Department of the Navy Chief Information Officer Rob Foster said the chief mission of the DON CIO in writing information technology and cyber policy is to remove barriers to operations and enable the department’s warfighting mission through lightweight governance. He does this by ensuring he and his staff work closely with the two deputy CIOs, Vice Adm. Jan Tighe (Navy) and Brig. Gen. Dennis A. Crall (Marine Corps) and their staffs.
“The closer you keep things to the mission, the faster they get done,” Foster said.
Mr. Foster was selected as the DON CIO in June 2015. Aligned under the Deputy Under Secretary of the Navy (Management), Foster heads the Office of the DON CIO and is the DON’s senior official and advisor on matters related to information management (IM)/information technology (IT)/cyberspace, and information resources management (IRM). He develops strategies, policies, plans, standards, guidance and implements a secure and integrated DON enterprise architecture.
Foster is well-versed in both naval warfare and CIO responsibilities. He retired from the Navy in 2007 with 21 years of active service. He served as the Deputy CIO for the Department of Health and Human from 2013-2015. Foster also served as the Deputy CIO for the Department of Homeland Security, U.S. Immigration and Customs Enforcement from 2007-2013.
Mr. Foster demonstrates strong strategic leadership and a background firmly founded on delivering business value with technology. He draws from 21 years in the Navy where his experiences included IT operations, software development, cybersecurity, and process improvement in geographically diverse organizations. Additionally, he served as a warranted acquisition professional, global logistics expert, and program manager for major IT initiatives.
Foster said he considers his role as DON CIO to be “the pinnacle of his career” and leverages his relationships across the government to help solve the department’s tough IT/cyber problems.
Speaking at an AFCEA event Jan. 10, in Norfolk, Virginia, Foster kicked off his remarks with a video narrated by Chief of Naval Operations Adm. John Richardson’s explaining his Design for Maintaining Maritime Superiority.
The scope and scale of delivering secure IT/cyber solutions to a department as large as the DON in an era of dramatically complex threats can be staggering.
To illustrate the scope, scale and intricacy of department operations, Mr. Foster outlined a typical day in the DON:
• 272 deployable battle force ships
• 3,700+ operational aircraft
• 124 installations worldwide
• ~ 900,000 Active Duty, Ready Reserve, and Civilians (Navy & Marine Corps)
• DON Budget: $155.4 billion, FY17
• DON IT Budget: $8 billion, FY17 (may or may not include weapons systems IT)
Office of DON CIO Aligned to Deliver Secure IT/Cyberspace Solutions
Mr. Foster defined how the DON CIO team is tackling the toughest and most complex IT/cyber issues confronting the department today. He said about a year ago, the DON CIO office was realigned to better organize resources and give him better visibility into each of his responsibilities.
Foster enumerated the DON CIO’s primary roles with the corresponding statutory/regulatory authority:
- Senior Military Component Official for Privacy (5 USC § 552a, OMB-M-05-08, DoDD 5400.11DA&M Memo 7 Feb 2008)
- Senior Information Security Officer (FISMA, DoDI 8510.01)
- Chief Civil Liberties Officer (42 USC, Chap 21E, DoDI 1000.29)
- DON’s Senior IM, IT and IRM Official
- Component IT Functional Community Manager (NDAA 2011, DoDI 1400)
- Senior Agency Official for Records Management (Presidential Memo “Managing Government Records” 28 Nov 11 OMB M-12-18, DoDI 5015.02)
- Senior Freedom of Information Act (FOIA) Official (5 USC § 552)
In delivering sustained operationally effective, integrated, secure, and efficient IM/IT/cyberspace and IRM capacities, Foster explained his focus areas: cybersecurity; enterprise infrastructure; IT analysis and internal controls; privacy and information sharing; and strategic spectrum policy.
Under the realm of cybersecurity, the DON CIO team is working very hard to transition the department to the Risk Management Framework (RMF) from the DoD Information Assurance Certification and Accreditation Process (DIACAP)/ DoD Information Technology Security Certification and Accreditation Process (DITSCAP) security models, Foster explained.
“We’ve always had cost, schedule, performance — and security at the very end … RMF is not that different from the DIACAP/DITSCAP models and does not require significant funding to transition,” Foster said. “The Risk Management Framework builds in cybersecurity earlier in the process... It’s been said and proven that building security up front is less expensive than bolting it on later in the process.”
Another emphasis is on Cyberspace/IT Workforce Certifications. Foster said he is pushing for the workforce to become more robust and capable through advanced training.
Other focus areas under cybersecurity include the Cybersecurity Scorecard report to the Defense Department CIO and advancing mobility and cloud security solutions.
In concert with cloud computing, enterprise architecture, mobility and data center strategies are being constructed to ensure integration and scalability.
“We took a negative $2 billion-dollar wedge because we planned to consolidate more data centers but it didn’t happen as quickly as planned. Now a DoD team, along with all the Services, is conducting site inspections to see if they can assist in data center reduction,” Foster said.
IT Analysis & Internal Controls
For the last several years the DON CIO has been assisting the Assistant Secretary of the Navy (Financial Management and Comptroller) Office of Financial Management prepare for a financial audit. The team has used cybersecurity and the Risk Management Framework compliance as a means to secure the Navy’s 95 financial systems and advance audit readiness goals, Foster explained.
Using the synergy of the Financial Management Overlay and four critical internal security controls under the Risk Management Framework (Access Control, Configuration Management, Audit and Accountability, and Identification and Authentication) will improve the cybersecurity posture and financial data integrity of the Navy, Foster said.
Privacy & Information Sharing
Ensuring the privacy of the DON workforce continues to be a critical priority for the DON CIO team.
Pointing to the Office of Personnel Management data breaches, as well as those in the private sector, Mr. Foster said, “We have concluded that a cybersecurity incident can conversely cause a privacy breach; they are interrelated. We are working with, the Department of Defense, the Office of Management and Budget, and DON stakeholders to remove or reduce the use of Social Security numbers wherever we can.”
“It’s not a coincidence that the offices of the DON CIO cybersecurity and privacy leads are located next to each other; they work very closely together,” Foster said.
In addition to privacy, other responsibilities under this focus area include: knowledge management, records management, FOIA, and civil liberties.
Strategic Spectrum Policy
The DON CIO’s Strategic Spectrum Policy directorate participates in the International World Radiocommunication Conference, leads DON national spectrum governance, and manages the spectrum auction/relocation fund for the department.
In 2010 President Obama directed the Secretary of Commerce to work with the Federal Communications Commission (FCC) to make 500 megahertz (MHz) of federal and nonfederal spectrum available for commercial wireless broadband use within the next 10 years via a memo titled, "Unleashing the Wireless Broadband Revolution."
Recognizing the benefits that spectrum brings to the nation's economy, as well as the nation's security, the DON is supporting the Secretary of Commerce, through ongoing DoD efforts, to identify spectrum that may be made available to support the president's direction. The DON's efforts in this initiative are substantial.
Mr. Foster described another spectrum team success which allows broadband connectivity to be delivered to CONUS bases efficiently and much more quickly.
Prior to the proliferation of cellphone usage, communications equipment installed on DON installations was primarily owned and operated by the DON to support the mission, by local municipalities for emergency services, or by communications companies that connected a base to local and long distance telephone systems.
The Real Estate Director in the Office of the Assistant Secretary of the Navy for Energy, Installations and Environment and DON CIO led a DON working group, which included the Wireless Infrastructure Association, to speed the delivery of commercial broadband service to CONUS bases. The resulting coordinated process is designed to reduce the time required for commercial broadband deployment from up to five years to less than one.
“The attorneys worked together, and it turned out that changing the word ‘lease’ to ‘easement’ made all the difference to speeding up the process,” Foster said.
Consequently, in a June 2016 memo, "Streamlined Process for Commercial Broadband Deployment," Mr. Thomas W. Hicks, Deputy Under Secretary of the Navy (DUSN) for Management, issued guidance that streamlines the process for deployment and expansion of commercial broadband services on Navy and Marine Corps property.
Critical IT Enablers
Mr. Foster’s philosophy for enabling IT focuses on: lightweight governance; dynamic workforce management; budget flexibility; creative contracting; relationship management/industry outreach; balanced industry outreach; as-needed infrastructure (Infrastructure as a Service (IaaS)/Platform as a Service (PaaS)/ Software as a Service (SaaS)); and agile system delivery.
To promote innovation and empower the workforce, the DON CIO embraces lightweight governance by delegating decision authority; following customer-driven investment decisions; working on the most important things first; and supporting accountability and transparency.
Dynamic Workforce Management
Foster said hiring, training and retaining exceptional people and matching their talent to the challenges facing the department is an incentive to high-performing individuals. He also believes in rewarding employees and has increased the number of categories for the DON IM/IT Excellence Awards to recognize the contributions of the DON workforce.
Budget Flexibility and Creative Contracting
The DON IT budget is tied to the department’s warfighting mission, Foster explained. Through portfolio planning, multi-year sequencing of capabilities, flexible funding, creative contracting and closely working with the department’s chief financial officer, the DON CIO can help deliver cyber/IT solutions more efficiently and at less cost. Examples of creative contracting include awarding “just in time” contracts and buying capability in small, iterative chunks.
“We need to deconstruct the budget process. Contracts have to be fast and fluid,” Foster said.
Mature Customer Relationship Management
It is important for the DON CIO to understand a customer’s mission. As an example, the DON CIO has embedded a team to help investigate cloud computing solutions with the Program Executive Office for Enterprise Information Systems (PEO EIS) for the Next Generation Enterprise Network (NGEN) contract, Foster explained.
Capturing customer requirements through visualization and pilots assists the DON CIO in developing policies and strategies. “I am a big proponent of prototyping,” Foster explained.
Balanced Industry Outreach
To create better contracting solutions and better implement industry best practices, the DON CIO is developing business-focused industry partners, Foster said. “I frequently engage with industry and find it to be a valuable learning experience. We need to dispel the myths that prevent customers and contracting officials from engaging with industry partners.”
As-Needed Infrastructure/Agile System Delivery
The department needs to better understand the different models, or “buy it by the drink” technologies of IaaS, PaaS and SaaS and agile lifecycles, Foster explained.
The DON CIO has empowered customer/technical teams to explore options for the department using these different delivery models and applying light technologies. “I’m a big fan of agile development,” Foster said.
To further reduce cyber/IT costs and simplify procurement practices, Foster explained that he envisions the government acting as the systems integrator for IT systems and purchasing capabilities in “bite-size” pieces rather than “big bang” buys which have been favored in the past.
Each of the critical enablers is dependent on strong relationships and collaboration across the government, Defense Department, and with industry and academia, Foster said.
How Can You Help?
Mr. Foster encouraged industry ideas in solving the DON’s pressing IT/cyberspace challenges. He advised industry to get to know the DON’s IM/IT needs by visiting the DON CIO website: www.doncio.navy.mil and the full collection of DON websites: www.navy.mil/links/alpha.asp.
“Often technology companies will talk to me about great new products, but they don’t understand the scope and scale of the department. I ask them: Will your technology scale to 900,000 users and 124 installations worldwide? Their answer is, ‘I’ll have to get back to you,’” Foster said.
The DON CIO urged industry representatives to explore the Office of Small Business Programs (OSBP) website (http://www.secnav.navy.mil/smallbusiness/pages/index.aspx) to understand the DON’s 10 purchasing commands and to reach out to DON small business professionals before approaching a technical customer.
DON IT East Coast Conference
The DON CIO concluded his remarks with an invitation to attend the DON IT East Coast Conference to be held May 16-18, 2017, at the Hilton Norfolk The Main. The DON CIO will be energetically publicizing the advantages of attending the DON IT East Coast Conference to local commands, including Marine Corps units at Camp Lejuene and Cherry Point, he said.
“I would like the East Coast conference to become big, robust and permanently located in Norfolk, close to the fleet,” Foster said. “It’s important to have the military-to-industry conversation with the right people and thanks to AFCEA we have been able to do that.”
A popular event at each DON IT Conference is a town hall meeting with Mr. Foster, Vice Adm. Tighe and Brig. Gen. Crall, in which they explain the DON’s and Service-specific IT/cyberspace strategies and requirements with candid audience participation.
At the DON IT Conferences attendees are also able to meet members of the DON CIO team and attend briefs hosted by subject matter experts. Additionally, the annual DON IM/IT Excellence awards are presented to individuals and teams comprised of Navy and Marine Corps professionals.
Awards will be presented in the following categories:
- DON IM/IT Excellence Awards (Individual and Team awards)
- John J. Lussier Electromagnetic Spectrum Award
- DON Cyberspace/IT Person of the Year Award
- DON Cyberspace/IT Rising Star of the Year Award
- Information System Security Manager (ISSM)/Information System Security Officer (ISSO) of the Year Award
- Privacy Program Excellence Award
- Freedom of Information Act (FOIA) Program Excellence Award
The DON CIO communicates in a number of outreach efforts and media channels, including the DON’s IT magazine: CHIPS. Each edition of CHIPS contains the recurring columns, “A Message from the DON CIO,” “Full Spectrum” and “Lessons Learned from the DON Privacy Team.”
Register NOW for the DON IT East and West Coast Conferences
Feb. 21-23, 2017, at the San Diego Convention Center
111 W. Harbor Drive, San Diego, CA 92101
Collocated with AFCEA West
May 16-18, 2017, Hilton Norfolk The Main
Collocated with AFCEA Hampton Roads Maritime Mission East Conference & Exhibition
For additional information and to register, visit the DON CIO website at: www.doncio.navy.mil/.