Q&A: John G. Grimes
Network Integrator
Harnessing Information for Military Operations, Intelligence and Business
John G. Grimes
Assistant Secretary of Defense
Networks and Information Integration
Chief Information Officer
John G. Grimes has served as assistant secretary of defense for networks and information integration (ASD NII) and chief information officer of the Department of Defense since 2005.
Grimes has extensive technical and policy experience in telecommunications, information systems, and the command and control fields. His public service includes five years on the White House’s National Security Council staff as director for national security telecommunications policy, director of defense command, control and communications programs, and senior director White House situation support staff from 1984 to 1990.
Grimes served as deputy assistant secretary of defense for defense wide command, control and communications and was the deputy assistant secretary of defense for counterintelligence and security countermeasures from 1990 to 1994. As a member of the DoD Senior Executive Service, he held senior technical and staff positions with the National Communications System, Defense Communications Agency and the Army Communications Command following his military service in the Air Force.
Joining Raytheon in 1994, he served as vice president of intelligence and information systems, Washington operations, prior to retiring in November 2005. He has served on Defense Science Board task forces, and was a member of the Industry Executive Subcommittee of the President’s National Security Telecommunications Advisory Committee.
Grimes is a graduate of the University of Arizona, holds a Master of Science degree from Shippensburg University, and is a graduate of the U.S. Army War College at Carlisle Barracks.
Grimes was interviewed by MIT Editor Harrison Donnelly.
Q: What is your role as the Assistant Secretary of Defense for Networks and Information Integration and the DoD Chief Information Officer (ASD (NII)/DoD CIO)?
A: I’m the principal staff assistant for advising the Secretary of Defense on command and control [C2] and communications matters to include network operations, positioning, navigation, and timing [PNT] policy, spectrum management, non-intelligence space systems, and a wide variety of special initiatives. In my CIO role I’m responsible for developing the enterprise-level defense strategy, policy and architecture, for information technology, information resources management [IRM] and information assurance, and the oversight of the IT investment portfolio for the department. It’s a unique dualhatted position with a wide area of influence, touching virtually every mission area in the DoD.
By having these two roles together in one organization, it allows for better planning, investing and utilization in information technology for net-centric operations for the warfighter mission, intelligence community and business systems. What I mean by net-centric is the ability to share information across the department and with our mission partners—both anticipated and unanticipated. One of the significant challenges we face is transforming the department into a global information enterprise. To do this we are building a knowledge- based workforce, institutionalizing a data strategy for communities of interest, and emphasizing the protection of information on our networks. Of course, building and strengthening partnerships with federal and state government agencies, as well as with coalition, non-government organizations, and international partners such as NATO is a top priority.
Q: What are your most important goals for the future?
A: The number one goal of the DoD National Defense Strategy as highlighted in the 2006 Quadrennial Defense Review is harnessing the power of information. Our ability to leverage information will shape how we execute military operations, do intelligence functions, and handle business processes. We are working to provide interoperability at the data level so we can transition away from platforms and systems that don’t or can’t share information—what we commonly call “stovepiped” solutions. We’re focusing on interoperability and information sharing with other federal and state agencies, and our coalition partners to include NATO, for access to timely, relevant and accurate information for better situational awareness and decision superiority.
We must understand how information is used in everyday operations. Information is incredibly valuable, and we’ve spent a lot of time and money to protect it. The way we’ve approached securing valuable information has created a culture where access is based on a “need to know.” Moving the department from a culture based on a “need to know” and toward one based on a “need to share” or even a “right to know” is an enormous challenge.
Successfully accomplishing that shift in culture hinges on trust. In fact, I’d say trust is the essential element in successful information sharing. Taking trust a step further, we also need to focus on building confidence in our data and our networks, and controlled access to our information and information systems to ensure that the integrity of the data is not compromised. In this regard, we have a close working relationship with Major General Dale Meyerrose [Ret.], the CIO of the Office of Director National Intelligence, to ensure we are putting in place the most efficient solutions for protecting and sharing of information to the warfighter and the intelligence community as well as with other government agencies.
Q: You mentioned the 2006 Quadrennial Defense Review. What aspects of the QDR are most important in guiding the work of your office?
A: Well, one major outcome of the 2006 QDR was the recognition of information as a key force multiplier. Accessing and sharing information is essential to gaining and holding an information advantage in the current and emerging threat environment. Our drive to achieve net-centricity will ensure timely and trusted information is available where it’s needed, when it’s needed, to those who need it most. In fact, the QDR evaluated “achieving net-centricity” as one of 10 key capability areas. It recognized that achieving the full potential of transformation depends on viewing our information as an enterprise asset to be shared, and to be protected.
In response, as we move to service-oriented architecture, the DoD’s data strategy is essential to multiple domain data sharing, and we’re working to make data visible, accessible and understandable. The department is accelerating our information-sharing capabilities by emphasizing common approaches to data tagging, as well as improving the organization and categorization of data. The department has developed a broad information-sharing strategy to link with our federal, state, local and coalition partners. Information assurance [IA] capabilities were also given higher priority, and network capabilities received additional funding. The QDR also highlighted some challenges in information transport, specifically how we’re handling the space-based systems. We’ve adjusted the phasing and pacing for our satellites and ground stations, and we’re developing improved bandwidth capacity models to focus the investments to better support our operational forces.
The QDR also recognized that transforming to a net-centric force requires more than IT implementation alone—it requires fundamental changes in processes, policy and culture. The department must shift from military service-focused efforts toward an enterprise approach, and the changes need to be institutionalized in our core processes, as well as during operational planning and execution. The ASD [NII]/DoD CIO office is promoting joint and interoperable solutions through institutional reform efforts like capability portfolio management and enterprisewide systems engineering.
Q: How is the DoD delivering net-centric capabilities to the war fighters?
A: Our ability to deliver net-centric capabilities has evolved. Before Web-based applications and services were possible, the DoD’s early emphasis was on transporting information. Our efforts to build out the GIG paralleled commercial efforts to improve capacity in the commercial Internet. A simple way of thinking about GIG implementation is to envision transport, services and applications as stacked layers, with data, IA and network operations [NetOps] spanning the layers.
Our transport capabilities include the GIG-Bandwidth Expansion [GIG-BE], the Joint Tactical Radio System [JTRS], and the Transformational Satellite [TSAT] programs. The enterprise services layer is being addressed by the Defense Information Systems Agency [DISA], through the Net-Centric Enterprise Services [NCES] program. Recognizing the importance of IA to the GIG, the National Security Agency [NSA] is aggressively moving forward with solutions like the High-Assurance Internet Protocol Equipment [HAIPE], and the Key Management Infrastructure [KMI] programs.
The 2006 Quadrennial Defense Review also established joint capability portfolios to manage selected warfighting capability areas. ASD [NII]/DoD CIO, the U.S. Strategic Command [USSTRATCOM], and the Joint Staff are providing transport and services capabilities through our Joint Net-Centric Operations [JNO] portfolio. JNO includes 326 programs with a focus on 23 critical efforts like TSAT, JTRS and NCES. The resources allocated across these programs are essential for delivering capabilities to the warfighter. Understanding how capability requirements map to each program and how they interact collectively is critical, and ASD [NII]/DoD CIO, USSTRATCOM and the J6 JNO team are continuously evaluating the needs and program solutions for the warfighter. As needs change, or program execution issues surface, resources can be rebalanced across the portfolio, ensuring the right capabilities are delivered.
Q: What can DoD do to improve spectrum management?
A: Well, as you know, many of our key sensors, shooters, command & control, and intelligence capabilities supporting the warfighter require Radio Frequency [RF] spectrum. Our Global Electromagnetic Spectrum Information System [GEMSIS] will make a tremendous difference in our ability to manage the spectrum in military operations. GEMSIS is the cornerstone of our spectrum management transformation, and represents the department’s long range vision for dynamic, real-time, networked RF management operations. GEMSIS will assist in validation the requirements for all DoD electromagnetic spectrum-dependent equipment and applications.
The Defense Spectrum Management Architecture [DSMA] initiative will ensure requirements and spectrum management initiatives are addressed and integrated into a cohesive plan.
The department is actively engaged in the President’s Spectrum Policy Initiative and the World Radio Communication Conference [WRC-07] which is coming up in October 2007. Our goal is continued military coexistence with promising commercial wireless technologies— such as WiMAX—to ensure mission-critical DoD systems are protected from unacceptable interference.
The Defense Spectrum Office [DSO] has been established under the Defense Information Systems Agency to improve the department’s spectrum management. The DSO also gives the DoD customer a “one-stop shop” for spectrum support.
Q: How is the DoD improving information sharing, and how are the changes increasing capabilities, particularly in the intelligence community?
A: Access to and protection of intelligence information is essential for national security and the need to do this well can’t be understated. The DoD National Defense Strategy emphasizes the importance of sharing intelligence information, and the DoD—in close cooperation with the Director of National Intelligence [DNI]—is adjusting policies and practices to improve capabilities. Guided by lessons learned from September 11, 2001, the Intelligence Reform and Terrorism Prevention Act of 2004 established the role of the DNI, which was a major step in strengthening seamless cooperation and intelligence sharing across all federal departments and agencies. Within the department, we recognized the need for a strong data strategy that will improve information sharing across multiple domains.
One key to a successful data sharing strategy is improving our understanding of data. Knowing what information is available, and how it can be used, will enable people to access and share data across system and organizational boundaries. Several goals, including making data visible, accessible, understandable, trusted and interoperable, have been highlighted in DoD directives, and our net-centric data strategy. Reaching these goals is a complex undertaking, and it takes effort across a broad collection of government and non-government agencies working together.
Understanding the criticality of data is a big step forward in improving military, intelligence and business operations. As I mentioned before, one of the efforts underway to enable more effective decision-making is the establishment of communities of interest [COI]. The COI concept centers on coordinating data vocabularies to improve information sharing. Our COIs span mission areas and programs, and they’re charged with developing a common data model to exchange information among DoD, intelligence, government agencies, coalition partners and non-governmental organizations.
Another key component of the Intelligence Reform and Terrorism Prevention Act was the establishment a cross-federal program, Information Sharing Environment [ISE], to focus specifically on sharing of terrorism, law enforcement and homeland security information. This legislation was followed up by two Presidential Executive Orders that provided further requirements in sharing of this information between and among federal entities, with state, local and tribal governments, coalition and other foreign partners, non-governmental organizations and private concerns. Working closely with the DNI CIO, we are developing compatible strategies for assured information sharing, such as enterprise directory services and cross domain access, as well as revitalizing and strengthening the certification and accreditation [C&A] process.
Earlier this year, my office led an effort to develop a DoD Information Sharing Strategy in response to a Quadrennial Defense Review requirement. We worked closely with the Joint Staff, the undersecretary of defense for intelligence and the undersecretary of defense for policy in developing an approach highlighting the goals and objectives of an effective information sharing campaign. Our goals are promote an information sharing culture, creating a seamless enterprise with external partners, preparing for unanticipated partners, and building trust into the environment. We’re developing an implementation plan detailing the steps needed to fulfill these goals.
Another great example of collaboration between the DoD and DNI CIOs is the establishment of a common IA approach. Ensuring mission success between the defense and intelligence communities demands the incorporation of IA initiatives into new mission capabilities from the very beginning. In September 2005, the NSA under Lieutenant General Keith Alexander developed an IA strategy called the Global Information Grid Information Assurance Portfolio, or the GIAP. NSA has delivered near-term IA plans and programs for enterprise security services. This effort will provide the DoD and intelligence agencies a common set of information assurance capabilities and a foundation for the federal sector at large.
Q: What is being done across the DoD to protect networks and information?
A: IA—protecting the data and defending the network—is critical to the department’s transformation. As we become more net-centric, our exposure to “shared risk” increases, where the actions of one DoD component can affect us all. As a result, securing the DoD information environment involves more than technology. It includes ensuring our business processes are bulletproof, and our people are adequately trained to operate networks and safeguard information in a “need to share” versus “need to know” environment.
The importance of IA is paramount as our networks become central to how we do business. The critical nature of IA is underscored by its selection as one of four Critical Joint Enablers considered in the 2006 Quadrennial Defense Review. In order to depend on the Global Information Grid as the transformational weapon system it has become, we must be confident the network will be there and trust the integrity of the data. As the pace of technological change increases, the security challenge becomes more complex.
Moving ahead with our Information Assurance Strategic Plan and the IA Component of the GIG Architecture as overarching mechanisms will establish the level of security needed to operate confidently. We’re also pursuing an Enterprise Architecture and prioritizing enterprise-level IA capabilities using the GIAP portfolio I talked about earlier. The department depends more and more on commercial software, so we have to ensure the software and hardware we use is trustworthy and free from vulnerabilities. We’re working with industry to put a software assurance approach in place that will deliver highly assured software and software-enabled technologies.
Along that same line, we’re working with our partners in government and industry to deliver a robust set of network security capabilities across the department. Some of the IA solutions we’re rolling out include enterprise network defense tools that will automatically identify and detect anomalies, as well as tools to remediate software vulnerabilities, eliminate spy-ware and reduce insider threats. DoD’s networks are complex, growing and constantly under attack by potential enemies interested in accessing DoD systems to obtain sensitive information. I’m confident our approach to information assurance will secure a globally connected, trusted environment to facilitate information sharing.
Q: How is the DoD handling increasing budgetary pressure on IT investments?
A: Increasing budget pressures are affecting everything we do. For example, the department is currently preparing three budgets: the President’s annual budget submission for the coming fiscal year [FY 2008]; the budget to support current operations in Iraq, Afghanistan and the global war on terror; and finally, the additional funding needed since the FY 2007 defense budget was passed last fall. All of this is carefully scrutinized by the Pentagon, White House, Office of Management and Budget and ultimately Congress. It’s a complex process.
As the DoD CIO, I set the IT investment strategy and submit the department’s information technology budget justifications to OMB and then to Congress. From an historic perspective, DoD IT funding has remained relatively stable at approximately $31 billion per year. I expect the trend to continue for FY 2008. For the CIO and IT community, we are under pressure to defend every dollar and ensure our investments support and improve our military, intelligence and/or business operations around the globe. Successfully defending our IT investments requires addressing a number of issues.
First, we need to continue to raise awareness about the importance of IT in every aspect of our military, intelligence and support operations. The National Defense Strategy talks to the need to bring decisive capabilities to bear and to harness and protect advantages in the realm of information. People at every level need to understand that achieving net-centric operations is critical to establishing more efficient and effective military operations.
We also need to deliver the IT capabilities needed by our warfighters and the rest of the department. Let me give you a few examples. The GIG-BE program has provided high-speed terrestrial bandwidth to DoD sites around the world, supporting logistics, intelligence and operational activities. Another success story for the department is the Business Transformation Agency [BTA], established in October 2005. BTA has made huge strides over the past year to transform DoD business operations.
The key here is building on our successes and delivering for the warfighter. We need to continue proving the value of our IT investments to our supporters and to those who look at the dollars we’re spending as a target for cuts. I talked about the department’s transition to capability based portfolios, and our portfolio approach goes a long way in giving leadership at every level the information needed to make resource decisions. We are also implementing the DoD IT portfolio management policy, which was approved by the deputy secretary in 2005. Assessing IT investments against performance-based metrics and mission outcomes will continue to be a cornerstone for defending IT investments. That’s what will win the necessary support from OMB, Congress and the American public.
As we look ahead, the pressure on IT investments is certainly not going away. The DoD will make decisions to move ahead with IT programs based on performance, mission area goals, risk tolerance levels, potential returns and compliance with interoperable architectures. Architectures will identify the required capabilities for our technical infrastructure, and capability delivery plans will highlight improvement opportunities, duplication, interoperability requirements, and standards, and help us target future investments.
Q: Is there anything you’d like to add?
A: Transformation, and in particular, net-centric transformation, is alive and well in the DoD. It’s not a fast process, it’s going to take time, but we’re making significant progress. The policies and procedures we’re putting in place—from our data strategy to improving our acquisition processes—have the department on a path to success, but there’s still more to do.
One of the more important things we have to look at is the development and training of the IT workforce. What I see in the young men and women joining the military services today is that they are already computer literate—they have been playing video games since they were in K1. We have to evolve our culture to take advantage of their skills and abilities. As more men and women who grow up in the digital technology world, computers, cell phones, instant messaging, chat and video games are second nature, and they can operate major weapons systems with little effort. Improving our information sharing capabilities and leveraging standards based, commercialoff- the-shelf solutions to put new capabilities into their hands faster is critical to our continued success. I believe the department’s IT policies, plans and programs are on the right path for providing one of the world’s largest global enterprise the information services the warfighter customers need and deserve. ♦
