After 35 years in government, Essye Miller went from using pliers and pulling wires to overseeing the Defense Department’s technology infrastructure.
Miller, who “fell” into federal service after college, joining the Air Force as an entry level computer programmer under a civilian internship program, said of all the technology changes she has seen, the Common Access Card (CAC) was among the biggest shifts over the last three decades.
“I’ll never forget the culture shift for the DoD. The military had been used to carrying their identity card under the Geneva conventions and it always looked a certain way. Now to look at a different form factor with a chip and a magnetic stripe, it was a huge shift for the department,” Miller said on Ask the CIO. “To be a part of the implementing of the Defense Enrollment Eligibility Reporting System (DEERS) and the Real-Time Automated Personnel Identification System (RAPIDS) to produce the cards and helping folks understand how to public-key infrastructure-enable their systems, that is foundational to everything we are doing today. It plays a huge part in the cybersecurity aspect of what we are doing. I always look back and say that was pretty simple, but it wasn’t. It was a huge transformation for the department because it touched everything. I just didn’t realize the magnitude at the time.”
Miller, the principal deputy chief information officer at DoD, is retiring from federal service on June 30. She will be replaced by John Sherman, who came over to DoD after spending the last two-plus years as the CIO of the Office of the Director of National Intelligence.
Insight by LookingGlass: Federal technology experts provide insight into how agencies are approaching cybersecurity in the new virtual climate in this exclusive executive briefing.
She said she plans to take some time off and unwind, hopefully travel if the coronavirus pandemic emergency settles down. But Miller said her passion for federal technology, service and mentoring will continue in the future in some way.
Miller is one of those few federal executives that started at the lowest levels of government and worked her way up to the leadership realm. During her 35-year career, Miller worked as a programmer with punch cards and COBOL and Assembler languages, focused on cybersecurity with the Army and the DoD, and earned her Masters of Business Administration to lead the strategy and operational functional areas.
“[The MBA] postured me to ask different questions. Less about technology but marrying the technology with the business, particularly with the investment side to make sure we weren’t just chasing the latest shiny technology, but understanding where it’s seen in the mission and strategy for an organization,” she said. “Couple that with an opportunity to go down to Air Command and Staff College in Montgomery, Alabama, and then later again the Air War College in Montgomery, gave me the strategic studies and military operational exposure. When you put all of that together, I’ll be the first to tell you the Air Force made a tremendous investment in me and I was determined to soak it all in so I could give back.”
That experience was key when Miller helped lead the initiative to roll out the CAC across DoD in the late 1990s and into the early 2000s. More than 4.5 million DoD service men and women, National Guard members, civilians and contractors have these smart identity cards and it’s the gateway to almost everything they can do on the network and in facilities.
“If you look now at the cybersecurity scorecard, one of the things we look at is whether or not our systems are PKI enabled, and how we have multi-factor authentication so we can prevent identities from being spoofed by adversaries,” Miller said. “So much was and still is reliant upon the technology on that card, particularly for some of our older systems—with older being relative. To me, it was one of our first tranches of hardening our cybersecurity across the department. Obviously we have evolved and will continue, but no matter what I do I’ll need my card to log into the network. I’ll need my card to get into the Pentagon. There are so many things that we use that card for.”
Miller added that the CAC will continue to play a central role as DoD releases its updated identity and credential access management (ICAM) strategy. The Pentagon updated its ICAM memo in December 2018 to standardize the use of the Personal Identity Verification (PIV)-Authentication (Auth) certificate for access to DoD information technology assets on the Non-Secure Internet Protocol Router Network (NIPRNet).
Miller said while the identity card isn’t going anywhere in the short term, DoD has to continue to move toward a zero trust environment.
She said the discussion has evolved to how can services and agencies protect their data and who should have access to that data.
The Defense Information Systems Agency and the U.S. Cyber Command have recognized this need and started a pilot around zero trust in 2019. The Air Force’s 16th cyber wing also is following suit with a zero trust pilot on a small scale but with plans for a larger deployment in the future.
“If we get the ICAM strategy correct, this should be a relatively easy shift, but heavy lift for us to really focus on who has or who should not have access to data and move us away from perimeter defense as we know it to focus on the data,” Miller said. “With regard to the audit we went through last year, the preponderance of the IT findings were with regard to access to systems and making sure we were moving away from stale information. When I leave on [June] 30th, there should not be a gap between my departure and the clearance of my credentials in the system. Those are the kinds of things we should focus on. How do we close those gaps? Moving to a zero trust architecture will help posture us for that.”
The continued move toward zero trust is one of several priorities Miller is leaving for the new principal deputy CIO.
She said she’s lucky to have had time to work with Sherman over the last few weeks to help him adjust to the new role.
“We started this year as the year of execution for the digital modernization strategy. John has been a tremendous partner from the intelligence community for us for a while now so him stepping into the role, he will be the perfect partner to push the execution of the modernization plan,” Miller said. “We’ve established the chief data officer and we are publishing [a data strategy] this summer. We will stand up an electromagnetic spectrum office here soon to address spectrum needs across the department. IT reform will remain a focus across the Fourth Estate organization.”
As far as advice for Sherman, Miller said the key to success for him or anyone in the principal deputy’s role is to establish and maintain relationships across the services and defense agencies.
“My advice to him is to continue to build on what we have already put in place, further establishing the governance process and the relationships with the military CIOs particularly as we focus on IT modernization tasks,” she said. “He, of all people, has a great opportunity to bridge the IC and the DoD IT communities because there is so much we are doing that links together. But most of all, I see his role as taking care of the team and enabling them to succeed because there is so much on the plate to do with the digital modernization strategy.”