ABERDEEN PROVING GROUND, Md. (June 22, 2015) – The rapid pace of technology continues to be a catalyst for the way people live, work and play. Network connections have promoted mobile-computing applications, which have increased access to information and knowledge sharing, and as a result, empowered communication on an individual and organizational level. But is the network secure?
The U.S. Army Edgewood Chemical Biological Center, or ECBC, Research and Development, or R&D, Information Technology, or IT, Enterprise uses the Defense Research Engineering Network, or DREN. Its secure network technology facilitates how scientists and engineers are able to get the right information to the right people at the right time to fulfill their mission to advance chemical and biological defense.
The ECBC Corporate Information Office is the backbone for the center’s operations and has recently been established by Army Materiel Command, or AMC, as the Research and Development Center of Excellence for DREN supported SharePoint and data center consolidation. These Army-directed consolidations create efficiencies meant to reduce costs and minimize the IT services footprint.
The ECBC R&D IT Enterprise provides for Army-directed savings while serving as a mission enabler and business integrator to the R&D community. ECBC chief information officer, or CIO, has worked with AMC to consolidate its customer support to include the Headquarters, Department of the Army Installation Preparedness Program, Office of the Secretary of Defense, Plans Integration and Analysis Office, Program Executive Office, Assembled Chemical Weapons Alternatives, U.S. Army Research, Development and Engineering Command Headquarters, Army Research Laboratory, Natick Soldier Research, Development and Engineering Center, Army Material Systems Analysis Activity and Chemical Materiel Activity, or CMA.
“While managing the risk inherent to a research environment, we are able to respond to the unique requirements of the scientists and engineers that may need certain software to do their jobs,” said Pam Kartachak, the G6 for the U.S. Army Research, Development and Engineering Command, and chief information officer for ECBC and CMA. “We feel we are making a difference in our ability to provide for the unique IT requirements needed by the R&D community.”
“We use the Defense Research Engineering Network to provide information technology operational support to all three of these organizations and consider them a part of our enterprise,” Kartachak said. “The security measures we’ve put in place allow us to manage the risk of an R&D-based network, like the DREN, while still providing a flexible system that is suitable for the dynamic environment these organizations are in.”
One of the ways CIO is able to achieve security in conjunction with ease of user access is through a defense-in-depth strategy, which achieves information assurance in a highly-networked environment. Multiple layers of network protection are integrated through different ports and protocols across people, technology and operation areas, and ultimately allow for data sharing across the enterprise.
Paul Brozovic, ECBC deputy CIO, said the Department of Defense has put a strong emphasis on cybersecurity in recent years. The Federal Information Security Management Act of 2002 developed outcome-based metrics for information security performance of federal agencies, including security management tools, benchmarking and continuous monitoring, and certifications and accreditations.
By the end of December 2015, RDECOM will have 101 systems for accreditation in the Army Portfolio Management System. These systems are developed by ECBC, where they are built and tested before being handed off to the Army for operational use.
“Technology changes so fast so we continue to look at our infrastructure – the servers, the network switches – all of that is reviewed and updated on a regular basis so we’re as modern as we can be within the constraints provided to us,” Brozovic said. “When it comes to the R&D world, the best we can do is make sure we’ve got the greatest network so that the scientists and engineers, who are dreaming up the thing of the future, are not constrained by the ability to develop and test based on the technology we have.”
This creates an interesting tension for many government CIOs. On the one hand, there is a need to have cutting-edge technology necessary for effective mission execution. On the other, dwindling budgets and heightened cybersecurity demands are constraints that may limit technology’s potential use.
For example, security requirements have prevented government adoption of cloud computing while many federal workers use Blackberry mobile devices despite the increased demand for Apple products. Not to mention, computers will soon be upgraded to Microsoft Office 2013.
“Even when we upgrade to what’s new, we’re working with what’s older,” said Ron Ward, chief technology officer for ECBC. “Because all of those things have to be vetted and security features have to be added in and blessed before use. That’s where the government has a hard time staying ahead of approved products as they come out.”
It presents a complex problem, which ECBC’s CIO has embraced with steadfast simplicity. Instead of getting caught in the whirlwind of what’s next, ECBC has centered its focus on working within. Technology is not about a given product, it’s about maximizing what employees can do with the product when it is backed by a secure network. One way to do that is using servers to secure data and minimize risk should something happen to a given device. Protecting critical information goes hand-in-hand with how knowledge is managed, whether it is inside the lab or out in the field.
ECBC’s CIO has a history of providing network access to deployed personnel. Many organizations like ECBC and CMA, which are in the chemical, biological, radiological, nuclear and explosives space, share aspects of a common chemical demilitarization mission to clean up sites located across the country.
Ward said CIO provides IT support for personnel traveling to remote locations and rely on reach back capabilities here at Edgewood.
“We came up with a remote access solution, using encryption and commercially available Mifi devices,” Ward said. “The devices have Wifi on one side and cellular service on the other so it allows you to take a network with you wherever you’re going. The low bandwidth network service also allows you to emulate a desktop so you can do a lot of work over a small amount of bandwidth.”
This kind of mobile-computing capability helps personnel continue to deliver quality customer solutions without interruption in time or schedule, and as a result, keeps costs to a minimum. Facilitating connections with partners and customers has always been at the heart of CIO. In addition to a secure network, CIO has also leveraged information sharing tools like SharePoint to develop custom ways for project teams to collaborate across their organization, as well as with external partners in academia and industry.
“That’s a huge enabler for collaboration with industry and academia because it allows for a secure way for nongovernment employees to gain access securely to our SharePoint system,” Kartachak said. “We’ve configured our systems to accept electronic certificate authorities, or ECA cards, which allow our scientists to reach out to universities and share information in a very controlled way.”
ECAs were the result of an early DOD initiative in 2005 to use two factor identification, such as a PIN and Common Access Card, and according to Brozovic, ECBC CIO was one of the earliest adopters in the Army to implement two factor identification into its systems, regardless of network, whether it is the DREN or the Nonsecure Internet Protocol Router, which is used to exchange sensitive but unclassified information.
With increased knowledge sharing comes the need to manage it effectively. ECBC CIO is leading a knowledge management effort to champion the proactive use of its systems and support the organization in creating, assimilating, disseminating and applying its knowledge, especially as an older generation of federal workers look to retire.
“KM is becoming a very important part of CIO, and I think it’s an emerging requirement for succession planning, capturing institutional knowledge and supporting innovation,” Kartachak said. “It’s about having a legacy and what kind of culture you want to build. We’re ultimately the enablers for this institutional knowledge.”
“We are moving from the information age, where it was all about capturing and storing vast amounts of information, to the knowledge age, where the focus has now shifted to how we access, use and share this information to facilitate mission performance and enable better decision-making,” said Mike Matejevich, knowledge manager for ECBC.
As the pace of technology accelerates, CIO recognizes the critical need to capture the key knowledge of the ECBC workforce, promote innovation and collaboration, and enable information sharing in a secure way. It is no longer about storing and accessing information. It’s about streamlining data for easy access and intended use. It’s about managing content and encouraging engagement. It’s about simplifying the present to embrace the future.