Emerging Technologies at the Defense Information Systems Agency

Back in early calendar year 2019, the Defense Information Systems Agency (DISA) announced that it had stood up a new Emerging Technologies Directorate (EM) dedicated to exploring and, hopefully, leveraging new technologies already having an impact in the commercial sector. Ten months later the EM directorate has programs underway investigating cybersecurity and automation solutions. For those not familiar with the Directorate, it is made up of three divisions: Innovation Support, Collaboration and Defense, and Infrastructure.

Initially, the EM Directorate signaled its intent to make extensive use of DISA’s Systems Engineering, Technology and Innovation (SETI) contract vehicle, but to date this has not panned out, or at least work awarded via SETI has not been reported on the Federal Procurement Data System-Next Generation. Instead, EM has seen fit to use the Other Transaction Authority (OTA) granted to DISA to award contracts for its emerging tech requirements. The best known of these contracts is a pair of awards made to Sealing Technologies (contract #HC10841990001) and By Light Professional IT Services (contract # HC10841990002), not exactly a “non-traditional” industry partner, for work on DISA’s Cloud Based Internet Isolation (CBII). Those contracts, valued at $1.7M and $2.2M, respectively, are dedicated to the development of a prototype secure cloud-based internet browser.

Steve Wallace, head of the EM Directorate, recently provided an update on CBII that suggests the program has been successful so far. Speaking at the November 4, 2019 DISA Forecast to Industry, Wallace noted that CBII has been rolled out to all of DISA so far. An additional eight mission partners are testing the solution and “thousands” more testers are coming. Wallace also used his presentation to describe other technology areas where his organization is active, providing a few clues of potential requirements in the future. These include

Assured Identification: This is DISA’s program exploring how the DOD might replace the Common Access Card. Although he did not provide details, Wallace did state that prototype continuous monitoring capabilities are being leveraged in pilot programs and that additional pilots are anticipated.

Automation: Wallace suggested that EM was looking at employing automated solutions for speeding up the Authorization to Operate process. His office is interested in speaking with industry partners providing these capabilities.

Development Security Operations: EM hopes to apply DevSecOps principles to the deployment of IT  infrastructure so that it can treat system configurations as code. Doing so creates a history of configurations for the system that can be applied to infrastructure management.

Distribute Ledger: Refusing to use the word “blockchain,” Wallace admitted that EM is behind the curve here. Nevertheless, DISA is prototyping blockchain-as-a-service, and will keep its eye open for additional applications of the technology in the future.

Mobile/Desktop Convergence: As mobile devices grow in computing power and storage EM believes there is an opportunity to develop interfaces that allow mobile devices to be used wirelessly and in a “desktop configuration,” say, by dropping the device into a cradle to provide a full desktop experience. Applications of the configuration would be both classified and unclassified.

Security Operation Automation Response (SOAR): Automating cyber response to incidents and threats is a top priority. Industry partners with these solutions should approach the EM Directorate.

Wireless Transport: Really, edge computing and software-defined solutions, EM is researching the application of 5G technology, peer-to-peer capabilities, and “network slicing” to shift traffic as necessary and speed the benefit of computing at the edge.