Relevant links are at the bottom of this post.
WASHINGTON, April 18, 2016 — Defense Department Chief Information Officer Terry Halvorsen discussed the DoD’s network modernization and data center consolidation efforts as part of the department’s cyber strategy during a recent media roundtable with defense reporters.
The DoD CIO also explained how his office is empowering mobile data access and thinking about how to make it easier for government and industry cybersecurity workers to trade places for short periods of time.
“What we stressed [during the March 22 hearing before the House Armed Services Subcommittee on Emerging Threats and Capabilities] was the need to modernize DoD networks, and the focal point of that is the Joint Regional Security Stacks, or JRSS. That has not changed. That will not change as long as I am here, and I think beyond that,” Halvorsen told the reporters.
Securing DoD Networks
The JRSS is a regionally based centrally managed suite of security appliances that Halvorsen has said will simplify and secure the DoD network environment and reduce the department’s “attack surface” from 1,000 security suites and more than 5,000 firewalls to fewer than 50 potential access points.
The shift to JRSS will improve the ability of those securing the network to see what’s happening across those networks, “and is essential to the overall cybersecurity of DoD networks, but it also will help DoD reduce costs, improve configuration management and advance functionality across the network,” he said in written testimony for the HASC hearing.
On consolidating data centers, Halvorsen said that DoD continues to work, and should work faster, to reduce information technology security vulnerability and increase efficiency departmentwide by such consolidation.
“We are going to have to move better on data center consolidation. If you saw the [March 22 HASC] testimony, I clearly admitted we are behind on doing that, so internal to the DoD we are looking at some very specific action,” he said.
Consolidating Data Centers
For example, the CIO’s office is identifying its highest-cost data centers and then will be “more prescriptive” from a DoD level about actions everyone will have to take with data centers, he added.
“This is less about counting numbers of data centers, numbers of servers, and frankly I’m not going to do that,” Halvorsen said. “I’m counting the money we’re spending on that and we’ve got to … use that money for higher priorities.”
The major data center cost driver is people, the CIO said.
“What you’ve got to look at when you capture the cost of data centers is how many people are doing what? If you still have a lot of people, say, doing monitoring and maintenance of servers, that’s a bad use of people. That can be automated today in an efficient data center,” Halvorsen explained.
Mobile Data Access
The CIO’s office is continuing to push mobile data access, Halvorsen said.
“At the end of this month we will have released the wireless guide on how to use wireless that will … be more for internal wireless networks. Very rapidly to follow will be our guest network inside the Pentagon, and how to [use] that,” he added.
The CIO said he’s visited Samsung, and likes, though he can’t endorse the device, many of the security features that have gone into Samsung 7.
“We’ll be testing that,” he said, “ and some other phones that I think by the end of the summer we will be able to say they are now also on the approved list for people to get both their [unclassified] official email and their unclass[ified] personal email … [and] I think that will be another empowerment step forward.”
Halvorsen said his office wants to work on legislation that would allow them to continue to expand partnerships with industry and improve the ability to bring industry people into the department for short periods and do the same with DoD people in temporary industry slots.
“We’ve got to get to that,” the CIO said. “I was very pleased that both of the [congressional armed services] committees have been supportive of that type of legislation.”
Halvorsen said his office also is determining how to handle pay issues for the cybersecurity workforce.
“Everybody who is in the business knows that the cost of highly trained cybersecurity people has gone up, salaries are going up. It is something I think we’ll have to address, and we are working on how to do that within DoD,” he said.