Former Defense Department CIO Terry Halvorsen may have a new gig with Samsung, but his replacement hasn’t been named.
Halvorsen stepped down in late February after 37 years in government, and John Zangardi, the Pentagon’s principal deputy CIO, has been filling in since. Yet the Trump administration has not yet named a replacement for Halvorsen.
When it does, that person is going to confront a maze of IT challenges at the DOD, not least because of the administration’s emphasis on cybersecurity. What will be among the tech issues Halvorsen’s successor will need to confront?
One is the successful implementation of key components of the Joint Information Environment (JIE), the major undertaking the Pentagon announced in 2010 to consolidate the department’s IT infrastructure and secure it more effectively.
Another is the ongoing effort to consolidate the data centers of the DOD and the armed forces. The next CIO may also need to consider changes to the structure of the Defense Information Systems Agency, the DOD’s joint IT provider.
The Pentagon will also need to keep the ball moving forward on its shift to Microsoft’s Windows 10. The department plans to move up to 4 million devices to Windows 10, and Halvorsen had set a deadline of January 2017 (which he acknowledged last year the DOD would not meet). DOD spokesperson Lt. Col. James Brindle told FCW earlier this month that the Pentagon has only migrated 200,000 devices to Windows 10 so far, and that number is expected to double in the coming months.
Getting the Joint Regional Security Stacks Right
One big item waiting in the next DOD CIO’s inbox will be continued migration to the JIE. Halvorsen, who drafted the department’s JIE strategy document in August 2016, told FCW recently that he expects DOD’s commitment to the transition will continue.
“I don’t think that will change,” he said, though he noted it is sometimes difficult to get Pentagon officials to realize the JIE is a vision to strive toward and not a program with strict requirements. “If you try to get too specific on the JIE vision, you end up being wrong,” he said.
A key component of the JIE is the joint regional security stacks (JRSS). Through JRSS, DISA is partnering with the Army and Air Force to change the way the DOD secures and protects its information networks. JRSS is a suite of equipment that performs firewall functions, intrusion detection and prevention, enterprise management, virtual routing and forwarding, and provides a host of network security capabilities.
“I think [Halvorsen has] done a very nice job of coalescing the services around a shared vision for our infrastructure — not that we’ve made all of the progress that we need to make,” Air Force CIO Lt. Gen. Bill Bender told FCW. “But I think that the JRSS and the technical solutions that are in the works are [going] in the right direction. I think the services are all lined up to support it and that we’re on a good glide path.”
However, as Federal News Radio reports, a provision in the 2017 National Defense Authorization Act blocks the DOD “from declaring full operational capability” on any of the 12 JRSS that are planned for deployment around the globe “over concerns that Pentagon IT leaders haven’t done enough to demonstrate that the $1.6 billion system is effective.”
Federal News Radio reports:
The bill orders the department to conduct a formal operational test and evaluation (OT&E) process to ‘determine the effectiveness, suitability, and survivability’ of JRSS and places limitations on its full deployment until DOD does so, although Pentagon leaders would be able to sidestep the OT&E requirement if they can certify that the system is vital to national security and can show Congress other evidence that the system works as intended.
The Army and Air Force have started to use the “stacks” of commercial off-the-shelf network appliances and other monitoring tools to protect their bases in the southeastern U.S., and deployments are well underway in Europe and the Middle East, Federal News Radio reports. The Army plans to move its networks to JRSS installations over the coming year, followed by the Air Force. The Navy and Marine Corps are expected to start moving their large, existing enterprise networks to a “2.0” version of JRSS in 2018.
Shuttering Data Centers
Data center consolidation is also a huge issue for DOD and one Halvorsen acknowledges he did not make enough progress on. The Pentagon has thousands of data centers, and it aims to shutter many of them.
When speaking to reporters in January before leaving government, he said, according to Fedscoop, “It’s the one area that if you asked me where I give myself the lowest mark, not the team but myself, because in the end it’s my responsibility, is data centers.” “We did not get as many closed as I would have liked to get closed,” Halvorsen said of data centers, but he did note that the Pentagon made some progress.
Figuring out how to handle the data center closures will also be a challenge. “How do we partner with industry so when we consolidate these data centers, the full impact of what you might see if you immediately close the data center — there are lots of impacts to the workforce and to the surrounding communities — so how do we reach the savings we want while minimizing some of the impacts,” Halvorsen said in March, according to Federal News Radio.
The DOD has been making some progress on shuttering data centers. Halvorsen’s August 2016 plan called for the creation of a team to identify and recommend closures of the costliest and least efficient facilities beginning in the first quarter of fiscal year 2017. That worked started last fall, as FedScoop reported.
And before leaving office earlier this year, the former secretary of the Army, Eric Fanning, issued an 88-page directive designed to spur further data center consolidation after the Army fell behind on its goals. The directive lays out detailed orders to three- and four-star generals in the Army’s headquarters and functional and geographic commands, telling them precisely what must be done to close 60 percent of the service’s 1,200 data centers by the end of 2018 and 75 percent by 2025.
Partnering With Industry
Bender told FCW the CIO will also need to tackle reforming DISA to bring it in line with industry standards.
“By going joint, [DOD is] increasingly reliant on DISA infrastructure,” he said. “So the journey to the cloud goes through a DISA-provided cloud access point. They need to deliver at the need for speed.”
Furthermore, Bender said that “the DOD CIO should continue to focus on moving the DOD toward utilizing the commercial sector for enterprise IT, with DISA focusing on standards and oversight, not on contracting, which has been a DISA weakness.”
Halvorsen said DOD must continue to embrace commercial technology, which can be more efficient than building an in-house solution. He added that the U.S. is entering the “platinum age” of technology and sophisticated commercial solutions are being introduced that can transform the way DOD operates.
Bender and former DOD CIO Teri Takai told FCW that DOD needs to strengthen its ties with industry — not only to cut costs but also to decrease the department’s cybersecurity footprint.
However, Takai said DOD must improve its internal capacity to understand the market and be a better purchaser of IT. “While DOD is going to want to do more with their vendors, they’re also going to have to develop some in-house expertise that they’ve to some extent let atrophy by letting the vendor community do so much,” she added.