Mr. Robert J. Carey serves as the Department of Defense Principal Deputy Chief Information Officer. Selected to this position after a brief tour as Director of Strategy and Policy for the U.S. Fleet Cyber Command/U.S. 10th Fleet his principal roles are to help lead the consolidation of the DoD information technology enterprise, as well as align, strengthen and manage the office of the DoD CIO to better serve the department’s mission. From November 2006 to September 2010 he served as the fifth Department of the Navy (DON) Chief Information Officer where he championed transformation, enterprise services, the use of the Internet and information security. In his new role, he will also help strengthen the enterprise architecture, network and information security and help lead the IT workforce into the 21st century.
Mr. Carey entered the Senior Executive Service in June 2003 as the DON Deputy Chief information Officer (Policy and Integration) and was responsible for leading the DON CIO staff in developing strategies for achieving IM/IT enterprise integration across the department.
Mr. Carey is an active member of the U.S. Navy Reserve and currently holds the rank of captain in the Civil Engineer Corps. He was recalled to active duty for Operation Desert Shield/Storm and
Operation Iraqi Freedom, where, in 2006-2007, he served in the Al Anbar province with I Marine Expeditionary Force. For more information about Mr. Carey, visit: https://cio.gov/author/robert-j-carey/.
CHIPS caught up with Mr. Carey at an AFCEA Hampton Roads event July 10, 2012, where he talked about the steps or “big rocks” of implementing the Joint Information Environment or JIE. The initial focus efforts that are underway across the DoD include: network normalization, data center consolidation, identity and access management and enterprise services.
Q: The primary goals of the DoD’s IT Modernization Strategy are: to consolidate infrastructure, streamline processes and strengthen the workforce. Do you see these changes occurring simultaneously?
A: The consolidation, standardization, homogenization [of the network environment], raising the security, changing the processes to be more efficient and effective, and then having the workforce able to do that [work] are not happening completely at the same time. The actual design of the network has to occur first to enable the security protocols to be designed in. We’ll then have the basis for what the workforce needs to know to operate in the new state. So we are lagging the design just a little bit.
But it [the design] needs to come first so that the heavy lifting of the thinking through this new network architecture can be done. It will drive other governance and procedural changes on how we care and feed and optimize the network and provision it. Then what do the people that operate and run the network today have to do differently? And more importantly, what will the users do differently? Enabling the user experience is one of the things that I was pushing in the Navy [as DON CIO]. It will not be the same as it is now in 2015, 2016 [or] 2017. One will ask: How will I train to operate the network differently?
Q: You said the network, are you talking about the JIE, the Joint Information Environment,
or the GIG, Global Information Grid?
A: From my perspective, you will see the JIE term taking a greater hold, and the GIG term used less and less. The GIG was meant to describe the overarching continuity of DoD network topologies. JIE is the network environment that includes all IT infrastructure assets to include space assets, undersea assets, and the terrestrial components … the entire network environment.
Q: Beyond just a reduction in data centers and facilities, what is the end state that you are
looking for under the departmentwide Data Center Consolidation effort?
A: The term I use is that it is more of an optimization. Today, we have excess
computing capacity, and we need to eliminate that because it costs money and we get no benefit for it. We need to standardize and homogenize the network environment so that secure network information access can be achieved.
Additionally, we are working to optimize applications and further push for enterprise services as a method to achieve efficiencies and desired service delivery levels. Now that is not to say that we will go to a single network right away — once a threat is in, it’s in [and could take down the network]. We will go to a methodology by which defense in-depth and defense in-breadth are used to protect data that is accessed by identity.
So now I can’t do a search on the entire dot-mil for information I might require to do my job … but we need to be able to afford information access to authorized users wherever they may be. I believe in the future we will be able to do that, and the most important feature of that function will be can a warfighter deployed downrange in Djibouti or Kabul — can they look for information in the entire JIE, find it, access it, conduct a transaction or render a decision and feed it into the boss in real time with whatever devices they have — that’s the goal that we have. So this standardization
and this common JIE environment is the only way we know to get that done.
Q: You talked about (Commander, U.S. Cyber Command, Director, National Security Agency/Chief, Central Security Service) Gen. Keith Alexander’s inability to see inside the network which makes defending it more difficult. Will transparency inside the network be part of the end state you are looking for in the JIE concept?
A: Absolutely. United States Cyber Command (USCC ) has the challenging and unenviable job of defending [DoD’s] hundreds of network environments and enclaves that are built ever so slightly differently. Until we stratify that [complexity of networks] a good deal, affording USCC the ability to defend it and protect it and close off something that is being attacked or shut it down, we’re going to be at risk. We are running and defending our networks; we are supporting the warfighter but we’re running it at risk to mission. This really affords us the ability to lower the risk and improve the protection of our information.
Because when we look at a computer today, whether you are downrange or you’re here [stateside], you trust whatever is on that screen, you just do. Information shows up; it’s good. But do you really, really trust it? The answer is yes, we do. But if you know about the threat you could see how that might be erroneous to do that in the future. So we need to be able to better protect, we need to better afford Gen. Alexander and the component cyber commanders [Fleet Cyber Command, Marine Forces Cyber Command, Army Cyber Command and 24th Air Force] the ability to more simply protect and more effectively protect the networks.
Q: Will the enterprise architecture you talked about get us there?
A: Yes. The JIE enterprise architecture will drive structural changes in the network. The reduced number of data centers and nodes that are on what is today the DISN (Defense Information System Network), the backbone, will start creating a standardized environment so that I can, in fact, protect it better, access it better and operate it more efficiently.
Q: You talked about enabling agile IT; do you think DoD will need better acquisition models
to get to the end state of standardized networks? Will it include tactical IT as well as business IT systems?
A: I think it has to. We all recognize that as we change the network architecture to a more standardized design and start to build the JIE, I see us as having to become more agile, and agile is a term within acquisition to do things in smaller more orderly, bite-sized chunks. Similarly, the budget process has to change because today we are ‘POM-ing’ or budgeting, (Program Objective Memorandum) for things starting the end of July 2012 to figure out what we are going to do in FY15.
In IT years, FY15 is eons from now. Only a few companies are even looking that far, but we’re now attempting to plan with certainty and estimate the cost of the things we want to do two and a half years from now. So both the budget process and the acquisition process have to be reconciled to this more homogenous network architecture to allow us to solve real-time problems in cyberspace.
When we deployed HBSS (Host Based Security System), for example, HBSS was an unfunded requirement and there was a lot of money that we pulled out of things that we programmed for to fund HBSS. That being said, acquiring HBSS went slower than we thought because we tend to tell our program managers to drive out risk — not necessarily to manage risk.
Similarly, we train contracting officers and IT attorneys to avoid risk, so those functions need to be reconciled and brought into the future state, whether it is IT systems, purchases of infrastructure
or enterprise licensing agreements. We have to approach it differently than we do today; all of those are underway, but they are not done. Some of the process changes can occur independently of the end state, but some will be linked to the end state as well.
Q: In your presentation you talked about the budget crisis being a catalyst for change because people are willing to consider ideas that they would not entertain when they had money. Do you foresee that budget problems could require DoD approval for IT purchases, maybe the Under Secretary of Defense for Acquisition, Technology and Logistics or the CIO would say, "You can’t buy that — it doesn’t fit within the DoD network."
A: Yes. Let me say this: I see the architecture and standards being produced for the transport layer and flagship data centers for the DoD, the ones that will become the core data centers for the Department of Defense, the backbone of computing, those standards will be promulgated. So if you have a data center that you want to retain connected to the JIE, and you start buying something that isn’t consistent with that architecture, it will not be connected. So yes, I imagine at some point in time somebody has the ability to say, 'You cannot buy that, but you can buy this.'
Q: The Navy is doing that right now with its Information Technology Expenditure Approval
Authority, but tactical systems are exempt for now. Do you think that in the future IT approval for the DoD will include warfighting systems?
A: It has to because the C2 systems and the sensor systems that utilize the JIE, or in today’s terms, the GIG, have to run within the GIG — not run around it, including the business systems. So for all these systems, we do not want a system to invent or build its own infrastructure; it has to be built to ride within the confines of this architecture [JIE].
Q: You mentioned that probably not every mobile device will be approved for use within the DoD security domain due to the risks associated with some of the devices, but what do you think will be the outcome of the DoD’s Mobile Device Strategy?
A: [Former DON CIOs] Dave Wennergen and I, and even back to Dan Porter’s
days, we imagined the term ‘nomadic workforce.’ We never worried about where a member of the workforce was located but that they are 'connected.' In the grand scheme of operating inside the Beltway, the last thing we want is to waste an hour of somebody’s time coming to a facility just to have his warm body there when, in fact, he could do everything he needs to do from somewhere else. I think mobility changes that communications paradigm that exists in DoD today. It’s beyond telework; people tend to associate mobility with telework. It’s really about: Can I access information
to render either a transaction or decision in support of a higher objective, and can I do that securely and at will?
These devices, the tablets and some of the smart phones today present a very close approximation of a laptop and its functionality. So how do we take advantage of these different form factors to perform functions? Another thing that is maybe even more important is the app store construct which presents a way [for DoD] to invent a process to solve a problem engaging data from a handheld device and a lite app.
Many of the lite apps that you download to your smart phone have a full-blown application or website somewhere else. [Use of lite] apps has enabled us to solve problems faster, cheaper and more efficiently than before, for example, than perhaps paying a vendor to build some heavy application. I can harness the workforce’s ability and industry’s ability to innovate and build tools that I didn’t have before. I like to refer to mobility as a 'platform of innovation.' It is really critical that I unleash this intellectual prowess of the Department of Defense in support of problems I don’t know I have yet. That’s the cool thing.
Q: Can you point to any of the successes of the modernization plan?
A: The data centers are being identified and consolidated. Part of that is due to the fact that OMB (Office of Management and Budget) is pushing it hard, and we are pushing it hard. We are making significant progress. Applications are being, you can pick your word: normalized, rationalized, reduced. Identity management was a far off goal, like a planet, 10 years ago. People now realize the connection to identity, to data, to security, and then using identity credentials to reduce anonymity from the network.
We’ve started the standardization of the network; we’ve identified duplicative applications and eliminated many. We’ve developed a way ahead for mobility and initiated the roll out of PKI for the
SIPRNET. We have begun the development of data standards, reduced the overcapacity that we have, and lastly, we’ve reduced the application stack. Now we are able to operate more efficiently
than in the past. As I said in the talk today,the budget is going to be the catalyst of change for us. We are living within our means and providing information to the warfighter when he or she needs it with whatever device and location.
Structural changes are taking root in all four services and the fourth estate (DoD agencies) in such a way that we will build off it and continue the new activities into 2015, ‘16 and ‘17 and continue on the journey to deliver the JIE. We are making tangible successes. Now that we briefed
our way ahead, we believe we have a tremendous amount of support from the Secretary [of Defense] and Deputy Secretary as well as the Chairman and Vice Chairman [of the Joint Chiefs].
We will be held accountable. Every service and agency will have to report what they have done, [for example], how many SIPR PKI tokens rolled out, and data centers and networks eliminated. There is a point in time where will be at our destination ... but that is a few years away. Now the question is: Is that sufficient or do we keep going? Every military department has taken money out of the budget so they have no choice but to get to this new efficient operating state.
Q: Is there anything else you would like to talk about?
A: We live in very exciting times. It has been very enlightening for me, while the Department of the Navy is a department of two services, now to help make a difference for all four services and the DoD. There are both challenges and opportunities that exist. The catalyst of change has become the budget, as resources become scarcer, we’ll be challenged to make this transition. We will never really be done because we are always maturing the network infrastructure but this is exciting because if we had the money that we did even a few years ago, we wouldn’t be working on this [IT Modernization Strategy]. So now we are working on some great things because we can’t afford to fund the status quo.
Q: Under Secretary of the Navy Robert Work said this is a time when good ideas matter.
A: Absolutely. Secretary Work knows that bringing ideas to the fore is vital to the department’s success. There is no dearth of ideas, ones that are thought through in the context of the problem, the budget, and the payoff in terms of a business case, those are the ones we need to wrestle to the ground. When money is tight, people are willing to do things that they weren’t willing to do when they had money.
We are excited because this is the first time we have a solid partnership with each of the services to help build this future state. This is not a top-down dictate; this is a complete team effort with the Joint Staff. Frankly, if the Chairman and Vice Chairman were not in support of this or their IT advisers, the J6, Maj. Gen. Mark Bowman, and Marty Westphal, (assistant deputy director and chair for C4/cyberspace functional capabilities board, J8), it would be hard to push this thing. The ideas are coming and questions I get asked turn into ideas. I just had one today. We want the hard questions.
Q: I’ve been reading about the Army’s progress with enterprise email.
A: Yes, it is coming. We are testing the validity of our model for delivery of an
enterprise service, but our team at DISA (Defense Information Systems Agency) is well on their way to success. We have the Army, Air Force and Joint Staff, and the COCOMs (combatant commands) are on board, and [we] will bring aboard the Navy and Marine Corps last.
For more information about the DoD CIO, visit: http://dodcio.defense.gov/.