In his first three months on the job, Leo Garciga, the Army’s new chief information officer, has focused three big priorities.
He said the move to the cloud, the continued evolution of DevSecOps and data will drive a lot of what he does over his first year on the job.
Garciga said he’s already institutionalizing and simplifying the use of cloud and the move to DevSecOps methodology through new policies.
“We’ve already pushed out two guidance memos, one around the Joint Warfighting Cloud Capability (JWCC) to start moving the entire Army in that way. Then one relaxing some of the constraints that we’ve had for contracting for cloud support in order to really maximize the industry’s ability to come partner with us to get there,” Garciga said in an exclusive interview on Ask the CIO. “We did push the memo out that said we are going to strongly encourage that we go to JWCC. I think right now our approach has been we need some time to get off the Cloud Account Management Optimization (CAMO) contract. I think that’s been a great effort to get a lot of capability in the cloud. I think we’ve got to get the team in a good spot to operationalize JWCC, especially with a focus on impact level 6 (IL6). Let’s get some reps and let’s mature the process, and then as we do that, we’ll start shifting off and making sure that we’re all in all on every network fabric for JWCC.”
Garciga took over for Raj Iyer, who left in February after two years, in July after spending the last two years as the director of information management for the Army G2.
Like the Defense Department memo around JWCC, Garciga doesn’t want to complicate or interrupt current mission efforts by forcing a move to the vehicle.
“The philosophy is JWCC first. That’s really where we’re pushing. Our intent is to maximize our use of JWCC across the board. So as we move forward, we’ll get more and more task orders on there. I think we’re going to see those real huge long term cost savings similar to what the intelligence community saw with C2E,” he said. “The other memo really was an internal Army approach to contracting for cloud. We’re probably a little too restrictive in our approach, which really meant that we were not getting best value. We really pushed hard to open up the aperture to allow commands and program executive offices to really go out there and get the right vendor that could support them, whether they were building new things in the cloud, or just getting support to manage inside of virtual private cloud, we wanted to make sure that they had the flexibility they needed and relaxed, that restriction.”
Garciga added early on in the Army’s cloud journey, leaders made a decision to try to limit the sprawl of contracts, particularly support contracts through several enterprisewide vehicles. But the service found they were paying too much or not getting the best service from the limited number of vendors so Garciga’s memo is letting the Army look more broadly for cloud support contracts.
Army’s new software policy
Building on the cloud efforts, whether through CAMO or JWCC, the Army is accelerating its use of the DevSecOps methodology to build applications. The Army PEO-Enterprise Information System (PEO-EIS) has made it a major initiative to transform itself to an agile development organization, following the lead of the Army Software Factory.
Garciga said these efforts made it clear the service needed a new software container policy, which he signed on Sept. 26.
“This initial guidance is on how to best leverage, secure and deploy software containers inside the Army. It was badly needed. I think a lot of folks are doing great things, trying to put their applications and their capabilities into containers, and doing it with little guidance,” he said. “I think we really focused as a team up here on how do we get the best guidance out to the Army at large that allows us to be in a more secure space, but gives us the flexibility we need across all of our software development activities that are out there? A lot of great folks across the Army came together from Army cyber, from Network Command, here from CIO, from the G6 and from the acquisition community to really sit down and think through the some of the challenges that we were having, both with software being developed by commands and software being developed within the acquisition community to get the best guidance we could get out that really starts shaping how the Army leverages software containers across the board.”
The memo lays out three principles for software containers:
Additionally, the guidance details requirements for base containers, from which application containers are derived, container application development platforms, authorization frameworks and application containers.
Garciga said he’s also working on another policy that is a few weeks away from release that is focused on reciprocity.
“When I think of what’s happening on the Combined Joint All-Domain Command and Control (CJADC2) side and folks across the department building and leveraging capabilities across the board, this idea that we have to go reaccredit things and relook at it from a security perspective is really slowing us down and hampering us,” he said. “We’re looking at putting some initial guidance out here in the next couple of weeks to look at adding some flexibility for both authorizing officials and for the Army to more quickly leverage capabilities that’s already been looked at by another combat support agency or military department.”
The goal is to bring the approved technology onto the network in a secure and smart way that ties back to the container policy.
DoD preparing API guidance
Around Garciga’s third priority, data, is the connection between new and old systems.
He said DoD CIO John Sherman will soon issue a new policy for using application programming interfaces (APIs) that will help make it easier for systems to share data.
“More and more, we’re realizing that there’s some work that needs to be done to standardize our approach to APIs and identify them. We have some opportunities, in many cases across functional areas, to really understand how we build an API library that helps existing systems, not just integrate with each other, but helps us have a good way to take some of our legacy systems that will have to integrate, at some point, talk back to those existing systems,” Garciga said. “We’re working really hard and have a couple of efforts right now with some folks on the electronic warfare side and on the intelligence side to get some initial guidance out to the force on what a standard API looks like and where you’re going to store it.”
He added the policy will help the technology, acquisition and mission communities alike because it will articulate the Army’s expectations from a digital perspective to move data.
Another focus area for the Army is identifying their authoritative data sources and products, and developing a catalog of those sources and products.
“I think the other piece, which is huge, is a push on data literacy. That’s another place where everyone’s in a different spot, but what we have seen, which really excites me, is a huge organic push by some commands to take on a train-the-trainer approach, bringing some experts in and really building out what I would call a data literacy 101 course on the fly,” he said. “I think they’re up to almost 4,000 folks that have been have been trained, and they’re talking about what’s that next generation course look like? I’m really excited where we’re going. What’s even more exciting about that is the momentum has been so much that it’s now getting pushed into the institutional Army as we started looking at some of the school houses, they’re taking some of that work and really pushing it in. We’re going to continue to be moving forward on how we maximize data literacy across the board to really get everybody speaking the same language. That’s a critical piece to modernization and a critical piece to how do you mature the enterprise.”