Dec 18 2023

How DOD Might Reduce Its Technical Debt with Guidance

The Defense CIO has an opportunity to take a hard line on shutting down applications that are beyond updating.

The Department of Defense needs to require the shutdown of applications that can’t be updated in any formal guidance it issues on reducing technical debt to mitigate cybersecurity vulnerabilities.

Some of the thousands of apps DOD manages live on hardware or software that is no longer supported by its manufacturers, meaning the only way to bring them up to speed is to rewrite or replace them.

DOD CIO John Sherman said in September that his office may issue guidance to military branches on reducing their IT and cyber technical debt, MeriTalk reported. Such guidance presents the perfect opportunity to address DOD’s biggest weakness when it comes to modernization: cyber hygiene.

Military branches must update all their systems with the latest software versions and patches and can do so more easily by leveraging automated tools.

Click the banner below to learn how federal agencies are implementing zero trust architecture.

Inventorying Apps and Creating a Roadmap for Rationalization

No one at DOD knows exactly how many apps each branch is running, where they all reside and what condition each is in. Without such an inventory, DOD can’t protect vulnerable apps.

The first step technical debt guidance should take is establishing that inventory, complete with a risk score for every app — which DOD already does to some degree. Apps that are 20 to 30 years old and haven’t been patched or updated in decades may viably be shut down, but only an inventory can show how serious the situation is.

Any such inventory would need to be kept classified because foreign adversaries that obtained the information would be able to exploit the vulnerabilities revealed in the U.S. defense network.

The second step of any guidance should be implementing a roadmap for servicing apps with the most technical debt. For every scenario of technical debt, there should be mitigation, ranging from a quick patch to a more involved infrastructure modernization in which hardware is scrapped.

Sherman’s office should make these recommendations and issue ultimatums for shutting down apps with vulnerabilities that outweigh their benefits. The guidance must also mention how the CIO’s office will assist with branch assessments, planning and modernization and, ideally, how these efforts will be paid for — lest it become another unfunded mandate.

DISCOVER: Outside help makes cloud deployment more efficient.

How CDW Can Help with App Rationalization

CDW’s acquisition of Sirius Computer Solutions and, more recently, Enquizit make it an asset to agencies interested in app rationalization.

The Sirius Application Modernization Assessment analyzes lines of code to produce reports on app technical debt, while Enquizit’s SkyMap serves as a project management tool to help agencies keep track of the many moving parts in their infrastructure modernizations.  

Additionally, CDW offers professional services, including experts who stay with agencies until operations are turned over.

Currently, CDW is helping DOD with a large-scale hardware refresh. From there, agencies may use automated tools to help make decisions on whether to update, replace or retire apps, and they also have the option to move to the cloud to take advantage of the benefits offered by hyperscalers.

This article is part of FedTech’s CapITal blog series.

CapITal blog logo

Army Spc. William Kuang/Army Reserve

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.