The votes are in for the 2025 FedScoop.

See the winners!

Agencies’ EIS transitions modestly slowed by pandemic, so far

Only five agencies reported coronavirus-related difficulties moving to the government’s $50 billion telecommunications and network modernization contract since the pandemic started — but that number could rise as work gets underway.

As agencies award more Enterprise Infrastructure Solutions (EIS) task orders, contractors will need access to their sites — access that could be complicated by pandemic protocols, Allen Hill, acting deputy assistant commissioner for category management in the Office of Information Technology Category, told FedScoop.

Agencies need to factor contractor access into their EIS plans and coordinate closely with them if they’re to meet their next major deadline on March 31, 2021, when 50% of services must be transitioned.

“Agencies must award their EIS task orders and get replacement services installed,” Hill said. “The longer it takes to award task orders, the less time is available to execute complex and lengthy transition activities, increasing the risk of disruptions to agency operations and the delivery of critical services to the public.”

The General Services Administration included contact information for its Public Buildings Service among EIS transition resources to help facilitate contractor access to those it manages. And it’s making itself available to agencies in need of pandemic-related EIS assistance on a case-by-case basis, so long as they’ve awarded all their task orders.

Meanwhile, agencies whose EIS transitions were already underway proved better able to handle wide-scale telework than those reliant on older, legacy infrastructure, Hill said.

EIS is the primary contract for adopting Trusted Internet Connections 3.0 (TIC 3.0) and “as-a-service” cloud solutions addressing the new class of security vulnerabilities introduced by telework and an expanded network perimeter.

“As agencies continue to make progress toward transition some have identified gaps in their requirements, which they are now building into their solicitations,” Hill said.

Prior to Oct. 1, agencies could address COVID-19 IT requirements by modifying task orders on the contract EIS is replacing, Networx, which is due to expire on May 31, 2023. Such modifications are no longer permitted to encourage transitioning to EIS.

GSA hasn’t changed its EIS deadlines in response to the pandemic, the biggest of which is Sept. 30, 2022, when 100% of agencies’ telecom inventory must be off current contracts. That’s eight months before the Networx, Washington Interagency Telecommunications System (WITS) 3, and Local Service Agreement (LSA) contracts expire.

As of Sept. 30, five out of 17 large agencies and seven out of 23 medium agencies — 30% total — had awarded all of their planned EIS task orders. Among those agencies, 110 out of 142 EIS solicitations, 77.5%, had at least been issued to industry, according to the first progress tracking report.

Agencies’ EIS savings and cost avoidance have “greatly exceeded” expectations in 2020, Hill said. EIS prices generally average 28% to 32% lower than those paid by large commercial enterprises, and agencies that share their savings results are reporting an additional 10% than initially estimated.

Task order awards are including “significant investments” in modern IT infrastructure, Hill said.

“These solutions include Software-Defined Wide Area Network (SD-WAN), Voice over Internet Protocol and 5G, in addition to increased IT processing capacity,” he said. “As a result agencies are not having to make large capital investments, further increasing the savings.”

GSA released an EIS contract modification for SD-WAN in May, and more are expected for TIC 3.0 and broadband internet, Hill added.

Still, about 250,000 disconnects per month are needed to transition all services off expiring contracts by September 2022. That’s why GSA released guidance for agencies on March 23 on closing out the EIS transition, which includes a complete timeline of fiscal 2021 phases.

For the first time ever, transition to EIS was included as a measure on the Federal IT Acquisition Reform Act (FITARA) scorecard released in August.

“We have been collecting lessons learned and best practices from agencies’ solicitations. Our EIS industry partners recently provided some thought-provoking feedback as well,” Hill said. “We are analyzing these observations and expect to share additional guidance to agencies as they finish up their solicitations for transition and to improve the process for future EIS solicitations.”

This story is part of a FedScoop special report on the Network and Telecom Modernization. Read the rest of the report.

Space Force gets its own ‘werx’ innovation center

The year-old Space Force will have its own rapid acquisition center to work with private sector companies to field new technology for military applications, Air Force leaders say.

The new unit, dubbed SpaceWERX, will field commercial technology into Space Force’s growing tech portfolio, as the AFWERX program does for the Air Force.

It’s fitting Space Force will get its own “werx” unit, since it will rely heavily on commercial technology to carry out its mission, says Will Roper, head of acquisition, technology and logistics for the Department of the Air Force which houses Space Force.

“This is not Space Force’s first foray into the world of commercial technology and commercial investment, but it is time for us to formalize their roll,” Roper said at the virtual AFWERX Accelerate summit Monday.

Space Force was created in 2019 to preserve the security of space and space-based assets like satellites — operations that rely on tech ranging from cybersecurity tools to space launch vehicles.

‘AFWERX West’

SpaceWERX will officially be housed in Los Angeles under AFWERX and also called “AFWERX West.” The new office’s commander will be Lt. Col. Rock McMillan, the chief innovation officer of Space Force, Roper announced.

The Los Angeles Air Force Base is also home to the Space and Missile Systems Center (SMC) and the Space Force’s DevSecOps coding unit Kobayashi Maru. Space Force has hosted Pitch Day events in the past that have given private, often small companies access to quick contracts and Roper said that SpaceWERX will offer more opportunities year round. Los Angeles has a long history of aeronautics companies, and is home to NASA’s Jet Propulsion Laboratory.

“We really should have done this years ago, because your team of rockstars have done amazing work in commercial innovation in space,” Roper said during the AFWERX event while speaking with Lt. Gen. JT Thompson, who runs SMC.

As the newest military branch, Space Force has placed emphasis on “digital fluency” in its ranks, requiring new recruits and transitioning officers to take online courses in coding and other technology basics. That fluency is needed since so much of their work will be based in ever-changing technology systems, leaders have said. With SpaceWERX, the services hopes to see even more emerging technology come through the doors.

Large tech companies have already seen the potential in the space business. Amazon Web Services and Microsoft Azure have launched space-focused business lines for their cloud offerings. The Space Force has also inked deals with Palantir for processing its data.

“SpaceWERX is going to help us continue to take advantage of that rapid growth” in the space economy, Thompson said.

Expect SOCOM to be at the spearhead of AI testing in DOD

U.S. Special Operations Command, the military’s elite joint force of fighters that operates globally, will be the test bed for new artificial intelligence applications in warfare, its commander said Monday.

Army Gen. Richard Clarke said that SOCOM will be the first in the Department of Defense to be fully AI-enabled, using the emerging technology on everything from maintenance to fighting.

“We are going to keep putting our money where our mouth is,” Clarke said during a Hudson virtual event on AI in the military. “SOCOM is going to continue to be a pathfinder on unique, repeatable, actual real-world problems we are going to be fighting and make sure we can apply them into the future.”

The combatant command, headquartered in Tampa Bay, Florida, has special acquisition and technology authorities that allow it to purchase and test tech more easily than other parts of the military. And it operates outside traditional theaters of war, giving it more testing grounds in real-life operations.

Overall, SOCOM is interested in working on new technology that can help leaders make decisions faster and win in the “information environment,” Clarke said.

The command has already been the first adopter of some forms of AI, such as image detection developed through Project Maven. Clarke predicted SOCOM will move to testing more communications and command-and-control technology as the military works to develop new AI-powered network-of-network systems.

Clarke emphasized that SOCOM will test products and ideas that could one day be scaled for the whole department and not only test products for its own applications. Clarke commended enterprisewide AI organizations like the Joint AI Center for their help in setting up new AI projects across the DOD. But while the JAIC provides support and technical expertise, SOCOM’s operators and commanders will be the ones to find out if the novel technologies are useful.

Winning in the information environment traditionally has meant influence campaigns and other messaging operations. Now, Clarke said, it also includes using big data that comes from sensors throughout a battlefield to inform commanders to make decisions faster, to allow targeters to be more precise and and to push the character of warfare to a more technology-driven pace.

“You can use artificial intelligence to speed up targeting in a much broader Department of Defense capability and advantage for the future,” he said.

But, all the possible uses cases come down to the ability for the DOD to upgrade basic tech infrastructure, like getting cloud and data access across the force.

“We are going to have to make sure that we are updating infrastructure,” Clarke said, along wth policies “that will apply to data, that will apply to make sure we have cloud — multiple clouds — and the ability to search open source data along with secret and top secret.”

Medicare telehealth expansion gets bipartisan stamp of approval from lawmakers

Telehealth technology has proved to be a reliable tool for Medicare providers throughout the pandemic, according to a bipartisan and bicameral group of 49 lawmakers who want to lock in those gains now.

In a Dec. 4 letter, the lawmakers urge House and Senate leaders to use end-of-year legislation to permanently expand Medicare coverage of telehealth services.

The letter says Congress should permanently waive geographic restrictions on telehealth services, so that a beneficiary’s eligibility isn’t based on where they live. The lawmakers also want the telehealth services approved by the Centers for Medicare and Medicaid Services (CMS) to be available to all beneficiaries, not just some. Lastly, they call for legislation to permanently authorize Federally Qualified Health Centers and Rural Health Clinics to provide telehealth services.

“Congress needs to act now to better serve patients and health care providers during the pandemic, and to ensure that telehealth remains an option after the pandemic is over,” the letter reads. Sen. Brian Schatz, D-Hawaii, led the effort to circulate the letter on Capitol Hill.

Under the current expansion, there are three types of virtual services doctors can provide for Medicare beneficiaries: a telehealth visit that uses audio and visual technology for real-time communication, a brief patient-initiated virtual check-in typically conducted over the phone, or an e-visit through an online patient portal.

Providers must use “non-public facing” remote communication tools for those visits — such as Apple FaceTime, Zoom, Skype, or Google Hangouts — that only allow the intended parties to participate in the visit.

The lawmakers note that telehealth services have numerous practical effects, including reduced potential for COVID-19 transmission because fewer patients need to enter health care facilities. Additionally, telehealth increases a health care facility’s capacity overall and reduces the use of “scarce” personal protective equipment, the letter says.

“These actions would address the restrictions on originating sites that CMS has stated are the greatest barriers to the expansion of Medicare telehealth services as well as ensure that health centers can continue their pivotal role in providing health care in rural and underserved areas,” the letter reads.

The Coronavirus Preparedness and Response Supplemental Appropriations Act, 2020 and the Coronavirus Aid, Relief, and Economic Security Act increased access to telehealth services for Medicare beneficiaries, which resulted in a rapid acceleration of use. Before the pandemic, about 13,000 Medicare recipients used telehealth services in any given week. By the last week of April this year, it was 1.7 million recipients, nearly a 13,000% increase.

The expanded coverage is currently tied to the Covid-19 public health emergency declaration and is renewed in three-month increments.

The uncertainty of the long-term future of Medicare telehealth coverage has made it difficult for providers to fully invest in scaling up their operations, such as purchasing telecommunications equipment, training staff and updating electronic billing systems. These are high cost actions and “many organizations are not investing in all of these areas to optimize the use and availability of telehealth,” without knowing the longevity of the expanded coverage.

Laying the terms for partnerships with ethical hackers

This year, agency IT leaders were pressed to implement digital modernization projects faster than ever. However, the complexity of government systems also means that any change adds security risks.

Vulnerability disclosure policies

Read the full report.

Government IT teams constrained by limited workforce and resources can lean on the expertise of ethical hackers to identify vulnerabilities in their systems and applications. But defining the terms to facilitate that partnership is critical, according to a briefing document — “VDP Action Plan for Government Agencies,” — a guide, written by HackerOne, that lays out the steps to framing a vulnerability disclosure policy (VDP).

“Regardless of the threat, federal agencies do not have a budget or staff proportionate to their needs. And with decreased visibility and control over their expanding network, agencies’ overburdened IT teams are likely to experience compliance challenges,” says the brief.

Civilian agencies have the authority to accept vulnerability reports from third parties. That was laid out in the recent Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive 20-02. However, a VDP agreement is essential to a vulnerability management program.

“If mismanaged, publishing your VDP will result in an onslaught of reports for which you’re unprepared, an overwhelmed internal team and disgruntled security researchers — severely compromising your security strategy,” warn experts from HackerOne.

To mitigate these risks, HackerOne outlined a quick action plan that lays the foundation for a VDP as part of an agency’s security strategy. It should include:

HackerOne is a FedRAMP-authorized organization that connects agencies with a network of penetration testers who find and fix critical vulnerabilities to systems and applications before they can be exploited.

This article was produced by FedScoop and CyberScoop for, and sponsored for HackerOne.

5G: A game changer for governments and the people they serve

Governments rely heavily on communications systems to serve their citizens. And so, from the earliest days of the telegraph and telephone to an era of the internet and smartphones, major shifts in communications technology have changed the ways in which governments operate, interact and deliver citizen services.

Without a doubt, 5G is poised to be one of those step changes. For government at all levels, 5G will play a critical role in the development of smart systems and smart infrastructure across the nation. The use cases for governments are nearly endless.

For example, in the realm of smarter cities, pervasive IoT sensors have the potential to create intelligent urban infrastructures that enable city authorities to trial new services that improve citizens’ quality of life and safety as well as stimulate local business growth.

This transformation is all part of a new, integrated approach to smarter cities – where 5G-enabled networks and analytics can be applied to information about transport and public services in a dynamic way. This development enables city leaders to take a more holistic view of situations and marshal services in real-time.

New technologies

And this is thanks to a range of important new technologies that 5G will introduce. Beamforming and MIMO (multiple-input, multiple-output), for example, will allow for higher bandwidths. Support for very high frequency spectrum will enable massive data transfers over short distances. Network slicing will enable virtual network resources to be specifically assigned — ensuring that performance characteristics are precisely determined per application, with complete security and isolation from other network users.
Also, 5G is the first wireless technology that is able to replace wired systems in terms of capacity, reliability, control and security. It has been designed to meet the need for time-sensitive, automated processes and massive numbers of low-powered industrial IoT sensors and devices in industries.

So, while consumers are excited about 5G for video and virtual reality gaming, the real 5G game changer is the range of use cases it supports that were not possible on previous networks.

Universal networking technology

Historically, networks tended to be purpose-built. The landline telephone network was for making calls from your home or office phone. Cable networks were for watching TV. Electrical utilities built specialized networks to control the grid. The internet was for email and web browsing. Defense systems had their own radio networks.

With the arrival of 5G, specialized hardware systems become obsolete. Designed as a universal networking technology, 5G can be integrated with mobile or wired systems. Depending on software configuration, it can fulfill virtually any communications task imaginable — from talking to a family member across the country to connecting IoT sensors and controlling the smart grid to providing extremely precise, low latency controls for a piece of sophisticated manufacturing machinery — all at the same time, on the same network and with complete security.

Along with all of these performance enhancements, 5G is also a fundamental change in the way that networks work. Because 5G networks are the first end-to-end implementation of software-defined networking, and they employ cloud and virtualization techniques, they enable entirely different capabilities than previous networks.

Adaptable and universal

The adaptability and universality of 5G is an important shift for governments as well as industries because it means that, for the first time, governments can fully leverage advances in an open, publicly shared communications platform.

Previously, the logical focus on security meant that government agencies tended to run purpose-built, specialized communications systems that were hardened to protect national interests. But with 5G, specialized hardware is no longer a necessity — cloud technologies are universal. Governments may still run private 5G networks, but the mission-critical requirements will all be embedded in software — meaning they can be updated, changed and radically overhauled very quickly, without having to re-invest in the network hardware.

This is exemplified by the CIPAC Cross-Sector Enduring Security Framework, which looks at threats, vulnerabilities and mitigations across all domains of communications infrastructure. The application orchestration of 5G across the entire end-to-end service, through open commercial communications platforms, introduces new adaptable and scalable security opportunities.

This is especially important because the already fast pace of innovation in the network communications arena is accelerating. Governments cannot afford to have stranded communications assets based on yesterday’s technologies; too expensive to abandon, but not keeping pace with the latest use cases.

Single communications system

Data now plays a critical role in many government operations, from administration and public safety to law enforcement and defense. For example, command and control decisions are based on layers of information streaming in from environmental sensors, field reports, body cams, mission-critical voice communications and drone and satellite feeds.

The U.S. Department of Defense, for example, clearly recognizes information as a separate warfighting domain, along with land, sea, air and space. Information, and the ability to process and make decisions, is king. Not only do 5G networks enable an advantage in the velocity of command and control, but they also enable decision making.

With 5G, all of these layers of information can now be supported by a single communications system that is capable of determining performance requirements, end-to-end, for each stream of information and then ensuring complete security for each data channel.

But the real revolution that 5G represents is the shift to a dynamic, software-based network that employs virtualization, artificial intelligence and machine learning technologies. Because 5G provides a platform for innovation based in software, not hardware, it represents an opportunity for governments to become more agile, responsive and resilient in the face of rapid change, environmental challenges or security threats.

The implementation of 5G will revolutionize the collection, modeling, analyzing and learning from data of every description, thus radically changing the way all services will be delivered. If government is to keep pace and respond appropriately to the needs of businesses and interest groups, then it will have to be prepared to adapt to, and help lead, the development of 5G and related technologies to ensure the interests of the people that it serves.

Mike Calabrese is Senior Vice President of the Americas at Nokia Enterprise.

With demand surging for government tech, Dcode shifts its accelerator model for startups

Washington, D.C.-based federal technology accelerator Dcode is shifting the way it gets startups into the federal marketplace to meet increased demand from the government during the pandemic.

Dcode is essentially allowing companies to apply and then receive support anytime, instead of joining a technology-specific cohort. The organization’s classes for entrepreneurs — its main mode of support for companies trying to break into the government market — will be delivered via an online platform, giving even greater flexibility to startups.

The change was due to two general signals for increased demand, Dcode’s Rebecca Gevalt who manages its technology programs, told FedScoop. As the government was forced to rapidly modernize, its overall reliance on technology increased. And companies faced with a pandemic-induced economic crunch have turned to the ever-stable buyer of the federal government to provide stability.

The organization’s application page has been offering admissions “on a rolling basis” since the beginning of December. Dcode works exclusively with companies that can deliver useful technology to the federal government.

“What we wanted to do was link [programs] to government mission instead of a schedule,” Gevalt said about the new platform-based model.

Dcode has hosted more than a dozen cohorts with more than 100 companies that were technology-specific, like artificial intelligence or space. Companies that graduate from the program can also be vetted for Dcode Capital, its venture capital arm.

“Cohorts models can be limiting for both government and technology companies. To remove those limitations, accelerators are evolving, and we need to make sure the government keeps up,” Dcode’s CEO Meagan Metzger said in a statement. “We’re seeing increased demand from the government and tech companies looking to work together to better serve Americans, and this next iteration of Dcode Accelerate will continue to make that happen at an even larger scale.”

Dcode officials said they’re aware that shifting to remote learning will sacrifice some of the intense team-building that is natural in a cohort model. The tradeoff, though, is that the organization can work with more companies, Gevalt said.

Microsoft announces Top Secret cloud

Microsoft built a new cloud service to protect agencies’ data classified as “top secret,” the company announced Monday.

Azure Government Top Secret regions provide the same capabilities as Azure commercial, Azure Government and Azure Government Secret, just at a higher level of security.

The new cloud option affords agencies that manage sensitive data — the compromise of which would cause exceptionally grave damage to national security — more flexibility in modernizing their legacy information technology systems.

“The broad range of services will meet the demand for greater agility in the classified space, including the need to gain deeper insights from data sourced from any location, as well as the need to enable the rapid expansion of remote work,” wrote Tom Keane, corporate vice president of Azure Global, in a blog post.

Amazon Web Services launched the first top secret region for federal agencies in 2014, but that didn’t stop the Department of Defense from awarding its $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud contract to Microsoft twice now. AWS continues to protest the award in court, but Monday’s announcement could be used to argue Microsoft is keeping pace with leading industry standards.

Earlier this month, DOD Chief Information Officer Dana Deasy said the 2018 JEDI contract requires “commercial parity,” so Microsoft’s latest advancement will be available to the Pentagon.

Azure is working with the government on Top Secret’s accreditation. It’s unclear when it will be authorized for use.

Top Secret addresses several compliance requirements including Intelligence Community Directive (ICD) 503, which remains in progress; ICD 705; and Joint Special Implementation Guide (Protection Level-3) accreditation.

Agencies reevaluating EIS task orders during pandemic

COVID-19 and the resulting surge in government telework is forcing agencies to reevaluate their network security architectures and make adjustments to their task orders under the $50 billion Enterprise Infrastructure Solutions contract.

The program team overseeing government’s sweeping telecommunications and network modernization effort is working closely with those authorizing cloud services and securing external connections to federal networks during the pandemic.

Agencies’ shifting cybersecurity needs require regular communication between the EIS program team and the Federal Risk and Authorization Management Program (FedRAMP) and Trusted Internet Connections (TIC) program management offices (PMOs).

“What’s encouraging to us now is a number of companies are coming to us, and they are telling us how they can provide solutions that meet both the FedRAMP and TIC requirements,” said Jim Russo, EIS technical lead at the General Services Administration, during an SNG Live event produced by FedScoop.

GSA doubled its network capacity when nearly all of its workforce moved to telework. Other agencies that did the same will need to make decisions about the percentage of their employees that need remote access when the pandemic ends and rearchitect their networks accordingly using EIS, Russo said.

FedRAMP and TIC both give agencies flexibility in determining the amount of risk they’re willing to accept when designing their networks. TIC 3.0 allows for distributed policy enforcement points for internet traffic, rather than one at headquarters, but agencies should “seriously consider” FedRAMP-authorized, cloud-based security services in addition to such solution sets, Russo said.

The Department of Homeland Security worked with FedRAMP to create an overlay in 2015 integrating TIC into the latter’s cloud security requirements. But the resulting pilots didn’t provide the “jump start” GSA was hoping for in allowing remote used direct access to the cloud while adhering to TIC requirements, Russo said.

So the EIS program team maintained “constant communications” with the FedRAMP PMO while designing the replacement for the Networx contract expiring in May 2023, he said. TIC has since shifted from DHS’s purview to that of its Cybersecurity and Infrastructure Security Agency, and the PMO is in the loop.

“One of the things that we did immediately when we were putting together EIS was to ensure that any cloud service that was provided, either as a TIC solution or any other solution for that matter, had to be FedRAMP certified,” Russo said.

TIC controls for boundary protection and secure connections were baselined into FedRAMP, and companies progressing toward authorization can still be considered by agencies modernizing their network architecture.

Don’t expect an immediate merger of FedRAMP and TIC within GSA however, as both programs serve slightly different constituencies. What matters is that FedRAMP’s “do once, use many” approach to authorities to operate is taken to heart by agencies, Russo said.

Vendors have until Sept. 30, 2022, to execute EIS task order requirements, though that’s still proving tricky with agencies updating agreements to address network issues that have arisen from pandemic telework. Agencies have been setting up mobile call centers, managing web conferencing, upgrading wireless capabilities, and connecting first responders nationwide.

“Agencies are encouraged to examine any gaps in their network infrastructures and ensure they make appropriate adjustments to their EIS task orders to provide needed capabilities,” Allen Hill executive director of telecom services in the Office of IT Category at GSA, told FedScoop back in May. “Modern IT demands modern infrastructure.”

“A few” task order awards were delayed, but most remained within the projected timeframes provided by agencies, Hill said then.

The Government Accountability Office surveyed 19 agencies spending the most on EIS and found all planned to transition by May 2023, when legacy contracts are set to expire. But 11 expected to miss GSA’s more aggressive Sept. 30, 2022 deadline as of October 2019.

GSA officials encouraged agencies to share information on how the pandemic was affecting their EIS transitions, saying they would work those that had already awarded task orders on a case-by-case basis to address delays. Based on agency feedback, GSA would consider providing additional, broad guidance or assistance.

“Not all agencies have been impacted,” Hill said. “GSA is in constant communication with agencies’ transition teams to ensure agencies are able to continue making progress.”

This story is part of a FedScoop special report on the Network and Telecom Modernization. Read the rest of the report.

How the pandemic pushed DOD’s network modernization efforts into warp speed

It took a global pandemic to light a fire under the Department of Defense’s network modernization efforts, and now its senior IT leadership is trying to keep that fire going.

Since the onset of the coronavirus pandemic, the DOD has made major technical and cultural shifts away from previous business models to support network modernization across the force in support of remote work. And beyond the Herculean technical feat of telework deployment across the DOD, the pandemic has pushed the culture of the force to be more technology-focused, giving greater value to IT transformation that is often talked about but less often delivered.

DOD’s Commercial Virtual Remote telework platform reached millions of users in a matter of weeks, mostly thanks to a small cloud team in DOD’s Office of the CIO. The leader of that office, Sharon Woods, called the build out of the CVR environment the largest deployment of Office 365 in history. After the launch of the project in late March, DOD tech personnel worked non-stop to fully deploy CVR across the entire department within a month.

“It is the Thursday that never ended because it was the day that never ended for us — we worked 24 hours a day, seven days a week,” Woods said during the AFCEA TechNet Cyber summit in December.

It was not an exaggeration, she added — it was truly a round-the-clock effort. The team behind the build took to wearing hats to hide messy unwashed hair and had mugs brimming with coffee and the occasional “other” beverage, as the hours rolled by without sleep or breaks.

And it was not just her team of seven senior engineers, but offices and agencies throughout the DOD, from Cyber Command to service-level IT shops, that spurred the change, she said.

“Everybody really stepped up in a huge way,” Woods said, adding that her office “was not the only office burning the midnight oil.”

The team needed to build out enough cloud space to host the services and get to work securing the platform. The temporary telework solution still operates on a cybersecurity waiver, even though officials have stressed its secure up to Impact Level 2.

“The security was happening in the background, but it needed to be codified,” she said.

Like the old Silicon Valley adage goes, while DOD moved fast, it did break some things. Messaging to employees could not keep up with the pace of change, Woods said. That led to some confused DOD workers unsure of how to get on the CVR platform, or even what it was. One DOD employee, clearly adhering to DOD warnings on phishing scams, responded to a CVR account set up email by saying “not today, ISIS.”

Other early missteps included a crunch in bandwidth with employees streaming videos on their devices. DOD moved to shut access to Netflix, YouTube and other streaming services to limit the impact distracted employees had on network speeds.

Now that millions of users have access to CVR, DOD is working to find long term solutions both to teleworking and codifying the new technology across operations.

Change is here to stay

Over the summer, DOD’s CIO Dana Deasy announced that the technical architecture built out to support teleworking was here to stay. The plan is now to transition to an “enduring” telework solution, one that will carry with it more security and permit employees to transmit sensitive data, up to Impact Level 5, across the Microsoft Office suite.

“The way we work has changed dramatically,” Deasy told reporters. The IT brought in to help during the pandemic would help DOD continue the modernization of its networks, he said.

While not currently in place, classified telework could be coming soon as well. The Defense Information Systems Agency‘s Emerging Technology Directorate accelerated work on classified telework during the pandemic. It’s something that Deasy had hinted at before, but the directorate’s Director Steve Wallace confirmed in early December, saying the agency is full-steam-ahead working on a platform to allow even the most sensitive work to happen from home.

“Remote classified [work] was accelerated by pandemic,” Wallace told reporters on a press call.

What comes next, JEDI and all

The next major modernization step for DOD will be the finalization of the Joint Enterprise Defense Infrastructure (JEDI) cloud contract, which aims to give the entire DOD access to tactical edge cloud capabilities from a single vendor. While the DOD waits for JEDI’s eventual legal settlement, it has been working to deploy cloud capabilities through other means.

“We continue to work on what I always call the prerequisites,” Deasy said in October. “We’re doing a lot of work with the services on getting them prepared to move their development processes and cycles to DevOps. So when the JEDI cloud finally does get awarded, we’re not starting at day one.”

Offices like the Air Force’s Platform One and Cloud One are currently supporting programs with cloud capabilities, Deasy said. Those offices have been able to use JEDI engineers that were supposed to be working on the enterprise-wide construction, but have been sidelined by the legal challenges to the contract’s award to Microsoft.

As several cloud service offerings are being developed across the DOD, the challenge once JEDI is finalized will be bringing them all under one common architecture to support the DOD-wide infrastructure. Ensuring that the disparate efforts do not result in disparate systems is a near-term worry for Deasy, he said.

DOD leaders across the IT portfolio want to keep the momentum brought by the pandemic going. On a press call with reporters, Vice Adm. Nancy Norton, the outgoing director of DISA, announced plans for a zero trust reference architecture that she said will drive DOD’s modernization efforts to support enhanced cybersecurity.

“It’s not a rollout like we have for most programs because zero trust is not a program,” she said.

This story is part of a FedScoop special report on the Network and Telecom Modernization. Read the rest of the report.