Lt. Gen. Jeffrey A. Sorenson

No longer will the Army be permanently stationed forward, so the network must be in place for when soldiers deploy to any region of the world.

That’s the thrust of what keeps Lt. Gen. Jeffrey A. Sorenson, the Army’s CIO, busy planning for the future while providing IT services and support to locations around the globe and at more than 440 sites in the continental United States.

“In the next few years, 80 percent of the entire Army will be based here in the continental United States,” Sorenson points out.

No longer will the Army be permanently stationed forward, so the network must be in place for when soldiers deploy to any region of the world.

That’s the thrust of what keeps Lt. Gen. Jeffrey A. Sorenson, the Army’s CIO, busy planning for the future while providing IT services and support to locations around the globe and at more than 440 sites in the continental United States.

“In the next few years, 80 percent of the entire Army will be based here in the continental United States,” Sorenson points out.

By massively collapsing its IT enterprise to fewer than five network service centers worldwide over the next three years, the Army expects to keep pace with the consolidation of most of its forces back on U.S. soil.

FedTech Editor in Chief Lee Copeland talked with Sorenson about how his organization will achieve this change and the challenges that such a restructuring will create.

Fedtech: What have you achieved in the Army by taking a more expeditionary approach to provisioning IT and network services?

Sorenson: Provisioning in terms of an expeditionary approach is this whole effort that we are embarking upon, called the network service centers. We are establishing these as regionally based capabilities that can, if you will, provide a network forward.

It goes back to what you see in the commercials these days with the guy on his Verizon phone asking, “Can you hear me now?” He looks over his shoulder, and no matter where he is, they’ve got all these people there with him. We’re trying to create a Verizon-like network for the Army.

In the same context, our Army today is going through a massive number of moves. We won’t have the luxury of having units forward-based as we have had in years past — where we had divisions in Europe and out in Korea and so forth. All those forces, in most cases, will be relocated back to the United States.

In terms of an IT capability, since we are not going to have a robust deployment of soldiers forward, we are going to have to make sure that the network is there when they have to deploy to whatever region of the world. That’s in essence what we are after.

Fedtech: What’s the biggest hurdle that you face in the Army right now in terms of deploying IT?

Sorenson: I would say at this point, it’s clearly been trying to consolidate a lot of different networks that we have built up over time into a single network under the command and control of the Network Enterprise Technology Command, other­wise known as NETCOM 9th/Signal Command (Army), down at Fort Huachuca [in Arizona]. We have had difficulty trying to get to that interoperable network because we have built all these individual ones that don’t necessarily work together.

Fedtech: Now, it’s several individual networks?

Sorenson: In the Army today, everybody has kind of built their own, so the intelligence community has its own network, the logistics community has its own network, etc. And so when you actually begin to try to do command and control and just reach other people through e-mail, for instance, it’s not simple.

If I want to talk to a colonel in the medical community and I know his name, I can’t go on a global access list and try to find him and send him an e-mail. I would have to call him or call his office to find out his e-mail address, type in the address and then send him that e-mail. In some cases, it’s counterproductive, but that is because we have built these networks up over time individually, and while we can make it all work together, it doesn’t work together seamlessly.

Fedtech: When do you expect to have that seamless connection?

Sorenson: We are working at it right now. We continue to build enterprise services across the Army. We have laid out a plan so that this year we will establish the initial operational capability for the network service center in Europe. And then in fiscal 2010, we plan to establish two centers for the continental United States and one for Southwest Asia. And then Phase III would be in fiscal 2011, when we do the Pacific center.

That’s not to say that these regions are going to lack IT capabilities. It’s just that we’re moving to this whole construct of what we call network service centers, which combine three elements:

• The fixed-regional hub nodes essentially provide the interoperable capability into the Global Information Grid, through satellite communications and so forth, for a fixed locality.
• The area processing centers will consolidate the data and applications.
• The theater network operation and security centers will essentially provide the overall security for the network.

Those three elements will be combined under the command and control of a regional signal command. So we have the 5th Signal Command in Europe, which will take over ownership of the network service center there this year and operate IT services for that theater as well as for Africa, for the Africa Command. The intent is to have that done and demonstrate some capabilities during an exercise, called Austere Challenge, in the April-to-May timeframe. We intend to demonstrate what a network service center does for the warfighter and how it will operate.

Fedtech: Do you think that having small disparate networks is more secure than having one integrated network?

Sorenson: You know, one can make that argument, and I think if you go back and look over what has taken place, that was pretty much the thinking behind all of these separate networks. But we have gotten to a point now of improving our intrusion detection systems, our network surveillance and our antivirus capabilities such that we can basically operate a global network without the whole thing collapsing if you take down one part of it.

We have seen how different corporations have basically replicated and done this integration, and what we are trying to do is do the same thing. Using the Verizon example again: If you go into what Verizon has done, they have a global network of different components that they have integrated and made secure.

We have all these individual forces that have built out networks. There are about 19 different forests, and the old adage “You can’t see the forest for the trees” is absolutely true. This is where I go back to the whole notion of being able to interoperate. I can’t see these other people because they are in a different forest, and they are secluded from me or anybody else having contact with them. And yet, if we are going to be interoperable and be able to really respond as quickly as we need to, we can’t be doing all the patchwork like the old AT&T operators did, pulling out one plug and putting in another. We have got to have an integrated capability that’s always on and that the users have trust and confidence is going to work.

Fedtech: Let’s talk about the 500-Day Plan. What changes have you made since it was originally submitted?

Sorenson: What I have tried to do is use the plan as a baseline to think through and set in motion my top four focus areas. I talk about those frequently because as CIO, or G-6, I am only going to be here for a certain period of time. I am trying to accomplish major changes and major muscle movements — what needs to occur to improve our delivery of IT services even if those improvements may not be accomplished during my watch. I have to set the conditions for those to occur over time.

I will hearken back to an analogy made several years ago by a previous Army chief of staff, Gen. Eric K. Shinseki, to an entire Army crowd at the annual Association of the U.S. Army conference. He said the Army needed to be “more light, more lethal and more deployable,” and that he wanted a brigade to be able to deploy in 96 hours. We all looked at each other and said, “What is this guy talking about?”

Well, in four years, the result of that particular vision was the deployment of the first Army Stryker Brigade, as well as the requirement documents and the funding for the Future Combat Systems program. Gen. Peter J. Schoomaker came in next as chief of staff and began talking about the “modular Army” and how we would integrate all these different piece parts, plug them together to deploy, to support and to do whatever the nation asked us to do — as opposed to one infantry division, if you will, that didn’t look like another infantry division and one armor division that didn’t look like another.

We first put brigades into the fight in Iraq and Afghanistan. The problem that arose was that the brigades never worked with the same type of equipment; the equipment changed over and over again, and each transfer was just utter chaos. So the current chief and secretary are focused on the enterprise.

These are the major trends that led to my four focus areas. The first is the network service center idea, which as I mentioned is going to take three, maybe four years to actually put in place.

The second focus area is clearly on cyber and our ability to protect and defend and, more important, to operate that network.

The third focus area is really the whole notion of data management and knowledge management. The data strategy being that we make data visible so that everybody can see it and have access to it as necessary. For the knowledge management portion, it is exposing data to those who need to know it when they need to know it. Those ideas are coupled together.

Then the fourth major focus is working on the resources, putting in place the financial plan for the 2012-to-2017 timeframe so that these particular focuses can actually take place. If we don’t have the money, we can’t really do what we are talking about doing.

Fedtech: Not to be critical, but why is it taking so long to achieve such important goals?

Sorenson: In some cases, it’s a function of all of the piece parts. For the network service centers, there are the network operation security centers deployed in each theater, the area processing centers and the fixed regional hub nodes.

Today, we have two fixed regional hub nodes operational. The plan this year is to get two more in place and operational, then the third one would be the year after that. In terms of the area processing centers, we are talking about taking what are now disparate post camps and stations that have been operating their own individual data centers — some 440 locations in the continental United States alone — and putting them into a consolidated capability. They would draw their services from just a single node, as opposed to having their own.

Those two examples illustrate the sheer magnitude of what the Army has to consolidate, and all that is taking an enormous amount of time. In addition, we just went through a cybersecurity operation, and we found out that we had more than 960,000 pieces of equipment on the network. Well, you just don’t magically pull the switch one day, consolidate all that and restructure that network.

Look at corporate industry: Some companies — the Ciscos of the world and so forth — have taken two and three years to go off and do this. It took Bechtel three years to restructure its overall IT capability. So it is just from the sheer size of it. After all, we are the largest single customer of Microsoft in the world. From the standpoint of magnitude, it just takes a lot of time to get all of these different parts reordered and reorganized.

Fedtech: Just as a point of clarification on Microsoft: Is that the Army or is that the Defense Department?

Sorenson: The Army is the largest single customer of Microsoft. If you took DOD and added in the Army, the Air Force and the Navy and combined it into DOD that way, you could say DOD was the largest. When you say DOD, I think of the Office of the Secretary of Defense. Each one of us — OSD, the Army, the Air Force and the Navy — have individual agreements with Microsoft. There is an effort right now to consolidate that. We are moving quite frankly into a joint arena right now with Microsoft. The Army is the lead for this because we are the largest customer.

Fedtech: Ultimately, the Army network will be part of a broader, joint network, right?

Sorenson: Oh, absolutely. We have had discussions with Vice Adm. Nancy Brown, who is the J-6 [director for command, control, communications and computer systems] on the Joint Chiefs of Staff. We are setting up and have had discussions with other service counterparts trying to explain what we are doing. But I would say at the same time, each of those independent services — the Navy and the Air Force — are trying to do something very similar. And so we’ll probably never get to a point where there is just an overall joint network. That may be something that we see in 2020, 2030 or whatever timeframe. But in the meantime, each one of the services is trying to do something to improve their overall interoperable capabilities and make it interoperable from a joint perspective as well, but not as a single joint network yet.

Fedtech: Are the area processing centers evolving in a way that is going to help you expedite network services to the field?

Sorenson: We have had success in Europe. We have actually been able to consolidate to two APCs and a couple of smaller local processing centers, or LPCs. But we have not had the success we had hoped for here in CONUS, and that’s part of the reason that we will now put out a request for proposals to get industry to help us build this capability here in the United States.

While we’ve had demonstrations of what such capability can do — at Rock Island Arsenal [in Illinois], at Fort Riley [in Kansas] and certainly at Fort Huachuca [in Arizona] — the pace of transferring the delivery of services from the local data centers to an area processing center has been extraordinarily slow. Part of the reason has been that we have been relying upon the Network Enterprise Technology Command to actually do this. However, NETCOM has a day mission, and consolidating APCs is not a primary mission for them; they are an operational command.

We have got to acquire this capability — either use and leverage more of the Defense Information Systems Agency’s facilities, or go out and get folks like the Microsofts or the Googles of the world. Industry has voiced some interest in helping us form and build out these data centers or providing what we need as a service. Then we could essentially accelerate the pace by which we are transferring users’ services from local data centers to area processing centers.

Fedtech: Because the progress has been slow, are you looking to outsource rather than have your operational command handle this work?

Sorenson: Absolutely. We can’t afford the time, so we have given this to the acquisition community. We have assigned it to the Program Executive Office for Enterprise Information Systems. We have set a program manager up for the network service center effort. They have been working with the Signal Center [at Fort Gordon, Ga.] to develop and finish up a statement of objectives. We have defined the roles and responsibilities for area processing centers. These new documents will be part of this request for proposals — to let industry know what we are trying to do and how they might help us accelerate the pace by which we are consolidating these small, disparate data centers at area processing centers so we can get on with delivering the services.

Fedtech: There is debate within the Army about how much should be let out to vendors. What are the benefits from partnering more closely with industry?

Sorenson: In the grand scheme or end game, clearly this network is going to be functioning under the command and control of the Network Technology Enterprise Command. What we are trying to do is use corporate experts who have a core competency in this area, who have built out data centers and do this as a routine.

If you go look at the data center that Microsoft is building outside Chicago, which I hope to visit, it is a phenomenal capability that is really going to revolutionize what future data centers might look like. These are people who do this as a business; these are people who basically do this as their core competency. I am trying to encourage them to help us get that same capability.

Whether we build out our data centers in DISA facilities, whether we leverage their capacity, or whether we have a Google or a Microsoft — or whomever — build our own independent capability, that’s what this request for proposals is all about. We want the best value for the Army in terms of how we get these data centers put together.

Fedtech: Where do green initiatives rank among your priorities?

Sorenson: Our big effort in terms of greening is moving forward into these area processing centers to consolidate the number of servers we have, to reduce the power requirements that we have and reduce a lot of the energy that we currently demand to make our network function.

Fedtech: Let me ask you a little bit about the role of the CIO. How has that changed during your years of service, and do you think it’s better or do you think it’s worse?

Sorenson: I think it has evolved so that it is now looked on as the provider of IT services, IT networks, infrastructure, etc. In the past, what happened is that every particular organization decided that they needed something and went off and bought their own.

Again, it’s like looking at a company: You have everybody decide they need to go get some automation, so everybody goes out and buys a computer. One guy buys an Apple and one guy buys a Hewlett-Packard, and all of a sudden the company decides they need to work together and you get all these different computers that don’t necessarily interoperate with each another.

The role of the CIO has become one of governance, one of overall enterprise architecture, one of trying to ensure that as we deliver IT, we work from an understanding of interoperability. It is not building out automation systems, not building out whiz-bang technology. Rather, the questions are: How do we make these systems interoperable? How do they function with everybody so that when we do deliver the service, when we do deliver the IT capability, it all works together?

Fedtech: When you think of your successor, what qualities will they need to be successful?

Sorenson: Certainly you need someone with a background in technology to understand the benefits of what technology provides to the user. I think as well you need someone with a program management background, who can essentially manage the effort to deliver IT services.

It’s great to be technically savvy, but unless you have some understanding of the customers’ needs and how to deliver that — how you are going to make it all work together, schedule it and apportion the budgets to account for delivery — then all the technical gadgetry is interesting, but not relevant. You need to know how technology is going to benefit the warfighter and how it is going to improve what the customer has.

Fedtech: You are obviously passionate about technology and making the right choices for the Army in a joint environment. What do you think can be done, particularly in IT, to better capture innovation and encourage more creativity and flexibility in the way that IT is deployed?

Sorenson: Well, I am very passionate about that as well. I speak about this frequently. We are actually trying to do something to change the way we build out our budgets. It will be a long-term focus, not quite a struggle, but an endeavor. The dilemma quite frankly is that we have looked for the enemy, and the enemy is us.

In this particular case, it is the budget process that we build 18 months before we execute. By that time, we have gone through one entire cycle of Moore’s Law and the world has changed. Yet the budget that we are about to execute has not changed and does not reflect what we need. Trying to go back and change that budget is like moving a mountain.

What I have argued for as we build out this next budget is essentially a fund or a set of financial resources that are — in the parlance of accounting — untethered. There is no massive program that they are associated with, there is no particular effort they are associated with, and therefore they can fuel IT innovation. When something comes to the forefront, we build the budget, and we deliver it.

For instance, the fiscal 2010 budget has been delivered. It is being evaluated by Congress. It will be reviewed, and it will be signed out, but we won’t execute that budget until October — even though we built it over here this past June or July (2008). We may have changed a lot of things in terms of what we want to do, yet this budget has every particular dollar associated with a particular budget item. There is no flexibility.

I am arguing for a flexible account as opposed to having to try to restructure all these different programs and take money out and rebuild budgets. It’s just like your home budget: If you don’t have some sort of flexible account and you decide you want to go on a vacation at the last minute, all of a sudden there are certain things you’ve have to “un-fund.” That becomes rather problematic, especially if you have a lot of standing payments you have to make.

Fedtech: Can you give me an example of something that you would have been able to implement if you had untethered funding?

Sorenson: I think if you look at what we are doing here in the area of processing centers, that’s exactly what I am talking about. There is really not anything we have put in place that allows us to react to any changes. The other things that I would put into that particular flexible account are some of the improvements we are trying to put in place in terms of cybersecurity.

Cyber, 18 months ago, was maybe a word we talked about. But over the last 18 months, we are seeing the effects of what took place with the Russian invasion in Georgia and some other things. Cyber is now becoming a warfighting capability, and yet we are just now in the process of making changes to the budget to gain some computer network defenses that we would like to have. We basically have to reallocate budgets that were planned for something else. You can’t plan for and budget for IT like you plan and budget for tanks, airplanes and so forth because IT changes more frequently. We have got to get at that problem. If we had had that opportunity to have that flexible account, I think we could have accelerated our plans for the APCs and certainly would have taken some different actions and different programs in cyber.

Fedtech: What lesson learned would you share with other federal IT chiefs —  the thing that you can’t repeat often enough?

Sorenson: I would say it’s really about setting expectations of what can be accomplished. Typically, what I find is that people say, “When I am on my home computer, I can do XYZ. But I come to work, and I can’t do XYZ.” That’s true — as an individual, you can accomplish a lot. But when you are talking about an organization the size of the Army, moving it forward on some sort of baseline that is secure as well as beneficial to everybody’s operational capability means the advances in technology and new capabilities are somewhat slower.

Consequently, there is usually a lag. It’s two to three years, in some cases. I mean for the entire Army. I am not talking about pieces of the Army or elements of the Army; in some cases, they are at the forefront and are using some advanced technology right off the bat. But for a technology to become available for the entire Army, that baseline usually is a two- to three-year lag. As a consequence, the lesson learned is about setting expectations and clearly defining what you are trying to achieve and how it will benefit the end-game user.

Fedtech: Do you think that a tech czar — a position being planned by the new administration — is something needed within the federal government? What type of things do you think that individual should tackle?

Sorenson: Trying to stay apolitical, a technology czar at the senior level would probably be of some benefit. But the question becomes: Given that the government is so large, what role and what responsibility will that technology czar have in dictating what’s to be accomplished?

If you consider the Bush Administration and what Karen Evans accomplished in her role [as administrator of e-government and IT at the Office of Management and Budget], I think she did a marvelous job trying to work with all the different elements to bring them to a baseline capability.

Some of the issues that the Army clearly had in its most recent conflicts — which we are still basically finding — is that when we deploy, there are elements of the State Department or other government elements who deploy with us, and their technology and their infrastructure and their IT is not interoperable with ours. When you get into overall efforts of reconstruction and things of that nature, where nonmilitary elements of our national government participate, we find that our systems are not exactly interoperable.

I would say if this technology czar does anything, he ought to focus not so much on technology wizardry, rather the focus would be on making the different elements of government are interoperable. As we get into the future with respect to cybersecurity, if you have a particular weak link, an attacker can have a significant effect on the overall network.. If you are not trying to bring everybody up to some standard baseline and making sure we are interoperable, then when we have to deploy with different elements of the government in rather austere conditions, it just won’t happen.

Fedtech: Is there anything else that you would like to discuss?

Sorenson: One thing that we only touched on is the defense of the network, which is clearly a major focus right now in terms of what we are all about. We hope through the consolidation of data centers that we actually begin to achieve better security on our network because our points of presence — that is our Internet connections to the network — would be reduced.

As we build out these area processing centers, it also will be much easier to update, standardize, modernize and patch seven or eight data centers as opposed to 440 locations, which you don’t ever know if they got it on time or if they did it on time. And if you are a cybercrook, you are just looking for the weakest link. If one person has lapsed in taking care of patches, that’s one way of getting right into the network and creating havoc. So cybersecuring the future is a major focus, not only for the Army but for the entire government.