Army CIO Dr. Raj Iyer seen at the Pentagon’s Hall of Heroes on Dec. 15, 2020, to recognize Farhan Khan for his new role as Director of Architecture, Data and Standards.

Nov 22 2021

Q&A: Army CIO Raj Iyer Leads a New Digital Strategy

Modernization and zero-trust security are top priorities for the service.

When Dr. Raj Iyer took his post as the U.S. Army’s newest CIO in November 2020, he became the first in two areas: the first civilian CIO for the service, and the first to hold the title without reporting to the Army chief of staff. This puts him in the position to set IT policy while bringing an industry perspective to programs that may have become set in their ways. During his time in industry, Iyer worked with the Army and other government agencies on major modernization projects. In an interview with FedTech, he outlines the service’s upcoming technology evolution.

FEDTECH: You’re the Army’s first civilian CIO. Why is that significant?

Iyer: The role that technology plays in how we’re modernizing not just the Army, but the Department of Defense, is at a whole different level than before. So, it was absolutely critical for the Army to establish an office that is forward-leaning, focused on advancing modernization and transformation, leveraging technology and not just treated as a back office.

My career has always been in technology, and I’ve always had some kind of relationship with the defense industry. What the Army was looking for was somebody to come in from industry to drive this transformation. It’s not because the Army didn’t have the expertise, but that kind of out-of-the-box thinking is best done when you bring someone in who knows the Army relatively well, but also someone who’s not so vested in previous efforts that you’re not able to take an honest objective assessment of what needs to be done.

FEDTECH: The Army recently separated the G-6 duties from the CIO duties. Why was that split necessary, and what do your responsibilities entail without the G-6 duties?

Iyer: For the past 20-plus years, the Army has had a combined organization. The other services all have different models of how they execute the statutory CIO responsibilities. There’s no real standardization across the services. The DOD has had a CIO for quite some time. So, the fundamental reason for the split was to make the CIO’s office the more forward-leaning organization that’s trying to transform the Army to keep up with the changing pace of technology, and for the G-6 to actually execute that mission. It was really important for us to split strategy from execution; we didn’t have that before.

This split puts the CIO as the senior adviser to the secretary for all things IT in the department. The G-6 reports to the chief of staff of the Army. So, I establish the strategy and the policies for the entire United States Army. The G-6 executes, under my direction, those policies and strategies. It’s a model that has worked well across all the other functions in the Army.

Click the banner below to get access to a customized content experience and exclusive articles.

FEDTECH: What are the Army’s current IT priorities?

Iyer: Digital transformation. We’re going to look at technology, but it’s also about how we’re going to fundamentally change and reform our institutional processes or policies that have not kept up to date, and how we are going to reskill and upskill our workforce to execute. We know we have great technologies; we just haven’t really adopted them and benefited from them to the extent that we need.

The Army Digital Transformation Strategy that we have just launched is our first that integrates all these aspects. It lays out the high-level vision of how we’re going to modernize the Army between now and 2028 for multidomain operations.

Our first objective is to support readiness and modernization. This includes network modernization, as well as scaling and operationalizing our cloud environments, and how to leverage data as a strategic asset for decision-making. Another initiative that we’re prioritizing is modernizing our business systems. We’ve spent a lot of money and effort in the past building out business systems; now, they’re at end of life and do not meet our requirements for the future. And we have to do all this with the right cybersecurity posture in place, using zero-trust principles.

Raj Iyer
We know we have great technologies; we just haven’t really adopted them and benefited from them to the extent that we need.”

Raj Iyer Army CIO

The second objective is bringing about reform in the Army. We could do all of these things I just talked about, but there are some institutional processes that we need to change. If we want to adopt technology at the speed at which it’s changing, the way we budget has to change as well. We need to be much more agile and flexible to being able to resource new modernization programs. As the CIO, I certify an annual budget of about $15 billion. That’s a lot of money. And so, we have to make sure that we have good alignment of those resources against Army priorities and DOD priorities. If you don’t have that good line of sight, then in a fiscally constrained future, it’s going to be very difficult for us to accomplish this digital transformation.

The final priority is all about people, our No. 1 asset and our most important asset. So, we also have to look at how we are reskilling and upskilling our digital workforce for the future, and that includes the IT workforce on the civilian employee side. It includes the data and analytics workforce. The cyber workforce also includes the active duty, National Guard and Army Reserve. How do we need to shape career paths for the future when it comes to AI? What kinds of skills do people need to have? What hands-on experience do we want to give them? And how can we bring in new, fresh talent from industry? There are a lot of people, very passionate and smart and intelligent who want to work for the Army. We also want to establish a closer relationship with industry, to bring in talent for us and to send our people out to industry through rotations so they can gain the experience they need in an industry.

EXPLORE: How does the Army want to modernize its network?

FEDTECH: What lessons did the Army learn from the remote work experience that will translate into something useful in the future?

Iyer: Remote work, I think, is here to stay. From a changing culture perspective, remote work has given managers the trust and confidence that they can get their work done with their workforce being remote. There were so many naysayers in the Army before the pandemic. We’ve broken that culture, and I think we’ve broken it for good.

Now, having said that, how are we going to share our data and collaborate securely? How do we do that with our joint partners? When people work from home and use their own personal devices, how do we protect these endpoints that are no longer government-furnished equipment? And how do we make sure that we are educating our users about the cyber risks associated with working from home on open networks?

All of these home assistant devices have become so ubiquitous that we had to educate everyone that if you’re on a phone call that involves controlled unclassified information, and you have a home assistant device sitting next to you, it is recording your conversation. Educating our workforce on what those risks are and what they need to do has been big.

RELATED: How has the DOD enhanced its telework capabilities? 

FEDTECH: It seems as though the military in general is a bit further along on the path to zero trust than the civilian agencies. Is that a fair assessment?

Iyer: National security clearly demands that we take extra protection over our data. I think the DOD definitely did move forward, rapidly. We actually created a reference architecture with all the capabilities that need to come together to establish these zero-trust principles. If we don’t do that, zero trust will become just another buzzword. The timing was really great, because then the White House executive order came forward on cybersecurity, and zero trust was all over it. We were ahead of the curve.

But the other part — and I think the Army is in a unique situation — is that we have information technology, but we also have operational technology. We have industrial control systems and facility control systems that are vulnerable to cyberattacks. We know from recent news and events like the Colonial Pipeline hack that our adversaries and nonstate actors are going after vulnerabilities in operational technology. There’s a lot of learning to be done in terms of how we establish zero trust when it comes to operational technology.

FEDTECH: What’s the oldest piece of Army IT that needs to be modernized?

Iyer: We still have analog phones, and it bothers us because they are end-of-life, decades old. We cannot find spare parts for them anymore. We have to go to eBay to find them and buy them at a premium — and, oh, by the way, we can’t find the people to fix them, either. We’re on a path to voice modernization using Voice over IP, but the Army’s huge. We have 288 posts, camps and stations worldwide. It takes time for us to do this at scale.

Photo by Emanuel Cavallaro, DVIDS

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.