Defense Department Acting CIO John Sherman emphasized the Pentagon’s firm intent to move further toward adopting cloud infrastructures and zero trust security concepts at a June 29 hearing held by the House Armed Services Committee’s Subcommittee on Cyber, Innovative Technologies, and Information Systems.
Sherman has been a highly vocal supporter of moving DoD toward zero trust adoption and improving agency cybersecurity, and reaffirmed his thinking in response to questions from Rep. Scott Franklin, R-Fla., about the sizing of the Pentagon’s IT and cyber budgets.
“I am encouraged by the direction of the department, but this is not an area where we can afford to slow down,” Rep. Franklin said. He continued, “DoD has a technology deficit … and unless we make the proper investment … we risk weakening national security, and none of us wants that.”
“Cybersecurity is my top priority,” Sherman declared. He told subcommittee members that DoD’s FY2022 budget request will enable the agency to pursue progress on zero trust and risk management, and to “drive new investments for cyber resilience.”
Responding to questions about attention being paid to the security of industrial control systems (ICS) upon which DoD operations rely, Sherman said his team is reviewing ICS vulnerabilities to see if “there are seams that we need to address.”
Sherman offered similarly strong statements on DoD’s continued commitment to cloud service adoption.
“In a critical step for the whole enterprise, we have made cloud computing a fundamental part of our global IT infrastructure and modernization strategy,” he said.
“We remain committed to drive toward a multi-vendor, multi-cloud ecosystem,” he said. “We have 50 commercial cloud vendors … including providers and systems integrators,” Sherman said, adding, “We have matured over the past several years … and we are driving hard to sustain momentum.”
In particular to DoD’s FY2022 budget request, he said that request incorporates software modernization driven by cloud services, and that DoD plans to release a related software modernization strategy this summer.
Budget Detail Complaints
Despite the generally constructive tone at the June 29 hearing, Sherman did not face entirely smooth sailing in questioning from Rep. Jim Langevin, D-R.I., the subcommittee’s chairman.
In particular, Rep. Langevin took DoD to task for a lack of detail in its summary IT and cybersecurity budget for Fiscal Year 2022, saying it was skimpy in comparison to prior submissions, and that some of the language was a “carbon copy” of previous submissions. “If your office can’t put together the necessary materials, how can we trust the stewardship” of the information and provide oversight, the congressman asked.
Sherman assured Rep. Langevin that DoD would do a better job in the future. “I will own this, and ensure that we get it better next time,” he said. “Without that level of detail … we can’t fulfill our oversight responsibilities,” Rep. Langevin responded, adding, “I take you at your word … we will take it from there.”