Mr. Terry Halvorsen is the Department of the Navy Chief Information Officer (DON CIO). Shortly after being named DON CIO in November 2010, Mr. Halvorsen was designated the department’s IT/Cyberspace Efficiency Lead. As such, his focus is on improving the way the department manages business IT with the end goal of identifying and implementing opportunities for greater operational efficiencies and effectiveness to deliver increased cost savings.
Prior to Mr. Halvorsen’s appointment to DON CIO, he served as the Deputy Commander, Navy Cyber Forces, from January to November 2010. Before that, he was Deputy Commander, Naval Network Warfare Command.
Mr. Halvorsen responded to questions regarding the Department of the Navy’s ongoing efforts to achieve improvements in business IT efficiencies in December at the Pentagon.
Q: Under Secretary of the Navy Robert Work’s directive to save $2 billion in business IT spending was a huge undertaking. How would you evaluate the success of the efforts so far?
A. Progress has been good. We still have a couple of things to work, such as how the department tracks dollars so that they actually come from the right places. And, we still have some work to do with data center consolidation to get that moving at a quicker pace. Overall, the numbers we have seen are right at what we predicted for 2012 and 2013. I’m very confident we will get to where we want to be.
Q: How do you think the workforce is responding to all the policy changes?
A. I think most of the workforce recognizes that we have to take cuts across the board given the financial challenges that face the department. They do believe the business side is the right place to find those efficiencies in order to protect operational dollars for Sailors and Marines. By protecting those dollars, we can invest in the equipment and training they need.
Q: I noticed that you’ve issued policy jointly, for example, with the Assistant Secretary of the Navy for Research, Development and Acquisition; Assistant Secretary of the Navy (Financial Management and Comptroller); and the Deputy Chief of Naval Operations for Information Dominance (OPNAV N2/N6). We rarely see jointly signed IT policy memos. Can you explain why we are seeing this trend?
A. I’m glad you asked, and I hope this change is recognized across the department. We are a big bureaucracy, and big bureaucracies respond better when their senior stakeholders are involved. So if I issue a policy from the DON CIO, other parts of the organization may see it as something that pertains only to IT people and don’t see the importance or relevance to them. But when their own senior leaders sign a document, they see the seriousness of it and it does influence the outcome.
In the past, we all wrote policies, but the fact that they were not signed by all the key stakeholders may have led some people to believe there was misalignment. In jointly signing policy memos, we want everyone to understand that there is complete alignment between the finance groups, the acquisition group, the management team under (Deputy Under Secretary) Eric Fanning, the service teams and the DON CIO. Feedback I have received on the memos has led me to believe we have sent the right message, and we will continue to issue policy memos jointly.
Q: Besides implementing new policies or revising current ones, what innovations are being
considered by the DON to achieve its goal of saving $2 billion over the next five years? Have the policies sparked innovation or stifled it?
A. I think the drive to be more efficient has certainly helped us look at different ways to do things. It might not be obvious in that we didn’t buy a brand new technology. Changing technology is only part of the equation. What we have done is refine our IT processes to make them more effective. The focus on budget reductions has made us more accepting of ideas that, in the past, we may have thought too extreme to consider. The next step will be a more fundamental change to the way we do business and the way we act as a business. For example, does the Department of the Navy need to be in the data storage business and run its own data centers? Or could we turn unclassified data storage over to the commercial sector at a much lower cost yet continue to have oversight?
We should be sharing processes within the Navy and Marine Corps, and at the DON level, DoD level, and maybe with the other services. We know that similar communities have different processes for similar work. We are going to have to learn to share and standardize processes, which helps reduce costs.
Q: I noticed that you have a process for business case analysis, and you have asked the
workforce to contribute suggestions. Have any good ideas bubbled up?
A. Yes, and we are still evaluating some of those ideas. For instance, ways to reduce printing costs have been developed through a combination of some of the DON policy work and input from the field.
Most people think we are just going to reduce paper use but it is more than that. It is a fundamental change to transmitting, moving and displaying data. For example, we are here in the CHINFO conference room where there is a nice big LED screen. If I were giving a brief, why would I provide printed copies of the brief? Why not display the brief on the screen and give everyone a tablet to take notes? Or better yet, change policy so that they can bring their own tablet PCs and take notes electronically, which is less expensive and moves data faster.
Ideas from the field involve expanding savings by reducing printers and fax lines. We want to get away from faxing since it is one of the most non-secure ways of transmitting data. Most people don’t have faxes on their desk, so documents just wait in a queue somewhere for pick up. It is hard to verify who takes possession of the document.
A digitally signed electronic document is more secure and it moves faster. The Department of the Navy JAG (Judge Advocate General) and OGC (Office of the General Counsel) have led the way to
make digitally signed documents legally binding. In addition, it saves money and is more energy efficient, which supports Secretary Mabus’ policy that the department should be as green as possible
without negatively affecting the mission.
We have had some great comments from the field about using multifunction devices that print, copy, scan and fax. The good news is that we are also getting great support from senior leadership who has been willing to give up their own printers and walk the extra steps or look at data on the screen. From a business standpoint, printing hard copies costs money, so getting away from printing
and doing everything electronically would be a big savings but it is a huge change. Some of the changes involve pushing these cultural boundaries.
Part of this fundamental change is the way we think about data. In addition to all the dynamics surrounding printing, Commander, Navy Installations Command (CNIC) has some interesting suggestions for saving energy using computers to monitor room temperature and turn lights on and off when people go in and out of a room. Some commands are already doing this. In fact, the lights in my Pentagon office go off automatically at 6:00 p.m. After they go off, I have to turn them back on, but they only stay on for two hours at a time so they will never burn all night. We could do this on an enterprise scale. These are just a few of the great ideas from the field; we are very happy about that and encourage people to keep thinking of new ideas.
Q: Can you discuss the scope of these two policies: Information Technology Expenditure
Approval Authorities (ITEAA) (www.doncio.navy.mil/contentview.aspx?id=2538) and Achieving Measurable Efficiencies Through Data Center Consolidation, System, and Application Rationalization Guidance (www.doncio.navy.mil/contentview.aspx?id=4163)? Specifically, is your intent to reduce the number of business IT systems as well as the physical footprint of business IT systems?
A. The drive is to reduce cost. Because the department is so big, we have found that we often buy the same thing twice. The IT Expenditure Approval Authority provides a central authority to review and approve planned IT spending.
One of the things we looked at hard this year was storage capacity. Prior to the establishment of the ITEAA process, I signed a memo that said no one can buy data storage, because we already had so much extra capacity within the department. Program offices were buying storage, mostly because they didn’t know about or know how to take advantage of the capacity we already had. So now we are leveraging the storage solutions we already own.
Storage is just one example of how having a centralized process, identifying duplication and requirements, and consolidating resources is allowing us to more effectively spend limited IT dollars
and save money.
Q: There must be some risk in consolidating all your assets, so how do you evaluate the risk
versus the benefit?
A. The same way you evaluate any risk equation. We don’t want to go extreme
and have only one data center. Sure, it’s possible to pick a site and put all our data in one center; but that is probably not a good idea from a risk analysis standpoint.
Right now we are on the opposite end of the spectrum. Depending on the definition used, we have between 140 to 150 data centers in the Department of the Navy. We definitely don’t need 150.The current target is to go down to 25 or fewer. Twenty-five provides enough redundancy so that the security risk is lower. If we decide to push the savings and go lower to 5 or 10 data centers,
then that would be a more risky equation.
With application rationalization, the thinking used to be that if the applications were not 100 percent overlapped, we thought rationalization was not a good decision. Now the thinking is that if an application is 60 percent overlapped then that is a good starting point to do the analysis and possibly collapse the other apps. For example, we may have an application which has a financial piece, and you see that different applications have the same requirements and use the same type of programming for those financials. We can decide that everybody is going to use this one financial module and eliminate all the others. This is hard. Commands and people are going to have to change their processes so they can comply, eliminate systems and get to one system inside the DON. Let me be very clear — we are doing that right now exclusively for business IT systems — not
warfare or direct missions systems.
Q: How many data centers have been closed so far and how many more consolidations are
anticipated? I’ve read some different numbers from different offices; how do you account for the differences?
A. Over the Future Years Defense Program (FYDP) [which covers FY13-FY17], we want to get down to fewer than 25 data centers. We will have to close 100-plus data centers to meet that goal. There are groups working on the closure plan who say we are going to close 20 to 30 data centers, but that might be in the 2013 to 2014 timeline. Based on your question, I can see where the confusion occurs. So, I’m going to ask people to be more specific and not only provide the
numbers, but also their phased timelines.
In what I have reviewed to date, I have not seen any conflict. We are closing 100 over the FYDP, and 20 to 30 of those in the next two fiscal years. The different numbers come from the different timelines. How many are you closing over the FYDP? How many are you going to close in the next segment? And how many have you closed so far? Each question has a different answer.
To date, we have closed three to five, actually moving data and systems out of them. One of the things to recognize is that we have moved some systems and data out of some data centers, but
haven’t actually closed the entire data center yet. We’re getting there. It may happen that we close five or six or ten at one time because all of the systems and data move out at the same time.
Q: Is the next step cloud computing?
A. The answer is yes. But, I don’t like the word cloud because it means so many different things. The next step is more distributed computing. The data and apps you will be using will be in central locations. That will reduce the desktop infrastructure.
I am participating in a pilot for NMCI called HVD, hosted virtual desktop. It is basically the newest version of thin or zero-client. I don’t have a computer. I have a little black box on my desk that pulls the data I need from servers, or 'the cloud.' This is both less expensive and 'green' in energy savings. The other big gain is security. When I turn off my device there is no residue, no data is stored on that device. The only way to get to the data is to break into the main servers. That is much harder than breaking into an individual device. It is a much easier footprint to secure at less cost, which is the best of both worlds.
Q: You have been a huge proponent of the Navy’s “audit readiness” plan to achieve full financial auditability by 2017. Why is this important to the department and why does the DON CIO care about audit readiness?
A. Understanding how the money flows through our financial systems is more
valuable than just saying the department’s financial systems are auditable. It really means you understand the financial data, what you are spending and your projections. It will have a huge impact on us, not only for being more efficient but for being better able to make financial decisions.
The reason why the CIO organization is so involved is because the field of cyber and IT has the potential for more economic impact than other areas because much of today’s money moves in the cyber environment. The DON is required to produce certified financial statements by 2017, but aside from the requirement, audit readiness is something to strive for because it produces accurate financial controls and transparent business processes.
Q: Under Secretary of the Navy Robert Work released a memo focused on safeguarding personally identifiable information such as Social Security numbers, medical information and other PII. What is the DON CIO doing to comply with the intent of this memo, which is to protect Sailors’ and Marines’ PII?
A. We have released some good guidance about privacy data, protecting privacy data, and consolidating record systems. One of the efforts I am working on with Ms. Carla Lucchino (Assistant for Administration to the Secretary of the Navy) is how we can get to one records management system in the Department of the Navy. This will improve our efficiency and help identify where the data is and where it goes.
We are trying to emphasize to commanders that data is as valuable as a weapon. Anyone who has ever served knows that there are severe penalties for losing a weapon. We want to get to a
point where we are able to hold people accountable for losing privacy data. Today, it can be more devastating to lose data than a weapon. We are trying to change the culture while at the same time providing better tools for managing data.
The more places I put privacy data, the more chances there are for unauthorized people to get to it. We are trying to better understand the physical location of the data — who has access to it, and whether they actually need it. Maybe they really need aggregate information about groups of people for analytics, but they don’t need access to privacy information about specific individuals.
One of the things we need to enforce is that when you require data, you must get it from the authoritative data source. We have too many instances today of data being pulled from various data sources and stored in various systems, but none of the data is from an authoritative source. It’s not updated and controlled, and there are no processes in place to update or control it. How do we know who owns it? Or protects it? And is it even accurate data?
We just updated the policy on the reduction of SSN use. The most common method of identity theft is to use an individual’s Social Security number. In the DON, in the services and in all of DoD, we put the SSN everywhere. Years ago when I was in the Army, I stenciled my SSN on my duffle bag. We have moved way past that; but, we have to go even further. We have to determine when it is absolutely essential to use an SSN or other privacy data, and how to securely store and display it. We have put out policy about the rules for collecting and using privacy data, and we will be issuing more guidance to hold people accountable if they violate the rules.
Q: It sounds like everything boils down to data management. Are you developing an overarching strategy?
A. It really is an overarching data management strategy. Data is our bread and
butter. Besides our people, it is the most valuable thing we own. It really is a value statement about the kind of data, how much it costs to store and an evaluation of the real threat. It takes in all the things we have talked about in a comprehensive way. It is not just looking at individual pieces of data. During our discussions with industry, we found that it is a universal problem. It is about understanding all the key elements of data as a whole. Some data by itself is not valuable but when combined with other data elements, it becomes really, really valuable.
For example, many firms use shopping data to target potential customers for the types of things they tend to buy. Take that to another level and you can interpret lifestyle and personal information
about people. Information is valuable; it allows you to make decisions. In the DON, we use data in business and warfare.
Q: Since the Department of the Navy established the DON Enterprise Wireless Contracts (www.navsup.navy.mil/navsup/ourteam/navsupgls/prod_serv/contracting/market_mgt) in January 2011, the DON has saved $11.7 million in fiscal year 2011 and $24 million in FY12 for a total savings of $35.7 million. How did those savings come about and what else can mobile IT users expect to see in the future regarding mobile IT solutions and efficiencies?
A. We have found savings, and all of the credit for this goes to the Navy and Marine Corps Echelon II and Major Subordinate commands. I don’t get the credit for what they have achieved. We helped put a spotlight on things so they could see their data better and we gave them the tools. It is becoming more of a success every day because we are becoming better at evaluating how many devices we need. We want to encourage commands to use the devices smarter and more
If I can get to the full version of HVD, one of the possibilities is that personnel could use their own personal computer; therefore, we don’t have to buy them one. You could be at home on any computer that meets the minimum requirements and log on to your unclassified email, access your folders and the only thing you would need is a CAC reader.
There is a lot of good work being done by the DoD CIO and at DISA (Defense Information Systems Agency) by (Director) Lt. Gen. Ronnie Hawkins and (Vice Director) Rear Adm. David Simpson to get to the next set of mobility policies and how we can take advantage of commercial applications.
We are not yet to a 'bring your own device' or BYOD state. I don’t know if we will ever get to a pure BYOD environment. But I think in the not too distant future, we will be able to provide a list of several approved cell phones that you can purchase and have access to your work email and some of your files and applications. People will really like that because it will simplify their lives. For example, I have a both a personal Windows phone and a BlackBerry. In an ideal world, I could have one phone that would do everything I need.
The other thing senior leadership is working on is improving telework. We have learned from industry that there are both cost savings and quality of life improvements to be gained with telework. If you get enough people to telework, you lower space requirements, and perhaps reduce the amount of leased office space. In high-density traffic areas it reduces the number of cars on the road, and it’s a huge savings to both employees and the country as a whole. It’s green. We would like to get policies and processes in place to make telework more accessible to more employees.
Q: You wrote in your CHIPS column in the October-December edition that mandatory use of DON enterprise licensing agreements (ELA) will provide better asset and spending visibility. Current
expectations are that ELA use will render approximately $153 million in savings over the Future Years Defense Program (FY13–FY17). Can you talk about the contracts that are available? Will enterprise licensing opportunities expand?
A: The enterprise contracts have done very well. The acquisition community
gets huge credit. The Program Executive Office for Enterprise Information Systems (PEO EIS) had a lead in this, as well as the Marine Corps. They’ve done great work. We have the Microsoft Enterprise Licensing Agreement in place and are working several others. We are also improving the toolsets that commands can use to evaluate what other applications the department can buy as an enterprise.
We are talking to DISA and the other services. Sometimes you can get too big, but we are looking at some of these purchases and asking whether licensing for all of DoD would generate more savings. Maybe DISA can be the broker to gather the requirements and establish option contracts — not necessarily mandatory contracts — but contracts that can save money.