As the Acting DoD CIO, I am the primary advisor to the Secretary of Defense for Information Management/Information Technology and Information Assurance as well as non-intelligence space systems; critical satellite communications, navigation, and timing programs, spectrum, and telecommunications.
Enterprise IT is one of the most challenging areas. It is complex, and there are many stakeholders to satisfy. Enterprise IT underpins virtually everything that we do. It is a critical enabler for the warfighter.
Given the importance of enterprise IT to the mission, my objective as the acting DoD CIO is to ensure that my organization is thinking differently—more innovatively. The objective is to enable more effectiveness and efficiency for the mission, and to leverage IT to empower the warfighter. I have also heard from industry that the acquisition of IT needs to be less prescriptive, and focus more on capabilities and outcomes.
To this end, I have focused my team on three primary objectives:
1. Increasing Speed to Capability
2. Balancing Security and Cost
3. Instilling a Culture of Risk Awareness
These three objectives are not mutually exclusive, but mutually reinforcing, and they are essential to solving today’s complex problems. Support to the mission and warfighter is woven through everything we do.
Let’s face it. Today’s complex problems cannot be solved with yesterday’s thinking that is common to the stereotypical government approach. Satya Nadella, CEO of Microsoft, said, “Information technology is at the core of how you do your business and how your business model itself evolves.”
Improving how DoD does business and evolving our business models related to IT will help us reach all of our objectives. Industry partnerships area common thread throughout everything we do. The reality is that IT innovation today more often originates in industry, and not the government.
"Enterprise IT underpins virtually everything that we do. It is a critical enabler for the warfighter"
Partnering with industry and leveraging commercial approaches for the IT business are essential to move forward on these three objectives. There are many ways in which my team is bringing speed to capability, balancing security and cost, and instilling a culture of risk awareness in DoD. We are:
• Modernizing the way that DoD travels
• Rethinking commercial cloud security
• Moving to commercial for collaboration and productivity
• Improving coalition information sharing
• Speeding up the hiring of cyber talent
Modernizing the Way that DoD Travels.
Defense travel reform is about simplifying processes and modernizing security to improve the DoD travel experience and reduce costs. This is one way we are bringing speed to capability for DoD. Working as a team, we streamlined the Department’s policy guidance that is directly relevant to travel, reducing it from 240-plus pages to fewer than eight pages. More importantly, simplifying our processes will let us move to a commercial capability for travel. Right now, a pilot using 100 percent commercial capability is taking place. Security and protection of DoD traveler data is paramount.
Rethinking Commercial Cloud Security.
Our objective is to deliver commercial capability faster and drive down costs. Our two boundary conditions for security in the commercial cloud are (1) protecting the DoD Information Network (DoDIN), and (2) ensuring the security of DoD data in the cloud. We are looking at how to provide cloud security solutions—including the Cloud Access Point (CAP)—as a service. My staff is working closely across industry and the Department to rethink how we strengthen commercial cloud security, and explore options for providing CAP as a Service— or CAPaaS. The CAP serves an important purpose for DoD data in the cloud from a cybersecurity perspective, especially for the security of higher-impact data. CAPaaS would let us base these capabilities in a range of cloud solutions, rather than in a cloud hosted in a DoD facility. Either way, it is critical that the Department maintains control over this connection in order to protect the DoDIN. By rethinking commercial cloud security, we will integrate more commercial capabilities while maintaining— or improving—security, and reducing costs.
Moving to Commercial for Collaboration and Productivity.
The Defense Information Systems Agency (DISA) is leading the Defense Enterprise Office Solution (DEOS). DEOS is an effort to evaluate cloud-based software as a service (SaaS) solutions to improve operational efficiencies and turn to industry to develop future solutions. The goal is to move 4.5 million DoD users to cloud-based non-developmental SaaS capabilities to reduce costs and realize efficiencies in providing enterprise email and other collaboration services. This will help us bring speed to capability, and increase our adoption of commercial solutions. DEOS replaces the current Defense Enterprise Email, the Defense Enterprise Portal Service, and Defense Collaboration Services.
Improving Coalition Information Sharing.
The Department and its mission partners need to sunset old technology. The Combined Enterprise Regional Information Exchange System (CENTRIXS) is a collection of classified coalition networks that enable information sharing, and it is old technology. The Department needs a capability to swiftly form, evolve, dissolve, and reform information-sharing environments across the Department and its mission partners. The Mission Partner Environment—Information System (MPE-IS) is this new information-sharing solution. MPE-IS simplifies and standardizes information sharing through virtualization technologies. It enables the rapid establishment of new mission networks by transitioning from physical to virtual capabilities. It also reduces costs by using commercial off the shelf hardware and software standardization along with virtualization. MPE-IS aligns to NATO’s technologies. MPE-IS will bring speed to capability, and deliver agile, flexible, and secure capability to the warfighter.
Speeding Up the Hiring of Cyber Talent.
USA Jobs and the federal hiring process can be cumbersome and time consuming, which presents some challenges. In fiscal year 2016, Congress granted the Department of Defense new authorities to hire cyber professionals, called the Cyber Excepted Service. A new civilian personnel system, the Cyber Excepted Service is an approach for managing civilian cyber professionals supporting U.S. Cyber Command within DoD. It will provide more flexibility in DoD hiring procedures, and leverage a market-based pay structure to deliver more targeted and competitive compensation packages for critical civilian personnel. The policies are in the final stages of approval.
The objective is to deliver capability to the warfighter across the DoD IT enterprise. My organization is thinking differently about enterprise IT for people, through hiring and travel. We are thinking differently about technologies, through coalition information sharing. And we are thinking differently about partnering with industry, through productivity solutions and procuring IT more effectively. Because enterprise IT underpins virtually everything we do. It is a critical enabler for the warfighter. Increasing speed to capability; getting the balance right between security and cost; and driving a culture of risk awareness, not risk aversion, will enable us to deliver a more effective and efficient IT enterprise for DoD.