recommended reading

Outgoing DOD CIO Defends Pentagon's IT Modernization Efforts

Defense Department CIO Terry Halvorsen

Defense Department CIO Terry Halvorsen // House Committee on Oversight and Reform

Defense Department Chief Information Officer Terry Halvorsen announced his retirement Wednesday, two and a half years after taking the reins as the Pentagon’s top tech official.

Halvorsen’s last day will be Feb. 28, and though a decision has not yet been made on who will serve as acting CIO following his departure, Halvorsen said he’s confident progress made in a series of IT initiatives will continue unabated across DOD.

Halvorsen claimed responsibility earlier this year when the Defense Department’s Joint Information Environment came under scrutiny from the Government Accountability Office, which criticized the Pentagon for not knowing JIE’s cost. JIE, Halvorsen explained publicly, is a conceptual term used to describe a modernized IT infrastructure across the military, not a single program.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

JIE recently came under further scrutiny from the department’s director for operational test and evaluation for not conducting rigorous enough testing for its programs. In a press call with reporters Wednesday, Halvorsen again defended JIE.

“There will be no changes to how we test JIE because JIE is a concept,” Halvorsen said.

The DOT&E report was also critical of DOD’s Joint Regional Security Stacks. JRSS aims to consolidate approximately 1,000 legacy network security stacks to 48 standardized stacks across 25 worldwide locations. According to the DOT&E report, early JRSS users at the Army and Air Force were “not able to provide effective network security.”

Halvorsen did not agree with that assessment.

“JRSS are providing better security today than what we’ve had, and they will continue to do that,” he said. And while DOD is “actively testing” JRSS, Halvorsen said it will spend more time training individual users, airmen, sailors, soldiers and civilians on “how to get the best out of [JRSS].”

“JRSS is proven commercial technology. I’m not spending a lot of time testing technology because that’s not where the issues are,” Halvorsen said.

Thursday, Dave Bennett, director of the Defense Information Systems Agency’s center for operations, explained JRSS has been a “learning scenario so far.” DISA, the Pentagon’s IT arm, has a lead role in implementing JIE. Bennett admitted it’s brought a new set of challenges, but those challenges are being asked and addressed as a community.

“We’re peeling the first layer back to see what it means to regionalize,” said Bennett, speaking at an AFCEA event in Washington.

Progress Replacing Common Access Cards

Last June, Halvorsen announced a 2-year plan to eliminate common access cards, 20 million of which have been issued over the past 15 years to activity-duty Defense personnel, DOD civilian employees and contractors. The goal was to move to “true multifactor” authentication, and Halvorsen said DOD—in a partnership with the Defense Innovation Unit-Experimental—launched a series of pilots in recent weeks to do just that.

Over time, Halvorsen said he wants DOD to make use of 10 identity factors when verifying a user is who he or she claims to be. Halvorsen declined to specify all the factors but said biometrics and user behavior will likely play roles.

“Behavior and biometrics—they could be anything from the way you sign in every morning to your system, how you click, what you do, it might be how you behave on the network once you’re on,” Halvorsen said.

As opposed to a simple smart card and pin number, Halvorsen explained how DOD might make use of any randomized combination of five identity factors so even if a bad actor “figured out all 10, they’d still have to know what five we’re using.”

Cyber Getting Harder

Halvorsen said evolving technologies have made it easier than ever for people to become cyber criminals, upping the ante on cyber threats that face the U.S. government.

In response, Halvorsen said the Pentagon has cleaned up its cyber hygiene, in part because of a Cybersecurity Implementation Discipline Plan released in 2015. The plan emphasizes accountability among personnel so nobody gets a free pass on cyber.

“The nation-state cyber threat has grown, criminal and individual cyber threat has grown, almost every form you can imagine has grown,” Halvorsen said. “I think we know how to work through the attacks better. Much like in the physical world, an attack doesn’t mean your mission stops.”

Halvorsen declined to provide the names of nation states that have beefed up their cyber aggression or prowess, but it’s no secret Russia, in particular, has been particularly bold in cyberspace over recent months.

Data Center Woes

One area Halvorsen expressed regret over was the Pentagon’s data center consolidation effort. DOD had pledged to close 40 percent of its data centers by fiscal 2015’s end, yet only shuttered 18 percent.

“We did not get as many closed as I would have liked,” Halvorsen said.

Halvorsen expressed confidence, though, that DOD would close more “using industry best practices” and “consolidating within geographic areas.”

As the DOD focuses more on buying than building, an influx of commercial technologies, like cloud computing, should better help DOD’s data center consolidation effort as well as its bottom line.

Windows 10 Transition Behind Schedule

DOD’s plan to upgrade 4 million devices to Windows 10, announced last February, is behind the department’s aggressive goal to have full deployment by the end of this month. However, the momentous update is 90 percent complete within DOD’s Office of the Chief Information Office, and Halvorsen said he expects DOD to be “80 or 90 percent done” by the end of the fiscal year.

“We’re not where I would have liked to have been but showing good progress,” he said.

DOD, Halvorsen said, is in a good position amid a time of transition and shifting leadership.

“I do believe where we are headed, the emphasis on mission effectiveness and efficiency will continue, relying more on commercial capabilities—all those things will continue,” Halvorsen said. “They’re all the same things industry and the rest of the world is looking to.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.