What DOD's next CIO will have to deal with

It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

Shutterstock image (by Everett Historical): aerial of the Pentagon.

The Defense Department CIO might not be among the top 10 positions the Trump administration is rushing to fill, but the role could have an enormous impact in the coming years.

The department’s next CIO will have a towering inbox thanks to the Trump administration’s stated focus on cybersecurity, DOD’s ongoing transition to the Joint Information Environment and its need to sort out organizational changes mandated in the fiscal 2017 National Defense Authorization Act (NDAA).

Former CIO Terry Halvorsen stepped down in late February after a 37-year career in government, and Principal Deputy CIO John Zangardi stepped in as acting CIO. The Trump administration has yet to fill a number of top DOD positions, which means it could be a while before a permanent successor for Halvorsen is in place.

FCW spoke with Halvorsen; his predecessor, Teri Takai; and Air Force CIO Lt. Gen. Bill Bender about what lies ahead for the next DOD CIO and how he or she should prioritize those challenges.

The org chart imperative

Lawmakers have been tinkering with a number of key DOD positions in recent years. In the fiscal 2016 NDAA, Congress mandated that the CIO should be expanded into a Senate-confirmed chief management officer position — essentially reversing a split that was made when Takai assumed the CIO job in 2010.

In the 2017 NDAA, however, Congress reversed course and countermanded the planned merger.

The new law also mandates splitting the Office of the Undersecretary of Defense for Acquisition, Technology and Logistics (AT&L) into two offices, each led by an undersecretary. One office would be dedicated to research and engineering, and one would focus on acquisition and sustainment.

Additionally, Congress directed the secretary of Defense to optimize the roles and responsibilities of the CIO, deputy chief management officer (DCMO) and the two new undersecretaries.

Halvorsen, however, said he does not expect any substantive changes to the CIO’s role or its interactions with the secretary of Defense and the acquisition offices.

Takai said that although there might not be substantial changes in the organizational chart, the next CIO should lead the way on defining the culture and working relationship between the DCMO and the new undersecretaries. “Frankly, those roles have not played well in the sandbox before, and I think that is really an important part of what Congress is trying to get to,” she said.

She added that the Trump administration has an opportunity to improve IT and management efficiencies at DOD, and “I think the CIO needs to take a leadership role in really addressing the implementation piece of that.”

Bender said it remains to be seen how the breakup of AT&L will affect the next CIO. “There is some prior authority or at least roles and responsibilities that were definitely partnered between AT&L and the CIO,” he said. “It will be interesting to see where they land — most likely with the DCMO.”

Halvorsen acknowledged that there will be changes to how the existing AT&L conducts its business, but “I don’t think those will fundamentally change what the CIO does for AT&L.”

Bender said the next CIO should focus on putting cybersecurity and IT strategies into use at DOD, “given that this environment is driving us to cyberspace as an operational domain.”

“The CIO ought to be in on the discussion chartering the roles and responsibilities of the principal defense cyber adviser,” he added. The 2017 NDAA orders DOD to evaluate whether that position should be strengthened or possibly scrapped.

Bender said he believes the role of DOD’s CIO should be strengthened, but he would also like to see more authority delegated to the CIOs at the individual military services.

“DOD’s CIO should be in the business of developing a strategy and establishing standards to be met and get out of the business of trying to tell the services how to do that,” he said. “The services are all unique in the legacy infrastructure that they bring.”

Bender added that the CIO should not dictate a one-size-fits-all approach to IT modernization across the military. “Tell us the outcome that you want and set the standards to be met and let the services to go about that in the form, fit and fashion that they can do that,” he said.

JIE leads the way

Takai said that once the new CIO sorts out the organizational authorities and relationships, he or she must quickly pivot to the operational priorities.

She, Halvorsen and Bender agree that those priorities are IT modernization, continued migration to the Joint Information Environment’s joint regional security stacks (JRSS), data center consolidation, cloud migration and cybersecurity.

Halvorsen, who drafted the Joint Information Environment strategy document in August 2016, said he expects DOD’s commitment to continue. “I don’t think that will change,” he said, although he acknowledged that it was often a challenge to make officials understand that JIE is a vision rather than a program with strict requirements.

“If you try to get too specific on the JIE vision, you end up being wrong,” he said.

“I think [Halvorsen has] done a very nice job of coalescing the services around a shared vision for our infrastructure — not that we’ve made all of the progress that we need to make,” Bender said. “But I think that the JRSS and the technical solutions that are in the works are [going] in the right direction. I think the services are all lined up to support it and that we’re on a good glide path.”

Bender added that the next CIO will also need to tackle reforming the Defense Information Systems Agency to bring it in line with industry standards. “By going joint, [DOD is] increasingly reliant on DISA infrastructure,” he said. “So the journey to the cloud goes through a DISA-provided cloud access point. They need to deliver at the need for speed.”

Furthermore, “the DOD CIO should continue to focus on moving the DOD toward utilizing the commercial sector for enterprise IT, with DISA focusing on standards and oversight, not on contracting, which has been a DISA weakness,” Bender added.

Halvorsen said DOD officials have made significant progress on adopting cloud technology, improving cybersecurity and replacing the Common Access Card, and he expects support for those initiatives to continue.

He admitted, though, that certain goals — such as having a replacement for the Common Access Card by the end of the year — are probably not realistic. “I knew when I put that out that it was probably too aggressive,” he said. “But I’m very happy that everybody signed on, so if it takes another year,…that will still be great.”

Data center consolidation has also progressed more slowly than many had hoped. In the past year, Halvorsen frequently expressed frustration with the pace of closures and consolidation, and continuing that effort will be another activity awaiting the next CIO.

More commercial solutions

To meet all those challenges, Halvorsen said DOD must continue to embrace commercial technology and the efficiencies it can provide.

He added that the U.S. is entering the “platinum age” of technology, and sophisticated commercial solutions are being introduced that can transform the way DOD operates. Advances include biometric technology that could replace the Common Access Card and artificial intelligence tools that could speed the analysis of big data.

“I think there will be more dialogue with the commercial sector on how you continue to work the security processing,” Halvorsen said. “How do you continue to work FedRAMP and other things so that they get better? And I would define ‘better’ as they get faster [and] less costly.”

Bender and Takai agreed that DOD needs to strengthen its ties with industry — not only for cost and efficiency purposes, but also to decrease the department’s cybersecurity footprint.

But Takai said DOD must improve its internal capacity to understand the market and be a better buyer. “While DOD is going to want to do more with their vendors, they’re also going to have to develop some in-house expertise that they’ve to some extent let atrophy by letting the vendor community do so much,” she added.

Innovation and acquisition

With the impending split of AT&L, there is uncertainty about what DOD acquisition will look like, and that is another area where the next CIO can make a mark.

Bender said DOD officials are trying to digitize a military that predominantly relies on legacy technology, “and the need to operationalize cyber [means] this is converging on the CIO’s office, and the norms of the past simply are not [working] and cannot work.”

“We tie ourselves in knots over the way that we’ve kind of always done it,” he added. “You’ve got the lawyers and the acquirers and the contractors all telling you this is how you’ve got to do it…. We need to be playing to speed, agility and security as well as cost, schedule and performance, for example, on the acquisition side, so how are you going to do that? You’ve got to break with the norms of the past.”

Halvorsen said that break is happening, perhaps more than people realize. “The requirements are really much more capabilities-based,” he said, adding that the need for improvement lay not with the acquisition team but with the department’s executives. “We were trying to over-specify. What really is making the change is the continuing growth in dialogue between the requirements [and] capabilities people and acquisition.”

When it comes to choosing technology, Takai stressed the need for DOD to continue focusing on the nexus of innovation and acquisition. “DOD needs to really find a way both from a technology perspective and also an acquisition perspective to be better at selecting new technology, piloting new technology and then determining whether the technology fits,” she said.

Takai added that the Defense Innovation Unit Experimental and the Defense Digital Service are integrating well with acquisition offices, but the next CIO will need to exercise oversight and guidance to ensure that the path from innovation to implementation is as smooth as possible.

Bender agreed that the innovation hubs at DOD must be priorities, which requires strong advocacy from the department’s leaders.

Insider or outsider?

Given the Trump administration’s preference for business people and practices, it’s possible that officials will look to industry for the next CIO.

Bender said he would like to see a full-blown executive search for a leader who has transformed a company. “I think the time is right to bring in a big-name, well-respected and recognized CIO from industry,” he said. “It’s almost like the barrier to the transformational change required is actually knowing and understanding how the [Pentagon] operates. There are plenty of people who know that, but it takes an enlightened leader and really somebody who knows what right looks like, and you probably won’t get that from inside.”

Halvorsen and Takai, on the other hand, said the next CIO must have a solid understanding of how both industry and DOD operate.

“The challenge that the industry person is going to have is being able to be well-connected inside the power structure of DOD,” Takai said, adding that Halvorsen’s background helped him excel at building solid working relationships with DOD leaders.

“It was very difficult for me coming in without having had any of those relationships to try to build those relationships and to build an agenda,” she said.

And although DOD leaders valued her strong industry background, Takai said her experience in state government was equally helpful.

“Even though there wasn’t a lot of value placed on that experience…when they hired me, I think it was very, very valuable to me to understand the nuances of government and to be able to extrapolate that to the DOD,” she said.

Whoever takes the helm as DOD’s next CIO, he or she will step into an institution that is undergoing a deep cultural shift as it struggles to embrace new technologies and protocols.

Halvorsen has long argued that DOD’s culture is the biggest barrier to technological change. “That’s going to be the piece you’ve got to keep working on,” he said. “You can do certain things to accelerate culture a little bit, [and] I think they’re doing all the right things.”

And now that he has been out of the job for awhile, he said things are probably changing faster than he thought. “There will be a lot of work to do, and there will be hiccups along the way,” Halvorsen added. “I’d love it to go faster, but given the rules of culture, it’s going pretty well.”