WASHINGTON, Feb. 27, 2015 – Acting Defense Department Chief Information Officer Terry Halvorsen discussed the joint information environment, the cloud, detailed technology investments and the threat of sequestration yesterday in testimony before a House panel.
During the hearing, on information technology investments and programs in the current cyber threat environment, Halvorsen told members of the House Armed Services Committee subcommittee on emerging threats and capabilities that one of his priorities is to implement a foundational element of the joint information environment.
“JIE is a concept. We’re not ever going to implement JIE,” Halvorsen explained.
“What we will implement,” he added, “are the steps that get us to a joint information environment … [and] the first step is implementing the joint regional security stacks.”
Upgrading Network Security
The stacks are a suite of equipment, according to the Defense Information Systems Agency’s website, that upgrades network security infrastructure. It performs firewall functions, intrusion detection and prevention, enterprise management, virtual routing and forwarding, and provides a range of network security capabilities.
The first stacks were initialized in September at Joint Base San Antonio, Halvorsen said at a recent conference.
Halvorsen’s goal is to have all stacks, in the continental United States and elsewhere, in place by the end of 2016, to field the new software by the end of 2016, and to have the system operational in the first part of 2017.
The JRSS stacks, he told the House panel, “replace our current individualized and localized security architecture and systems with a set of servers, tools and software that will provide better command and control and more security and do that at a lower cost.”
A Complete Review
Halvorsen said he and his colleagues are improving the alignment of DoD business processes and IT systems and investments by conducting a complete review of them, directed by the defense secretary, and then performing the same review of the military departments.
“We are asking the question, ‘What IT business should DoD be in directly and at what level?’ I think that is a key question,” the CIO said.
Based on the question and looking at available data, Halvorsen said in written testimony, “I have directed DISA to make the next offering of DISA unclassified e-mail a purely commercial solution. I believe this will result in a 20 percent to 25 percent reduction in e-mail costs.”
Halvorsen said the CIO office reduced spending by $10 million this year by reviewing contract benchmarks.
“We were also able to reprogram $20 million from DISA contracts without reducing contract work to support JRSS installs. DISA also lowered its rates by 10 percent and is on track to do the same next year,” he told the panel.
Evolving Critical Areas
Halvorsen’s office continues to evolve critical areas in mobility, he said, with smart phones, wireless, and electronic flight bags. And his office wants to do a comprehensive review of the cyber workforce.
“Somehow we’ve got to have better movement between government and private industry in the career fields,” the CIO told the panel.
“We ought to be able to wake up one day and be a private employee, the next day come in and be a government employee and keep that change,” he said. “I think the expertise we would gain, particularly in the area of security, is vitally important.”
Regarding the department’s move to the cloud, Halvorsen said his office recently put out a new cloud directive and based on recommendations from the Defense Business Board “we have changed the way we engage industry and publish our documentation.”
Partnering With Industry
The department, with the complete cooperation and involvement of industry, has just published a joint cloud security and implementation guide, he said.
“We’ve revised who can buy cloud, allowing the services now to go directly to the provider without going through DISA, and put DISA in the role of … making sure the department meets security requirements in cloud policy and implementation,” the CIO said.
One place the department is going more commercial and expanding industry partnerships is the cloud.
Cloud computing involves deploying groups of remote servers and software networks that allow data storage and online access to computer services to be centralized, according to the National Institute of Standards and Technology.
Security in the Cloud
Clouds can be public, private or hybrid, and Halvorsen said the department uses hybrid cloud services.
“DISA has the MilCloud,” he added, “and to their credit they’ve dropped the rates so it’s more competitive than commercial. But what MilCloud does is provide that extra level of security for the really valuable data that we just can’t afford to lose.”
The commercial world is working to move up to those security standards, Halvorson said, “and as they do we’ll put more into the cloud, but not until they meet those requirements.”
The CIO said the department will not reduce its security requirements — in some cases the requirements are being standardized and in others they’re being raised.
In the conversation with industry, Halvorsen said, “[because of] the way we’re publishing the cloud documents, what we’ve had to tell them is the standards we put out today … will change and they might change in six months, depending on the threat. We’ve told them they have to be reactive to that.”
The Threat of Sequestration
In response to a question from the panel, Halvorsen said the deep budget cuts of sequestration would delay modernizing the department’s information environment by two to three years.
Potential threats to the IT environment, he said, have increased over the last five years and include everything from state threats to terrorist groups like those in the daily news.
“Any slowdown in our modernization will make it easier for even less sophisticated groups to interfere with our business,” Halvorsen told the panel.
“It will expand the number of threats we will have to face if we don’t carry through with some of the modernization and some of the security changes we’re making,” he added. “We will be more vulnerable … we won’t support the warfighters [and] they will be at risk.”