While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The Defense Department’s description of itself is telling: “We are America’s oldest, largest, busiest and most successful company.” And in numerous ways, the modern DOD acts like a business: building a network-centric infrastructure, conducting outreach to laymen and partisans to sell its latest initiatives and focusing on data-driven decision-making to improve its warfare capabilities.
FedTech Editor in Chief Lee Copeland recently spoke with Dr. Margaret Myers, principal director in the Office of the Deputy Assistant Secretary of Defense for Information Management and Technology, about what’s afoot at DOD.
FedTech: Let’s talk about DOD transformation initiatives broadly and the network-centric vision. Tell me more about the core concepts of this vision.
Myers: What’s behind all this is some history. If you go back to the Cold War, we had a monolithic threat, the Soviet Union. But it’s not that way today. The threat is evolving or unknown, so we need to be able to confront uncertainty with agility, and we do that by leveraging the power of information. Net-centric simply means information sharing.
FedTech: You’re saying that it’s really about real-time situational awareness. What are the cultural hurdles to implementing this?
Myers: Historically, there’s always been a concept that information is power. If I know more than you do, I can use that to my advantage. We’re trying to change the DOD culture to one that’s about leveraging the power of information. On the security side, the common phrase is “need to know.” You can have access to information only if you have a need to know. We’re trying to change that to a need-to-share or even a right-to-know model. This is a huge cultural change.
FedTech: How can you persuade people that the need-to-share model is the one you should be moving to?
Myers: We’ve developed some outreach products. We’ve also gotten buy-in through a data strategy, which calls for making both information and services visible, accessible and understandable. We do this through communities of interest — people who have a common vocabulary.
FedTech: And do you have buy-in from the actual warfighter that this is the way DOD needs to go?
Myers: In fact, there’s been a surprisingly successful adoption on the warfighter side. It’s been a pleasant surprise that the warfighters are really on board with it. And when I say “warfighters,” I’m talking about people at the three- and four-star level supporting the communities of interest.
FedTech: How are you measuring your new message’s effectiveness at various levels?
Myers: Because the communities of interest have to register their metadata, over time we can track how much material has been recorded in the registry, which equates to use and, therefore, effectiveness.
FedTech: Is there a concern that if you break out the data into minute points that security will somehow be decreased?
Myers: We have to make sure that the information is available to authorized users. We have to put in place the appropriate security protections, and, in fact, we have a major initiative under way to change how we do information assurance. The historical approach to IA, as we call it, is to build the castle walls higher, and we know that won’t work. We can’t afford to keep building them higher, and it’s not the right paradigm for a net-centric world. It’s going to be more about securing the data, at least throughout its useful lifetime, so we’ll protect the data rather than building the castle walls higher. A different approach.
FedTech: One of the things you’ve said is that a key element of the net-centric vision is “power to the edge.” Is it part of the Joint Vision for 2010?
Myers: The phrase is still there. It means you can get the information to those who need it, when it’s needed, to those who need it most. The person on the edge is anyone who needs the information. It could be the soldier in the foxhole; it could be Secretary Donald Rumsfeld.
FedTech: You’ve said that DOD’s Business Transformation Program is an unprecedented effort to build more competitive advantage in the way the department conducts business. What does competitive advantage mean in government and in particular in DOD?
Myers: We’ve determined that competitive advantage is measured in agility. As I said earlier: Because we don’t know what the threat is and where it’s coming from, the concept of the access to information improves the warfighters’ agility. On the business side, if the business mission areas of the department are more agile, that in turn also helps the warfighters with logistics and support. Essentially, the rest of DOD exists to support the warfighters and help them be more agile.
FedTech: You’ve spent most of your career in government, but you have a savvy or business-oriented way of thinking about processes within DOD. Is establishing a customer-centric vision a personal mindset or is it a departmental emphasis?
Myers: Some of it goes back to the Clinger-Cohen Act of 1996, which mandated CIOs for all federal agencies. The CIOs were charged, among other duties, with business process re-engineering. So it’s something the CIO community may be more sensitive to than the rest of government. I think we’re more conscious of realizing that we need to look outside our own department for best practices and useful industry trends that we might be able to extrapolate from and bring to our own contacts.
FedTech: Is the department reaching out more to business when it recruits and when it’s partnering on information structures, or only to defense contractors?
Myers: In fact, my boss and I have been trying to take the message to industry for the last two or three years that this vision changes things — particularly for the defense contractors, the ones who make all their money by building those stovepipes and then building the interfaces. The stovepipes won’t go away entirely, but there clearly will be fewer of them, since we will be moving away from that sort of thing.
So, for example, DOD recently awarded a contract to IBM for a collaboration service. On the unclassified version, IBM will provide us with the same service they would provide to any commercial firm that contracts for the service. We’re not looking for something special just for DOD — just the same service any commercial customer would get. On the classified area, we’re actually paying IBM to operate the service inside our network.
FedTech: Do you think that your people are comfortable with this? That’s the kind of thing you’d think someone completely different — like a defense contractor — would be doing, not an IBM.
Myers: That’s true. But as I recall, the request for proposals specified that you had to have a certain level of existing commercial base because we wanted a vendor experienced in providing managed services. We think it’s highly likely when IBM operates on our classified network that they will hire defense contractors who have security clearances to do a lot of the work. But that’s OK; IBM’s still in charge.
It’s important to stress that collaboration as a managed service has to be part of getting the message out to the defense contractor community, as well as our DOD insiders: It’s not going to be business as usual.