The Army Corps of Engineers is preparing for the Defense Department’s major upgrade to Windows 10. But at the same time, it’s balancing several priorities around cybersecurity, mobility, cloud and a lot more.
Greg Garcia, the Chief Information Officer/G-6 of the Army Corps of Engineers, said all of these efforts are pointing his corps toward a more innovative and agile organization. Garcia joined the Army Corps of Engineers in February after spending the last three-plus years running the Army IT Agency.
But over the short term, the migration to Windows 10 is a top-of-the-mind priority as Defense Deputy Secretary Bob Work ordered the military to move to the new operating system by January 2017.
“Windows 10 is a great opportunity to move the user experience and the cybersecurity forward together. We’ve started with some initial activities to plan the migration for Windows 10,” he said. “The lift is in the application world. What you find out is the application and the application testing is generally where the rubber meets the road for success or not success. The ability of users to get to email and all that works great, but if you are hitting information systems via browser, you’ve got to make sure that works. We have many, many applications we will have to push through.”
Garcia called the application piece the “long-pole in tent” when it comes to the migration to Windows 10.
He said DoD’s implementation is different than most agencies, as it uses a secure host baseline.
“We worked some pilot implementations of the first blushes of what the secure host baseline is going to be through Defense Information Systems Agency and the Army. DISA is refining the release and pushing it to the Army, and the Army will work on it through our great partners at Network Command,” he said. “Really the difficult part is assessing those [applications] against the secure host baseline and making sure the applications perform well.”
Garcia said the end goal is not to lose any functional because of the migration.
“There are standard applications against all segments across DoD. That is not what we really are worried about. What you really have to worry about what is unique to your organization,” he said. “The big Army doesn’t use a lot our applications because they are very much involved in other aspects of the mission where we will have unique civil works applications or things involved in project construction and how we do our finances because the Corps is financed through many mechanisms that are not the same as in DoD. Those are the big systems that we really have to pay special attention to and get them copies of the baseline early and spend some time in the critical path to get them to be allowed to figure out what works and what doesn’t work. Then if there is a modification or advancement required, there is cycle time to get that done and tested again.”
Garcia said the Army Corps budgeted for the migration to Windows 10, but it may not be enough people and resources.
“Another thing we are doing right now is going through our list of engineering projects. All organizations face the same kind of scarcity of resources, both people and dollars,” he said. “We are trying to figure out what can we winnow off the list to free up people and resources so we can focus on the most prioritized tasks.”
Garcia said the corps may end up delaying 10 percent or 20 percent of its projects to transfer resources to a host of IT priorities. At the same time, the Corps is piloting two other major initiatives, including the Army’s move to the Joint Regional Security Stacks (JRSS) and its use of Office 365 in the cloud.
Garcia said the Army Corps did some initial piloting of a Level-2, non-restricted cloud, as well as testing some collaboration tools.
“It was kind of fun. We actually had an Apple phone, an Android phone, a Windows tablet, a desktop computer and an Apple watch, and we were all collaborating over a series of charts. It was really kind of exciting about this power of collaboration and knowledge sharing,” he said. “That drives our ability to move to what we are projecting a Level-5 cloud by summer. What we are doing is partnering with our great friends in the Air Force and the Defense Logistics Agency.”
Garcia said pilots will help the Army Corps understand what cyber risk level it can tolerate when it comes to private and public clouds.
The JRSS pilot also is testing out cloud in some ways.
“We’re going to take traffic that is typically not on NIPR and then we will get through a cloud access point to get into the JRSS security stacks and pop back for the interim,” he said. “This opens up the question about how we should do transport for the Corps across the United States and globally. We still in the learning stages of what this means. I don’t think we know the strategic implications of the JRSS yet because we are focusing on the tactical implementation of this difficult project. But I think there are significant strategic opportunities that will present itself once we have a viable, capable shared security service with the rest of the Army and DoD.”
Garcia said the Corps also is focused on several other broad initiatives, including cybersecurity and ensuring it’s equal with operations, and becoming a more mobile organization specifically for mission needs.
He said Army Corps employees in the field recently used a mobile device and app, called mobile information collection application, to collect information versus a paper tablet.
“They took over 12,000 pictures, videos and notes that were automatically captured, geo-tagged and directly transmitted from the field to various command centers. This is a tremendous asset for on-site command centers to make real-time decisions. As you can imagine in a flood fight, every minute counts. This is really something the Corps would really love to embrace is how do I do my job on the move because it’s a really outside the office oriented action.”
Garcia added that the Windows 10 transition also will make the move to mobility easier.
“We started out with some Android tablets, but really we are open to the best solution,” he said. “We are looking forward to the partnership with the Army and DISA to begin to think about derived credentials, two-factor authentication in different ways that makes it mission-enhancing and not have to worry about whether I’ve got my card in my pocket or not.”