The new CIO of the Defense Intelligence Agency, Douglas Cossa, has made it one of his top priorities to modernize the military and intelligence community’s top-secret IT network, the Joint Worldwide Intelligence Communication System.
DIA is undertaking a “huge effort … to modernize JWICS with the support of the Hill, [the Office of the Director of National Intelligence] and [the Office of the Under Secretary of Defense for Intelligence], and I’m really excited to offer a lot of those capability needs we have today and begin that discussion with our industry partners of where they can help,” Cossa said Monday at DIA’s annual DoDIIS Worldwide conference in Phoenix.
JWICS has evolved over its 30 years of use to become the “top secret network of the entire federal government,” said Cossa, who’s been CIO since July. The network was created to be a video teleconferencing system but really evolved in the early 1990s with the advent and addition of email.
“In doing that, it really grew legs. It’s kind of like a flywheel. We started getting the momentum moving and then we kept it moving faster and faster and faster,” Cossa said.
Today, there are “hundreds of thousands of users within the IC and DOD, and even more beyond that when you consider the other parts of the federal government, law enforcement, academia, our industry partners who have that need to share and collaborate on information,” he said. And JWICS must evolve to keep up with the speed of the national intelligence mission.
Cossa admitted that there have been conversations during his time as CIO about “whether or not DIA was going to keep JWICS as the executive agent. There were conversations about moving to other agencies,” he said, calling it “tough” to determine the best way to deal with the aging network.
“And I’m proud to say not only did we cement our role in leading JWICS as the executive agent … but we actually have now taken upon an approach supported by the Hill, the congressional staffing committees, the intelligence committees, ODNI, [the Department of Defense], and really the entire IC to modernize JWICS,” Cossa said.
Cossa has the support of his boss DIA Director Lt. Gen. Scott Berrier in retaining and modernizing JWICS. Berrier spoke at the conference about how the modernization of JWICS plays an essential role in DIA’s larger strategy to compete with China, Russia and others.
“I can’t do anything if the network isn’t as good as it can be,” Berrier said.
The modernization won’t stop there, though. Cossa also said DIA will look to modernize its Department of Defense Intelligence Information System (DoDIIS) — the local area network that the agency operates for itself and on the behalf of the combatant commands and others who handle top-secret information — as well as the global integration of networks with the nation’s Five Eyes allies.
DIA is looking to modernize DoDIIS “not only in terms of the equipment itself and replacing equipment, but really modernizing our local networks to take on the new capability needs for artificial intelligence and our ability to process a lot of data,” Cossa said.
On the global integration front, DIA operates a network called Stone Ghost to work with the other Five Eyes allies — Australia, Canada, New Zealand, and the United Kingdom. “That also requires modernization in terms of not only how do we share intelligence, but how do we operate within our native networks and connect together rather than creating independent, potentially redundant systems across the community,” Cossa said. “How do we have that more seamless integration and collaboration that’s enabled by new modernized network connectivity?”
On top of all of this network modernization, Cossa said DIA is prioritizing a multicloud mindset — “looking at what is that right cloud capability for the right function that we’re performing” — and creating a DevSecOps ecosystem that will streamline governance, accreditation and security of applications.
“I’m looking to set up a DevSecOps environment that adds governance, that creates a single pipeline, not only for DIA but also for the customers we support, to migrate to the cloud, to build applications, to make sure that all of the audit controls, the data standards we need for interconnectivity, the cybersecurity standards we use for accreditation — everything goes through the same process and we have complete visibility of all of these capabilities and techniques in one place.”