Based on recommendations from the Secretary of the Navy Cybersecurity Readiness Review, and in full coordination with Department of Defense Chief Information Officer, the Department of the Navy established a new, empowered Principal Staff Assistant to the Secretary of the Navy for information technology management, digital, data, and cyber strategy, announced Under Secretary of the Navy Thomas B. Modly.
Sharing the “exciting news” in a media roundtable in August, at the Pentagon, Modly explained the new position encompasses the vital role of DON CIO. The undersecretary will be responsible for standing up and providing oversight of this critical function within the Secretariat and relinquishes his current role as DON CIO.
“Digital information has become the center of all we do to defend the nation, said Secretary of the Navy Richard V. Spencer in announcing the new CIO. “The strategic use of data and information resources represents a critical enabler of lethality and readiness. Managing and protecting our data is crucial as we confront the renewal of great power competition."
The DON announced Aaron Weis as the CIO Sept. 27. Weis comes to the department from the DoD CIO office as the former senior advisor. He holds a Master’s in Business Administration from Villanova University and a Bachelor of Arts degree from the University of Illinois.
The DON CIO is supported by two deputies, a flag officer from the Navy, Vice Adm. Matthew J. Kohler, and one from the Marine Corps, Lt. Gen. Lori Reynolds, both are dual-hatted, meaning they will also retain their current responsibilities.
Designating Kohler, Deputy Chief of Naval Operations for Information Warfare and Director of Naval Intelligence, and Reynolds, Deputy Commandant for Information, as deputies to the CIO, ensures representation for the Navy and Marine Corps at the most senior levels, Modly explained.
The establishment of a fully empowered DON CIO will also influence resources and set standards with four new directorates: a Chief Technology Officer, Chief Data Officer, Chief Digital Innovation Officer, and a Chief Information Security Officer who will soon be joining Weis.
The roles and responsibilities of the four directorates under the DON CIO include:
- Chief Technology Officer: responsible for establishment and enforcement of technical architecture standards and policies.
- Chief Data Officer: responsible for data and information across the DON.
- Chief Digital Innovation Officer: responsible for the adaptation, prioritization of investment, and incorporation of emerging information management related technologies into the DON.
- Chief Information Security Officer: responsible for maintaining the security of DON Data and information regardless of where it resides.
Before the Navy’s CIO announcement, Modly had served as the undersecretary, DON CIO and Chief Management Officer — three of the top executive positions in the department. While there had been a gap in the CIO position when he first assumed the undersecretary position, Modly said he wanted to carefully study the cybersecurity weaknesses in the department before he made recommendations to SECNAV on how to optimize the organizational structure of the Secretariat and the DON to cyber-secure assets and reduce cyber-threats throughout the department.
The Cybersecurity Readiness Review highlighted the value of data and the need to modify the DON's business and data hygiene processes to protect data as a resource. The review also provided an assessment of the culture, people, governance, processes, and resources as they pertain to cybersecurity in the DON.
SECNAV ordered the yearlong independent review following infiltrations in the networks of defense second and third tier suppliers in which rogue actors captured intellectual property and critical weapons information. Modly noted that near-peer adversaries cannot compete with the Navy in conventional combat so they use any deceitful means to undermine the Defense Department’s warfighting superiority.
China and Russia, in particular, exploit DON/DoD information, scientific research, and industrial intellectual property to fast track U.S. developed advanced technologies into military applications for their countries.
However, it’s not just the Defense Industrial Base that has challenges.
Modly explained the Navy has significant cybersecurity weaknesses as well. “We have a lot of work to do in the department to ensure that we change the culture with respect to cybersecurity. It's one of the biggest challenges that we have. A lot of this is not technical; rather it's basic things, like cyber hygiene, that are not well enforced across the department that are causing a lot of these breaches.”
The review group teamed with current operational military and civilian experts to compare Navy's cybersecurity governance structures against best practices from both government and industry for alignment of authority, accountability and responsibility.
Specifically, the review group identified weaknesses in the DON’s cybersecurity posture due to the lack of a centralized organizational structure and clear lines of command in managing the department’s critical assets and networking infrastructure. They found authority and functions are distributed among various Echelon I commands and executive positions throughout the department which creates confusion and insecurities.
In short, the department found it is at severe risk for cyber-related attacks due to a lack of uniform top-down leadership, confusion and complexity over cybersecurity standards, and a general lack of threat understanding or appreciation from the workforce.
Due to the urgency to secure the department’s networks, data and assets, Modly said he concluded that the CIO position should be elevated to the highest levels in the department. The reconstructed DON CIO organization is designed to bring a unity of command for IT/cyber organizational structures, resources and policy decisions, he explained.
“No one at the senior level of the department had responsibility for this portfolio. It was very distributed, and so therefore, we were finding that we were investing in things without any level of coordination and probably sub-optimizing a lot of those investments,” Modly said.
Reconstituted DON CIO
The Navy’s goal is to have a cybersecurity posture and process that ensures optimization, alignment of authority, accountability and responsibility in the cyber domain that incorporates best practices from both government and industry, Modly explained.
“Developing an organization that has clear lines of authority is probably going to be the very first thing that they do to establish the credibility and authority of this particular organization. Then step two is to develop a strategy for information management for the department. That's the second most important thing. And then starting to knock down some of the big problems that we have,” Modly said.
Optimizing the DON’s use of the voluminous data produced daily across the department is a particular vision for Modly, and a key focus in the department’s Business Operations Plan.
“We have a lot of data in the department, but it's not structured in a way that makes it useful so that we can get meaningful information out of it. So those two pieces, the digital strategy and the data strategy, chief data officer and chief digital officer, are going to work very closely together to ensure that the department has data that is usable,” Modly said. “And then once it's usable, how do [we] actually use it?”
Data analytics is essential across the DON’s business systems, logistics and supply chain, and asset and real property management for informed and faster decision-making as well as for audit readiness and to achieve efficiencies. Modly said the goal is full visibility into what the department is spending in these areas, as well as in cyber-securing them.
The new organization is not expected to increase the overall size of the headquarters beyond the limits imposed by current or anticipated Major Headquarters Activities restrictions. In addition, billets for the CIO organization already exist across the DON.
Modly called the newly structured CIO position a reconstitution, and all that goes with it, a classic culture change, a change management challenge for the department.
Ultimately, the restructuring is about strengthening the lethality and readiness of Sailors and Marines.
“We're talking about people’s lives at the end of the network. The people that we put out there at the end of this network,” Modly said.
For more information about the DON CIO, visit: https://www.doncio.navy.mil.