Equipping Airmen and Guardians for the Digital Battlespace
Ms. Lauren Knausenberger, SESChief Information OfficerU.S. Department of the Air Force3 August, 2021
2
We are at an inflection point
Boldly go where no one has gone before.
Accelerate Change, and win
Send in your TPS Report
And lose…
3
Proactively provide infrastructure, data, tools, and AI enabled systems to compete in the digital fight through JADC2 and machine-driven insights
DAF CIO Priorities
In order to meet the demands of the future digital fight, we must enable seamless JADC2 and AI-Human teaming, speed our OODA loop and maintain consistent agility to adapt to an ever changing battle space. Our mission is to deliver the rock solid digital foundation on
which our future competitive advantage relies, and to equip our Airmen and Guardians with the knowledge, tools, and data they need to fight. Consistent Agility = Consistent Advantage. Accelerate Change or Lose!
Rock Solid Digital Foundation
User Experience for Warfighter Effect Enabling Digital Talent Ruthlessly Attack Manual
Process, Outdated Policy, & Redundant IT
• 21st Century Network• Cloud-based services• DevSecOps platform• Zero-trust framework• Cybersecurity that works
• Tools & data warfighters need• Improve user experience• Measure and improve
performance and experience data• IT driven capability insertion
• Digital U• Incentives for retention• Right warrior | Right mission• Diversity and Inclusion• Recruit, manage, and develop
the civilian workforce
• Sunset legacy systems• Operation FLAMETHROWER• FY23 budget that works• Find our IT spend• Policy for the 21st century• Automate where possible• Disrupt ourselves
4
Maslow’s hierarchy of technology needs
Connectivity / Network
Cloud/Edge Computing
Meaningful Data
Sensor Net / IoT
AI/ML stack
AI ready tech stack at scale
Right apps for the fight
Digitally savvy Airmen and Guardians
5
How it Fits Together
In order to meet the demands of the future digital fight, we must enable seamless JADC2 and AI-Human teaming, speed our OODA loops and maintain consistent agility to adapt to an ever-changing battle space. We must proactively provide infrastructure, data, tools, and AI enabled systems to equip our Airmen and Guardians with the machine-driven insights they need to fight. Consistent Agility = Consistent Advantage. Accelerate Change or Lose!
EIT capabilities support the
warfighter and the mission
That data requires a reliable network
Advanced Applications require usable data
R o c k S o l i d D i g i t a l F o u n d a t i o n ( E I T )
T H E D E V I C E S
T H E N E T W O R K
T H E C L O U D
T H E E D G E
T H E T O O L S
Programs such as:
D A F D a t a F a b r i c
A d v a n c e d A p p l i c a t i o n s
A i r m e n & G u a r d i a n s & M i s s i o n s
Mission Critical Tasks
Airmen & Guardians
Data feeds into advanced applications
Enterprise IT delivers the data that is needed to operate in a contested battlespace
Airmen & Guardians & their missions are the core of the DAF
Connect Cyber
Unified Data Library (UDL)
VAULT Data Platform
Core Data Service
Cloud Hosted Enterprise Services (CHES)
Digital Talent
6
Cloud One ‘At a Glance’
1,458ACTIVE PRODUCT DEVELOPERS
2,557MICROSERVICES
43APPS IN PRODUCTION
210PRODUCT TEAMS
BIG BANG
COLLABORATION TOOLS
12,934DAILY
24,587MONTHLY
ACTIVE USERS
CNAPUNIQUE IPSIL2 - 93kIL4 - 239k IL5 - 330 DNS - 56kKeycloak - 77k Other - 8k
DORA49 COMMITS PER DAY• <2 DAYS FOR LEAD TIME
• 15 MIN TO RESTORE
• <5% CHANGE FAILURE RATE
414
225+25+34
ORGANIZATION
MILITARY
CIVILIAN
CONTRACTORS
COMPANIES
TOTAL CONTRACTS
JUNE 2021
DEPLOYMENT PACKAGESGBSD F-35ARMY INSCOM UNIFIED PLATFORM GPS OCX EDGEONE76TH SWEG WEAPON ONEU2 FEDERAL LABS JAICSHOC – ABMSNCCT
IRON BANK701 CONTAINERS
Platform One ‘At a Glance’
PARTY BUS
A.I. Vignettes
9
Digital University
Build the Airmen and Guardians We Need -- https://digitalu.af.mil/
§ Access to over 7,000 training courses, including Python, Cyber Security, Web Development, and more!§ Certifications/badges members can use to apply for positions and Commanders can use to find digital talent§ Gives Commanders / Senior Leaders analytics to identify top talent and digital skills inventory
Leveling the Playing Field
1§ Path to upskilling the entire force§ Anyone from any background, job series, etc. has access to the same training content§ Anyone who has been left behind can catch up through hard work and mentorship
Investing in Our People
2 § Smart, agile business means upskilling the current workforce§ With increased pressure on our budgets, it becomes more important to reskill our existing workforce
Digital Competence as a Part of Our DNA
3§ Agile combat employment requires Airmen and Guardians with digital skills force-wide§ Digital U helps the DAF maintain it’s technical edge and lead the joint community
10
Operation FLAMETHROWER
Source: USMC-090606-M-1739M.2009
MO
RE
CO
ST &
RES
OU
RC
ER
EDU
CTI
ON
10
2.2 Account and Access Requests2.3 S Access Control Processes(DNS, Whitelist, PPS and Routine Access Requests)
1.2 Data Center Consolidation
1.1 Endpoint Security Stack Simplification
1.7 AFNet Ops Tool Redundancy Elimination
1.8 Collaboration & File Storage Redundancy Elimination
2.4 Patching & Upgrading Process
1.9 ITSM Redundancy Elimination
3.1 Identify DISA Services That Could Replace Services Acquired by USAF
3.2 Joint Enterprise License Agreements
2.5 Request Fulfillment Process
3.3 Assess Comply to Connect
1.3 Accelerate Decommission of AF Gateways
1.6 IPN Pathfinder Dissolution
2.6 Policy Limitations(Starting with Commercial ISP Policy)
3.4 Vendor Support
LOWER EFFORT and/or RISK
Ongoing Air Force EffortTo be accelerated through Flamethrower prioritization, coordination, resources, visibility
Flamethrower Focus Team Kicked Off
1.4 VPN Redundancy Elimination
1.5 Legacy Exchange Server Retirement
11
How do we get there?
Re-Think Our Limits
Forge Non-traditional partnerships
Engender Innovative Values and Culture
Adopt and Adapt the Best of Breed Commercial Technologies
‘For our United States Air Force, “We need to get this right. We may only have one shot, no do overs.” Accelerate Change or Lose.’
- Captain America quote (End Game) within General Brown quote (AFA 2020)
‘Each avenger has its own superpower. Each of our key stakeholders has a vested interest. We need to come together to use our superpowers for good.’
- General Brown quote (AFA 2020)
Captain MarvelSpider-Man
Captain America Gen Charles Q. Brown, Jr.Air Force Chief of Staff
We need you in the fight…
Let’s Build the Enterprise Together
14
Tron Software Ecosystem – Working Together
● Tron builds collaborative partners to drive connected technology
● Software & industry embedded in the warfighting units
● Scaled cohort & mentorship model results in significant savings to the US taxpayer
● Open source promotion benefits both the government and industry
● Learn more at tron.dso.mil
Growth Community
SUPRA CODERS
Technology ConstrainedDisconnected Intelligence Silos
Inadequate Data Sharing
Zero Trust Journey
Sophisticated Cyber ThreatSwiftly Evolving Cyber Adversaries
Diminishing Warfare AdvantageCapable and Motivated Cyber Adversaries
Impose Cost to AdversaryDisrupt Cyber Adversaries
Enhanced Cyber Readiness & Lethality
Freedom to OperateAccess Anytime – Anywhere
Synchronize People & ProcessesCollapse Warfighting Environments
Cyber Enabled Warfare AdvantageAdaptable, Resilient, and Secure Data Transport
Fuse Sensor Data, AI/ML Force Multiplier
Zero Trust Journey
S E C U R I T Y
ZERO TRUST
DIGITAL EXPERIENCE TODAY DIGITAL EXPERIENCE TOMORROW
S I M P L I C I T Y
A C C E S S I B I L I T Y
ENABLES
Zero Trust = Application & Workloads + Data + Identity (ICAM) + Device + Network & Environment
Zero Trust Maturity
How advanced are the capabilities
within each pillar?
Application & Workloads
Data Identity (ICAM) Device Network & Environment
BasicSecurity & Access
IntermediateAutomated
Management
AdvancedCyber Ops Integration
ZERO TRUS
T
Application Security and Access (Anytime,
Anywhere)
ABAC
DLP encryption and tracking
Fully-automated Data Tagging via ML/AI
IoT Segmentation
Service-layer Security
Application/hostSegmentation
Cloaked applications
Data Center Segmentation
RBAC
Data Loss Prevention
Semi-automated Data Tagging
Cloaked data
Critical Data Tagging Basic Cybersecurity Access Policy
Fully encrypted traffic
NPE Integration
Transparent authentication to all
services
In-session monitoring
Continuous and adaptive authentication and
authorization
Alt. MFA
Single Identity Platform
Enhanced Cybersecurity Access Policy
CAC MFA On premise and off premise
Software Defined Perimeter (Access to
Applications and Data)
Fused multi-source intelligence for endpoint
response
Cloud-based Software deployment & management
Cloud-based automatic detection and response
(SOAR/EDR/XRD)
Domain-less environment
Compliance enforcement
HW & SW Inventory
Cloud-based baseline enforcement
External Federation
Cloud Management & Control (CASB)
Common service access
API Integration
Cloud Migrations
Mutual TLS
Cloud hosted & Globally
V i s i b i l i t y & A n a l y t i c sA u t o m a t i o n & O r c h e s t r a t i o n
G o v e r n a n c e
Maturity of
17
21st Century IT Showroom
EIT Storefront: Fully integrated web enabled dashboard to request, provision, purchase & pay for all enterprise offerings.
The desired end state is to collapse all the many organizations, processes, links, and websites into a single EIT Storefront interface. The storefront provider runs the end-to-end service management aspect of the EIT environment, increasing speed of delivery.
Single Pane of Glass: Provides a one-stop shop that offers an efficient and consistent user experience when procuring services
Consistent User Experience: Users from across the Air Force utilize a common process, resulting in a consistent and improved user experience
Single Service Delivery Organization: Utilizes a single service delivery organization for end-to-end request fulfillment, agnostic of service provider
Connected State: Single service delivery organization unifies vendors and leverages commercial best practices to streamline end-to-end request fulfillment
Enterprise Funding: Transitions to a common funding approach for commodity services across the Air Force
Single Storefront & Pane of Glass
Commercial Tools You NeedThe Mission Apps You NeedThe Environment You Need
The Devices You NeedThe Service You Need
And the integrated experience you deserve
18
VAULT Platform Capabilities Today
Ingest Manage Storage Manage MetadataData Manipulation,
Cleansing, and Experimentation
Visualize AnalyticsIngest Manage Storage
Manage Metadata
Data Manipulation, Cleansing, and
Experimentation
Visualize Analytics
AxonEnterprise Data Catalog
Custom Applications- Aircrew Crisis Task Force- Swimlane- Rshiny- Plotly Dash
AWS S3 Bucket SharingAWS RDSHadoop File StoreSQL, Hive, Parquet
• ATO: IL-5, & PII• ATO: IL-6 SIPR-connected
AWS SC2S• Multi-Tenant & Self Service • Group/Role Access on Data/Apps• DISA CAP Connection• User Autoprovisioning• User-unique Webtop
Palantir Foundry
NNDataNNCompass
Features:
Rhombus PowerGuardian Framework
Equipping Airmen and Guardians for the Digital Battlespace
Ms. Lauren Knausenberger, SESChief Information OfficerU.S. Department of the Air Force3 August, 2021
Top Related