Learn. fix. build.

We create innovative solutions to build, buy, and deploy the best in commercial technology. DDS tackles complex challenges head-on by recruiting exceptional tech talent from the private sector and putting them to work inside the Pentagon.

Current and past projects include reforming digital services that provide military families access to critical benefits; running bug bounty programs to identify vulnerabilities and better secure defense systems; developing drone detection technologies; hunting adversaries on defense networks; rethinking training for cyber soldiers and more.

learn.

When a DOD organization faces a technical issue that cannot wait, DDS issues a rapid response. These engagements end with a quick technical fix or a report that outlines the team’s findings and presents possible paths forward.

work-photo2.png

fix.

Undertakings where DDS develops and delivers technology to solve a problem in the DOD. Teams are staffed according to technical needs and the project ends with the successful transition of technology back to the host organization.

build.

When DDS engages with a DOD organization to dig into technical issues that the office is facing. These engagements tend to be shorter in duration and usually result in a report that outlines findings and possible technical paths forward.

Case No. 01

Rapid Response

case1.png

Operation Warp Speed

Operation Warp Speed is an effort to OWS ensure that safe, effective, FDA-approved vaccines are securely researched, tested, manufactured, and distributed to the American people. OWS is a joint effort between DOD and HHS, which merges HHS’ central role in pandemic response and their relationship with the healthcare industry with DOD’s experience with large-scale operations and defensive capabilities.

NSA & DDS are working to secure critical data & systems involved in the above processes, across private & public organizations.

 
projects1.png

Mystatus.mil

DDS designed mystatus.mil specifically for the DOD community to check and assess COVID-19 symptoms. mystatus.mil was created at the direction of the Secretary of Defense.

Mystatus.mil was an anonymous tool designed with DOD personnel in mind. It did not diagnose disease but assessed the likelihood someone may have COVID-19 based on a series of simple health-related questions, and then provided information on how to seek further advice. 

Mystatus.mil was built on a .mil domain to ensure the DOD community could access it regardless of the network they use.

 

Case No. 02

projects

projects2.png

DHA Joint Pathology Center

DDS kicked off a Discovery Sprint in March 2020 with the Defense Health Agency (DHA) Joint Pathology Center (JPC) focused on digitizing, data tagging, and AI/ML associated with one of the world's largest tissue slide repositories.

The JPC is home to over 55 million glass slides dating back over 100 years. The Discovery Sprint determined that to successfully build a repository for researchers, JPC had to decide on a digitization strategy, procure sufficient IT infrastructure for the job, which it lacked, and correct data quality and access issues that were potential hindrances to throughput. Following the delivery of its report, DDS began working with JPC to implement a finalized digitization strategy in June 2020.

projects3.png

Shepherd

Incorporating an architecture commonly found in the private sector, DDS is creating a centralized outbound DNS resolution service that combines commercial DNS solutions with threat intelligence from the intelligence community to provide an automated response.

Case No. 03

Portfolios

portfolios1.png

Counter-UAS

Rogue Squadron is a counter-small unmanned aerial systems (C-sUAS) group within DDS. It is composed of technical experts, laser-focused on providing cutting-edge, rapid-prototyped solutions at the speed of relevance based on real-time feedback and asks of the warfighter and partner-agencies in support of national security.

Ongoing development and support include:

  • Sensor Development and Integration: Small UAS consistently violate airspace around DOD installations; some installations lack reliable, comprehensive sUAS detection capability. Integrated with our cloud-based user interface (UI), our sensor helps military and federal agencies to acquire and maintain clear situational awareness in their airspace.

  • Integrated User Interface: Warfighters need a UI that can detect sUAS, display results accurately, and utilize data to react and defeat sUAS threats. Access needs to be real-time, cloud-based, secure, and accessible.

  • Rapid Response and Technology Consultation: Providing a centralized repository for education and development within the sUAS and C-UAS space is part of the DDS mission.

  • Safe Drone Operations: Rogue Squadron sets clear standards for the safe operation of commercial-off-the-shelf drone and drone detection equipment to support warfighters.

 
portfolios2.png

Hack The Pentagon

DDS established the Hack the Pentagon program in November 2016 as the Federal Government’s first-ever bug bounty program. Following best practices from the private sector, bug bounties allow independent hackers to research and disclose security vulnerabilities on DOD assets (both external-facing websites/applications and certain sensitive internal systems), sometimes in exchange for financial reward.

Participants go through background checks and can be citizens of any country except Iran, North Korea, China, and Russia. The Air Force, Army, and other military departments and DOD agencies now use bug bounties or crowdsourced hacking assessments as an optimal way to harness the depth and breadth of technical talent across the globe to help secure DOD’s digital assets. When Hack the Pentagon began, limited companies were operating in the space and most focused on either private assessments or public assessments.

DDS stood up two IDIQs, or Indefinite Delivery Indefinite Quantity contracts, one for private bounties and one for public bounties. Since that time, the landscape has changed, and today companies work on both public and private challenges, obviating the need for a distinction. Beginning in FY 2020, DDS consolidated these separate contracts into a single multi-award IDIQ vehicle.

Learn More at: www.hackthepentagon.mil

 

Case No. 04

Tech Navigators

technav1.png

Rapid ATO

DDS provided an alternative to the Risk Mitigation Framework Authorization to Operate (ATO) process with a Rapid ATO. Currently, ATOs take 9 to 18 months and focus on compliance over effective security.

In 2019, the first application, called R2D2, was approved as a trial run. DDS received the approval to pursue the Rapid ATO by the DOD Senior Information Security Officer in November 2019 for two additional projects (Battle for Mon Cala and SABER).

Success in those projects aims to make Rapid ATO a standard for all future software related projects moving forward.

 

Case No. 05

DEF CON

For the second year running, DDS partnered with the United States Air Force to participate in Aerospace Village at DEF CON 28. Together, we hosted the 2020 Space Security Challenge, the first-ever Hack-A-Satellite CTF at DEF CON, and a series of interactive workshops on aerospace hacking.

With nothing but some ingenuity and a whole lot of LEGO® building bricks, Defense Digital Service engineers rigged up four aviation workshops, three satellite hacking workshops, and one ground station workshop with partner Red Balloon Security for DEF CON 28 SAFEMODE participants to test their skills hacking real devices from the comfort of their own homes.

We had a blast hosting 2,300 participants across our Bricks in the Air, CPX SimpleSat, DDSat-1, and NyanSat workshops! Conversations on Twitch and Discord throughout the weekend proved to us once again that hands-on experiences like these, especially from a distance during a global health pandemic, are essential in training the next generation of security researchers.