenges heading into fiscal year 2021, and two out of the three deal directly with technology and information issues.
The Defense Department Office of Inspector General announced its annual report summarizing the biggest management and performance challenges the department faces for the next fiscal year, identifying a total of 10 new and enduring issues, last week. Emerging technologies, managing and securing information systems, and data all featured prominently in the report.
The two new technology-oriented management challenges relate to the need for DOD “dominance” in emerging technologies—such as 5G and artificial intelligence—and transforming data into a strategic asset.
DOD needs to be able to push out innovative technologies at a faster pace than it currently does, according to the section on technological dominance.
“The potential of emerging technologies, and the challenges for the DOD, may be reflected in the new ways of warfighting,” the report reads. “Autonomous intelligent machines and applications can rapidly accelerate the speed of decision making and action, improve the DOD’s understanding of the battlespace, and enable new missions not yet conceived.”
The report highlighted issues related to deployment of several major DOD tech priorities to include hypersonics, microelectronics, AI, 5G and biotechnology. For microelectronics and 5G, OIG indicated it planned to conduct further evaluations into DOD activities related to their deployment.
In 2021, OIG intends to “evaluate whether the DOD has plans and procedures in place to manage and mitigate risks as it transitions from a trusted foundry model to a zero trust model for procuring microelectronics,” according to the report. It will also examine whether DOD has appropriate plans and policies to secure 5G as it is developed and deployed, according to the report.
The Pentagon also needs to do a better job of protecting the emerging technologies it is developing, according to the report.
On the data front, OIG determined the volume, velocity, variety, and veracity of DOD’s data makes it difficult to turn data into actionable information.
“Cultivating a culture that understands how to use data, recruiting and retaining the right skills for data management and analysis, and training the DOD workforce are critical to increasing data‑driven decision making in the DOD,” the report reads.
One key DOD development in the area of data is the publication of the agency’s first enterprisewide data strategy, released in October, which was built with the goal of turning the Pentagon into a data-centric organization. Chief Data Officer David Spirk, shortly after the release of the strategy, said a lack of enterprise data management and systems interoperability are some of the main barriers to implementing the data strategy. The OIG report does not mention the new data strategy.
One existing challenge OIG identified as a persistent problem that also deals with technology is the need to enhance DOD cyberspace operations and capabilities so that it can secure its information systems, network, and data.
OIG identified four main areas for improvement when it comes to cyberspace and securing defense networks: coordinating effective cyberspace operations; defending and securing DOD systems, networks, devices, and data; modernizing legacy systems, networks, and devices; and building and maintaining an evolving cyber workforce.
“To protect the DOD Information Network (DODIN) from cyber threats, the DOD must continuously assess, acquire, and adapt its cyberspace capabilities and employ a skilled cyber workforce to defend the DODIN, as well as the networks and systems operated by non-DOD entities, the Defense Industrial Base, and U.S. allies,” the report reads.
Technology popped up in other areas of the report as well, including under challenges related to supply chain security and financial management and budgeting.
DOD needs to protect acquisitions by preventing intellectual property threat and cyber attacks in order to secure the supply chain, according to the report. The Cybersecurity Maturity Model Certification Program is an important line of effort in this area, and OIG said in the report it would perform oversight of the program once it has been fully implemented.
OIG also plans to conduct audits to ascertain the security of DOD information stored by contractors, academic institutions, and research institutions, according to the report.
Financial audits revealed the Pentagon suffers from IT problems as well, mostly around system controls, according to the report. Auditors found issues with security controls, access rights and responsibilities, a lack of monitoring of configuration changes to IT systems, and a lack of necessary reconciliations to ensure data being transferred is complete and accurate.
While DOD has taken some steps to address inadequate IT operations, the department “continues to have difficulties with confirming that controls exist to ensure that DOD data is shared completely and accurately between systems, and auditors continue to find control weaknesses related to the processes of sharing information between financial‑related systems.”