The Navy wants to piggyback on the Army’s data analytics efforts through a new policy that encourages secure information sharing, the Navy’s chief information officer said.
The Pentagon “just issued a reciprocity memo that basically is like data sharing because now we’re going to agree to take the [authority to operate] of a system or an application from another service and adopt it,” Jane Rathbun said during a keynote at AFCEA NoVa’s defense IT event Tuesday. “We’re going to actually pilot this idea with the Army’s Palantir ATO and try to get it so that we can leverage it on our side and not go through that process over again as part of our data analytics ecosystem.”
Last week, the Defense Department’s chief information office released a cybersecurity reciprocity handbook to help military departments and defense agencies protect data and speed up the authority to operate, or ATO, process where one already exists.
“Executed appropriately, reciprocity reduces redundant testing, assessment and documentation, and the associated costs in time and resources,” states the memo, which is dated May 15.
The ATO process has long been a pain point across the Defense Department, particularly when it comes to upgrading software. And for the Navy, the Army’s data efforts with the AI-company Palantir is a good place to start.
“It is something that we want to do because they already have Palantir on a contract. And they have a platform and we can leverage their ATO. That’s what we want to do. And…we will be in conversations with them about that. I’ve tasked my staff to do that,” Rathbun told reporters. “We want to have variety in our data analytics ecosystem, and this will just be another capability in our data analytics toolbox.”
The Navy is also planning to update its Information Superiority Vision strategy this summer. The document, originally released in 2020, focuses on the network and security plans and will be refreshed with an emphasis on data management.
“A core focus of the Information Security Vision 2.0 is data management, and data management is about creating standards and guardrails that allow us to maneuver data in smart ways,” Rathbun said during her keynote.
For example, the new strategy would include policy on software containerization, where an application’s code, files, and tools are bundled together so software is ready to deploy.
“So if you’re developing software, you don’t have to containerize today. Is that really going to be useful if our goal is to be able to securely move data from anywhere to anywhere? Especially to the tactical edge and leverage an ecosystem that includes commercial [satellite communications], maybe cloud on a ship?” Rathbun said. “We need to have some standards and guardrails that are about information sharing, in general, application systems—and data management has to be core to that.”
Additionally, Rathbun said, the ISV 2.0 strategy, which has been written and is expected to be published in July, would also tackle how the Navy tags data.
“We don’t tag data the way we should be tagging data. People are doing it if they need to do it for their systems, but there’s not a movement, I will say, across the Department of Navy that is focused on prepping, tagging, understanding the prominence, all of those things are important in order to be able to fully consume and utilize data,” she said. “And so I will tell you, the ISV 2.0 is going to have a list of things or does have a list of things in it that we want to go after holistically as the Department of Navy on that topic.”