DoD CIO looks ahead to ‘JWCC 2.0’ and next steps for cloud in 2024

DoD CIO John Sherman said the department is "firmly committed to multi-cloud, multi-vendor" solutions as it prepares to consider what comes after JWCC.

The Defense Department is just a year into its Joint Warfighting Cloud Capability contract, but DoD’s top IT official is already looking toward the next step in the department’s cloud computing business.

DoD awarded the JWCC contract just over one year ago to Amazon Web Services, Google, Microsoft and Oracle. John Sherman, DoD chief information officer, said his office and the Defense Information Systems Agency will soon start to consider “JWCC 2.0.”

“In calendar year 2024, we’re going to start looking at the follow-on contract for JWCC,” Sherman said at the Defense Department Intelligence Information System conference on Wednesday. “When we announced JWCC, it’s a three-year base with two option years, and we’re already into the one year base of this.”

The JWCC deal could be worth up to $9 billion over 10 years, if DoD exercises all its options. DoD has made nearly 40 task orders worth about $270 million under the JWCC contract so far, Sherman said.

The award to the four major cloud vendors last December was seen in many ways as the end of a drawn-out saga involving the cancelled Joint Enterprise Defense Infrastructure (JEDI) contract.

But Sherman’s comments make clear DoD is prepared to start looking to what could come after JWCC.

“We said all along, in 2024, on that timeframe, we’re going to start looking at what comes next,” Sherman said. “And no I don’t have a date for the [request for proposal] or exactly when this is going to come out. But I will tell you we are firmly committed to multi-cloud, multi-vendor, and this is what we’re going to be doing going forward.”

DISA is also working on an Outside the Continental United States (OCONUS) cloud capability called the “Joint Operational Edge (JOE)” cloud capability. Sherman called it a “lily pad” capability that connects U.S.-based networks with the “tactical edge” in areas like the Pacific Ocean.

Sherman said all four of the JWCC cloud providers are involved in the JOE cloud initiative. DISA is currently running a pilot program for JOE cloud near Indo-Pacific Command and Hawaii.

“We’re going to move out on more of these in the future,” Sherman said.

DoD names ‘user experience’ leader

Meanwhile, DoD also recently named Savanrith “Savan” Kong as the head of its new “user experience” portfolio management office. DoD hired Kong as a highly qualified expert. He had previously served at the Defense Digital Service between 2019 and 2022.

The UX office is intended to address outdated, slow technology that has become a hindrance to DoD employees, leading to the viral “fix our computers” letter sent to Pentagon leadership in 2022. The Defense Business Board earlier this year issued recommendations for how DoD could improve IT user experience.

Sherman said his office will soon issue “tech refresh” guidance intended to address old and unwieldy IT across the department.

“Now I know it’s not all about hardware — it’s bad software too, and the image on the device and everything else,” he said. “But having stuff that is more than a few years old isn’t going to cut it anymore. And we’ve all seen the horror stories about the hardware that’s way too old. It’s not only the endpoints. It’s stuff like routers and switches. But we’re going to start working on this with the military departments and services and others. We’ve got to do better than we’ve been doing in terms of the tech refresh.”

Streamlining software ATOs

Sherman’s office will also soon release guidance on streamlining the authority-to-operate (ATO) process at DoD. An ATO is a formal declaration by a designated approving authority that gives permission for an IT system or product to operate on DoD networks.

The ATO process is meant to ensure government systems are secure, but Sherman acknowledged it’s become a hindrance to DoD’s adoption of modern software practices, like DevSecOps, which involve continuous development and consistent feature updates.

“One thing we’re working on right now, in addition to the DevSecOps piece, is getting to a ‘yes’ by default on ATOs within the Department of Defense,” Sherman said. “And I get it, for authorizing officials, there’s the ‘show me’ kind of thing. I need to see your body of evidence.”

Sherman said his office doesn’t want to force authorizing officials to take on unnecessary risks.

“But at the same time, as a steward of the taxpayers money, and making sure that we can get things done at speed and scale, having to go through each ATO process over and over again is burdensome, and it takes too long,” he added.

 

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Getty Images/iStockphoto/ipopbacloud computing, MITRE

    DoD’s JWCC memo is a scene setter for the future of cloud

    Read more
    Getty Images/iStockphoto/Vitalii GulenokModern cloud technology. Integrated digital web concept  vector background

    Army’s approach to buying cloud services serves as foundation for JWCC

    Read more