The Pentagon’s long-awaited implementation plan for its Joint All Domain Command and Control or JADC2 effort was finally signed this week—and now, top officials involved are focused on delivering minimum viable technology products that’ll put it into action.
Among a range of those products, a senior defense official confirmed on Friday, a common platform for applications based on DevSecOps is set to be generated.
Eventually, insiders intend to push some of the Defense Department’s “most misbehaving applications” through a redevelopment gauntlet to reformat them into useful tools that enable necessary data-sharing capabilities in that impending DevSecOps environment.
“This [need] really came to light in some of the crisis actions that we went through for things like Afghanistan, and even what we’re seeing now in the Russia-Ukraine conflict—looking at just simply trying to pull information out of systems that just do not behave right. We can’t live this way any longer,” Marine Lt. Gen. Dennis Crall told reporters. “So, [DevSecOps] is really one of the areas that we’re looking to accomplish this year, and we’ve got a tremendous head start.”
Crall, who wears dual hats as chief information officer for Joint Staff, J6, and the department’s director of Command, Control, Communications and Computers / Cyber, elaborated on this during a press briefing to provide updates on JADC2.
Through the program, DOD ultimately intends to drive interoperability and communication between its many systems—notably, across domains—and ultimately provide for improved decision-making among its personnel. It’s meant to eventually enable automation, analytics, artificial intelligence and machine learning to “keep pace with the volume and complexity of data in modern warfare and to defeat adversaries decisively,” according to DOD’s release.
A cadre known as the JADC2 Cross-Functional Team is steering the execution of the effort’s strategy, which was initially unveiled last summer, as well as the implementation plan. While the strategy offers a vision for enhancing command and control capabilities, the implementation plan details how the Pentagon can accomplish it all.
“This is the year of delivery and that’s exactly what we intend to do,” Crall told reporters on Friday. “I think we’ve talked, we’ve studied, we’ve interacted, we’ve mapped. It’s now time to put these together and learn by doing.”
The implementation plan includes actions, milestones and resourcing requirements that are needed to make JADC2 a reality. “It’s classified for reasons you might expect,” Crall noted, adding that “when you prioritize against vulnerabilities and threats, that’s not something we like to advertise to our adversaries.”
Still, to him, the latest to-be-signed document will ultimately help officials accomplish the very things they’ve promised from the beginning.
“It does provide a sense of shared awareness. You don’t always know what others are working on, so the [implementation plan] captures that in its fullest, so you can look across your lane of expertise,” Crall explained.
As mentioned, he said officials are now working toward minimum viable products to deliver connected to identity, credential and management; the cloud; our transport layer; zero-trust environments; and DevSecOps, in relation to JADC2. Short for development, security and operations, DevSecOps approaches integrate security and agility at every phase of the software development cycle.
“So, what we’re attempting to do in DevSecOps this year is to take a series of applications—we’ve let the services come forward, with the ones that they want to create first—and this environment on a common platform, with a common developer’s toolkit, will create a secure application that comes directly out of the developmental environment with an authority to operate placed directly on the network, with a reciprocity agreement and shared by the other services literally in minutes,” Crall explained.
He discussed multiple other topics related to JADC2 during the 45-minute briefing, including how budget strains might impact its evolution—and how department leadership is prioritizing workforce implications amid the program’s rollout.
“We use the term ‘cyber hygiene,’ which is a terrible term. And I know that we’ve talked before that you know, hygiene for some maybe is optional. So, maybe cyber hygiene is a bad way to look at it,” Crall noted. “Cybersecurity is not optional. So, we’ve got to train and educate everybody who will use this space properly. It even affects the non-technical user of this.”
In his view, the capabilities JADC2 will provide are required to stay on top of the next generation of war and technology.
“If you think about whether it’s the Russia-Ukraine conflict, or any conflict—or even how we spend our money in the department for exercising and testing—it’s about making the smartest decision at speed,” Crall said.