The Pentagon is making some adjustments to the role of its chief information officer, intended in part to help lay down where the CIO’s role begins and ends with respect to DoD’s still-developing cyber doctrine.
The changes, laid out in a Nov. 21 update to the existing DoD directive that defines the CIO’s roles and authorities, include a clearer delineation of the roles of the DoD CIO and the newly-created Principal Cyber Advisor (PCA). The Pentagon, responding to a congressional directive, designated Eric Rosenbach, the assistant Defense secretary for homeland defense as the first PCA in June.
The CIO, the directive also makes clear, is not just the Defense secretary’s top adviser on IT management matters, but also has the secretary’s backing when it comes to getting rid of duplicative IT in the military services, creating an interoperable DoD-wide enterprise IT architecture, and has a role in determining what IT the military buys.
Terry Halvorsen, the acting DoD CIO told reporters Friday that the changes added some responsibility to the office, but that the most important changes were clearer lanes in the road between the CIO’s office and the military cyber functions in the orbit of U.S. Cyber Command.
“As we look at the CIO and cyber, there are some things that overlap on that and there are some that don’t,” Halvorsen said. “This, along with all the other things DoD is doing, tries to clarify the CIO and PCA’s role, where the operational commander has a bigger role, what is the CIO’s role to the operational commander, and I think it did that very well.”
For instance, the new directive makes clear that while the CIO is in charge of setting certain policy guidelines when it comes to offensive and defensive cyber operations, he or she has no operational control over those missions — that belongs to the operational commander.
Additionally, the document names the CIO and the department’s deputy chief management officer (DCMO) as the co-chairs of the Defense Business Council, which oversees investment decisions for business IT systems and acts as a coordinating body for a broad array of DoD management decisions. The panel also includes representation from the CIOs and DCMOs of each of the military services.
“So we’re able now to take our cross-functional problems and share our cross- functional solutions and good data much more effectively throughout the department than we were before we had that kind of coordinated effort,” Halvorsen said.
Meanwhile, Congress is pressing the department’s CIO and DCMO operations to get even closer while also elevating their authority.
A provision in the House- Senate compromise on the 2015 Defense authorization bill would merge the CIO and DCMO offices into a new Senate-confirmed position, the Undersecretary of Defense for Business Management and Information. If the bill is passed by the Senate and signed by the President, the new title would take effect in February 2017, becoming the third-ranking position in the department behind the secretary and deputy secretary.
Because the NDAA is not yet law, Halvorsen declined to comment specifically about the provision, but made clear that he thinks the closer working relationship that he and acting DCMO Dave TIllotson have already developed is a very good thing. For instance, they’re already jointly in charge of a department-wide business process systems review that has already begun to yield $10 million in annual savings in the CIO’s office alone.
“The integration of process and the IT systems that support process is key to any successful business operation,” he said. “Since I own the IT systems and Dave owns the review of those business processes, it makes sense for us to go together when we look at the elements that are conducting the operations and using the systems. That synergy is really, really good.”