DoD CIO Details Information Technology Priorities
DoD CIO Details Information
By Cheryl Pellerin, DoD News,
Defense Media Activity.
Washington D.C. – (DoD
News) – February 26, 2015 – Acting Defense Department Chief Information
Officer Terry Halvorsen discussed the joint information environment, the cloud,
detailed technology investments and the threat of sequestration yesterday in
testimony before a House panel.
Acting Defense Department CIO Terry
Halvorsen at the DoD CIO Cloud Industry Day
During the hearing, on information technology investments and
programs in the current cyber threat environment, Halvorsen told members of the
House Armed Services Committee subcommittee on emerging threats and capabilities
that one of his priorities is to implement a foundational element of the joint
“JIE is a concept. We’re not ever going to implement JIE,”
“What we will implement,” he added, “are the steps that get
us to a joint information environment … [and] the first step is implementing the
joint regional security stacks.”
Upgrading Network Security
The stacks are a suite of equipment, according to the Defense
Information Systems Agency’s website, that upgrades network security
infrastructure. It performs firewall functions, intrusion detection and
prevention, enterprise management, virtual routing and forwarding, and provides
a range of network security capabilities.
The first stacks were initialized in September at Joint Base
San Antonio, Halvorsen said at a recent conference.
Halvorsen’s goal is to have all stacks, in the continental
United States and elsewhere, in place by the end of 2016, to field the new
software by the end of 2016, and to have the system operational in the first
part of 2017.
The JRSS stacks, he told the House panel, “replace our
current individualized and localized security architecture and systems with a
set of servers, tools and software that will provide better command and control
and more security and do that at a lower cost.”
A Complete Review
Halvorsen said he and his colleagues are improving the
alignment of DoD business processes and IT systems and investments by conducting
a complete review of them, directed by the defense secretary, and then
performing the same review of the military departments.
“We are asking the question, ‘What IT business should DoD be
in directly and at what level?’ I think that is a key question,” the CIO said.
Based on the question and looking at available data,
Halvorsen said in written testimony, “I have directed DISA to make the next
offering of DISA unclassified e-mail a purely commercial solution. I believe
this will result in a 20 percent to 25 percent reduction in e-mail costs.”
Halvorsen said the CIO office reduced spending by $10 million
this year by reviewing contract benchmarks.
“We were also able to reprogram $20 million from DISA
contracts without reducing contract work to support JRSS installs. DISA also
lowered its rates by 10 percent and is on track to do the same next year,” he
told the panel.
Evolving Critical Areas
Halvorsen’s office continues to evolve critical areas in
mobility, he said, with smart phones, wireless, and electronic flight bags. And
his office wants to do a comprehensive review of the cyber workforce.
“Somehow we've got to have better movement between government
and private industry in the career fields,” the CIO told the panel.
“We ought to be able to wake up one day and be a private
employee, the next day come in and be a government employee and keep that
change,” he said. “I think the expertise we would gain, particularly in the area
of security, is vitally important.”
Regarding the department’s move to the cloud, Halvorsen said
his office recently put out a new cloud directive and based on recommendations
from the Defense Business Board “we have changed the way we engage industry and
publish our documentation.”
Partnering With Industry
The department, with the complete cooperation and involvement
of industry, has just published a joint cloud security and implementation guide,
“We've revised who can buy cloud, allowing the services now
to go directly to the provider without going through DISA, and put DISA in the
role of … making sure the department meets security requirements in cloud policy
and implementation,” the CIO said.
One place the department is going more commercial and
expanding industry partnerships is the cloud.
Cloud computing involves deploying groups of remote servers
and software networks that allow data storage and online access to computer
services to be centralized, according to the National Institute of Standards and
Security in the Cloud
Clouds can be public, private or hybrid, and Halvorsen said
the department uses hybrid cloud services.
“DISA has the MilCloud,” he added, “and to their credit
they've dropped the rates so it's more competitive than commercial. But what
MilCloud does is provide that extra level of security for the really valuable
data that we just can't afford to lose.”
The commercial world is working to move up to those security
standards, Halvorson said, “and as they do we'll put more into the cloud, but
not until they meet those requirements.”
The CIO said the department will not reduce its security
requirements -- in some cases the requirements are being standardized and in
others they’re being raised.
In the conversation with industry, Halvorsen said, “[because
of] the way we're publishing the cloud documents, what we've had to tell them is
the standards we put out today … will change and they might change in six months,
depending on the threat. We’ve told them they have to be reactive to that.”
The Threat of Sequestration
In response to a question from the panel, Halvorsen said the
deep budget cuts of sequestration would delay modernizing the department’s
information environment by two to three years.
Potential threats to the IT environment, he said, have
increased over the last five years and include everything from state threats to
terrorist groups like those in the daily news.
“Any slowdown in our modernization will make it easier for
even less sophisticated groups to interfere with our business,” Halvorsen told
“It will expand the number of threats we will have to face if
we don't carry through with some of the modernization and some of the security
changes we're making,” he added. “We will be more vulnerable … we won't support
the warfighters [and] they will be at risk.”
(Follow Cheryl Pellerin on Twitter: @PellerinDoDNews)
Special Report: The Cyber Domain: Security and Operations
The Defense Department on Facebook
The Defense Department on Twitter
DoD News on Twitter
DoD News Broadcast Channel