Official websites use .mil
Secure .mil websites use HTTPS
It’s been a busy three years for the Program Executive Office for Digital and Enterprise Services (PEO Digital) team.
PEO Digital, an integrated naval team composed of Navy and Marine Corps employees that deliver digital and enterprise services to Sailors and Marines, was officially established in May 2020 by then-Deputy Assistant Secretary of the Navy for Information Warfare and Enterprise Services (DASN IWAR), now Acting DON Chief Information Officer (CIO), Jane Rathbun. Headed up by Program Executive Officer Ruth Youngs Lew, the team is part of the Naval Information Warfare Systems Command (NAVWAR) enterprise.
Members of the PEO Digital team – Barry Tanner, acting executive director; Mike Day, product owner for Endpoint Solutions; and Kristopher Halvorson, lead engineer – sat down with CHIPS for a Q&A session on May 18 following their presentation at the 2023 DON IT East Conference in Norfolk, Virginia. (Included in said presentation: an impressive live demonstration of future Flank Speed capabilities – fingerprint recognition, anyone? – which led to hearty applause from the audience.
Read CHIPS’ coverage of PEO Digital’s 2023 DON IT East presentation here.
The team addressed several hot topics, from Flank Speed to biometrics to Nautilus Virtual Desktop (NVD) to partnerships.
Flank Speed and the fleet
Tanner took on the first, and quite possibly, most popular, question: When can the fleet expect Flank Speed to be available to them?
“There are a couple of different parts to that answer. The first part is we have to make sure that when they get it, it works. Our biggest challenge right now is ensuring consistent communication between a ship that’s underway and where our information is in the cloud. It's a challenging environment,” Tanner said.
In conjunction with their partners at Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I), PEO Digital has conducted a number of shipboard tests using several options, including new satellite communications such as Starlink, Space X’s satellite internet constellation.
Tanner said that the team is seeing great results from testing conducted aboard USS Nimitz (CVN 68) USS Abraham Lincoln (CVN 72), two Nimitz class nuclear-powered aircraft carriers located at Naval Air Station (NAS) North Island in San Diego. The team is using these results to determine the right solution for shipboard users.
“In parallel with that, we need to work with our partners in the CANES [Consolidated Afloat Networks and Enterprise Services] Program Office [PMW-160], who are responsible for providing ships with the same kind of capabilities we do at a flank speed, and think about how best to shift their model from the way they do it today into this new model,” Tanner said. The CANES program, directed by PEO C4I, consolidates and replaces the Navy’s existing afloat networks.
“It's not a simple, ‘Oh, we'll just move everything,’ right?” Tanner said. “So we're working both of those lines of effort: one, make sure that it works when we get it there – because we do assume we're going to get it there. And then, how do we programmatically make sure that we do it smart; that we do it without disrupting the mission while we do it.”
The goal is to have the right information – that is, the absolute best approach to Flank Speed for the fleet – to take back to those responsible for resourcing this effort; namely, the Office of the Chief of Naval Operations (OPNAV) and the DON CIO. As Tanner put it: “The most effective, the least disruptive and the most efficient, so that we can provide the capabilities the right way.”
Tanner reiterated that PEO Digital and their partners are actively seeking a technical solution to resolve the issue of Flank Speed access for the fleet.
“There are certain times where you're not going to be able to be connected. So how do we get the technology to help us deal with that situation? We’re working really hard with a lot of different smart people to figure out what that looks like. In the meantime, we will continue experimenting formally with our fleet partners, and informally with those that want to raise their hand and say, ‘Hey, I want to try something.’ We'll take it all and, and we'll keep working,” Tanner said.
The benefits of containerization
Day then tackled the topic of containerization – the bundling of the code and all the components an application needs to function in a single container. A relative newcomer to DON capabilities, containerization offers a more secure way to deliver applications to users, thanks to its built-in zero trust capability.
“Part of the zero trust piece of containerization is that it limits the ability of privilege escalation to occur,” Day said. He shared that during containerization testing, the team put a “risky old legacy app” inside a container, and then loaded it onto an operating system.
“The threat wasn't the app,” Day explained. “It was what the app was on, which is the operating system.” In this scenario, the user spotted the application on their desktop and opened it, unaware that it wasn’t a container.
“There was no risk to that; the performance risk was reduced, the security was improved and the user was not impacted. They had no idea it even occurred,” Day said.
“We’re aiming for seamless integration,” Halvorson added.
Tanner said there are a lot of advantages to containerization from a security perspective, including the removal of constraints that programs such as the Navy Marine Corps Intranet (NMCI) – now in operation for more than two decades – have in place.
“In the past – and even today – we're using a version of Microsoft Office on our NMCI machines that says 2016,” Tanner pointed out. “And the reason we're still on that is because it's so tightly integrated with other applications on the machine, that if we had upgraded Office, we would break the other applications. Everything was so tightly coupled that you weren't able to give folks newer capability without breaking something that was also important.”
Containerization removes that dependency.
“Everything an application needs is in that container,” Tanner said. “It's independent from all the other [applications], and so if this one has a new version, I upgrade it, and it just works. I don't have to wait or impact other applications on someone's workstation when I update – that’s better to both operate and manage. It's also better for security because I have the latest versions, and I don't have to wait around to patch things.”
Day added that containerization enhances interoperability, allowing applications to be pushed to users without breaking other applications. “Some of the things we do today is build out different images so apps will work. The challenge is the applications. We have to have the latest patches, but we can't have people saying they can't do their jobs. So this improved the ability to still push the app, but not break the applications that people require,” he said.
“In the end, it's just about adding flexibility while reducing the overall complexity,” Tanner said.
The future of NMCI
As it turns out, NMCI is still relevant in the age of Flank Speed.
NMCI will be upgraded, according to Tanner. But, as he pointed out, the “I” stands for intranet, and the program hasn’t been treated like an intranet for at least 10 years, if not more.
“What we're doing now is finally taking a look at what we built. NMCI is two decades old, and the design for it is two decades old. We really haven't changed much fundamentally about that. Since the beginning, if you look at the original plan for how we were going to build it out – tiers and all that – it’s pretty much how it is now. And we know it's not sufficient for what our customers need,” Tanner said.
Plans have been in place to re-architect and modernize the network since around 2017.
“It's been in our budget for the last two years and will still be for another three, so none of this is new. What's new is the technology platforms we have are giving us more options for how we do it,” Tanner said.
“It's what's referred to as the ‘old way of doing things,’” Day added. “We have a new platform, which doesn't drive innovation. The people drive innovation, the tools give people the capability to drive innovation. So by going to this platform, and changing how we do things, we have a better, more efficient, more secure way to do it. We're not saying goodbye to NMCI, we're saying we're evolving, so that people can do the work they need in a way that is beneficial to them.”
Day noted that the right tools enable employees to focus on what’s actually important – the warfighter.
“We don't want people to be sitting there focused on their computer,” he said. “We want them to be focused on advancing the warfighter capabilities, not looking at the computer.”
Moving data from anywhere to anywhere, securely
“We finally have platforms and tools that let us do things differently, and we need to take advantage of all of them,” Tanner said. “And so the work is ongoing to look at the network we provide people in the office and make it as good as we need it to be, but not constrain ourselves to just work in there – we’ve learned that lesson; the last three years have taught us that we need to be able to work anywhere.”
Tanner stressed the importance of the key objective of the DON Information Superiority Vision (ISV) – namely, that data needs to be able to move from anywhere to anywhere, securely, at any time.
“We need to live that, and so where you do your work matters. But it's more about the work than the where,” he said.
For example, Tanner said, “If I need to access this piece of information, is that [information] sensitive enough that I want you in a certain place before I'll let you see? That's a valid question. And we need to give people a way to do both. From a place of ‘whatever, it's not a big deal – you can see this anytime you want’ to ‘no, that's personnel data, I really want to make sure that you are who you say you are.’”
Although heightened security means “more rules to do more things,” Tanner said, those rules should not mean that users have to jump through more hoops. “We just need to automate as much of that as we can, and make sure that the ‘securely’ part of the move data phrase is important. That's at the core of what we're trying to do,” he explained. “Secure means I'm securing the data. The fact that I'm on the DOD network does not inherently mean that I'm in a secure place – it’s not, it just isn't.”
Tanner noted that a basic fundamental element of zero trust is assumed breach and emphasized the need to assume that someone who wants to prevent someone else from performing their job is already there.
This is all part of the mindful approach that PEO Digital takes when putting architecture in place.
“All of the work we do – everything that's embedded in every solution – immediately starts with ‘OK, how do I make sure that person who's using this information can use it and nobody else can?’ And then, we move from there,” Tanner said.
Nautilus Virtual Desktop – coming soon to a personal device near you
NVD, the cloud-based, personal device alternative to traditional government furnished equipment (GFE), is widely considered a game changer due to its flexible nature. PEO Digital is going full steam ahead with this initiative – they’ve been authorized to extend NVD capability to 50,000 users this fiscal year, and as of May, they were halfway to their goal.
“We are pushing hard to reach that number by October,” Tanner said.
With NVD now readily available to thousands of users, the PEO Digital team has shifted their efforts from developing technology to a communications campaign. “If people want it, and they’re funded – we’re ready to go,” he said.
One of the challenges the team currently faces are the inquiries rolling in about next year’s NVD availability. To address this, PEO Digital is working with the DON CIO to make sure their messaging is accurate and consistent in regard to where NVD fits in with all of the options available to commands.
“Is [NVD] something extra? Is it something instead of? How do they need to think about using this virtual desktop for their job?” Tanner said. “We're working hard to clear out those questions.” The answers are based on what commands actually need – the right solutions that enable them to make smart decisions, whether devices are NVD or GFE.
As expected, commands keep track of NVD accounts – who’s got it, who’s using it and how much they’re using it. This information, Tanner said, helps commands understand where NVD fits into their mission.
Biometrics – coming soon to a DON-approved device near you
One of the most memorable parts of PEO Digital’s demo at this year’s DON IT East Conference was the use of biometrics – fingerprint recognition, to be exact – to log into a laptop. This indicates that things are most certainly moving in the right direction for biometrics to be used as an authentication method within the DON’s networks – and the technology won’t be limited to just accessing devices.
“We're already using biometrics like face ID on an Apple phone, but that’s just to get into the phone, and then I have to log into Flank Speed beyond that,” Tanner said. “We've been working with the DOD Chief Information Security Officer [CISO], who recently got permission to now move beyond doing it twice to doing it once – meaning if I'm going to log into my phone with biometrics, now I can log into Flank Speed and get all my resources using the same biometric information.”
Tanner said the process of three-phased multifactor authentication “got us a lot closer to what we really need for zero trust than passwords” and noted that the use of fingerprint recognition is one way that PEO Digital is starting to build modern approaches into how they do business.
“You can also do facial recognition – it’s all built on the same authorization. It's all based on the same approach, where we control authorization in the [Department of the] Navy; we get our identities from the DOD. And so we're now at a place where we can start moving out on that, from a policy perspective. We've demonstrated the tools do it, so now we’ll bring those together and start working on how that scales,” Tanner said.
“And one thing worth noting – when we were doing that live demo [with fingerprint recognition] – that was on one of those orderable computers that people have today,” Day added.
“It's about some of the new technologies we're using, they’re enabling us to use some of the features that the hardware already had. We're able to turn them on and with the authorizations for you to use them in a secure manner. It's eye-opening, really kind of cool,” said Halvorson, whose fingerprint recognition success appeared on the big screen at the front of the ballroom during the demo.
Moving at Flank Speed
The rate at which PEO Digital and the DON are moving on this initiative is progressing at a speed that could only be described as, well, flank speed.
“Why did we call this Flank Speed? Well, we have to go really, really fast,” Tanner said.
Tanner shared that although continuing at the rate of flank speed is unsustainable, the team will continue to press forward and move quickly where it makes sense to do so.
“The definition of a flank bell means I'm going as fast as I can, but I can't keep it up. We've kept it up for a while, and we're going to keep going, but part of knowing how to do this right is knowing when to come off the bell for a second. We went super-fast, and we proved a lot of things. Now we're going to come off the bell just a little bit, just to go make sure that when we go live, when we go full-scale, it works. Because it's worth taking a bit of deliberate action to think through how you go from 100 people 20,000 people to 100,000 people to half a million people all over the world. That's not trivial. That needs a lot of good thought, support, scale and other things,” Tanner said.
Other things, like ensuring that Flank Speed works as designed in all locations, Day noted.
“It probably works for everyone at this table, but then you’ve got a guy in Guam doing something different and he’s asking, ‘What happened to that widget that I need? It's not there. I can't do my job.’ So it's extremely difficult to try and tackle those,” Day said.
According to Tanner, one of the biggest lessons learned from the original Flank Speed push was that speed was the top priority.
“We were under a deadline. We had to get it done in a certain period of time to deliver something that was very important to people. And we said – right up front – that things will break. And they said, ‘We understand, that’s fine. Go fast, and we’ll deal with things,’” Tanner recalled.
“We’re better now than we were then,” he said. “We learned a lot, so we should take that learning.”
Tanner acknowledged that there are a lot of customers waiting for Flank Speed updates, but for PEO Digital, the priority is not only delivering the capability, but again, making sure it really works.
“There are two metrics that matter: Do you have what you need? And is it there when you need it? That second one is just as important as the first one. And we're going to put a lot of focus on that over the next year,” Tanner said.
“And to that end, we understand the importance of the speed piece,” Day said. “Some of these guys, like Kris [Halvorson], have literally worked all night long. I mean, literally all night long, trying to get some of these things enabled – not just for a demo, but the issue with people being out and unable to work as they need, the issue with cybersecurity. Industry can't keep up. Now, the Navy, with all the regulation and rules, is trying to go that fast.”
Halvorson added that those all-night sessions were held either on Microsoft Teams or in person at the Navy Yard. The team works with customers as far away as Hawaii and Guam.
“It's an amazing team,” Tanner said. “It's a small team.”
“Yeah, very,” Halvorson interjected with a laugh.
PEO Digital is currently working on how to build the team and scale it with their partners. “We’ve got a lot of capacity in the Navy to do work; now, we need to bring in that larger capacity – get them smart, and have them help us do it,” Tanner said.
Day credited Naval Network Warfare Command (NAVNETWARCOM) – the Navy's information operations, intelligence, networks and space unit – as a dependable, ever-present partner.
“When we say we’re working all night long, our guys at NETWARCOM are in there with us. They're in there helping us build; when things go down, we're there to help make sure they get back up; things operate … that's how we're able to move faster. We can get access to the network, we can get access to the cloud, we can get access to this funding required to go push something that goes a lot faster as a team,” Day explained.
“The teaming between the operational community and acquisition has never been better than it is,” Tanner said. “I mean, it is seamless in this area and a huge testament to Commodore [J. Steve] Correia, to Capt. [Christina] Hicks, to all the folks we work with. They saw the value immediately and said, ‘we are all in here, let's go.’ There are folks on our team that sit in their spaces every day. It's just a great team.”
A dedicated team that goes non-stop, so it seems. Halvorson, an integral part of the team, fielded several text messages from his teammates during the course of our 30-minute interview.
“They don't stop,” Day said. “They keep pushing.”
Originally published by CHIPS Magazine: