Army Maj. Jared Hrabak, a cyber officer with the Army Reserve’s Cyber Protection Team 185, uses a common network scanning tool called “masscan” to enumerate a network during his unit’s virtual battle assembly at Joint Base Langley-Eustis, Va., Aug. 9, 2020.

Aug 23 2021

DOD May Be Required to Audit Legacy IT as Pentagon Pushes for Modernization

Draft legislation would require the Defense Department to identify and sunset obsolete technologies.

The Defense Department may be required by law to audit its legacy IT systems to better determine which ones could be shut down, according to draft legislation governing the Pentagon’s operations.

The push from lawmakers comes as the DOD is working to modernize its technology capabilities via the cloud and the adoption of leading edge tools such as artificial intelligence.

In late July, the House Armed Services Subcommittee on Cyber, Innovative Technology and Information Systems performed a markup of the fiscal year 2022 National Defense Authorization Act. As part of that, the committee’s draft of the annual legislation would require “each military service initiate an effort to account for the legacy information technology (IT) systems, applications, and software,” as FCW reports.

As FedScoop notes, each of the military services would be required to conduct the audit within 270 days of the NDAA’s enactment, which is typically Jan. 1.

The secretaries of the service branches would need to report to Congress on legacy IT systems and apps, how they are funded and who is accountable for their operations, according to FedScoop. The legislation includes a plan to sunset those programs and their funding to “ensure that redundant and unnecessary investments can be better aligned to departmental priorities.”

DOD, Lawmakers Focus on Ways to Modernize Defense Technology

The push for an IT audit in the NDAA mirrors in some ways an initiative the Navy started in late 2020, dubbed Operation Cattle Drive, which, according to a Navy memo, is designed to “sunset or rationalize unneeded, obsolete, unproductive, insecure and un-auditable IT systems and applications” by cutting funds and resources, decertifying them and removing them from the Navy’s networks.

It also comes as the DOD is ramping up efforts to modernize. “Our nation continues to face a complex, evolving and diverse set of threats,” Cynthia Mendoza, the DOD’s deputy CIO for special access program information technology said in July at a forum sponsored by Government Executive, according to a DOD post. “To counter these threats and remain ahead of our adversaries, it’s very important that we have timely, insightful and accurate data and information.”

The DOD needs to make advancements in AI, machine learning and supply chain risk management to counter moves by adversaries, she said.

“To confront these technology challenges, we must be united across the DOD in how we are scaling and operationalizing the IT infrastructure and securing it to provide for the best advanced technologies,” Mendoza said. “As we look forward, our challenge will be to scale and operationalize IT-enabling capabilities by leveraging key advanced technologies, such as artificial intelligence and machine learning, 5G wireless technology and quantum computing.”

RELATED: The Air Force is testing wireless sensors to relay data from planes.

In addition to the IT audit, the draft NDAA legislation includes other provisions to help the department advance IT modernization. One measure is designed to address a problem commonly referred to as the “valley of death,” referring to the gap between when a program receives development funding and is prototyped and when it is included into a program of record and fully implemented.

As NextGov reports, the legislation “directs the Defense secretary to carry out a five-year pilot to help take science and technology activities into full-scale implementation as well as to submit a report evaluating the barriers that prevent DOD from scaling innovative tech.”

Yet another provision would give the defense secretary the power to expand the Defense Innovation Unit’s footprint and “to engage and collaborate with private sector industry, and communities in regions that do not otherwise have a DIU presence,” but the measure is subject to appropriations, FCW reports.

U.S. Army photo