As the DON CIO, Mr. Halvorsen heads the Office of the DON CIO and is the DON's senior official and adviser on matters related to information management (IM), information technology (IT)/cyberspace (including National Security Systems) and information resources management (IRM). Mr. Halvorsen has oversight for the IM function within the Office of the Secretary of the Navy, Chief of Naval Operations, and Headquarters Marine Corps. He develops strategies, policies, plans, architectures, standards and guidance, and provides process transformation support for the entire Department of the Navy. Additionally, he ensures that the development and acquisition of IT systems are interoperable and consistent with the department's objectives and vision. Mr. Halvorsen also serves as the department's Cyber/IT Workforce Community Leader, Critical Infrastructure Assurance Officer and the Senior Military Component Official for Privacy.
Prior to becoming the DON CIO, Mr. Halvorsen was the Deputy Commander, Navy Cyber Forces. He began serving in this position in January 2010 as part of the Navy cyber reorganization. Previous to this, Mr. Halvorsen served as the Deputy Commander, Naval Network Warfare Command. He was responsible for providing leadership for more than 16,000 military and civilian personnel and supporting over 300 ships and approximately 800,000 computer network users, all globally dispersed. In this position he was responsible for the business performance of Navy network operations, space operations, information operations and knowledge management. Mr. Halvorsen was directly involved in establishing governance structure, processes and mechanisms to optimize more than $8 billion in Navy resources.
CHIPS asked Mr. Halvorsen to talk about his experience and job as the new DON CIO.
CHIPS: Your responsibilities as the deputy commander of Navy Cyber Forces, U.S. Fleet Forces deputy ACOS, and deputy commander for NETWARCOM hold similarities with your new responsibilities as DON CIO. You are also a Reserve Army officer, so you have experience as an operational commander. Can you talk about the unique insights and experience you bring to the DON CIO position?
HALVORSEN: The insight and experience I bring to the position is that I am familiar with the challenges encountered in the operational world outside the Beltway. I know that some of the applications we give our Sailors and Marines to use don’t quite do the job, especially in their bandwidth-constrained environments. It is really challenging in the afloat and expeditionary environments.
As deputy commander at Navy Cyber Forces and Naval Network Warfare Command, I was directly involved in initiatives to improve cybersecurity by eliminating or moving systems onto better protected networks. So I also bring to the table an understanding of the operational challenges of ensuring cybersecurity in the DON.
CHIPS: What are your thoughts as you move from an operational environment to a largely policy and guidance role as the DON CIO?
HALVORSEN: Before answering this question, I want to emphasize that the role of the DON CIO is more than 'policy and guidance.' A key function of the DON CIO is to operationalize (not to operate) the IM/IT/Cyber Strategy for the department and then to use policy, guidance, and other mechanisms to guide the department toward achieving the goals and objectives associated with these strategies. As the DON CIO, my focus is on the 'DON Enterprise.' We have to keep the entire enterprise in mind in all we do, while also keeping in mind the realities of our limited resources.
From my experience in moving from the operational environment to the DON CIO, I realize we have to keep the warfighter in mind as we write policy. I just mentioned some of the challenges faced by our warfighters. Our IT policies and strategies must consider all of these challenges, and we must write them to be understood and implemented at the operational level.
One of the things I told my team of DON CIO directors during our first meeting together was that I would ask two questions when writing new policy: how is it helping the customers at all levels and how do you operationalize it?
CHIPS: The DON CIO has a broad portfolio of responsibilities: assuring DON access to the electromagnetic spectrum; enterprise architecture; Clinger-Cohen Act Compliance; the IT investment strategy; critical infrastructure protection; and DON privacy and civil liberties officer, to just name a few. Have you developed a 90-day plan or do you have any immediate concerns for quick resolution — and a long-term vision?
HALVORSEN: Yes, we have a broad portfolio, but we must narrow our focus for some quick wins. We are working on a 100-day plan while we are in the process of strategic planning with the Navy and Marine Corps Deputy CIOs and the service operational commanders. We are in the early stages of planning, but I can tell you that we will focus on DON IT efficiencies — becoming more effective and efficient as a department in information management and IT/cyberspace procurement and business processes. The Office of the Secretary of Defense and the SECNAV are serious about becoming more efficient in the way we do business, and we have identified some key tasks related to IT efficiencies within the department. We will also focus on the IT workforce and of course, our networks. We will not stop working the other initiatives we are responsible for, but I believe we should focus our effort on these areas in the near term to bring long-term results that benefit the entire department.
CHIPS: You have held numerous positions in the training and education community, and you were one of the principal architects of the Navy's reengineering efforts that resulted in the pivotal Revolution in Training. What opportunities exist for the cyber/IT workforce in training, education and development and for those looking to enter into government service in the DON?
HALVORSEN: There are a multitude of training and education opportunities and many of them revolve around e-learning. Within the government, e-learning systems are available to our workforce, there are approximately 3,000 training courses. Topics range from engineering to business to IT and technical management courses. While the department must continue to embrace e-learning, it must also be improved to better support our customers. E-learning, supplemented by sound exercises and simulations, is a critical element to the training of our cyber/IT workforce.
Within the last three years both the Navy and Marine Corps Information Systems Technician and command, control, computers and communications schoolhouses have revamped their curriculum. They now include Information Assurance and commercial IT-related certifications — some of the same certifications that are sought after in commercial industry. We are standardizing our military, civilian and contractor training through baseline commercial certifications.
We have training and education initiatives underway to strengthen and broaden the cybersecurity workforce. For those looking to enter the government, the Navy and Marine Corps have instituted recruiting incentives for highly skilled individuals, scholarship programs and internships. For example, Schedule A hiring authority was put into effect through December 2012 (www.public.navy.mil/donhr/Employment/CivJobOpps/Pages/CyberSecuritySchedA.aspx) to allow the department to quickly hire more than 1,000 cybersecurity professionals. The Information Assurance Scholarship Program pays for master's and doctorate degrees in IA-related fields, and there are internships available for college students. All of these training, education and development initiatives have been developed to make our IT workforce capable of handling the challenges of supporting our warfighting mission, and we want those interested in government service to know about them.
CHIPS: What do you see as the DON's biggest cybersecurity challenges right now?
HALVORSEN: The threat to our networks is sophisticated, organized and dynamic, and our resources are limited. Since there is a greater demand today for information sharing, our biggest challenge is to maintain the security and effectiveness of our networks while enabling appropriate access. And we must do this while reducing cost. We must have qualified people and clear, well-coordinated priorities. Everyone who touches a computer is part of the cybersecurity workforce. Knowing the basics of how to operate safely in the Web environment is everyone's responsibility. Doing the basics: keeping virus scan updated, not connecting unauthorized devices, reporting when you get a suspicious e-mail; all of these can make us more secure but it requires all of us to participate.
Our Navy Marine Corps Intranet has served us well in the area of cybersecurity. Many of us have short memories, but I remember the cyber attacks that affected our networks before NMCI. Since deploying NMCI across our shore-based users in the United States, Japan and Hawaii, successful cyber attacks that disrupt our networks have dropped to zero. NMCI is the largest intranet in the world serving 700,000 users and supporting 124,000,000 browser transactions per day. NMCI is second in size only to the Internet.
NMCI made our network more robust and able to withstand attacks, and we will continue to make that a requirement as we focus on advancing the Next Generation Enterprise Network and Naval Networking Environment. Our goal is to provide an interoperable enterprise environment that is standardized and enables secure access to data and services across the DON.
CHIPS: One of your roles as the DON CIO is the Senior Military Component Official for Privacy. You are responsible for privacy program oversight and policy. What are your thoughts about this program remaining under the DON CIO?
HALVORSEN: The DON CIO was appointed the Senior Military Component Official for Privacy for the DON in October 2009. The visibility and challenges of this function are significant and well suited to remain within the DON CIO. Making the CIO responsible for privacy seems to be the inclination across the federal government because in 17 of the 27 federal agencies, the CIO has oversight of the privacy function.
The bulk of personally identifiable information (PII), which is the number one privacy concern, is collected, displayed, transmitted and stored via electronic means vice hard copy, and that trend is growing. The DON CIO has been aggressive in implementing the means to protect PII. Last year the DON CIO took initiatives to protect the broader category of 'sensitive' information on our mobile devices by employing encryption of data at rest (DAR). This has significantly improved the protection of that privacy sensitive data. The DON CIO has also taken numerous steps to drive down both the number of incidents and the number of personnel impacted over the past year, and we will continue implementing corrective action through policy changes. We will be emphasizing accountability. This isn't new to anyone; the education and training are in place. We need to raise the level of personal accountability in this area.
CHIPS: At Naval Network Warfare Command, you led the Navy's Cyber Asset Reduction and Security initiative, which identified more than 1,200 networks as vulnerable to cyber attack. As a result, 828 of the networks were eliminated to save $20 million and significantly improve security. The CARS effort is part of the Navy's larger effort to implement the Naval Networking Environment. Can you talk about NNE progress?
HALVORSEN: We are on pace with the Secretary's timeline of publishing an overarching NNE strategy document to align the governance, administration, operation, investment and acquisition of DON IM, IT/cyberspace and IRM resources and assets. Additionally, the services are on pace to align with NNE efforts.
The Navy's Convergence to a Single Network (CSN) initiative supports its Information Dominance Vision (published May 2010) of a single unified information environment. The Marine Corps Enterprise Network (MCEN) remains the Corps’ general service, common user network environment enabling MAGTF C2 (Marine Air-Ground Task Force command and control), business, intelligence, and enterprise services systems, applications and users.
Together, the NNE shall become the Department of the Navy's net-centric environment that securely, effectively and efficiently leverages the full range of information resources. Once the NNE strategy is published, we will begin development of supporting strategies that will leverage Navy, Marine Corps and Secretariat level stakeholder participation to achieve the necessary changes and desired outcomes.
CHIPS: SECDEF has proposed significant changes to the DoD organizational structure and processes to reduce redundancies and ensure that essential national security programs are sustained. Do you have any plans to revamp processes or realign resources within the office of the DON CIO?
HALVORSEN: I don't know yet; we are going to look at everything we do in the DON CIO, and we will make changes and realign resources where necessary. For example, I think some teams that are operating separately would be more effective if they came together under one team. Their work crosses over into each other's areas, so I hope to leverage that and help them work together better.
Coming in as an 'outsider' to the DON CIO, I realize that people don't quite understand our organization chart and the functions of each team. I hope to improve communications about the organization so that people outside will know who to go to for help in different areas. I also want to establish measures and metrics that ensure the DON CIO is providing value to the department and the services.
CHIPS: Decision speed is more important than ever. What are your thoughts about the delicate balance between the need to share information and collaborate with the need for security?
HALVORSEN: The reality is that we live in an environment where we have to be able to collaborate within and outside DoD, and do so securely. So it's not one or the other — the need to share or the need for security — it is a need for secure, balanced information sharing. A great example of this that we've been involved in is the North Chicago Veterans Affairs Medical Center. It will be the first fully integrated federal health care center between VA and DoD.
So, we are working with them to achieve interoperability of all our IT systems in the area. A VA employee should be able to securely access the Navy system when needed, and likewise, Navy personnel should be able to securely access the VA system when needed. They are working together so we are making sure they can truly work together — sharing the information needed in their IT systems. In the DoD we go places that are dangerous, we take prudent risks, establish standard operating procedures, and we execute. Cyberspace is another environment we must operate in to be successful.
CHIPS: Do you see the value in social media or Web 2.0 tools, and do you plan to blog?
HALVORSEN: I see the value in social media/Web 2.0 tools and I encourage the department to continue to leverage technologies associated with them where it makes sense to do so. These tools enable effective collaboration, at a low or no cost to implement, across a broad spectrum of individuals from the DON, DoD and federal government. That being said, I do not plan to blog. There are many ways for me to get my message out, CHIPS magazine being one of them.
For those who liked the back and forth exchange that the blog allowed, we have a site that was set up to encourage this type of exchange but in a secure environment that is behind the DON firewall. There are many people in the DON with good ideas and information to share. And this site, called the Pulse, is a place where they can do that. I caution that in using social media, we must be mindful of the inherent security risks they may pose. There are some applications where, with careful use, social media is the right media for communication and collaboration. For more in-depth information exchange about the work we are focusing on, I prefer that the DON CIO err on the side of caution and use social media applications that are protected by the DoD public key infrastructure. I am [also] looking at other ways to communicate more directly with the public.
|DON CIO RESPONSIBILITIES|
• Reports directly to the Secretary of the Navy (SECNAV ).
• Heads the office of the DON CIO.
• Is the DON's senior information management, information technology (including National Security Systems), and information resources management (IRM) official.
• Serves as the department's principal adviser on IM/IT and IRM matters.
• Is responsible for IM/IT and IRM matters.
• Has oversight for the IM function within the Office of the SECNAV, the Chief of Naval Operations and Headquarters Marine Corps.
• Carries out the IM/IT responsibilities and duties set forth in Title 10, 40 and 44, U.S. Code.
• Provides oversight of strategic planning for all information and IT management functions.
• Provides oversight for IT capital planning and investment management.
• Provides oversight of compliance for protecting information and systems.
• Provides oversight of the process of developing and maintaining the DON enterprise architecture and assesses compliance with DoD and federal interoperability standards.
• Develops DON-wide IM/IT policy, standards and guidance.
• Provides oversight of DON IM/IT compliance with applicable statutes, regulations, policy and guidance.
• Ensures that DON IT complies with government and DoD standards and is interoperable with other relevant IT systems.
• Serves as the DON Critical Infrastructure Assurance Officer (CIAO), responsible for all aspects of the Department's Critical Infrastructure Protection program, including both physical and cyber assets.
• Serves as the Senior Military Component Official for Privacy.
• Promotes the effective and efficient design and operation of all major IRM processes, including improvement to DON work processes.
• Serves as the Community Leader for the DON Cyber/IT Workforce and develops Cyber/IT workforce policies, plans and guidance, in coordination with the Assistant Secretary of the Navy (Manpower and Reserve Affairs), as appropriate, to ensure that the DON has sufficiently trained personnel in IM/IT competencies.