Aug 07 2012

FedTech Interview: Marine Corps CIO Brig. Gen. Kevin Nally

Marines aim to boost battlefield success through IT.

Brig. Gen. Kevin Nally was a Marine first and became an IT professional later. Nally joined the Marine Corps in May 1981, after graduating from Eastern Kentucky University. He took a Marines Command, Control, Systems Course in 1988.

Nally has been deployed to Iraq for Operation Desert Shield and Desert Storm in the 1990s and Operation Iraqi Freedom in the 2000s. He has served in a series of IT leadership positions for the Marine Corps and was named the Corps’ CIO in 2010. He also serves as deputy director of Marine Corps Forces Cyberspace Command.

FEDTECH: What are the Marines doing with regard to cloud computing?

NALLY: We already do cloud computing, using the definition of accessing IT resources and services from a remote location. We have a regionalized approach.

If you are east of the Mississippi, you get your enterprise services from Quantico, Va., and the National Capital Region; if you are west of the Mississippi, you get it from Camp Pendleton, Calif.; in Okinawa, Japan, you get it from Okinawa. Hawaii has a place in Hawaii where you get your resources from. And if you are part of the Reserves, you get to our services from New Orleans, and if you are recruiting, you get your resources from Quantico.

And to build that out, we are building out a facility in Kansas City, Missouri, called MCEITS, the Marine Corps Enterprise IT Support Center. We have already moved two of our programs and applications into MCEITS; we have a plan to move 54 more in the future defense yearly budget plan, and then we are going to move the other 110-odd some programs that the Marine Corps has into MCEITS.

MCEITS is out of Kansas City, Missouri, and we have a made a commitment to stay there at least through Fiscal Year 2017. Kansas City is going to be our federated cloud environment, and then we are going to have a distributed environment that will go out to our eight MITSCs, which are our MAGTF [Marine Air-Ground Task Force] IT Support Centers, which is part of our regionalization approach. And then from the MITSCs, which will host the distributed environment, we will have equipment that will go to the forward operating forces, our deployed Marines aboard ships and wherever they may be deployed and we are going to call that the deployed environment. They will be able to access the programs and applications that they need from a forward cloud environment will that will be linked back into MCEITS out of Kansas City and/or the distributed environment from whatever MITSC they came from.

FEDTECH: How does that work for deployed forces in a theater like Afghanistan?

NALLY: We do that now in each of our Marine Expeditionary Forces (MEFs). So, at Camp Lejuene, N.C.; Camp Pendleton, Calif.; and Okinawa in Japan. We have a link-back capability for our forward-deployed forces whether they are aboard ships or working out of a forward operating base. With this, rarely do we have to change e-mail addresses. We still can access our shared drives or shared files, the web, whatever we leave back in garrison.

The forward-deployed Marines can access it through the network today that they establish in a tactical and an operational environment. Future battlefields will always include combat or humanitarian assistance, disaster relief efforts across a wide range of spectrum of conflict, military operations that require our forward-deployed forces to be able to have that reach-back capability into the network that they left their home station from.

FEDTECH: You just described some of the benefits that this provides. Are there others — any kind of cost savings?

NALLY: From a cost savings, yes, we pay certain fees to host these programs in other environments. And we did a business case analysis and a cost analysis that we will be able to save the Marine Corps close to $30 million a year to host these programs and applications ourselves. We will be able to turn that money back into the Marine Corps to use for other purposes that three- and four-star generals deem necessary.

FEDTECH: What are the battlefield benefits that the Marines see from this?

NALLY: We see big-time benefits. Right now, we have a piece of equipment called TCWS or Tactical Collaboration Work Suite, which is a virtualized environment. It comes in several — I use the term green boxes — maybe about the size of an office table. It has SharePoint for collaboration and it's a completely virtualized environment.

They can download their programs and applications that they use in garrison that they know they are going to require for deployment with them in TCWS. And then once they establish the operational and tactical network, it can link and sync back into what they had back in garrison. That’s a huge benefit to them. What they are using in a forward-deployed manner, they are used to using when they are back in the rear garrison.

FEDTECH: What have the challenges been to establishing this framework?

NALLY: Bandwidth.

FEDTECH: How do you overcome that?

NALLY: We have done some marvelous efforts establishing fiber connectivity throughout the theater. The bigger base-posted stations have greater access to bandwidth. And another key enabler that we have learned from the forward-deployed forces is the portable radio component we call the PRC 117G that Harris makes, which is ANW2 — Advanced Networking Wideband Waveform.

This has been a huge game changer for our tactical forces in Afghanistan. They have been actually able to tie it into our SIPR [Secret IP Router] network, our classified network; they have been able to tie it into our unclassified network so that now the forward-deployed forces — the men and women out there on patrols — are getting access to voice, video and data over tactical radio.

Additionally, the staff and officers, when they have downtime or at night, are able to sync it up on the NIPRNet [Nonclassified IP Router Network] and do administrative work like fitness reports and evaluations, submit Marines for awards, access Marine Online for updating administrative records. So it's been a big game changer for us.

I thought you were going to ask me about “fog computing.”

FEDTECH: What’s that?

NALLY: In the Marine Corps, we don’t do cloud computing any more; we do fog computing. One day, I am standing outside in the courtyard of the Pentagon, and it was a very cloudy day. And I said to my chief technology officer, Dave Green, “You know, Dave, I am really tired of the word ‘cloud computing,’ because depending on who you ask, you get different definitions and really no one completely understands it.”

And I said, “Besides on a cloudy day, you can actually see a cloud, so that’s tangible. Most times, when you talk cloud computing, people can't visualize it. But the fog is nothing more than a ground-based cloud. You can actually see it and you can actually touch it a little bit, so we are going to go with fog computing.”

A couple of weeks go by, and we are in a meeting with DOD CIO Teri Takai, whom I think the world of, and she starts talking about cloud computing. The meeting is with the other three-stars and DISA and some other people, and I said, “Well, ma’am, in the Marine Corps, we are not doing cloud computing any more.”

She knows me as being very professional, but I am cynical as well. She said, “Well, Kevin, what are you doing now in the Marine Corps?” And I said we are doing fog computing. General Carroll Pollett, who used to be the DISA director, was sitting across the table, a good friend of a mine. He leans across and says, “Kevin, what does ‘fog’ stand for?” And I had no preparation, I had no idea and I said, “Future Of the GIG [Global Information Grid],” and everybody busted out laughing.

Fast forward another 10 days or so, I am at DISA headquarters for a meeting, and two people whom I didn’t know came up to me and they said, “Excuse me, are you General Nally with the Marine Corps?” And I said, “Yes, I am. What can I do for you?” They said, “Well, the word around here is you are doing fog computing; could you explain that to me?”

Actually, it's been in some articles that the Marine Corps no longer does cloud computing, we do fog computing, and that is part of my cloud computing secret for the Marine Corps.

FEDTECH: The Marine Corps made a big purchase of mobile computing technology last year, including 15,000 tablets, hundreds of thousands of notebooks. What’s the plan for using this kind of mobile computing?

NALLY: When I first took over the job in fall of 2010, the pilots in Afghanistan said, “Can we use iPads or some form of tablet?” And I said we can't hook them up to the network. They said they didn’t want to hook them up to the network. They wanted to put unclassified maps on the computers instead of using a bag that sits between the pilot and the copilot in a helicopter or jet full of a multitude of maps and leaning over to pick up their maps. They said, “It just makes more sense to put this on a tablet. I’ll Velcro it to my thigh, and I can press the buttons and pull up maps a lot quicker.”

What we did is we proved that. When they buy these computers, they are disabled from being able to connect to what we call our MCEN or Marine Corps Enterprise Network. No connection whatsoever. They download the maps from an unclassified website and upload them into their tablets. And then they have developed a grid reference for these maps that allows them to read eight-digit grid coordinates. It has improved safety because they are not leaning over pulling up maps.

Subsequent to that, our forward observers, the men that call on artillery strikes said, “Why can't we use them too?” I said, “OK, you can use them too.” We came up with what we call TTPs — Tactics, Techniques and Procedures. For example, it has to be disabled so you can't hook it up to the network. You can't download secret material and put it on these tablets, because there is no data at rest, no encryption for the data. Plus, our G6 — our comm-IT personnel, forward-operating with these Marines, kind of the oversight for it — and then the forward air-controllers, the Marines that call in airstrikes or air support, asked if they could use it, and I said, there is no reason why they can’t either.

Right now, that’s as far as it has gone. In terms of other mobile devices — iPhones, Androids, tablets, etc. — we still have to wait on NSA’s approval to certify these through the STIGs [Security Technical Implementation Guides] to be able to say, you can do this. DISA and NSA are looking at several different mobile devices.

What I did several months ago, because I know people like to use tablets, I approved the staff here and the Marines to be able to use the BlackBerry PlayBook. It syncs with our BlackBerry phones through the BlackBerry Bridge software, and they like it because they can carry this with them and they can read attachments. Reading attachments on smartphones or BlackBerrys is somewhat challenging, but this allows them to read PDFs, Excel spreadsheets, PowerPoints, Word docs, etc., and still be able to read their e-mail on their tablet as well. That’s a good temporary fix right now.

People in industry will ask what we need, what’s our requirement for tablet kinds of devices? I say Common Access Card-enabled is huge, an embedded phone is huge, those types of technologies that are first and foremost approved by the process that NSA has to go through for certification and accreditation.

FEDTECH: For the ones that are in use now, are you finding that the users come up with more innovative ways to make use of them?

NALLY: Yes. For example, the unfortunate earthquake and tsunami in Japan about last year. We authorized the Marines that deployed there to take Android devices that they were able to use as map devices to better locate where people needed help and then document it and send it around via the phone. That was a huge plus, all on an unclassified level, humanitarian assistance.

And some of the Marines developed apps to track the logistics efforts in terms of getting water, food and medical aid in to the Japanese people that needed it. None of these devices is actually hooked up into our MCEN because we are waiting on NSA’s approval.

The other issue that I have with cell phone, smartphone, tablet devices is if you want to use it in a tactical environment, you still have to build up the back end of it. You still need cell phone towers, you need servers, etc. So it's not just like here in the United States where there is an average of a cell tower every 1.5 miles.

For example in Afghanistan, the U.S. military and State Department helped put in a cellular telephone network for the Afghanis. The Afghani Taliban and Al Qaeda have a tendency to turn the towers off at certain hours of the day when they feel like turning them off. But it gets back to my point that if you build out the back end, you’ve got to protect it too.

So building the cellular network for tactical environment is challenging. What we would like to see is a handheld device that acts and feels and works like a smartphone, with the apps on it, that connects to a tactical radio that already has embedded crypto on it. Then you don’t have to build out the back end. And that’s in the works as well.

FEDTECH: How much would a device like that help warfighters?

NALLY: I think it’d help them, and I use the analogy that the young men and women coming in today, they are already using that technology, and they are very familiar with it. It requires no training; they are familiar with it. The challenge will be to have an app store as part of our MCEITS, to put certified, approved apps in our own app store. Marines would be able to download these apps as opposed to go on to a commercial company and download apps.

FEDTECH: How does the Marine Corps fit in with the Next Generation Enterprise Network (NGEN), the follow-on to the Navy-Marine Corps Intranet?

NALLY: NGEN is a program; it's not a network. We are the lead for the Department of Navy in getting out of NMCI. We bought back the infrastructure, in November 2010. We bought back the intellectual property.

We are working out a plan to take back the enterprise services piece of NGEN. And this is all while the Department of Navy is waiting on the RFP to be released for transport and enterprise services. We work very closely with the Navy and the Department of Navy CIO, Terry Halvorsen, on how this is progressing.

We stood up what we call the TMG, the Transition Management Group, which meets every Thursday at the executive level. Worker bees are working this out all the time. I feel very confident it's going very well. We have until this continuity services contract with HP expires in June 2014. My goal is to beat the schedule by a year, and I think I can do that.

Some of the other concerns with the NMCI after being in it for 10 years: one was the cost, one was the lack of flexibility and another was what HP calls MACs, Move-Add-Change. For example, if I moved into this office and I said I don’t like my desk here, I am going to move it over there, along with a port to connect my computer, I would have to put it in a Move-Add-Change. It costs money, takes time, as opposed to calling in one of my Marines to move my computer and my desk over there and plug it into the wall. The commanders weren’t real happy with NMCI because of the lack of flexibility and response time.

However, I want to put in a good word for HP. During the transition, they have been extremely helpful. And I really want to emphasize that HP brought on a gentleman named Mr. Bill Toti, retired Navy captain, a submariner, to lead the transition for the Marine Corps on the HP side. It's turned everything around. The working relationship with HP has never ever been better. They have turned over their knowledge, they have been allowing us to shadow them on the transport piece, working side-by-side, working with them on their tools that they use to manage a network. It's just been a phenomenal turnaround. So I give credit to HP for doing that as well.

FEDTECH: What progress has the Marine Corps made in the Federal Data Center Consolidation Initiative?

NALLY: We are done.

FEDTECH: Really?

NALLY: We went from 33 to 11 data centers. Those 11 include our MCNOSC, our Marine Corps Network Operations and Security Center in Quantico, Virginia. It also includes the MCEITS and a data center in Albany, Georgia, which is where logistics IT is located and which will eventually be a coop site for MCEITS. We have 8 MITSCs or MAGTF IT Support Centers located throughout United States and in Europe.

We are done. Ms. Takai, the DoD CIO, Mr. Terry Halvorsen, the DON CIO, blessed off on it. We really can’t consolidate anymore; we are lean. We call it our regionalization approach, and the reason I emphasize regionalization is because you can’t cut the head off of the snake. You could isolate one region, but you are not going to isolate the entire Marine Corps. We are redundant, we are flexible, we are scalable and secure, and we have a way to mitigate that through our regionalization approach.

FEDTECH: The Marine Corps has released a social media handbook.

NALLY: We, in conjunction with our famous partners at the Public Affairs Office, developed a social media handbook. Both of us, PAO and C4, thought it was pretty important to get the word out there on the do’s and don’ts of social media. We have several instances that we don’t do everything probably the way we should be doing it in social media, and I mean that more in operational security than anything.

For example, you get a Marine that sets up a Facebook account, deploys and put certain things on his or her Facebook account that they probably shouldn’t be putting on it. If you deploy, and  — just hypothetically — you are married, you have two kids and they are going to stay and you are going to move them back home to Ohio, you don’t put that on your Facebook account. You don’t put your kids’ names, you don’t put your wife’s name, you don’t put your home address, you don’t put I am married, you don’t put I am in a relationship, you don’t put addresses, you don’t put phone numbers, you don’t put things on there where people can trace you.

Our adversaries are now using Facebook and LinkedIn to try to get into your computer, either via spear-phishing or phishing or to drop a malware link into your Facebook or LinkedIn account that you click on. And then your complete IT assets and resources are compromised.

Several years ago, the Marine Corps opened up several social media sites: Facebook, Twitter, Flickr, LinkedIn, YouTube and there might be one other one, to allow Marines to be able to use that. We left it up to commanders to come up with Tactics, Techniques and Procedures to do that. It's working well.

We do have tools in place so we can monitor who is doing what on the social media sites in terms of who’s logged in, how much time they are spending on it, how much bandwidth they are bringing up, but not looking into what their Facebook accounts consist of.

But we do encourage it. It does help the families. For example, units now have social media sites. A unit will set up a Facebook site so the unit deployed can communicate with the family members and loved ones back home. That’s working out well. And we leave it up to the commanders to monitor it to make sure that there is no problem with operational security in it.

The relationship we have with LinkedIn and Facebook allows us to call or e-mail certain individuals and ask them to bring a site down if it’s fake. We do embrace social media. However, we have to maintain good opsec on it.

FEDTECH: The Marine Corps telework program has a good reputation. What’s been the key to doing telework successfully from an IT perspective?

NALLY: Trust, faith and confidence in my people that they are available when I need them. They are great people. We give them the tools and assets to be able to do that, computers and Blackberrys, which is government standard issue now. We know who is telecommuting when, we have a schedule, and I think it works to our benefit.

It’s a morale issue, and there is no work that’s not getting done. Take my budgeter, Ms. Janice Hill, as an example. She is a lynchpin for me. She knows the ins and outs of finance and C4. She telecommutes one day a week, and she always reminds me when she is telecommuting. Never once has she failed to give me something that I needed in a moment’s notice.

FEDTECH: How do teleworkers log on to the network?

NALLY: Two ways, via the NMCI web e-mail or virtual private network. Most of them use VPN, like I do. We put that software on the computer. One, it’s more secure; two, sometimes there are issues reading web e-mail with attachments or forwarding with attachments. To alleviate that concern for them, we gave them the software tools to VPN.

To save money, we are getting away from using Aircards and paying the telecommunicating company a bill every month for an Aircard that may get used for 20 minutes a month. What we do now is we put the tethering software on their Blackberries.

You can hook up your Blackberry to your laptop with a small cable. You are already paying the fee for the Blackberry. Why not use that when you are traveling and cannot connect via a hard line to the VPN? For example, when I was in Okinawa a couple of weeks ago, it was a little slow, but I was still able to access the resources that I needed.

FEDTECH: Being able to get work done when you are not in the office is a big deal.

NALLY: It is a big deal. In my position, I have to be available 24-7. I get calls in the middle of the night that somebody wants to know something. It doesn’t really matter where I am at, so I need to be able to get in touch with people.

<p>Colin Kelly/ <em>Federal Times</em></p>

aaa 1