Tom Afferton, vice president of Defense and Intelligence Business Unit with Northrop Grumman Defense Systems, recently spoke with ExecutiveBiz regarding information technology (IT) modernization, cybersecurity and evolving threats. He also addressed how the company has helped customers adapt to remote working and how it's shifted the technology and cultural landscape.
“When you talk about IT modernization, you’re talking about how you leverage technology to get capabilities into the hands of either agency users, citizens or end customers faster. Our underlying approach, whether it’s software systems or infrastructure, is to use agile processes.“
ExecutiveBiz: As the amount of available data continues to grow, how has Northrop Grumman managed and secured data?
“Often when people talk about data, they jump to what they’re going to do with that available data, such as integrating artificial intelligence (AI). I believe it actually starts with determining how to manage that data.
We help our customers navigate a disciplined process to derive more value from their data. First you have to understand the data. Then, you have to talk about the management aspects, like data governance, to understand the definitive source, and how the data is used.
As you move into security, you have to create a management system to determine who is allowed to access the data and under what circumstances. We spend a lot of time working with our customers on how their data fits into a zero trust architecture, how to store the data and how to manage access.
We also spend a lot of effort on identity, credentialing and access management. We determine how to scale that as the volume of data grows and as the customers' data expands.
Ultimately, when you understand the data you have, you can apply the appropriate controls at the right granularity. This enables people to access the necessary data to be able to perform their mission.“
ExecutiveBiz: How has Northrop Grumman leveraged best practices for IT modernization to quickly respond to customers' challenges?
“One of the approaches Northrop Grumman has taken focuses on our heritage of systems engineering. Under that systems engineering culture, we have been integrating the agile methodology into our software development and infrastructure modernization processes.
We use scaled agile for our larger customers, which is a more systematic way of scaling up to a large program, while still executing and delivering capabilities incrementally. This allows us to continually deliver value, have iterative interaction with our customers, and provide rapid progress.
It’s not just about optimizing the outcome and the delivery, but you also need to step back and make sure you’re continually optimizing the environment and the system. For example, when we look at mission software factories, part of our approach is setting up the environment to be able to operate quickly.
We’re meeting with one of our largest customers later this week to have that exact discussion about not only the outcomes, but how to create the conditions for that process to continue to operate smoothly at scale.
This includes things like breaking down silos among stakeholders, understanding and clearing dependencies with other organizations, and mitigating security challenges. A process can only go as fast as its slowest element, so it is important to set clear expectations across all stakeholders.
We talk a lot about the idea of operating in an agile way in a software context, but it also can apply more broadly to other processes and aspects of introducing capabilities and technology. It's not just about writing code. Across a program, you can break up tasks into smaller increments and establish mechanisms for prioritizing different work.
Whether it's introducing cybersecurity controls, creating new infrastructure capabilities or developing a new user application, we use this agile mindset to work closely with our customer to deliver incremental value and get feedback.
ExecutiveBiz: With a wide variety of customers across sectors, how does Northrop Grumman enable them to operate in a high threat environment?
“There are multiple factors within a high threat environment. One area is clearly cybersecurity. We have a broad set of engagements across my portfolio, such as supporting the Marine Corps' cyber operations group and the Army's regional cyber center in Europe.
We follow a disciplined process to help the customers with their cyber operations. We start with understanding the environment, the mission, the data involved in the systems and the infrastructure, then we focus on securing systems and implementing best practices.
We also look at the capabilities that are already in place. You rarely start from scratch, so understanding the existing tools and how to best use them is critical. In some cases, it’s not a matter of bringing in new tools, but a matter of rationalizing the ones you have, and streamlining them to develop a common picture.
The next stage is optimization, where you discover how to streamline to provide a simpler picture for the common operating environment. This stage could also introduce automation. Automation, not necessarily in terms of replacing people, but maybe automating routine tasks to free up individuals to focus on higher order activities.
Finally, we talk about evolving. This isn’t a one shot process. The threat environment continues to evolve, as well as the environments that you protect. You have to be able to respond to the dynamic threat environment.
A great example of that is what has happened in the last six months and the rapid transition to the virtual environment. In this case, organizations have needed to quickly evolve their controls to support the migration to the cloud and bring your own device, as well as apply other tools to evolve their cyber operations.
I’ve also heard from a couple of different customers, particularly as I engage more on the defense and intelligence side of the business, that some of the most serious threats we face right now are in the information environment and the threat of manipulated information, or misinformation, such as deep fakes.
We are helping our customers navigate these threats. There are a couple of ways that we go about that. One of the key ways is that we have social behavior analysts on our staff that have helped our customers understand signals to predict insider threat risks. We often focus on the technology side of IT with the information environment, which is growing in importance, but it's critical to remember the other factors at play too.“
ExecutiveBiz: How has Northrop Grumman helped its customers adapt to changes brought on by the pandemic?
“The obvious thing that’s happened for many of our customers is the move to an 80 percent virtual work environment. There are clearly technology challenges, like sizing VPN and adapting bandwidth, so zero trust architecture and identity credential access management is critical.
We've had to evolve those techniques that were used to access an application on a desktop in an on-premise environment. Now employees are coming through a virtual desktop in a remote environment. You don’t want to have any data stored locally, so you need to modify the workflows in the application.
We also have to recognize that we are a people business. We provide services and work with people on the customer side, so there is also a cultural aspect of the pandemic. We have to adapt to a changing work environment as much as the technology.
I recently read a customer assessment for one of our large programs and we were pleased with the results. The first section of the feedback was focused upon helping our customer navigate remote work, and particularly the people side. We were praised for quickly transitioning scaled agile and increment planning to execute in a completely virtual environment in a way that sustained collaboration and progress.
You also can't forget the other 20 percent of the population that is not remote, often working on sensitive networks where they need to come into a secure environment. There’s been changes there as well to ensure that we are establishing the safety protocols for non-remote workforces. We had to execute that in a rapid manner as much as we did on the technology front.“
ExecutiveBiz: Moving forward, how do you see the workforce and tech landscape evolve?
“I hear from a lot of people, in both the private and public sectors, that there’s a growing realization that the workforce may never go back to the on-site dynamic we had before the pandemic. People have realized that remote work is very possible.
Remote work demands flexibility. There’s a flexibility that has to be there from a cultural aspect in terms of employees, as well as our technology solutions. That could be seen in a responsive design of an application, where it has to be able to work on any kind of device, work over a VPN and in a virtual desktop environment,
There will be advanced security architectures and migration of applications and data to the cloud to make it accessible in an anywhere environment. The pandemic environment has resulted in an acceleration of modernization, not a slowing down. This changing environment has raised the bar and that is very exciting for us.
As we start to look forward on the technology front, there will be a progression from analytics to artificial intelligence and machine learning. It will continue to impact a growing number of aspects of government work and the missions that we support.
No matter what the exact advancements are, we'll keep our primary focus on enabling better decisions and improved mission outcomes for our customers.“