CHIPS Articles: DON CIO Year in Review — FY20 Key Accomplishments
DON CIO Year in Review — FY20 Key Accomplishments
Advancing the Information Superiority Vision
By DON CIO, and DON Chief Technology Officer, Chief Data Officer, Chief Digital Innovation Officer, and Chief Information Security Officer Directorates
Due to the vulnerabilities in the Department of the Navy’s cyber posture, revealed in the 2018 Secretary of the Navy Cybersecurity Readiness Review (CRR), the DON restructured the office of the Chief Information Officer in 2020 to ensure clear lines of accountability and unity of command. Subsequently, Mr. Aaron Weis joined the DON senior executive team in late September 2019 as the CIO and Principal Staff Assistant to the Secretary of the Navy for information management, digital, data and cyber strategy.
In his first CIO column for CHIPS Magazine in January 2020, Mr. Weis wrote, “The Department of the Navy is at a critical time in its history. As a Department, we lack mastery of our Information Environment and depend on outdated processes and antiquated network structures that fail to deliver a modern user experience. The Cybersecurity Readiness Review highlighted the need for strong cybersecurity and the risks to the Department if we do not forge a path that organizes around information as a strategic asset and warfighting capability.”
Mr. Weis; the four directorate chiefs reporting to him, Chief Technology Officer (who is also the Deputy Assistant Secretary of the Navy Information Warfare & Enterprise Services) Jane Rathbun; Chief Data Officer Thomas Sasala; Chief Digital Innovation Officer Mike Galbraith; and Chief Information Security Officer Christopher Cleary (who has since moved on to the role of Principal Cyber Advisor); along with their teams, accomplished many of the initial steps that position the Department toward a common vision of a shared and interoperable architecture achieving enterprise technology objectives. They have been working since October 2019 in their respective roles on three strategic objectives formalized by the DON in the Information Superiority Vision — Modernize, Innovate and Defend DON information environment — while utilizing Data and the Workforce as strategic assets. (See Figure1.)
Concentrating efforts defined in the SECNAV Business Operations Plan FY21-23 focus areas, those laid out in the ISV’s strategic objectives, and shortfalls revealed in the CRR, the DON CIO worked with stakeholders and partners across the DON. For example, Secretariat leaders, the Deputy Chief of Naval Operations for Information Warfare (N2N6), Deputy Commandant Information (DC I), and the Deputy CIOs for the Navy and Marine Corps, DoD CIO, and Joint Artificial Intelligence Center (JAIC), among others, provided guidance and assistance.
In this way, the DON CIO, in close partnership with the DON IT community, led successful initiatives in FY20, and is continuing follow-on efforts to further advance enterprise IT capabilities and cybersecurity.
Modernize DON Infrastructure
Modernize Networks and Transport
- To date, both the Naval Enterprise Network (NEN) and the Marine Corps Enterprise Network (MCEN) have made major strides in increasing the capability and capacity of the DON platform infrastructure, enabling huge gains in the ability of employees to telework during COVID-19 and to access cloud-hosted services, such as the Microsoft Commercial Virtual Remote (CVR) platform and Office 365. In this effort, the DON CIO, with its partners, provisioned 700,000 Navy accounts with 160,000 active Navy users. Notably, special guest DoD Principal Deputy CIO (now Acting DoD CIO) John Sherman, joined DON CIO Weis in a Town Hall Nov. 4 – a featured event at each DON IT Conference – and credited the DON CIO, Navy and Marine Corps for leading in the DoD implementation of CVR and O365.
- The Naval Digital Platform Team (NDPT), more commonly known as Team PLAID, due to their extraordinary speed, developed and delivered a next-generation network architecture to PEO Digital that leverages commercial best practices for DON enterprise networks to reach industry parity.
- A Naval IT Infrastructure Portfolio Review was launched and subsequently endorsed by not only DON CIO, but the ASN(RD&A), ASN(FM&C), Vice Chief of Naval Operations (VCNO), and Assistant Commandant of the Marine Corps (ACMC). This review is examining the over $4B in annual spend on IT infrastructure in the DON, mapping that to an inventory of networks, endpoint devices and software, while developing recommendations to optimize this portfolio for the shift to cloud computing.
Deliver Cloud Services
- During FY20, numerous cloud service offerings were authorized as Infrastructure, Platform, and Software as a Service (IaaS, PaaS, SaaS), and more customers were able to move computing workloads into those authorized environments.
- The PEO Digital Naval Commercial Cloud Services (NCCS) DON Digital Marketplace went live at https://cloud.navy.mil and provides single-stop shopping for discovery and ordering cloud services.
- In August, the DON CIO issued the Establishment of Single Service Microsoft 365 Cloud Tenancy policy that directs the Navy and Marine Corps to each implement a single tenant instance for the entire Service.
Optimize Identity and Access
- The DoD CVR Teams solution successfully took a first step in adopting zero-trust principles to allow users to securely access and modify official use data (up to certain levels of Controlled Unclassified Information (CUI)) without the use of a DoD Common Access Card (CAC) or using government-furnished equipment (GFE), such as a laptop or DON iPhone.
- PEO Digital is also conducting a Naval Identity Services (NIS) pilot to evaluate a technical solution for Identity, Credentialing, and Access Management (ICAM) for the Navy Enterprise Resource Planning (ERP) platform.
Innovate and Deploy New Capabilities
Realize a Digital Workplace
Current DON networks and systems fail to deliver a modern user experience forcing users to work around the network to accomplish their jobs. File sharing, cloud collaboration, chat, voice, and video are not available to DON users. Forward-deployed Sailors and Marines must manually contextualize raw data from multiple unintegrated systems. The DON needs a network capable of delivering actionable information to the point of need.
- The combined DON CIO, Deputy CIO (Navy) and Deputy CIO (Marine Corps) Team drove capability and capacity upgrades to enable department-wide telework and improved user experience during the COVID-19 crisis.
- To facilitate continuity of operations in response to the crisis, the DoD provided a set of collaboration tools for DON teleworkers using Microsoft Commercial Virtual Remote (CVR) Teams. CVR Teams provided collaboration and remote meeting capabilities through video, voice, and text communication, along with document sharing. The CVR platform is hosted in the MS Government Community Cloud (GCC).
- The Navy’s Digital Transformation Office launched a Digital Inventory plan to identify the Navy’s digital footprint and derive insights to inform future investments. To date, more than 880 digital initiatives from 34 Echelon 1 and 2 commands have been collected, and custom dashboards and infographics have been developed to help create an enterprise view of assets to enable better synergy between initiatives and support budget decisions. This effort is complementary to the IT infrastructure inventory being led by the DON CIO.
- The emergence of the COVID-19 pandemic sparked the need to re-think existing manual and disparate crisis management solutions. Navy’s Digital Transformation Office partnered with the Fleet Cyber Command/10th Fleet’s N3/N5 Watch Floor team, OPNAV N2N6, and DON CIO to develop an Integrated Digital Incident Reporting Solution. Acting as a catalyst for helping keep Sailors safe, this streamlined reporting solution, for over 600 users across the fleet, improved COVID-19 reporting accuracy and saved over 900 man-hours per day.
Consolidate IT Portfolios
- The DON’s Logistics and Supply Chain systems are vital to the how the Department fights, maintains readiness, and conducts business operations. The DON has 294 logistics (LOG) IT systems, many of which are based on legacy technology, funded by nine resource sponsors across 88 budget lines. In January 2020, Vice Adm. Moran, as the Milestone Decision Authority for the LOG Functional Area Manager (FAM), issued guidance to establish a governance structure consisting of multiple Cross Functional Teams (CFTs) that will identify and consolidate duplicative capabilities into single solutions for maximum resource efficiencies and effectiveness within the FAM.
- The CFTs have identified four main capability areas – Maintenance, Repair, and Overhaul (MRO); Product Lifecycle Management (PLM); Supply Chain Management (SCM); and an Integrated Data Environment (IDE) – and are aligning the current 294 LOG IT systems to single, modern Naval capabilities within each of those areas based on financial and capability mapping analysis. To date, the CFT structure has identified a single MRO capability solution and is seeking Congressional approval to realign funding in support of this effort, creating financial efficiencies.
- Conducted the LOG IT System and Project Portfolio Review.
Leverage 5G Capabilities
The improved capacity and high-speed performance of 5G networking technologies promise to deliver greater transformative effects that extend beyond telecommunication technologies of the past. 5G experimentation is a national imperative that is aligned to the White House National Strategy, DoD 5G Strategy, and the National Defense Authorization Act of 2020. The Deputy Undersecretary of Defense (DUSD) Research and Engineering (R&E) is executing a budget of $52M in FY19, $250M in FY20, and $485M in FY21 to prototype 5G systems across the Services.
- As of the June 3, 2020 DoD announcement of 5G experiments, the DON CIO has successfully established experiments at three Navy and Marine Corps sites worth $295M over three years including a Navy-led Joint 5G experiment at Joint Base Pearl Harbor-Hickam to Enhance Aircraft Mission Readiness. Guidance and governance has also been established at all three DoD 5G experiment sites.
- A draft charter for governance of 5G efforts across the DON, including the DoD 5G experiments, has been submitted for review.
- A draft DON 5G Action Plan with a 30-60-90 day plan has been created.
- The DON 5G Community of Practice has been established and is growing.
- A draft of the 5G technical policy for the use of commercial 5G equipment on DON properties to maximize the shared value of the DON has been submitted to ASN EI&E for acceptance and publishing. It was released in December: Updated Streamlined Process for Commercial Broadband Deployment.
- The DON will lead 5G initiatives to assess the feasibility, utility, scalability, and affordability of 5G technologies applied to DON Modernization and Innovation objectives. The DON is currently executing two of the 5G experiments in the USD R&E 5G portfolio, and will be executing four to six more experiments beginning in FY20, and another 8 to 12 more in FY21.
Deploy AI Capabilities
Artificial Intelligence, machine learning, and associated technologies are powerful enabling technologies with the potential to improve the affordability, effectiveness, and speed of DON warfighting operations. These technologies are critical to U.S. national security to maintain and increase advantage against near-peer competitors.
- Progress has been made at the strategic, tactical, and operational levels of the DON. Stakeholders from throughout the DON have begun drafting a framework of strategic and tactical priorities for aggregation, prioritization, and advancement of AI technologies and programs that can improve performance via the use of AI and associated technologies.
- Enterprise-level digital environments capable of supporting AI applications are being designed and built, and the facilitation of deckplate AI applications that will provide increased diffusion of knowledge, tools, models, and access to AI expertise are also in development.
Defend DON Information
Our adversaries understand that the systems, network and data that enable capabilities are critical and without them we cannot compete, deter, or win. Our adversaries have become more confident in challenging us below the level of military conflict by stealing data from our networks and our Defense Industrial Base partners, and are developing ways to compromise our Naval systems including those that control our ships, aircraft, weapons, and critical infrastructure. The DON CIO CISO Team has been promoting the need for everyone to be vigilant about protecting data though the ISV strategic initiatives.
Measure Cyber Risk
To institute a data-driven Naval cyber readiness baseline, measuring the cybersecurity risk & survivability posture across the DON and enabling SECNAV and DON CIO leadership to rapidly make informed decisions in cyber investments and cyber risk acceptance determination, the DON CIO CISO Team:
- Developed a Cyber Risk Vision and POA&M to support the objective of instituting a data-driven Naval cyber readiness baseline. The baseline would enable measuring its cybersecurity risk and survivability posture across the DON.
- Partnered with Naval Information Warfare Systems Command (NAVWAR) to demonstrate and inform senior leadership about the Cybersecurity Figure of Merit (CFOM) risk analytics platform. NAVWAR’s Office of the Chief Engineer developed a scorecard to provide a data-driven approach to inform program offices of their systems’ cybersecurity health.
- Demonstrated the Automated High Risk Systems Reporting concept. Under this concept, analytics would be enabled to better understand the risk proposed by systems and potentially identify systems not tracked that should be monitored as high risk.
Drive Active Monitoring
To increase cyber situational awareness, the DON CISO Defend vision calls for improved active monitoring across the DON enterprise. To support this objective, the DON CIO CISO Team:
- Conducted the first DON CIO Phishing Campaign to improve the Cyber Readiness of the Secretariat staff. This event, supported by Naval Sea Systems command (NAVSEA), included targeted phishing and whaling. Following the phishing event, DON CIO published a phishing article (A Message to the DON Community from the CISO) in CHIPS and on the DON CIO website to raise awareness and combat phishing attempts.
- Sponsored a contract for a pilot program to enable Automated Cyber Network Defense/Autonomous Network Defense at the Naval Postgraduate School (NPS) in Monterey, California. Efforts are underway to support network activity discovery and mapping.
- Implemented a personally identifiable information (PII) breach tool to improve the Privacy Team’s ability to manage PII Breach Reporting.
Promote Cybersecurity Culture
The DON must increase cybersecurity accountability and agility across the DON to enable success in future battles and DON mission areas. Personnel must recognize and embrace the importance of information, cybersecurity and resilience. To support this outcome, the DON CIO CISO Team:
- Completed work with Naval Higher Education to draft Cyber Sentry General Orders. This concept was briefed at the 2020 DON IT East Conference in November.
- Partnered with DUSN office to develop and promulgate the updated Acceptable Use of DON IT policy. Also released Amplifying Guidance to the DON Acceptable Use Policy regarding collaboration tools that are acceptable for use on DON IT assets.
- In October, conducted a dynamic Cybersecurity Awareness campaign, in collaboration with Department IT leaders, writing and publishing articles, videos, tools and tip sheets to multiple media platforms.
- Briefed the IT community during the highly praised 2020 Virtual DON IT East Conference in November with 1,200 registered attendees, 30 hours of content, and more than 1,950 continuing education unit (CEU) certificates distributed.
- Partnered with Navy Executive Stakeholders (OPNAV N2N6, FCC/C10F, NAVWAR Cybersecurity Technical Authority, and Navy Security Control Assessor) to transition all Navy security authorizations to the Risk Management Framework (RMF) per OPORD 19-058/ Operation Triton Bastion. The department is now transitioned to the RMF process per OTB requirements.
Secure Defense Industrial Base (DIB) and Support Acquisition
The DON is working to reduce the risk of unauthorized disclosure of DON information being held by our trusted industry partners by ensuring adequate protection/security. Also, to protect DON information, DON CISO will support the DON acquisition community in implementing effective cybersecurity. In addition the DON CIO CISO Team:
- Published the Defense Industrial Base Executive Steering Committee Charter in August which established and codified the organization, roles and responsibilities, scope, and battle-rhythm for the DIB Executive Steering Committee.
- Supported publication of an incident notification reporting process for reporting confirmed exfiltration of Navy data from a DIB partner network.
- Worked with ASN(RDA) on releasing two memos, which:
- Identified enhanced security controls which DIB partners must follow to improve the protection of DON data residing on their networks; and
- Provided guidance to contracting officers that allows 5 percent withholding of contract payments if DFARS clauses requirements are not met.
- Supported Naval Criminal Investigative Service’s establishment of a taskforce to improve outreach and determine how to best monitor DIB networks.
- Assisted ASN RD&A in drafting a cybersecurity enclosure to the SECNAV instruction for acquisition.
- Provided review and recommendations on five Acquisition Categories (ACAT) 1 Cybersecurity Strategies (CSS).
Strategic Assets & Focus Areas
Leverage Data to Drive Advantage, Enable Accessibility, Enhance Understandability, Establish Trustworthiness, Promote Interoperability
To ensure oversight of DON data, the Under Secretary of the Navy established a functioning Chief Data Officer (CDO) role to oversee and champion DON data equities and influence investment decisions, with data and information activities that are formally governed by the DON Data Governance Boards (DGB). The objective is to create a data-aware Naval Force that exploits data for decision-making at the speed of mission and to ensure quality data is securely accessed, monitored, and protected wherever it resides, establish a common understanding of data assets, standards, policies, guidance, classification, and release control requirements. Accomplishments included:
- Championed data objectives as the DON representative at the Federal CDO Council and DoD CDO Council.
- Produced the first CDO Annual Compliance Report to Congress detailing DON CDO accomplishments.
- Established DON DGB built on Information Domains to focus on unique data management needs within each domain versus the traditional IT systems-based approach to data governance.
- Designated a DON Data Steward for each Information Domain via DON CDO memo to include their roles and responsibilities as a data steward.
- Chartered DON DGB Working Group (DGBWG) to support DGB actions.
- Developed the Naval Data Concept of Employment (CONEMP) to guide DON data governance and data management activities.
- Led DON inputs on data and standards to Joint All-Domain Command and Control (JADC2) efforts championed by the Joint Staff.
- Initiated building of the Data Catalog to layout the landscape of data sources and data assets available to the DON.
- Produced the first enterprise DON Data Architecture to define layered requirements for infrastructure, enterprise services, and security.
- Established Assistant Secretary of the Navy (Manpower and Reserve Affairs) as the office of primary responsibility (OPR) to lead data maturity efforts and identify training and educational opportunities for the DON data workforce.
- Conducted extensive outreach to the DON Data Community of Practice (DataCoP), and coordinated with ASN (M&RA) to establish the DON Chief Analytics Officer as the DataCoP executive head.
- Developed the approach and procured resources for building the DON enterprise data and analytics platform (Jupiter).
- Identified enterprise-level data management/data analytics initiatives for integration with DON Data Architecture and Jupiter efforts.
- Implemented data analytic use cases to drive Jupiter development in areas of data maturity and advanced software toolset requirements.
- Identified considerations for implementing federal guidance on Controlled Unclassified Information (CUI) and Controlled Technical Information (CTI).
- Developed the DON Interface Specifications Memo (Application Programming Interface (API) Memo) to establish policy for interface specifications standards and governance.
Empower the Digital Workforce, Promote Cyber Literacy
- Facilitated update to the DoD Annual Cyber Awareness Training to improve cyber-hygiene throughout the enterprise.
Develop Cyber Workforce Strategy, Policy and Plans, Manage Digital Workforce Talent
- Began the transition from an Information Assurance to a Cyber Workforce qualification and management program.
- Piloted the DON Cyber Information Technology/Cybersecurity Workforce work role qualification and management program under a DoD CIO waiver, resulting in the addition of experience levels as a foundational qualification option. The Workforce Team won a DoD CIO award for this pilot.
- Based on lessons learned from the pilot, shaped the updated DoD Directive 8140.01 (released 5 Oct 2020), and draft DoD instruction on cyber workforce management and reporting. Continued shaping DoD Cyber Workforce policy.
- Monitored and tracked cyber position coding.
- Implemented the Cyber Excepted Service program to recruit and retain cyber personnel.
- Coordinated with the Office of Civilian Human Resources allowing re-delegation of waiver granting authorities for hiring military personnel into cyber positions less than 180 days after retirement.
- Expanded the utilization of externally funded cyber learning opportunities for the DON Cyber Workforce (e.g., DoD Cyber Scholarships, Carnegie Mellon University Chief Information Security Officer Executive Education and Certification Program).
- Shaped Congressionally-mandated DoD cyber zero-based review process.
- Began a Congressionally-mandated study to improve military and civilian cyber career paths in the Navy.
- Worked with the Individuals with Disabilities Council and DON CISO/Defend team to baseline adaptive technology for the workforce.
These lists of stellar achievements represent an Honor Roll of the talented, dedicated IT/cyber professionals from across the DON who advanced the ISV strategic objectives in every focus area in one short year!
Well done DON CIO and DON IT Community!
CIO Authorities, Cloud, Cybersecurity, Data Strategy, Governance, IDManagement, Infrastructure, Investment Management, IT Portfolio Management, NEN, NGEN, NMCI, NNE, Spectrum, Strategy, Telecommunications, Wireless, Workforce
Figure 1. DON Information Superiority Vision Strategic Objectives and Assets aligned to SECNAV Strategic Priority – Capabilities – Elevate Information Management. DON CIO graphic