⚡️ News Flash ⚡️

“Information Technology Posture of the Department of Defense”

House Armed Services Committee
March 26, 2026 (recording linked here)

HEARING INFORMATION

Witnesses and Written Testimony:

• The Honorable Kirsten Davies, Chief Information Officer, Office of the Secretary of Defense

HEARING HIGHLIGHTS

QUICK SUMMARY

• IT as the Backbone of Warfighting: Members and the witness emphasized that modern military capability depends fundamentally on secure, reliable networks and data systems. Without functioning IT infrastructure, advanced technologies and operational systems cannot perform effectively. There was clear agreement that digital capabilities are now central to readiness, decision-making, and battlefield advantage.

• Legacy Systems and the Urgency of Modernization: Lawmakers highlighted serious concerns about outdated, inefficient IT systems that are costly to maintain and vulnerable to cyber threats. The witness acknowledged both technological and cultural barriers to reform, noting that modernization requires replacing legacy systems and adopting commercial solutions. Efforts are underway to streamline systems, reduce technical debt, and accelerate the transition to modern platforms.

• Cybersecurity Transformation and Supply Chain Risk: The hearing underscored a shift toward a more holistic, risk-based cybersecurity approach focused on resilience and continuous monitoring. Members stressed the importance of securing not just DoD networks but also the defense industrial base, which remains a key vulnerability. At the same time, there was concern about balancing strong security requirements with the burden placed on small businesses supporting national defense.

IN THEIR WORDS

SUMMARY OF OPENING STATEMENTS

• Chair Bacon opened the hearing by emphasizing the central importance of the Department of Defense’s information technology infrastructure to all military operations. He argued that networks underpin command and control, personnel systems, and operational planning, making their reliability essential to warfighting effectiveness. He stated that modern warfare operates at the speed of data, increasing the urgency of maintaining strong and functional IT systems. He expressed interest in understanding the current state of DoD networks and the department’s plans for modernization. He highlighted priorities including secure cloud access, cybersecurity for both DoD and the defense industrial base, and foundational IT improvements needed to support emerging technologies like artificial intelligence. He concluded that without well-functioning networks, none of the department’s advanced capabilities would be effective.

• Ranking Member Houlahan stated that modern defense capabilities depend not only on weapons systems but also on the networks and data infrastructure that support them. She emphasized that IT systems form the backbone of daily operations for service members and are critical to maintaining an advantage over adversaries. She outlined several key priorities under the CIO’s responsibility, including zero trust implementation, network modernization, cloud adoption, supply chain security, and reducing technical debt. She also highlighted the importance of improving data interoperability, modernizing business systems, and managing spectrum and authorization processes. She raised concerns about workforce challenges, particularly the effects of hiring constraints on the department’s ability to meet these demands. She stressed that Congress must continue to engage on these issues to ensure the department can address both current and future threats effectively.

SUMMARY OF WITNESS STATEMENTS

• Ms. Davies stated that the Department of Defense was pursuing a strategy to transform technology and cybersecurity into a decisive warfighting advantage by enabling data supremacy and faster decision-making. She explained that the department was undertaking a broad enterprise IT and cybersecurity transformation to reduce inefficiencies, modernize systems, strengthen cybersecurity, and unlock innovation across operations. She outlined four key pillars of this effort, beginning with strengthening the digital foundation through modernized networks, expanded cloud capabilities, improved spectrum management, and resilient communications infrastructure. She next described efforts to deliver agile digital capabilities by accelerating software development, improving data flows, modernizing business systems, and expanding secure collaboration environments with partners. She emphasized a shift toward a risk-based cybersecurity model focused on automation, resilience, zero trust implementation, and stronger protection of the defense industrial base. She concluded by highlighting the importance of workforce development and partnerships, including initiatives to recruit and retain cyber talent, expand training programs, and deepen collaboration with allies to ensure long-term technological and operational advantage.

SUMMARY OF KEY Q&A

• Chair Bacon asked how the Department of Defense was improving cybersecurity across the defense industrial base and what more was needed to protect supply chains. Ms. Davies said the department needed to take a more holistic approach beyond data confidentiality by focusing on integrity and availability, while expanding outreach through programs like DC3 and NSA partnerships to strengthen industrial base security.

  Chair Bacon asked about vulnerabilities in operational technology systems and priorities for securing critical infrastructure. Ms. Davies said many systems were legacy and not designed for connectivity, and the department planned to establish a center of excellence and work more closely with industry to improve security standards.

  Chair Bacon asked about preparations for quantum computing threats to encryption. Ms. Davies said cryptographic modernization was a major ongoing effort across all systems, with further details to be discussed in a classified setting.

• Ranking Member Houlahan asked whether the Department of Defense was using electromagnetic spectrum efficiently and balancing commercial and military needs. Ms. Davies said spectrum use was currently balanced but required ongoing coordination and adoption of new technologies to improve dynamic sharing.

  Ranking Member Houlahan asked about lessons from drone usage and spectrum management in Ukraine. Ms. Davies said the department was studying increased drone use and spectrum impacts while developing defensive measures and would provide further detail later.

  Ranking Member Houlahan asked how the department would manage growing commercial data demand alongside military spectrum needs. Ms. Davies said the department was expanding 5G infrastructure across installations and continuing active discussions on dynamic spectrum use.

• Rep. Finstad asked about barriers to replacing outdated legacy software systems. Ms. Davies said challenges were both technical and cultural, and the department was working to sunset outdated systems and adopt modern platforms with leadership support.

  Rep. Finstad asked whether legacy systems would be acceptable in the private sector and how to adopt commercial solutions. Ms. Davies said such inefficiencies would not be tolerated commercially and emphasized that cultural resistance and risk aversion were key obstacles to modernization.

• Rep. Ryan asked for an update on efforts to streamline the Authority to Operate process. Ms. Davies said the process remained too slow and fragmented but could be improved through technology, automation, and a shift to continuous risk management.

  Rep. Ryan asked about progress in closing cyber workforce gaps. Ms. Davies said the department was expanding scholarships, academic partnerships, and new training programs while exploring earlier pipeline development through K–12 engagement.

  Rep. Ryan asked about U.S. cyber performance against adversaries. Ms. Davies said most details required a classified setting but noted ongoing efforts to improve resilience, redundancy, and infrastructure security.

• Rep. Crank asked about the status of the CMMC review and its impact on small businesses. Ms. Davies said the review was ongoing and emphasized the need to reduce regulatory burden while maintaining supply chain security.

  Rep. Crank asked about oversight of third-party compliance organizations and overclassification concerns. Ms. Davies said oversight fell under her office and that both compliance processes and classification practices were under active review.

• Rep. Vindman asked about implementing digital twin technology to improve cyber risk management. Ms. Davies said she supported pilot programs and was already working on designs to apply digital twin capabilities to infrastructure security.

  Rep. Vindman asked about lessons from cyber operations in Ukraine. Ms. Davies said the department was focusing on broader lessons around resilience, redundancy, and network modernization rather than specific operational details.

• Rep. Conaway asked how to balance cybersecurity requirements with burdens on small businesses. Ms. Davies said the department aimed to combine existing support programs, intelligence sharing, and partnerships to strengthen security while reducing strain on contractors.

  Rep. Conaway asked whether financial assistance should be provided to help small businesses meet cybersecurity requirements. Ms. Davies said such support could be part of a broader set of solutions alongside existing programs and partnerships.

• Chair Bacon asked how much legacy IT contributed to cybersecurity challenges. Ms. Davies said outdated systems significantly increased risk and required costly workarounds, making modernization a top priority.

• Ranking Member Houlahan asked about timelines for implementing zero trust in operational technology systems. Ms. Davies said a separate deadline existed and was under review, with efforts underway to accelerate implementation based on mission priorities.

  Ranking Member Houlahan asked whether workforce reductions would affect zero trust implementation. Ms. Davies said progress depended more on prioritization and leadership focus than workforce size.

• Rep. Vindman asked about the most ambitious reforms being considered. Ms. Davies said she was pursuing a more operational CIO model, organizational restructuring, and greater use of commercial technologies to accelerate modernization.

ADD TO THE NIMITZ NETWORK

Know someone else who would enjoy our updates? Feel free to forward them this email and have them subscribe here.