Navy’s integration of privacy, cybersecurity part of Foster’s lasting impact

The Department of Navy is a much different place than when Rob Foster arrived two years ago.

Now as Foster, the DoN chief information officer, heads to a new job in government, he said the Department of Navy is well positioned to ride the technology wave for its sailors, seamen and civilian employees to be successful.

Foster said he took several important steps over the last two-plus years to put the DoN on a more firm IT management and governance footing.

Among the first things he did was reorganize the CIO’s office to bring it more in line with the Clinger-Cohen Act to have a more direct “line of sight” across initiatives and programs.

Outgoing Navy CIO Rob Foster

“Privacy, strategic spectrum, cybersecurity and risk management framework were my strong suits,” Foster said on Ask the CIO. “Privacy was a big area I wanted to focus on. We focused on reducing the Social Security numbers that are visible to the public and we are transitioning those to the DoD identity numbers, which are not used in industry. We also did personally identifiable information breach response with the first-ever tabletop exercise on how to do PII breaches and the responses thereof. We took our privacy training that used to be almost all PowerPoint based and we’ve done gamification and put that into a mobile application so that helps the users essentially learn a little bit more.”

Foster announced earlier this month he is leaving the DoN to be the deputy CIO at the National Credit Union Administration. He said the reason he is leaving is to return to the operational side of the house and to put his experience with the DoN into use as NCUA modernizes its IT networks and systems.

His last day with the DoN is Aug. 18 and will start at NCUA on Aug. 21.

Among the biggest lifts for Foster and the DoN was changing the way the service does cybersecurity.

Foster said over the last two years his office focused on the workforce as well as the processes that govern information assurance.

“It was a big deal to migrate from the old DoD Information Assurance Certification and Accreditation Process (DIACAP) to our risk management framework format,” he said. “The team created a risk management framework light, which is essentially a bridge from one process to another, to help migrate old systems into a new one.”

The risk management framework will let the DoN move to a more continuous monitoring of systems to ensure a stronger cybersecurity posture.

Foster said the cyber efforts also lifted his office’s privacy initiatives.

“You have the defense-in-depth side, which is more of a fence and moat scenario, but then you still got the user impact and I think reducing the Social Security numbers will help us with a privacy breach and in many cases, a privacy breach is a key indicator of a cyber breach,” he said.

Foster said to complete the move to the risk management framework, the DoN still must conduct employee training, modify contracts that may explicitly call out DIACAP and update existing systems to see which ones need new certifications and accreditations sooner than later.

Under the strategic spectrum effort, Foster said he’s proud of the initiative to reduce the amount of time it took to install broadband on Navy installations. Foster said several years ago it took as much as five years to install high-speed networks.

Today, Foster said it takes less than a year.

Advertisement

“The team partnered with the Navy’s Energy, Installations and Environment group. They did a Lean Six Sigma and brought that process down to under one year. That streamlined process now has been vetted with other stakeholders, which gets broadband to the installations in less than one year rather than five years,” he said. “If you look at Navy installations, there is a host-tenant arrangement. The first thing is to identify a single point of contact for broadband or spectrum on an installation. That is critical and has been accomplished. The other thing was it used to go through a lease process. A lease process had a request for bids and was acquisitions style. Now that lease has been converted to an easement. Working with EIE, we had looked at how we could compress the current process.”

The DoN launched the new process about eight months ago and will monitor and improve it as necessary.

Foster said the incoming DoN CIO will have a full plate of initiatives starting with the recompete of the managed service contract called NGEN.

He said the service will move to version 2.0 of the Joint Regional Security Stacks (JRSS) when it’s ready in the latter half of 2018. He said the NGEN recompete effort will be the on-ramp for the future version of JRSS.

Foster also made it easier for the Navy and Marines Corps to move to the cloud by allowing the individual services to approve mission and operational business cases.

“In 2018, we are looking at increasing the number of viable cloud options. They have to be approved by DoD, of course. The Defense Information Systems Agency’s MilCloud 2.0 will hit so that will be another key enabler to cloud,” he said. “The Navy Program Executive Office-Enterprise Information Systems (PEO-EIS) and the Chief of Naval Operations (OpNav) organizations are working to produce cloud governance management models, standardized cloud contracting requirements and engineering standards so we can push that and accelerate the adoption of cloud technology.”

These efforts build on the DoN’s cloud first policy that was signed in February. It is intended to meet the strategy and drive Navy innovation via “cloud-based” design, patterns, practices, processes, technologies and services to meet Navy warfighter and business requirements, to enhance lethality, maintain information superiority, and increase system interoperability, capability, agility and resiliency.

Foster said the DoN has seen positive results in achieving buy-in from constituent command CIOs and resource sponsors. They have been developing implementation plans for fiscal 2018 along with governance structure and supporting policies. The commands also have delivered several IT capabilities into various hosting environments.

Foster said he expects 2018 to be a bridge year to move from hosted or managed services to the cloud with true resourced acceleration to begin in earnest 2019. He added that cloud is still a rapidly evolving topic within DoD and the Navy is already working on an update to their cloud first policy to ensure they keep pace with changes and advancements in the cloud service provider field.

Foster said he has mixed emotions about leaving the Department of the Navy.

“This [position], as I said when I was hired, is the apex of my career,” he said. “Having this opportunity has both been a distinct honor and pleasure. It’s not without a heavy heart that I depart, but I’m doing it so I can get back to technology delivery and being closer to the customer. I think it will sharpen some of my skills, because when you get to a 50,000-foot view in some cases, you are a little bit more hands-off. I’m very excited about my new opportunity. This is a wonderful department and I love the Navy dearly.”

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.