Defense Department Chief Information Officer Terry Halvorsen says a trip to Silicon Valley further cemented the department's goal transitioning to the cloud and...
When it comes to maintaining effective, rapid and agile cybersecurity, the Defense Department’s secret weapon is industry.
Any environment that touches information technology or cybersecurity — and that’s almost everything, says DoD Chief Information Officer Terry Halvorsen — needs that triple threat . And Defense needs a solid relationship with the private sector to do it.
“We’re going to have to have to push that envelope. I’m happy to push at that envelope from my side, you’ve got to be pushing from your side. We’ve got to have that dialogue or the secret weapon doesn’t work,” Halvorsen said July 28 during the National Defense Industrial Association’s (NDIA) second Executive National Security Forum in Washington. “There is no single company. … that is going to provide either DoD or the allies with all the answers I need in security. It’s just not going to happen, particularly if I want the best of breed. How do you get the best partnership that provides you the best answer? We have to have a better understanding of value discussions between us and industry.”
One way Halvorsen is working on that dialogue is through a recent trip to Silicon Valley, where he visited companies to learn more about cloud computing and security clearance technologies.
Joining him were CIOs from ally nations like Canada, Australia, Germany, Japan, New Zealand, the United Kingdom and NATO. The visit was the first time for Japan, Germany and NATO, but Halvorsen’s sixth trip.
DoD and its allies need to be able to more quickly share data, Halvorsen said, so this trip in part was a way to talk with industry in one voice. And what that voice is saying, Halvorsen said, is that it’s time to change the approach to IT — moving away from using words like requirements, and instead talking about capabilities.
Halvorsen said when it comes to cloud computing, while that technology is becoming more secure, DoD needs to get faster with its accreditation if it wants to keep up with industry.
“I generally can’t operate anything on my network without authority to operate,” Halvorsen said. “An average accreditation is over a year. … A year is way too long for us to be waiting for changes. It also costs a whole heck of a lot of money. I’m sensitive to the fact that it costs industry more money, but in the end, let’s be real, if it’s costing industry more money, in the end it’s costing me more money and they’re going to pass those prices along and I understand that. The biggest driver is time. We can’t be as agile as we need to be.”
Halvorsen said Defense is also behind on data center closures, but he said a few new cloud solutions contracts would be coming out soon to “make it easier for services to use some variations of commercial cloud computing.”
Halvorsen said once the consolidation is over, he thinks Defense will have a very small on-premise cloud service.
“But beyond government premise I think we will have some government and DoD only clouds that are off-government premise, and again part of that is just because of the scale of DoD, my volume of data,” Halvorsen said.
Halvorsen also said he learned from his trip to Silicon Valley that more companies are being responsive to the DoD’s need for “out of the box and commercial solutions.”
“I see products coming down that are going to be able to take your phone and have easier ways to control what your applications are allowed to do and when they’re allowed to do it,” Halvorsen said. “I think the industry is starting to recognize that not only do big enterprises want to do that, but more and more individuals want to know hey, if I’m in this spot, maybe I don’t want my location on all the time, and I don’t want that app to be able to have access to my phone, my contacts, my files.”
Halvorsen said when it comes to sharing more data more quickly, there needs to be a common identification standard, “that not only assures me that you are you, but you being you have these accesses.”
Halvorsen is openly looking for a replacement to the Common Access Card (CAC) and is on what he called an “aggressive” path to get DoD off the card at the end of two years. He said Thursday at the end of two years he’d realistically like to see an 80-85 percent departure from the CAC.
“I’m looking for a CAC replacement that is actually more software enabled,” Halvorsen said. “I don’t know where this will end up, but you could really see something like identity being based on biometrics, some personal data that you would only know, and frankly, behavior. As technology’s getting better, we’re able to track behavior of people on the networks and systems. There is almost no better way than to know you are you, than your behavior.”
Halvorsen said this could be something like identifying a person’s unique walk or gesturing.
“I think there’s a lot of opportunity in this space to use technology that will not wed us to a physical token,” Halvorsen said, “and let us be more agile in our response and the whole infrastructure costs a lot less money.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.