How the Pandemic Changed the Defense Digital Service’s Portfolio

Al Orfali/Shutterstock.com

While the group supports multiple COVID-19 efforts, DDS Director Brett Goldstein is also looking ahead to DOD’s data challenges and possible expansion of Hack the Pentagon.

When Defense Digital Service Director Brett Goldstein took the helm of the Defense Department-specific branch of the U.S. Digital Service in 2019 as its second director, the coronavirus pandemic and its consequences would have been impossible to imagine. 

A year and a half later, DDS is supporting Operation Warp Speed, the government’s effort to facilitate the development and distribution of a vaccine for COVID-19, with a primarily remote workforce that has virtually onboarded around 30 new employees. Nextgov caught up with Goldstein this week to talk about 2020 and the road ahead. 

These excerpts from the conversation have been edited for clarity.

Nextgov: As this year wraps up, what has 2020 been like for DDS? 

Brett Goldstein: So 2020 has been a bit of a different year for all of us. At the beginning of the year it was a remarkably normal year. We were growing the team. I would never really call our projects normal, but we had the normal portfolio diversity. I was a road warrior. That was very normal. 

As we get to the end of the year, things have pivoted where obviously we're in the heart of COVID. We have a primarily remote team. And the great thing behind that is two pieces: one, we went to remote capability without missing a beat. And that's something that I'm really proud of. Two, we've grown the team substantially during COVID. And within the DOD that's not normal, to be able to remotely swear people in, onboard them, get them hardware, deal with getting them up to speed on all these issues. So we've not only sort of hit our stride in this but we've grown. 

From a project perspective, we've pivoted a good chunk of the portfolio to support COVID-related operations. We have a substantial effort to help with symptom tracking and detection, which goes back to when the [USS Teddy Roosevelt] arrived in Guam to things that are more tied to the vaccine so we're partnered with the [National Security Agency] in one of the pillars of Operation Warp Speed where we're protecting the vaccine from the cyber perspective. So we've pivoted, we're working on things that are critical to the DOD but also to our country as a whole. 

Nextgov: Talk about what protecting vaccine efforts entails. 

Goldstein: In the old days, we'd worry about traditional threats. Could someone steal it? Is it locked up well? And you'd have operational considerations for the physical security, which is certainly a consideration here. But today, you have the cyber realm. How do you protect the integrity of the data and all of the different pieces that go with that? How do you think about all the different players, the systems, things that are public-facing, the surface area tied to that and make sure that the vaccine, and the [intellectual property], and the integrity of the underlying test data is safe? 

It is extraordinarily important to produce a vaccine that has scientific rigor, and that’s letting the science do the real work here. But at the same time by protecting these systems, we're offering both maintaining the rigor of the science, but also helping prevent perceptions, which can be problematic because vaccines are also about trust.

Nextgov: DOD recently released its first enterprisewide data strategy. You said during a Center for New American Security webinar last month that you collaborated with Chief Data Officer David Spirk on developing some of the strategy’s core concepts. What does getting implementation of the data strategy right look like to you? 

Goldstein: I think I bring both some OG perspective in the CDO world, along with some of ‘what do we have to do next.’ I was the first chief data officer of a major city, when I was CDO of Chicago. So I spent a lot of time learning both the good and the bad and things to spend time on. Now when you couple it with a national security mission and understanding efforts like [Join All-Domain Command and Control], that colors my perspective. So working with Spirk and the [Joint Artificial Intelligence Center], and these folks, I encourage them to do the basics right. 

I'm often the dude who says, stop focusing on the shiny ball and stop talking about magical AI, but let's talk about [extract, transform, load], and underbelly and portable architectures. I like to introduce this concept of what I call a “no new bad.” Historical systems are what they are. But starting tomorrow, let's make sure we're architecting things for a way that allows for that integration. Historically, we spent a lot of time thinking about things in the service or the component level. Instead, we need to think about that holistically.

Peeling that back more technically, what does that mean? Everything should have an [application programming interface]. In my mind, this is basic, but we need to be more explicit about this. An open standard-based API architecture is critical to building these types of things. 

So APIs, machine readability, requirement for schema, and proper metadata, follow open standards, avoid proprietary formats. Start to be able to socialize data sets. So, how do you register a data set, what is the associated schema that goes with that, what is the API, how are we going to think about permissioning. Starting to create architectures that aren't necessarily hard-coded point to point, but instead, we think about middleware which allows for translation and portability. Because architecturally, you want to be able to insert new things easily, iterate on those new things, have them feed into other systems … and also be able to swap things in and out of these systems. But I take many of these lessons and I encourage what I call building a strong foundation, prior to many of the end analytics.

Nextgov: What are some challenges for DOD as it works on enterprisewide projects and initiatives such as the data strategy? 

Goldstein: We need to do a good job of educating folks. So working on data literacy and getting a focus not just on data science, but data architecture. I could talk about a deep learning analytic and it would be super exciting and it might have a great outcome. And that's a really fun conversation. But when I started talking about APIs and schemas and machine readability and those pieces—it’s not as much fun. What we do need to do is educate people well in why sustainability and architecture in each of the services is critical. 

If you build an analytic that runs on top of a static piece of data, it'll probably work really well then. But what happens when conditions change, when it's a battle condition or something like that, the analytic needs to be performing and sustainable. When it's not built on that foundation, it's a problem. So right now I spend a good amount of time with the services. People really get the idea of building sustainable systems, but you also need to educate people on the value of cross-service integration. And when you look at JADC2 and some of these systems, they're starting to get the value proposition and why it is mutually beneficial for all parties. 

But, along with this, and going back to data literacy is: OK, you have architecture, you have analytics. We need to improve understandability. Data is remarkably powerful but it can also be dangerous. I like to be a little academic-y here and say OK, you did a regression. Is it a good regression? Is it a regression that adheres to the laws of mathematics? If not, it's a useless analytic. So we have this realm of getting people comfortable and understanding the outcomes and be informed, excited users. 

Then lastly, and this is where I encourage lots of folks these days, focus initially on reusability. Not everyone needs their independent big data platform. Find analytics that are reusable. Find problems that have commonality between the services. All day long, I would rather do a couple of these and do them really, really right and get people excited and using them, than do a series of bespoke activities. Bespoke activities are exactly that, whereas right now we need to focus on core foundation and core problems.

Nextgov: What are some projects you would like to tackle before your “tour of duty” with DDS ends? 

Goldstein: That’s a good question. So, it falls within the theme of cybersecurity, where I think we've made some substantial inroads in the Hack the Pentagon effort, where that has become quite large. And we have Hack the Air Force, we have Hack the Army, we've done the partnership with [Defense Advanced Research Projects Agency], all these different pieces. I would like to do more in the way of how we think about remediation. It's not just find, but how do we remediate and validate? 

Something [Dr. Will Roper, assistant secretary of the Air Force for acquisition, technology and logistics] and I have discussed a bit is “hack the design.” Because I feel that when it's a deployed system and we're finding vulnerabilities, we’re kind of late to the party, right? But if we're having a perpetual security assessment during the design phase, I think that's something that can provide enormous value. Cybersecurity goes again into my daily top worry list. And we need to never be complacent, never rely on checklists, always be worrying. Part of that is trying to design better. And then from there also comes lesson portability. If in a given program I design, I found that there's this sort of flaw, how do I make sure that that information is propagated to improve everyone? So I think that's an area that I'd love to be doing more in.