GUEST BLOG: The Air Force’s interim IT strategy could be a modernization road map for other agenciesBlog
November 30, 2022
It’s been said before that the best plans tend to be the simple ones. While it’s not clear whether that’s ever been said about digital transformation, the Air Force’s recently released interim Chief Information Officer (CIO) strategy could serve as an example of this truism, focusing on straightforward goals to modernize and secure the organization’s information technology environment.
The strategy, developed by Air Force CIO Lauren Knausenberger, aims to transform the department, as well as the Space Force, into a collaborative digital environment reliant on interoperable, dynamic technology solutions. It is positioned to withstand priority shifts and appropriations battles because it selects key core objectives and prioritizes what’s most important.
Cloud adoption, zero trust, and artificial intelligence/machine learning (AI/ML) are among the key elements of the Air Force’s plan, as it strives to build an adaptive, integrated digital environment with data at its core. Supporting cloud, cyber, and AI objectives requires data to be accessible, available, and up-to-date at all times.
Speeding up cloud adoption
The interim strategy aims to accelerate Air Force cloud adoption to build a globally distributed, hybrid cloud network. This keystone goal will undergird the department’s ability to share data securely by enabling interoperability across its networks and standardizing the data models. With the expansion of cloud adoption and the complexity of hybrid cloud environments, the Air Force will need to have complete insight on its data inventory, where specific data sets will operate and, most importantly, will need to know who is responsible for maintaining data security and availability on which network.
According to Veeam’s 2022 Data Protection Trends Report, two of the most common causes of data loss are technology malfunction and human error, so a strong data management policy is crucial. In a multi- or hybrid cloud environment, it’s often assumed the cloud provider offers a guarantee of availability should data be deleted or lost, but this rarely lines up with government needs. Having a full inventory of your data, knowledge of what systems it operates on, and who secures those systems and how that data is backed up will be among the most important pieces of this strategy. Typically, this requires a separate data-protection solution.
Leaning into zero trust and automated cyber
Per the 2021 White House cybersecurity executive order, the federal government is moving to adopt zero-trust architectures by 2024. The Air Force is moving ahead with its own zero-trust plans, aiming to build an architecture to segment data across multiple classifications levels and leveraging Identity, Credential, and Access Management (ICAM) tools to help limit user access.
By focusing on tools like ICAM and agile encryption, the Air Force is on the path to full zero-trust and strengthening its cyber posture against security concerns like insider threats and ransomware. Even with strong cybersecurity practices in place, as the ongoing use of ransomware has shown, defense organizations still need a robust data-protection plan in place to handle the inevitable loss of data.
The Air Force should make sure to maintain three copies of important data; on at least two different types of media; with at least one of these copies being offsite; one offsite data backup must be air-gapped, offline, or immutable; and ensure that zero errors be present following automated backup testing and recoverability verification.
The interim CIO strategy also intends to inform and speed decision-making through the use of AI/ML. This effort follows the U.S. Department of Defense (DoD) Data Strategy, which includes managing data sets for AI and algorithmic models. From the data sets it uses, to the algorithms that will process them, to the technology used to maintain its digital environment, the Air Force strategy depends on the secure flow of data across its enterprise. This is even more true in an integrated AI/ML-enabled digital environment.
For the Air Force to capitalize on the technology’s potential and quickly inform decision-making, the data servicing AI/ML applications must be unimpeachable. The service will need to establish data-protection practices that ensures continuous testing of data quality, timely backups, and quick recovery in the event of a disruption. Immutable backups will become even more crucial, as attackers’ abilities to infiltrate networks undetected and compromise data integrity ultimately would render AI insights useless. AI and ML only offer a battlefield advantage if based on accurate data.
A strategy for all seasons
The Air Force interim CIO strategy will likely serve as a guidepost to the other military services looking to modernize their digital environments in a continually changing policy and budget environment.
To ensure the success of that strategy, data protection must be obtained with critical failsafe planning and a comprehensive data backup approach. Digital transformation means that organizations have to plan for multiple backup contingencies, quick recovery, and continuous monitoring to help ensure that operations won’t grind to a halt because of data disruption. The Air Force strategy goes a long way toward reaching that future.
Gil Vega is Veeam’s Chief Information Security Officer and the Senior Vice President for Global Information Security.