Outgoing DOD CIO Defends Pentagon's IT Modernization Efforts

Defense Department CIO Terry Halvorsen

Defense Department CIO Terry Halvorsen House Committee on Oversight and Reform

DOD CIO Terry Halvorsen announced his retirement and defended the Joint Information Environment and the Joint Regional Security Stacks.

Defense Department Chief Information Officer Terry Halvorsen announced his retirement Wednesday, two and a half years after taking the reins as the Pentagon’s top tech official.

Halvorsen’s last day will be Feb. 28, and though a decision has not yet been made on who will serve as acting CIO following his departure, Halvorsen said he’s confident progress made in a series of IT initiatives will continue unabated across DOD.

Halvorsen claimed responsibility earlier this year when the Defense Department’s Joint Information Environment came under scrutiny from the Government Accountability Office, which criticized the Pentagon for not knowing JIE’s cost. JIE, Halvorsen explained publicly, is a conceptual term used to describe a modernized IT infrastructure across the military, not a single program.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

JIE recently came under further scrutiny from the department’s director for operational test and evaluation for not conducting rigorous enough testing for its programs. In a press call with reporters Wednesday, Halvorsen again defended JIE.

“There will be no changes to how we test JIE because JIE is a concept,” Halvorsen said.

The DOT&E report was also critical of DOD’s Joint Regional Security Stacks. JRSS aims to consolidate approximately 1,000 legacy network security stacks to 48 standardized stacks across 25 worldwide locations. According to the DOT&E report, early JRSS users at the Army and Air Force were “not able to provide effective network security.”

Halvorsen did not agree with that assessment.

“JRSS are providing better security today than what we’ve had, and they will continue to do that,” he said. And while DOD is “actively testing” JRSS, Halvorsen said it will spend more time training individual users, airmen, sailors, soldiers and civilians on “how to get the best out of [JRSS].”

“JRSS is proven commercial technology. I’m not spending a lot of time testing technology because that’s not where the issues are,” Halvorsen said.

Thursday, Dave Bennett, director of the Defense Information Systems Agency’s center for operations, explained JRSS has been a “learning scenario so far.” DISA, the Pentagon’s IT arm, has a lead role in implementing JIE. Bennett admitted it’s brought a new set of challenges, but those challenges are being asked and addressed as a community.

“We’re peeling the first layer back to see what it means to regionalize,” said Bennett, speaking at an AFCEA event in Washington.

Progress Replacing Common Access Cards

Last June, Halvorsen announced a 2-year plan to eliminate common access cards, 20 million of which have been issued over the past 15 years to activity-duty Defense personnel, DOD civilian employees and contractors. The goal was to move to “true multifactor” authentication, and Halvorsen said DOD—in a partnership with the Defense Innovation Unit-Experimental—launched a series of pilots in recent weeks to do just that.

Over time, Halvorsen said he wants DOD to make use of 10 identity factors when verifying a user is who he or she claims to be. Halvorsen declined to specify all the factors but said biometrics and user behavior will likely play roles.

“Behavior and biometrics—they could be anything from the way you sign in every morning to your system, how you click, what you do, it might be how you behave on the network once you’re on,” Halvorsen said.

As opposed to a simple smart card and pin number, Halvorsen explained how DOD might make use of any randomized combination of five identity factors so even if a bad actor “figured out all 10, they’d still have to know what five we’re using.”

Cyber Getting Harder

Halvorsen said evolving technologies have made it easier than ever for people to become cyber criminals, upping the ante on cyber threats that face the U.S. government.

In response, Halvorsen said the Pentagon has cleaned up its cyber hygiene, in part because of a Cybersecurity Implementation Discipline Plan released in 2015. The plan emphasizes accountability among personnel so nobody gets a free pass on cyber.

“The nation-state cyber threat has grown, criminal and individual cyber threat has grown, almost every form you can imagine has grown,” Halvorsen said. “I think we know how to work through the attacks better. Much like in the physical world, an attack doesn’t mean your mission stops.”

Halvorsen declined to provide the names of nation states that have beefed up their cyber aggression or prowess, but it’s no secret Russia, in particular, has been particularly bold in cyberspace over recent months.

Data Center Woes

One area Halvorsen expressed regret over was the Pentagon’s data center consolidation effort. DOD had pledged to close 40 percent of its data centers by fiscal 2015’s end, yet only shuttered 18 percent.

“We did not get as many closed as I would have liked,” Halvorsen said.

Halvorsen expressed confidence, though, that DOD would close more “using industry best practices” and “consolidating within geographic areas.”

As the DOD focuses more on buying than building, an influx of commercial technologies, like cloud computing, should better help DOD’s data center consolidation effort as well as its bottom line.

Windows 10 Transition Behind Schedule

DOD’s plan to upgrade 4 million devices to Windows 10, announced last February, is behind the department’s aggressive goal to have full deployment by the end of this month. However, the momentous update is 90 percent complete within DOD’s Office of the Chief Information Office, and Halvorsen said he expects DOD to be “80 or 90 percent done” by the end of the fiscal year.

“We’re not where I would have liked to have been but showing good progress,” he said.

DOD, Halvorsen said, is in a good position amid a time of transition and shifting leadership.

“I do believe where we are headed, the emphasis on mission effectiveness and efficiency will continue, relying more on commercial capabilities—all those things will continue,” Halvorsen said. “They’re all the same things industry and the rest of the world is looking to.”