The Pentagon’s huge plan to rationalize the U.S. military’s sprawling and multifarious IT infrastructure into a single Joint Information Environment is at risk of failure because of poor scheduling and budgeting, inadequate workforce planning and a failure to properly lay out the scope and objectives of the massive undertaking, a new audit says.
The Department of Defense “has not adequately defined the effort’s scope or expected cost,” write auditors from the Government accountability Office in a report out this week.
For example, auditors state, the 2013 JIE implementation strategy includes software application rationalization and desktop virtualization as part of the project. But “briefings provided to congressional staff and to us in 2015 did not specifically include this element.”
“In addition, DOD has not established a reliable schedule or sufficiently developed workforce and security assessment plans,” they add.
The huge scale of the JIE undertaking incorporates the U.S. military’s 65,000 servers, and 7 million endpoints — all connected to 15,000 different networks — used by DOD’s 1.3 million military active duty and 742,000 civilian personnel, who are based at more than 555,000 facilities scattered across the globe.
“As a result of the program’s management and planning weaknesses, DOD decision makers and congressional stakeholders lack reliable information needed to make informed decisions about progress and needed changes,” the report’s authors state.
In fact, the report says, DOD officials do not even consider JIE to be a program of record. Instead, it is “a construct for managing improvement and modernization of DOD’s IT infrastructure and the associated operational concepts, and does not have a discrete beginning or ending such as would be expected with a program.”
Officials are paying for JIE through “existing DOD component programs, initiatives, technical refresh plans, acquisition processes, and funding,” auditors say. Partly as a result, the department has no estimate of how much JIE will eventually cost.
However, officials have costed out a single element of the JIE, the Joint Regional Security Stacks, or JRSS.
According to the audit, “JRSS is intended to enhance network command and control, increase bandwidth, and synchronize networks. It is to be used to screen network traffic to and from DOD installations, control traffic flows, identify and block unauthorized traffic, and isolate intrusions.”
To do this, the JRSS’s will replace about 1,000 nonstandardized network security stacks, currently scattered around the world, with 48 of the new standardized stacks at 25 locations, “reducing the number of avenues for cyber attack.”
The Pentagon, which started spending on the JRSS in fiscal year 2013, estimates it will have spent over $900 million by the end of the current fiscal year on Sept. 30; and will spend approximately $1.6 billion more in fiscal years 2017 through 2021.
“Until DOD determines how it will document the costs of its JIE effort and officials and congressional committees are provided accurate information about expected costs, they are limited in their ability to provide oversight for performance and make effective resource decisions,” the audit concludes.