As 2024 gives way to the new year, MeriTalk is taking a look back at the year’s biggest tech and cybersecurity policy moves at the Department of Defense (DoD) that set the stage for the Pentagon’s IT priorities in 2025.

CMMC is Here!

After what seemed like an eternity in regulatory limbo, the DoD’s long-awaited cybersecurity compliance policy finally cleared the review process and sailed through the 60-day Congressional Review period unscathed, signaling the end of its rulemaking journey.

The Cybersecurity Maturity Model Certification (CMMC) Program, which the DoD officially released in October, requires defense industrial base contractors and subcontractors to implement necessary security measures for Federal contract information and introduces new security requirements for controlled unclassified information related to specific priority programs.

But, while the program is officially in effect, don’t expect to start seeing CMMC in contracts just yet. Its full implementation is still on hold, waiting for the revision of the Defense Federal Acquisition Regulation Supplement (DFARS) clause and the final publication of the rule in the Federal Register.

DoD officials expect to publish the DFARS follow-on rule to contractually implement the CMMC Program in early to mid-2025.

NDAA FY2025 Greenlit at the Last Minute

In a race against the clock, both the Senate and House approved the National Defense Authorization Act (NDAA) for fiscal year (FY) 2025, ensuring that key military policy measures will take effect in the new year.

On Dec. 18 the Senate approved the NDAA with a 85-14 vote. The House approved the bill on Dec. 11 with a 281-140 vote.

The 2025 NDAA, with a topline of $895.2 billion staying just under the budget caps set by the Fiscal Responsibility Act, includes numerous tech-related provisions ranging from artificial intelligence (AI) to cybersecurity. Among the included amendments are initiatives to educate service members on AI and measures to expedite the technology’s adoption.

The bill also includes a number of bipartisan provisions, including a 14.5 percent pay raise for junior enlisted service members and a 4.5 percent raise for all other military personnel.

DoD Edges Closer to 2027 Zero Trust Goal, Zero Trust for OT on the Horizon

The DoD is steadily advancing toward its 2027 zero trust security goal, with some in the department reaching target-level zero trust before the deadline.

The DoD has been on a nearly two-year mission to create a unified security posture across diverse domains. DoD expects the “target” level goals to be achieved by FY2027. Only specific organizations will be required to meet the “advanced” level goals, but officials do not see the need for any department-wide mandate in the future.

In a major step forward, the Department of the Navy announced in late October that its Flank Speed cloud service became the first to achieve full compliance with the department’s zero trust goal, meeting all 91 targeted capabilities were reached nearly three years ahead of schedule. Going forward, the Navy said it will focus on expanding Flank Speed’s zero trust outcomes to the Navy enterprise, bringing its Information Superiority Vision (ISV) 2.0 to reality.

As other components within the DoD continue progressing toward target-level zero trust, the department is simultaneously eyeing the expansion of its zero trust initiatives beyond the September 2027 goal, with upcoming guidance set to prioritize operational technology (OT) security.

DoD on Track for Replicator One Goal, Phase Two Underway

The Pentagon is 16 months into its ambitious Replicator One initiative, with just eight months left to reach its 24-month goal. However, despite the daunting timeline, DoD officials are confident about meeting their objectives as the department pushes to roll out thousands of inexpensive autonomous systems.

The Replicator initiative – which is overseen by the Defense Innovation Unit (DIU) – aims to field thousands of innovative systems across multiple domains and into the hands of warfighters by August 2025, as part of the Pentagon’s strategy to counter China’s rapid armed forces buildup.

As the department continues to work towards meeting the August 2025 goal for Replicator One, it is simultaneously advancing Replicator Two, which Secretary of Defense Lloyd Austin announced in September.

Replicator One is focused on delivering aerial and naval drones to American operators, while Replicator Two aims to deploy existing counter-drone systems at scale. Replicator Two shares the same 18-to-24-month timeline for completion.

Fulcrum

This summer the DoD unveiled a wide-ranging plan – dubbed Fulcrum – to modernize the agency’s IT networks and compute infrastructure with the aim of providing better user-centric IT capabilities to warfighters around the globe.

Fulcrum – which Deputy Secretary of Defense Kathleen Hicks signed off on June 20 – prioritizes user experience and investment in infrastructure that is both agile and scalable to meet the dynamic requirements of operations and opportunities offered by the most modern technologies

In an interview with MeriTalk, Acting DoD Chief Information Officer (CIO) Leslie Beavers stressed that the next crucial step in making Fulcrum a reality is mobilizing the necessary forces, noting that adoption will be the main challenge in executing the Fulcrum “vision.”

Open DAGIR

Pentagon Chief Digital and AI Officer (CDAO), Radha Plumb rolled out a new plan this summer to bring more companies into the fold, boosting the DoD’s data, analytics, and AI capabilities – with DoD’s Combined Joint All Domain Command and Control (CJADC2), the department’s AI-powered meta-network of connected sensors to coordinate all the armed forces, as the first program in line for support.

The Open Data and Applications Government-owned Interoperable Repositories (Open DAGIR) is a multi-vendor ecosystem that enables industry and DoD to integrate data platforms, development tools, services, and applications “in a way that preserves government data ownership and industry intellectual property.”

DoD initially leveraged the Open DAGIR ecosystem to support the data infrastructure and applications for CJADC2, expanding access to mission command applications and ensuring that capability is available across the combatant commands at the strategic level.

In the new year, the DoD plans to deploy enterprise enablers through the Open DAGIR program, ensuring CJADC2 is seamlessly accessible across combatant commands at the strategic level.

Goodbye Task Force Lima, Hello AI RCC

As 2024 comes to a close, the department bids farewell to Task Force Lima – which developed, evaluated, and monitored generative AI capabilities for the DoD – and looks ahead to a new era with the launch of its AI Rapid Capabilities Cell (AI RCC) in 2025.

The AI RCC will be focused on accelerating DoD adoption of next-generation AI, including  generative AI tech, and will be managed by the CDAO in partnership with the DIU.

The AI RCC will initially be resourced with approximately $100 million in FY2024 and FY2025 for pilot efforts that apply generative AI models to priority use cases, and investments in foundational AI infrastructure and tools.

JWCC Surpasses $1B Mark

The DoD surpassed the $1 billion task order milestone on its $9 billion multi-vendor cloud contract, with over 65 task orders distributed to a variety of U.S. defense organizations.

The Joint Warfighting Cloud Capability (JWCC) is the Pentagon’s top-tier cloud initiative, taking over from the canceled $10 billion Joint Enterprise Defense Infrastructure project. In December 2022, Google, Oracle, Amazon Web Services, and Microsoft secured positions on the $9 billion JWCC program and are now vying for task orders.

“During our first year, we saw incredible demand across the DoD. This major milestone in our program’s journey is a testament to the dedication of our team, collaboration with our mission partners, and commitment of our cloud service providers,” according to a statement by the Defense Information Systems Agency – who manages the JWCC program.

Read More About
About
Lisbeth Perez
Lisbeth Perez
Lisbeth Perez is a MeriTalk Senior Technology Reporter covering the intersection of government and technology.
Tags