FEDERAL EXECUTIVE FORUM

Network-Centric Operations, One Year in Review.

September 6, 2007 • Broadcast on Federal News Radio • Produced by the Trezza Media Group



Moderator

JIM FLYZIK, The Flyzik Group

Panelists:

DAVID WENNERGREN, Deputy Assistant Secretary of Defense for Information Management and Technology and Deputy CIO, DOD

BRIG. GENERAL DAVE WARNER, Director for Command and Control Programs, DISA

CHERYL ROBY, Acting Principal Deputy Assistant Secretary of Defense for Networks & Information Integration (DASD/NII), DOD

TERRY MORGAN, Director, Net-Centric Strategies, Global Government Solutions Group, Cisco Systems, Inc.

JOHN MEINCKE, VP, Air Force and Navy Operations, Federal Systems, Unisys Corporation

During today’s show we will discuss progress around the issues of net-centricity and net-centric warfare since our last show on the topic a year ago. Let’s get right into the topic this morning and get some updates on our progress over the last year. Let’s start with Dave Wennergren. Dave, give us some updates on progress in your respective area on net-centric operations and net-centric warfare.

DAVID WENNERGREN, DOD

Absolutely Jim. It’s really a fairly simple concept. It’s all about knowledge management. It’s about getting the right information to the right people and wonderful things will happen. People will be able to collaborate; decisions will be made more quickly and more effectively. And so over the course of the past year a lot of great stuff has been going on. I’m really excited about the implementation of our net-centric strategy. It really is all about the data nowadays. In the old days I would have said it was a lot about the infrastructure, putting in place the infrastructure to allow your employees to be part of a web-based organization. But we’ve done that. We’ve worked hard across DOD to put the infrastructure into place. So while it may not be sexy, it is what it’s all about today. It’s all about data, making it accessible, understandable, I can find it and I can use it. And you watch these communities of interest, which is the way that we implement our net centric strategy, take place and they are phenomenal events.

Maritime domain awareness is a great example. Over the last year it has born great fruit. So everybody would like to know more about commercial vessels at sea; what are their crews; what are their cargos; where are they located. So the Department of the Navy, the intelligence community, the Department of Homeland Security, the Coast Guard, the Department of Transportation all banded together to find the data, make it exposable, and make it available so that everybody could use it. Rather than what we might have done in the old days, which is we would have said we’ve got a lot of legacy systems and we are going to go and build yet another system for a gazillion dollars instead said “hey the information’s out there and if you use simple tools like XML you can serve it up, people could publish and subscribe and we could move on”. And so in the course of a few months for a few hundred thousand dollars, the information was made available and everybody can use it the way they need to.

These communities of interest are paying huge dividends in terms of making the information that’s out there available for people to share and to use; and communities of interest are springing up across the DOD family and across the entire federal government. The data strategies are being used for things like blue-force tracking, for command and control, for the strike community, and in the strike community it doesn’t matter whether or not you are planning a tomahawk missile strike or you are trying to do disaster relief at FEMA, these are all common themes and so communities of interest are springing up around the world.

We also recognize that it’s more than just about the technology side of this, so there is also this idea about our information sharing strategy which says that in addition to putting the technologies into place to allow you to share knowledge, you have to have the processes, policy change, the education and awareness and cultural change aspects too. So we are quite happy with our information sharing strategy.

And in terms of helping people to do this, there’s this recognition that some of the work has to be done for the broader enterprise, so corporate level solutions coupled with local solutions. So we’ve done a lot of work to make a reality of this idea of net-centric enterprise services, which is a subject Dave Warner I’m sure will talk more about because DISA has been our champion for doing that.

So we are moving to an enterprisewide portal called Defense Knowledge Online (DKO) and offering up these core services about search and discovery and directory services and collaboration tools that will be available for everybody to use across the organization. There’s a lot of great work that’s going on in the security world and we’ll get into that later in the show. Today (we want) to talk a lot about the improvements we’ve made to dramatically improve protecting our networks, our information, and our people.

And one of the things I’m most proud of is we are really behaving like an enterprise. Working together as a DOD team, working in partnership with the Director of National Intelligence and all of the documents that we’ve signed out recently, our net-centric enterprise services strategy, our data strategy are all documents that are adhered to by both teams and it’s beginning to make a big difference. We buy like an enterprise now; we do our configurations management as an enterprise; we create our policies as an enterprise so we can all raise the bar of security and information sharing together.

JIM FLYZIK, THE FLYZIK GROUP

Terrific. That is great progress. I know a year ago we were talking infrastructure and how the DNI would relate to the DOD and how DHS would play in there, and it sounds to me that those issues have been hit pretty hard over the past year. That’s really encouraging, and great for our nation.

Cheryl Roby, (you have a) new role as the Acting Principal Deputy Assistant Secretary of Defense for Networks and Information Integration. Can you give us some highlights of the things you are working on around net centric operations?

CHERYL ROBY, DOD

Sure Jim. One of the things to highlight is out of the quadrennial defense review is the department has agreed that we really need to be looking at this new era and the fact that it’s so unpredictable. We have to look forward to us being able to be agile in our Department of Defense.

One of the ways that we’ve agreed that we need to transform is to stop looking at systems as the way we need to do our work but to look at portfolios. So a big change is our management oversight functions that are looking at a threat that is based on what do we need as a capability for us to have in the department and not having us looking just at the systems.

We have out of the quadrennial defense review agreed that an experiment looking at portfolios is the way for us to transform and to manage. This gives us an opportunity to look at net-centric operations as a portfolio. What’s in that portfolio, where are there some overlaps and duplication, where are there some improvements and capabilities we need to enhance as we look at the resource process. Because as we know is where the money is, is where the activities occur in our department. So it’s taking this concept, putting it in motion. It’s tricky. Obviously there are opportunities for us to work through over the course of the next year the improvements that we need to do. It’s challenging but we are looking forward to the outcomes that will bring us new capabilities in the department.

JIM FLYZIK, THE FLYZIK GROUP

Terrific. I like that idea of portfolios because when you talk about net-centric operations, some people, it’s hard to grasp and put it into something tangible to think through but I like this idea of looking at it as portfolios. It sort of defines the parameters a little bit.

Let’s switch over and hear a private sector view on this. John Meincke at Unisys Corporation, how would a company like Unisys over the last year begin adjusting, or what are you doing to be out there to be able to support the programs that the DOD are moving out on?

JOHN MEINCKE, UNISYS

We are doing quite a few things actually to support net-centric warfare. To be honest, what Dave and Cheryl just described is exactly what we are doing. I’ll take just a minute to elaborate on that.

We talked about portfolios and we talked about communities of interest. The first two of those communities of interest out of the chute were blue force tracking and time sensitive targeting. And we are the prime contractor actually working those data architectures down at joint forces command. Initially working out of the J6 domain when General Warner was down there and it’s been moved since to the folks down at the J8.

But it’s interesting to watch the evolution of this because, I think it was Dave who said that it’s all about the data. And this is exactly what it is. And so what we are doing is taking all those things that it takes to do Blue Force Tracking for example and looking at it as a vertical. All of the elements and all of the things that it takes to make that mission successful in the Department of Defense is exactly what that is targeted to do.

The second one, time sensitive targeting, is similar in that it is a very vertical construct of all those things that it takes to make time sensitive targeting work across land, sea and air domains and then of course those have to work in tandem because you are going to operate under the same command and control systems in support of the joint command. So we look at all of that. What it takes to run those vertical elements, time sensitive targeting and blue force tracking, and then what it takes to cross domain into the command and control business.

So we are right at the core of that and very, very pleased to be working these first two communities of interest.

Another area that we are doing that is an update of the things Unisys is bringing to the table is a capability that we are rolling out on 1 October that we are very excited about and it’s called Stealth Net. Stealth Net will be a capability that will enable us to collapse networks that are currently individual. Sipper Nipper and JWICS are all separate networks. Stealth Net will provide the capability to collapse those networks and do it in such a way that we have lots of advantages in terms of the bandwidth used, protection of information while in motion and also at rest. So this is a capability that we are very excited about, we are rolling out. It’s going to fit into the DOD architecture, the DOD structure and we are going to leverage those things that we are doing down at joint forces command as we implement these new capabilities.

JIM FLYZIK, THE FLYZIK GROUP

That’s terrific John. What I like about these shows is that you always hear about government and industry need to collaborate and so forth and whenever we do one you realize that when you get on common topics just how much collaboration really is going on and it’s encouraging to see that.

Brigadier General Warner, DISA is always seen as the central spot that’s where the coordination gets done and a lot of things get coordinated and happen. Give us some updates on what’s happening over in the world of DISA on net centric operations.

BG DAVE WARNER, DISA

Absolutely. I appreciate this opportunity. We have had a phenomenal year at DISA. When you look at going to net-centric operations, we kind of break it down to three areas. First of all (there) is the network operations piece itself.

You have to have the infrastructure from which everyone can communicate from which that data can be made available and from which that information can be shared across all domains. And through our Joint Task Force Global Network Operations, we have ensured that that infrastructure is protected and is available and we have exercised magnificently with our partners throughout the services and other agencies to ensure that we can in fact protect and defend that network.

And we have taken several measures throughout the year to provide increased protection and to demonstrate again that this is a holistic network not made up of separate entities out there doing their own thing. And so the governance aspect of that I think we have made tremendous strides in the past year. As part of that network operations is providing the capability to store your information and to get your services taken care of centrally, and from our Digital Enterprise Computer Centers (DECC), again we have increased capacity and increased the ability to take on more and more of our customers’ needs and provide that for them rather than having to go out and do their own substantiation.

And from these Digital Enterprise Computer Centers, we’ve come up with the idea of capacity on demand where if you need something we can give it to you at a moment’s notice. Again you don’t have to go out and procure that. That enables us to have more of a centralized focus and a way to provide services.

And then from enterprise services itself, net-centric enterprise services had a great year, they have brought to us a collaboration tool used across the enterprise. We have just put out the second tool so now our customers have a choice on what they want to use. And again folks don’t have to go out and spend their own money and get their own contracts to provide these kinds of services.

The last piece I’ll touch on is my area and that is in the area of Command and Control and again because we have moved out on having an infrastructure that is across the enterprise, controlled and services being provided by net-centric enterprise services and others concentrating on just the application piece of Command and Control.

What that allows us to do is move away from these stovepipe solutions that we have had in the past. The services were allowed to come out and develop their own solutions to command and control. So these were stovepipes, so data was not shared, so you had everything from the hardware to the operating systems to the applications all being specific to that service. Again you could not share across and so we are coming out with a net enabled command capability.

We are going to milestone B mid September and then we are actually going to go to a milestone C in March of ’08 and bring capability to the warfighter. This is a joint solution, we’ve got all the services on board with us, so they are in the tent with us helping us ensure that we can migrate off those stove pipes, bring that functionality forward at the same time satisfy our warfighter joint forces command as the lead, their needs and do it in a much faster rapid fashion. And again from a net centric stand point. So I am very excited and I’ll get into more details as we proceed.

JIM FLYZIK, THE FLYZIK GROUP

That’s a lot of progress there. What’s really coming across is the amount of collaboration going on and how the governance is moving along and people.

Terry Morgan over at Cisco, what have you done over the last year to help support this movement towards net centric operations?

TERRY MORGAN, CISCO

Thank you Jim and it has been a good year. I’d like to answer on two parts. At Cisco we believe that everything that flies, drives, walks or sails will become a note on the network. And as was mentioned, infrastructure is important, data is important and the second part of my answer will be about operations.

But at the infrastructure level we have seen a continued uptake of unified communications,  we have seen the data centers coming on board, getting to become part of the network. We have seen significant progress in the development of IPv6, our network assessment tool to determine the readiness of IPv6 is in the field. We’ve seen the secure information sharing architecture introduced. We’ve had our IP interoperability and communications system brought down to a PC level device so it can be incident ready and not just reside in a network room. We’ve seen the global government solutions group develop the generalized abstraction layer protocol which is for radios to interact better with routers to facilitate the movement of data.

The other part that is really exciting is at the operational level we’ve seen what we call the opportunity tempo, a slight play on terms of op tempo that at Cisco, we’ve had to drive power to the edge so that we manage our portfolios at lower levels.

We’ve got to allow teams to work, to collaborate on their own, make operational level business decisions. And that’s an interesting part because originally when net- centricity was studied by Dave Alberts, Fred Stein and John Garster, they studied Cisco and at this point we see Cisco taking net-centricity to the next level of leveraging information for superiority. And I think it’s an opportunity for Defense and business to team together again to see what’s on the horizon.

JIM FLYZIK, THE FLYZIK GROUP

Appreciate that a lot and we talk all the time about finding ways to leverage what industry is doing and best practice of industry bringing them in to the actual deployment into the field. So I see a lot of that going on. We are going to switch. We need to talk and get into talking about some strategies and benefits and challenges.

Break.

JIM FLYZIK, THE FLYZIK GROUP

When we left we had heard about a lot of progress going on. We want to shift the discussion now and talk a little bit about some of the upcoming priorities in this space and some of the key benefits that you will see with net-centric operations. And perhaps as we move into the world of IPv6 will it play a role.

Let’s start with DISA. Brigadier General Warner, can you talk a little bit about some of your priorities and strategies and the benefits that you see from a net centric operations approach?

BG DAVE WARNER, DISA

Certainly Jim. First of all Lieutenant General Clune, our director and the commander of the JTF GNO, the Joint Task Force Global Network Ops, has certainly set us on a great path. He has produced his vision, shared it with the community, got some input, and we are certainly focused our priority is obviously providing capability to the warfighter.

His five areas which he wants to focus primarily on being able to do that, is first and foremost, speed. We have got to break this long cycle we have and be able to be more responsive to what the warfighter needs. All you have to do is look down range and see all of the different ideas that are popping up from the soldiers, sailors, airmen and marines out there, great folks but creating some hobby shop kinds of solutions because we are not able to get solutions to the field fast enough. So definitely speed.

Power to the edge is already mentioned by my friend from Cisco. We have to worry about not only getting things to the point of departure but get all the way out to where the warfighter is going to use it. So instead of that last tactical mile, think of that first tactical mile. We’ve got to get information all the way down to again the folks who need it to execute their missions.

Operational excellence: We have to be on the balls of our feet. We have to be anticipatory; we have to be communicating constantly with the war fighter to know what their needs are to be able to satisfy that. And obviously as we talked before, information is absolutely the key. That is our Achilles Heel so we must share and defend that information and put into place those tools, those procedures, those tactic techniques that we need to ensure that we are able to do that across the entire enterprise.

And lastly DISA has to earn the business every day. We have to be an organization that provides best value. We want people to come to us with their ideas, with their solutions, and so we can collaboratively take care of them.

Now what are the benefits that come from that?

First of all let me talk about tying together with the war fighter, with the development community, and with the testing community to make sure we give the warfighter what they need. We are developing a federated development certification environment as part of our net enabled command capability. What this allows us to do is to bring the war fighter in, so that they don’t sit down for two years defining their requirements as they have done in the past. They’ll take a good stab at their requirements, but now with net-enabled capability they are able to define their requirements as we are getting ready to go and find the capability to satisfy those requirements.

We are going to do these through what we call capability definition packages. They are going to work with the entire warfighting community to define these. There is not going to be just one of these, there are going to be 20 – 30 of these and they are going to be broken down around mission threads. So for example situational awareness, and then we are going to bring those capabilities, find out where they exist, not only within the services and agencies but in industry, bring those into this process, bring them in, maybe as a development piece and in a virtual way tie in all of these folks that can look at this capability, see if we are satisfying it, and then the tester can start doing their check list. Both from are we meeting their requirements and from a certification information assurance piece, so that we are doing this in a parallel fashion. Again, (there is) lots of good dialogue, again maturing the capability so eventually we are able to get it out into the hands of the war fighter faster.

And so we are excited about again the opportunity to team with all of our partners in industry across the services, across the agencies to do this.

JIM FLYZIK, THE FLYZIK GROUP

Great. And I like this idea of talking directly to the customer to make sure you get the requirements right. Cheryl Roby let’s look at your role over at the Defense Department. What do you see as some of the key strategies and some of the benefits that may role out of these strategies in the up coming near time?

CHERYL ROBY, DOD

Jim, our priority is to deal with the uncertainty and as a military and actually as a nation we must look at this uncertainty and get ourselves so that we are agile in that uncertainty. We need to look at how unanticipated, unpredictable, unknown security challenges for us are going to be dealt with in the Department of Defense and actually at levels that we’ve never dealt with before.

What we have to do is to look at strengthening and in some cases building partnerships that we didn’t have before. Within the Department, that might not be a big challenge, but when we start looking at across the federal government, there are some hurdles we have to overcome.

We are working very effectively at these partnerships with the Director of National Intelligence. But we have to go beyond that. We have to look to the states, to local (governments) and actually we have to begin to build partnerships with nongovernmental organizations, something we had not done before. There’s a lot of information out, drawing that together so that we can have the power to leverage that information as you have heard is the heart of net-centric operations.

So our objective is for us to be able to look at not just military operations, we have to look also at our business processes to see how we might be able to improve those; and to ensure that we have the right information. Our bumper sticker in our organization is we need to have the ‘right information at the right time’ so that everyone can do their mission. And so that’s one of our priorities as we go through this cycle.

JIM FLYZIK, THE FLYZIK GROUP

Terrific. I really like that idea of reaching out to those you do business with. I know back when I was a CIO at Treasury, we did a little study and we looked at what Treasury does and we looked at our critical mission and how much of it was dependant on other entities outside Treasury. And you quickly learn that it’s a much more complicated issue than just focused on your own internal mission.

Terry Morgan at Cisco, what do you see as the biggest strategies and benefits from going to net centric operations approaches?

TERRY MORGAN, CISCO

First we see that as a business one of our first requirements is helping our customer the team deploy the best possible current combinations of technology; and then further understanding, as we just heard, about being prepared for the future of the mission to the extent that we can adapt and stretch technology and move technology forward in a way that services our customers’ requirements.

Because ultimately, as was alluded to in the first section, the network becomes the platform that allows information sharing. And if we can share information in a trusted way, the trusted information will allow commanders to make timely decisions and very importantly in today’s world, operators can take precise action.

Given the information at the low level, in a granular manner, they can act, get the job done, without some of the collateral damage and other things that in this world today are on the press. So the whole idea of the network as a platform, sharing information in a timely way will happen. And what we see going forward is that IPv6 will be one of the convergent points here. Because it’s going to help us in the mobility area, it’s going to help us in the security area, and obviously as we expand the number of nodes on this network, it’s going to give us the IP addresses we need to have many devices, thousands of devices, millions of devices, on the network contributing information, delivering information and providing support to our commanders and our war fighters on the ground.

JIM FLYZIK, THE FLYZIK GROUP

Terrific, sounds great. Let’s also hear from John Meincke at Unisys, from the private sector view point as what you see as key strategies, benefits coming out of  a net centric operations approach.

JOHN MEINCKE, UNISYS

OK. Jim, I’d like to say a couple of things. First of all from a priority stand point our number one priority is clearly to support the warfighter. Whether you are talking about the warfighting mission itself or the business systems and the other support mechanisms that are out there. So we are doing several things actually to put a strategy in place.

One is an effort that we have ongoing that actually is an out growth of what we are working in the commercial market space that is called Unisys blue printing methodology. And basically what we are doing there is starting at the highest levels if you look at the DOD where you are talking the mission and the strategy that’s coming out of the three and four star levels and then taking it down to the processes that it takes to execute those missions and then underlying IT support structure, whether it’s for a command or for all of DOD that can make all of this stuff happen.

We put this into a discipline that has different layered structure. It’s built around DODAF architectures and other architectural constructs and it provides for visibility, flexibility and agility from the highest element of somebody looking down at the mission to how it’s being executed and the underlying network centric strategy that it takes to implement it. And how you can in fact optimize the layers that are down below supporting that mission. So that’s a process that we are putting in place, adapted it out of the commercial world and using it in DOD now.

Secondly General Warner mentioned the DECCs, Defense Enterprise Computing Centers, that’s an area that we are working very closely with DISA on. We are a major contractor in the DECC world and we in fact have implemented what we call the utility strategy which enables DOD to get processing power on demand and only pay for what they need when they need it. So those are some of the things that we are doing from a strategy standpoint.

From a benefits standpoint, I’d just like to elaborate a little bit on what Terry said. IPv6 giving us additional address space. One of the things that we see as a benefit of net-centricity is the ability to go beyond where DOD was back in the Gulf War where it was basically an air mission out of necessity at the time and the Air Force did a great job of getting iron on target in about 40 minutes or thereabouts.

We see in the net-centric world the benefits being land, sea and air leveraged into that same mix so that the control sees the best solution in this case it might have been the special forces guy with the sniper gun across the street that wasn’t even part of the equation because we didn’t have the information, we didn’t have the net centric strategy solution in place yet. So that’s one of the big benefits that they see and we are working towards.

JIM FLYZIK, THE FLYZIK GROUP

Sounds great John. I tell you when you hear about what’s going on at the DOD, so much of this should be portable into protecting the homeland in so many different ways too, as these models mature. Dave Wennergren, your role over at DOD. What are some of the key strategies that you see at DOD and some of the benefits that you are anticipating that we will see in the upcoming future. Is IPv6 in that mix?

DAVID WENNERGREN, DOD

Our reality is that the Naval services deploys to Iraq to be with Marines in Fallujah to be part of an Army enclave and have to reach back to share information off an Air Force system. And those are just the anticipated users. Those are the kinds of scenarios that we plan for. And yet at the same time an aircraft carrier leaves San Diego on its way to the Persian Gulf and the next thing you know it’s been diverted to tsunami relief, so you have a whole bunch of unanticipated users, (such as )non-government organizations and (we have to have) the ability to collaborate and share with them.

We have to break down any barrier that prevents our sharing and we have to make sure that we look for innovative sources of collaboration that will help us find the solutions and the answers that we need. So we are doing a lot of work to reduce cycle times and to find the authoritative data sources and make them available to the right people at the right time and that’s what our communities of interest are doing.

In another month or so we will be deploying a community of interest CD web- based tool that we will give out to organizations across the DOD team so that those that aren’t part of these big global communities of interest will be able to do this same kind of work locally. We also are going to look for more and more ways to share and collaborate and so we are working on our information sharing implementation plan that talks about who does what when and break down any barriers that we find and make sure that the right educational and policy structures are in place to allow people to share across, as Cheryl pointed out, and state local and tribal governments and industry and academia.

We are going to foster alignment. We are going to continue to realize that we are a large enterprise and we have to function as an enterprise. We have to buy in bulk, we have to align to the same kinds of solutions, the same standards, the same type of configuration management and we have to raise the bar on security. We have to make sure that we are protecting our people and our information and our critical infrastructures so a lot of work is going to go on in that area too.

And as Cheryl also pointed out, portfolio management is a wonderful forcing function. Portfolio management isn’t just about being good stewards of the tax payer, even though that’s really important; and it’s not just about eliminating and looking at ‘hey I’ve got lots of legacy systems and so I can neck down’. It’s about fostering this movement away from the status quo. It’s about saying our vision is about net-centricity. So our vision is about aligning to standards, open solutions, open architecture, web services, XML, all of the buzz words of the day about service oriented architecture.

Are you going to deliver that kind of solution? If so you’ll be part of the portfolio of the future. If not, you’ll have to go away. And the beauty is we begin to then tip from the ‘I’m used to spending money the way I did before’ to ‘I will only be able to spend money on these solutions that will get me to this vision of the future’; and ‘oh by the way it’s the legacy systems and networks that are less secure’. So portfolio management is also a way that will help improve the security of our systems.

JIM FLYZIK, THE FLYZIK GROUP

Terrific. In that little dialogue that we’ve just had there around that issue we’ve heard security mentioned I think by every one of our panelists here. So I’d like to elaborate a little bit on that before we go to another break here and start the dialogue and we’ll pick it up after the break but how about information assurance and security as we move to net-centric operations.  

There are some who say well with the new IPv6 world and net-centric operations, it will open up more potential vulnerabilities; while others say ‘no it’s just the opposite’, what we’ll be doing is actually be able to implement better security.

Let’s first hear from some of the industry folks working this issue. Terry Morgan at Cisco as we move into the net centric operations world and the future of IPv6 is that going to allow us to improve security in networks or will that actually open up more vulnerabilities?

TERRY MORGAN, CISCO

The way I’d answer that is a no and a yes. Obviously if you move information, there’s always some threat and some risk in moving information. However if we have greater control which we see IPv6 giving us from the security perspective, over the individual IP addresses, you have more knowledge about the network. It’s more distinct granular knowledge about the network that then allows you obviously to have better control of the network because you know what’s there. It’s not hiding behind a false IP address.

There are a number of things that currently because of IP address space etc that creates some cloud. But ultimately the point is yes, information will be out about, it will be moving, it’s always somewhat at risk because we have that measures/counter measures battle continually going on and it’s the speed with which we can adapt and change our portfolios that’s going to be just as critical as IPv6 because none of this works without trust in the information and trust in the network that provides it and trust in the individuals that use it. It’s that trust model, each depending upon one another that’s going to make net-centricity successful.

JIM FLYZIK, THE FLYZIK GROUP

John Meincke can you elaborate or add to that? How do you see this security issue in a net-centric world?

JOHN MEINCKE, UNISYS

I think that first of all I agree with what Terry said. Second of all I think that a couple of things need to happen. One is that the other may be the perception of the additional vulnerabilities because of the breadth and the interrelationship and integration of things that today are much more fragmented. But at the same time I think as we move towards net-centricity and an enterprise view of things, once we get into an enterprise view of how the network needs to operate and how we need to protect the network, I think it’s actually going to enhance things. And JTFGNO which was brought up by General Warner a few moments ago, that is an enterprise organization that is trying to roll up the land, sea, and air networks that are being brought together in the Air Force for example in the new cyber command. My vision of the future is that cyber command would not be an air force command per se but would be probably a four star joint command with oversight and cognizance of the network to include security and it would have the visibility down into the network piece parts that would be required to make it work.

JIM FLYZIK, THE FLYZIK GROUP

Great. I want to hear from our DOD and DISA guests too on that issue of security and information assurance.

Break

JIM FLYZIK, THE FLYZIK GROUP

Before we went to break we were talking information assurance and security in a net-centric world. We heard from our industry guests and now we’d like to hear from our DOD and DISA guests. Let’s start with Dave Wennergren. Dave, in a net-centric world, what kinds of implications does it have for information assurance security? Is it going to give us opportunities to improve the security posture of our country?

DAVID WENNERGREN, DOD

Yes, I believe so. It’s introducing new vulnerabilities but it’s also full of opportunities. We have moved away from a world of thousands of local area networks with local area applications and what did that mean in terms of what your focus on security was to this world where I now rely upon others.

And so I go to an authoritative service, I go to an authoritative system that may be someplace else around the world and so being able to leverage that technology and find the application and do the work when I need  to do it changes the mindset about what security means.  

I sometimes hear people referring to it as a balancing act between information sharing and information security, which I think is completely the wrong analogy. Because it implies that one comes at the expense of the other. And so the information assurance professional becomes the knucklehead that just wants to lock everything down and not allow me to collaborate with the people I need to get my work done. The information sharing person becomes the zealot that just wants to go talk to anybody and doesn’t realize the nature and severity of the threat to our systems right now.

If we instead say we have to be hugely successful at both, to borrow a nautical theme from my past life as the Navy CIO is a high tide raises all boats then we would say that we would pick information security solutions that don’t further isolate me but information security solutions that allow me to collaborate securely. And so if we go into it with that kind of mind set that we will collaborate more and more with more unanticipated users, and yet the threat to our networks is ever growing, we have to pick the security solutions that allow me to share not to withdraw into my isolated world. So that means the nature of what we look at changes and the way we protect things changes.

Because in the old days, continuity of operation plans often focused on how do I back up my local system and that sort of stuff, but now I’m relying on a single authoritative system that might be someplace else. So now the information assurance solutions are a lot more about the survivability, sustainability, resiliency of the network and the integrity of the data, can I trust the information I’m getting back? So the nature of the continuity of operation planning  changes and the fact that I work with so many other people and so it is not enough to just protect myself, I have to make sure that everybody else is raising the bar in security for themselves too.

There is a lot of great stuff going on. I am really proud of the successes we’ve had with the DOD common access card and PKI solution. We have a single PKI smart card application across 3.5 million people. It is raising the bar not only on physical security but cyber security and allowing us to do E-Gov. Digital signatures, get rid of paper based processes.

Over the last year our JTFGNO folks have shown us that by doing cryptographic log on under the network with the common access card we have drastically reduced the number one attack vector at the time which was people cracking passwords. We are also reaching out to make sure that we are helping everybody raise the bar in security, and so working as a co-branded DOD enterprise software initiative and smart buy agreement for the federal government we have put into place BPAs with companies to purchase data at rest encryption products for laptops and personal digital assistants.

JIM FLYZIK, THE FLYZIK GROUP

Hot topic.

DAVID WENNERGREN, DOD

It’s a hot topic and it’s the first time that we’ve not only done an agreement that was for all of DOD but for every federal agency but it is also available for every state and local government agency. So we can help to buy together, leverage our buying power and raise the bar of security across the nation.

JIM FLYZIK, THE FLYZIK GROUP

That’s a great model. That’s something I know we’ve been trying to accomplish for a long, long time. I know back when I was running the federal CIO Council. And thanks for the plug for our next radio show which is on HSPD-12 and identity management, so setting us up for that. The good thing too, and I’m on some groups with John Grimes, is that you are clearly getting proactive and out in front on this issue and not waiting for the bad things to happen before you address the issues.  

Cheryl, can you add to some of the discussion around information assurance security in a net centric operations world?

CHERYL ROBY, DOD

Yes, I would amplify on what Dave brought to the table here is that we really need timely and trusted information and that the threat is real, the threat is now and it is maturing, so we are looking at ways that we can deal with this threat to our information. And one of the ways we are doing that is to actually look at the data and look at how we can secure the data as opposed to the systems.

As Dave was talking about. No longer do we look to fences or patches to be the way we fix our information assurance problems, but we now look at securing the data. It only has a short life span for when that data is valuable so us getting together and figuring out ways that we can secure the data, we are looking at cross domain solutions.

We’ve got to look horizontally and we’ve got to look vertically across organizations and down into the depths of where the information is coming from so that we can move into a more appropriate way to bring forward to our customer the warfighter, the business, and the intelligence apparatus the right way to trust that information otherwise you will not get to the success of net centric operations and information sharing.

JIM FLYZIK, THE FLYZIK GROUP

Good. I like that focus on the data. For so long we were saying how do we protect the devices, how do we protect the laptop. Clearly that is an issue but the real issue is what data is on that device. Because it’s a dramatically different issue when you have critical data sitting on the device. Brigadier General Warner, how about from your perspective at DISA where I’m sure this is a high priority major challenge information assurance and security in all of the net centric operations. Can you give us your perspective on this.

BG DAVE WARNER, DISA

Sure Jim. It absolutely is a challenge. Our focus is on the warfighter and what we want to do is provide that warfighter with the opportunity to have decision superiority. That’s based on that information we’ve all talked about, it’s based on information that’s trusted that’s always going to be there and you can  act on it with assurance. When you back that up, how do you make sure that happens? As we are getting to a more enterprise view of the world in our networks, it’s absolutely critical that we have in place the apparatus that can see that network and protect the network.

So again as mentioned, the Joint Task Force Global Network Operations as an arm of strategic command who has the responsibility to protect and defend the global networks, JTFGNO has again put in place a lot of great procedures to ensure that when commander of Stratcom goes to make a fist, all those fingers that are out there across the services, across the agencies, respond accordingly. So that we can see what’s happening across the enterprise and can then respond as we need to to protect it.

Now that tells us that we’ve got to have standards out there that tell people what can come on the network and what can’t. So to me you need to evolve to a single DAA --  designated approval authority -- that has that opportunity to say what can come on and what can’t come on and a lot of times it’s a self inflicted wound that creates a vulnerability out there which allows our enemy to get a foot hold into our networks.

And so we have to ensure that what comes on has been certified before it actually touches the network. And again we are putting in some opportunities for strat com through JTFGNO to perform that role. Our net enabled command capability, our designated approval authority is Stratcom and so they will again start to stretch that muscle and to demonstrate that they can do that. Because we are going to be, as we roll out enterprise solutions, dependent across the network. Because you can have somebody sitting down at a base in control of a firewall that can choke off your ability to send information to somebody who needs it across the world. We can’t allow that to happen.

So through the JTFGNO, through great procedures, through Stratcom leading the way we can do this and insure that information gets to the warfighter so he can have that decision superiority he needs to accomplish his mission.

JIM FLYZIK, THE FLYZIK GROUP

Terrific. I like that discussion around it’s more than just the technology again. It is procedures, it’s standards, it’s rules, it’s administrative processes and so forth. Before we shift over and talk about the future I’d like to get in a quick question perhaps maybe with just one or two of you about some of the challenges. We are hearing about this tremendous progress here. Are there some challenges or hurdles that are standing out there that can get in the way or that need to be overcome in order to say take this to the next level. Dave, can I ask you that question about difficult challenges or the things that this momentum we are hearing today is just so good the question is, is there something, if we want to take this to another level or is there something that needs to be overcome?

DAVID WENNERGREN, DOD

Yes, and it tends to be not so much around technology and to be a lot more around cultural change. We spent decades being highly effective at being decentralized organizations. Local people built local solutions to meet local needs and there was nothing wrong with that. It was the way we were organized and it was the way technology allowed us to function. But in the internet age it all changes. And now I have to learn to give up some personal control and not build and own the system myself, but rely on someone like a DISA to deliver the service for me. That requires me to step out of my comfort zone a little. And have to rely on others and make sure we have got the right performance structures in place so a lot of the work that we are doing as the CIO team is to help the DOD family deal with this idea that we have to behave like an enterprise. We have to start to realize that it’s not enough to be part of your own command you have to have your foot in this broader national camp about how do we deliver solutions that will allow all of us to collaborate together.

JIM FLYZIK, THE FLYZIK GROUP

BG Warner, you had a comment on that?

BG DAVE WARNER, DISA

I did and I appreciate Mr. Wennergren’s comments on that. I’m at the bleeding edge of this cultural change because we are evolving from the stove pipe cylinders of excellence to more of a net centric approach on how we provide these capabilities to the war fighter. Through net-enabled command capability we are going after the family of systems that grew up in the way that Mr. Wennergren described and trying to get them to an approach that is good for all services so that if a capability is needed by the Air Force we are going to let the Air Force bring that capability forward and bring it for the good of all.

And so we are ensuring that we are working across all the services and so when we get a requirement and we go to satisfy the requirement with a capability, I may give it to the Army to go get, I may give it to the Marine Corps, I may give it to the Navy. I may give it to the Air Force but they are going to do it on our standards, they are going to bring it on our time lines, we are going to pay for it, we are going to incentivize great work and we are going to ensure at the end of the day that we have these modular capabilities that again fit together and not have these stovepipe cylinders of excellence but rather have capability modules so that we can share information across the enterprise for the benefit of the war fighter.

JIM FLYZIK, THE FLYZIK GROUP

Terrific. We’ve got about eight minutes left and I’m going to shift and talk about our vision for the future. I’m going to ask each of our panelists to give us your vision for where this is all going down the road here,  2 years, 3 years, 5 years 10 years out, what kind of world will it be in. Let’s just work down the table here. Let’s start with Terry Morgan over at Cisco. Terry what’s your vision for where this is all going?

TERRY MORGAN, CISCO

Thank you Jim. Simply stated and as I started the program anything that flies, drives, sails, or walks becomes a note on the network. But the vision is one thing. This is a journey, transformation is a process and I think the true change that has to happen to make this vision take place is we’ve got to view this in terms of the operational art. Creating a positional advantage. Nothing will ever be set in stone, will be as it is today, tomorrow.

This is a battle of vulnerabilities, asymmetry as we’ve heard the panelists speak, so it’s creating a culture as was just alluded to, in a regulatory environment that allows speed to accommodate the rate of change of technology. It will be what it can be, the question is can we get there fast enough and put defense inside the oodle loop of technology and inside the oodle loop of the bad guys. Because they are buying it as fast as it comes off the shelf.

JIM FLYZIK, THE FLYZIK GROUP

Very good point. BG Warner, your vision for the future of where this all goes.

BG DAVE WARNER, DISA

What I would envision in the next three to five years is being able again to provide capabilities to the warfighter in a very speedy, rapid, flexible, agile fashion. To me the key to doing that is this federated development certification environment. This is again a collaborative environment by which all participants can come forward with their ideas, that are going to satisfy the war fighter’s requirements, bring those capability modules in and then we can use this environment as a way to be a gateway to the global information grid.

It’ll be a gateway that has the testers, the requirements, the developers all in there together and again making sure that as you recognize that you are satisfying the requirements, that you are also doing the testing and the certification. So what you role out are capability modules that are standardized, that have the information assurance built in not bolted on, and that you know you have satisfied what the warfighter needs. And once you have this factory up and operating you can do this in a very agile fast fashion. So you keep the war fighter from having to create their own solutions out in the field. We are going to do it for them.

JIM FLYZIK, THE FLYZIK GROUP

Great, well said. John Meincke, your vision for where this is all going.

JOHN MEINCKE, UNISYS

I’d like to address the governance aspect of that for a moment and by that I mean  right now we have strategic command as the overall umbrella command and we have the Joint Task Force for Global Network Operations --  JTFGNO -- under that. I see a maturation of that process into what I would call a cyber command that probably at some point will evolve to the four star level.

And for that I will draw an analogy to the U.S. transportation command today. Transcom today provides the distribution process ownership service to all the combatant commands on a world wide basis. Because of the importance of that mission and the need to put it all under one umbrella. I would see the same thing in a cyber command because of the imperatives of what it takes to operate and protect the network and the information flow in that network. That would require and need a four star dedicated to that mission command and I would see that potentially in the five year down the road time frame.

JIM FLYZIK, THE FLYZIK GROUP

That’s a refreshing way to view it from a governance perspective as opposed to from the technology perspective. Cheryl Roby, your vision for where this is all going down the road here.

CHERYL ROBY, DOD

My vision is that we would see information as a strategic asset. As valuable to us as the ships we sail, the planes we fly, and the troops that we command. That we would see that net-centric operations allow the humans to leverage the power of that information, to be able to deal with the uncertainties that we have, the challenges, the needs, the unanticipated partners and the circumstances.

We will actually become net-centric and be able to go across the entire enterprise from the highest levels of our headquarters down to the troops in the field who are looking at insurgents and working and tracking, down to maybe a civilian in a depot who is looking for a new supplier.

When we look at the knowledge that we have with our net-centric operations that would be timely and trusted information at our fingertips and that the simple objective that we all have in mind and the reason all of us are here today is that we want to simply save lives. And I think net-centric is going to allow us to be able to do that. One of the things as we move ahead and we deliver the power of this information, there are many challenges. But I think we are all up for the challenge and for us to look forward to that in the future.

JIM FLYZIK, THE FLYZIK GROUP

Terrific. That’s very well said. Well done. Dave Wennergren, what’s your vision? Where is this all going? What should we be anticipating, what kind of a world will we be in?

DAVID WENNERGREN, DOD

I love working with Cheryl. That is the spot on vision. It’s the reason why we all get up and come to work. That is where we are headed for, so what does that look like to us.

What I see is that we can find the knowledge that we need, both across organizations and across cultures and across differences in how we think and organize and structure and buy, all those barriers get broken down. We can find the people that we need, we can ask the expert, we can find that expert wherever they are around the world. Not just within our own organization. And it happens quickly. It happens with speed and with agility. It looks a lot more like Web 2.0 and second life and a lot less like email and massive systems that take years to build and deploy.

And it starts with each of us. To achieve this vision it really is a lot about cultural change. It’s a lot about each of us being a positive force for change and realizing that if we are going to continue to build on this great success we’ve had so far, we’ve got to be willing to give up some personal control , reach out and collaborate across organizational boundaries to find the answers so that we can continue this net centric transformation.

JIM FLYZIK, THE FLYZIK GROUP

That’s terrific. I have this habit as I listen to you all speak, of just jotting down a few words that are like concluding things. And here’s what I wrote down today: the right information to the right people at the right time. Speed, constantly using net centric operations to get that information there faster. Power to the edge, it’s not the last mile, it’s the first mile. Because it’s that individual out there in the field that needs the information. Sharing that information in a federated environment a collaborative environment. It takes collaboration. We need to constantly drive that collaboration point. And as Cheryl said, ultimately it’s all about saving lives and isn’t that what we all should be focused on?

I’ll tell you I’m sure that our listeners listening to the show they will be as impressed as we are with the progress that’s going on here. This has been tremendous in terms of hearing the things that are happening in DOD and DISA and in the industry in this space.

With that I want to thank our panelists for coming out and sharing your ideas and your thoughts with us. I know you are all very busy and taking time out from your busy schedules to be here.

Thanks to all.