Maintaining and expanding the Navy’s enterprise software tools means managing new and legacy code.
This is Kelsey Atherton’s first story for Breaking D. We are most glad to welcome him to our shop after his years of covering cyber, IT and all that’s related. He’ll write for you each week on these topics. Read on! The Editor.
ALBUQUERQUE — The Navy is looking for a sea change in the way it manages code. The department awarded Leidos a $7.7 billion contract Next Generation Enterprise Network (NGEN) program in February. Now they’re able to get going since the Government Accountability Office denied a bid protest from Perspecta on June 17, which had previously held up the contract.
NGEN covers the shore-side enterprise work for the Navy and Marine Corps. It is largely a form of invisible infrastructure, which supports the whole efforts of the force but only becomes visible should something go wrong. In receiving the contract, Leidos wants to offer greater reliability and security, to make that constant flow of code as reliable and invisible as possible.
“A large network like the Navy’s 600,000 users, hundreds of sites, thousands of devices — think about defending that network,” said Dan Voce, Leidos senior vice president of enterprise cyber and solutions. “There’s a significant amount of defensive infrastructure in place, firewalls and intrusion prevention systems. Like a ton of middleware, they generate a lot of data, alerts, and they’re numbered in the millions per day.”
To protect all that, Leidos said they offered a greater degree of autonomous threat detection and machine learning. When fed data on familiar tracks, they can learn to identify and prevent attacks, all at the code level. This process frees up trickier problems for direct human analysis, promising that the overwhelming majority of threats will be handily managed by code itself instead.
“We’ve actually implemented this with a partner of ours on a different DoD network also similarly, at a similar scale,” said Voce, “where it significantly helps increase the accuracy of the prioritization of the alerts and therefore makes the cyber analysts more effective.”
Besides automating the work of filtering attacks, Leidos has said that one of its objectives in taking over the NGEN contract is making the networks themselves more defensible.
”The Navy has stated that they have an aged infrastructure. It’s complex, and complexity typically in networks drives challenges to defending,” said Voce. “It’s hard to defend complex networks. And so network simplification through flattening is one of the areas we are looking to do.”
Despite the pitch rife with terms and promises straight from a Silicon Valley pitch deck themed bingo, that the bid for NGEN was even down to Leidos and Perspecta shows that as much as the Navy set out to explicitly draw on new code talent, it is still operating within a familiar talent pool, and sticking with familiar contractors.
NGEN is part of a long line of code modernization projects, aimed at striking the delicate balance between the ease of commercial software and the security needs of the military. Part of the code modernization involves an organizational split in how code is handled at the network level and the immediate personnel level. This builds on an existing division between how the Navy maintains code at sea, and how it handles that code on shore.
The government has fostered an industrial base of coding since as long as there have been computers doing government work, managed by private industry. Tasking Leidos to manage the shore-side enterprise networks for the Navy and the Marine Corps means shifting specific players within that industrial base, rather than reaching beyond the traditional industrial base.
The Pentagon writ large specifically went beyond that traditional base when it sought out modern software giants for JEDI, its massive cloud computing contract.
“There’s been a distinct government sector because there are distinct customer practices and ways of doing business that firms like Leidos have. gotten good at addressing,” James Hasik, a senior research fellow at the Center for Government Contracting at George Mason University, says. “I know that the number of classic government software developers are now really scared by the entry of firms like Microsoft, Google and Amazon Oracle into the cloud services, because they don’t have the scale to deliver huge solutions”
With the protest bid denied, what comes next is for Leidos to prove it can deliver the specific capabilities the Navy asked for, in an effective package that feels and functions in a modern way. If the next Next Generation is to stay within the familiar hands of established contractors, the firms providing code to the government will have to constantly prove they know the needs of their customer better than the commercial giants out in Silicon Valley. (Kelsey Atherton).