Q&A: Robert Carey
IM/IT NAVIGATOR
Robert Carey
CIO
Department of the Navy
Robert J. Carey was named the chief information officer for the Department of the Navy in November 2006. As the DON CIO, Carey is the senior information management/information technology (IM/IT) official in the department, providing top-level advocacy to the secretary of the Navy for the development and use of IM/IT and creation of a unified IM/IT vision for the Navy–Marine Corps team.
Carey develops strategies, policies, plans, architectures, standards and guidance, and provides process transformation support for the entire DON. Additionally, he ensures that the development and acquisition of IT systems are interoperable and consistent with the department’s objectives and vision. He is also the department’s knowledge management champion and privacy officer, serves as the IM/IT work force leader, addresses emerging technologies and issues, ensures the availability, integrity and protection of the department’s information systems, and serves as the department’s critical infrastructure assurance officer.
For the previous three years, Carey served as the DON deputy chief information officer (policy and integration). Reporting directly to the DON CIO, he served as the principal adviser to the CIO and was responsible for managing and leading the DON CIO staff, developing strategies for achieving IM and IT enterprise integration across the department. Carey joined the staff of the DON CIO in February 2000, during which time he served as the DON CIO eBusiness Team leader through June 2003.
Carey served in a variety of engineering and program management leadership positions within the acquisition community in the undersea warfare domain, including director of the Surface Ship Sonar Dome Program Office and chief engineer and deputy program manager of the Undersea Weapons Program Office.
Carey has a Bachelor of Science degree in engineering from the University of South Carolina, and a Master of Engineering Management degree from the George Washington University. An active member of the U.S. Navy Reserve who holds the rank of commander, Civil Engineer Corps, Carey recently returned from deployment to the Al Anbar province of Iraq.
Carey was interviewed by MIT Editor Harrison Donnelly.
Q: Shortly before taking over as DON CIO, you served six months as a reservist with a Naval Construction Regiment in Iraq. What did you bring from that experience that shapes how you do your job?
A: Serving in Iraq gave me a unique view and perspective of the many and broad uses of IT supporting combat operations in theater. Being a consumer of IT on the ground at the tip of the spear helped me to understand what tools are used by the sailors and Marines we support in that part of the world. I learned that IT is at the heart of every warfighting decision. Leaders in the global war on terror commit the lives of young Americans based upon information carried on our networks and portrayed in real time to near real time. Also, it has allowed me to understand that infrastructure requirements on the ground are similar to those that exist on smaller ships that do not have a lot of bandwidth. I can equate my experience in Fallujah somewhat to that of a sailor on a frigate or destroyer. For example, my ability to get to the Internet and use Web-based applications was far more limited than that which is afforded in my office today.
My service over in Iraq also gave me a greater sense of urgency to focus on IT that will ensure we meet the needs of the warfighter and to rapidly deploy IT solutions in theater. I want to focus the office of the DON CIO to deliver IM/IT policy and strategic direction to support the warfighter and those who support them, connect the relevancy of DON IM/IT initiatives to the sailor and Marine at the tip of the spear, and bring improved IT services to the naval organization through best value investments.
Q: Your office recently released a campaign plan that outlines seven major goals for the next 500 days. How would you describe the vision that underlies and unifies these goals? Can you give us a brief description of the tactics and outcomes for each of the goals?
A: As I mentioned, my time spent in Iraq has given me a greater sense of urgency to do what makes sense right now to help the warfighter. The campaign plan grew out of that desire.
The DON CIO campaign plan complements the DON IM/IT strategic plan. The strategic plan is broader and covers a multi-year period whereas the campaign plan is tactical in nature. The campaign plan includes the salient efforts that the office of the DON CIO is undertaking to support the department’s objectives, transformation, and ensure that the needs of the warfighter are being met. The campaign plan is pertinent to the DON CIO and the products this office will deliver over the next 500 days. It details the major thrusts that will create the biggest impact within the shortest amount of time. The goals in the campaign plan directly align to the strategic plan; however, the campaign plan includes the specific tactics related to each goal and their desired outcomes.
For example, under Goal 1, “Secure the DON IM/IT Infrastructure,” one of the tactics is to secure controlled unclassified information residing on DON information systems, mobile assets, and storage media through the implementation of encryption of data at rest, cryptographic logon, implementation of identity management disciplines, removal of weak network operating systems, and the deployment of state-of-the-art tools to monitor and defend our networks. These are tangible things that we can start doing right now to beef up the security of our networks and information in cyberspace.
Under Goal 2, “Protect Personally Identifiable Information [PII],” one tactic is to implement ongoing mandatory training to increase PII awareness with the outcome of reducing the number of incidents involving the loss of PII. The deployment of encryption of data at rest will directly mitigate the impact of the loss of PII stored electronically on media if lost or stolen.
Goal 3, “Plan for the IM/IT Environment of the Future,” provides for the completion of the overarching Naval Networking Environment 2016 strategy and concept of operations, which will guide the requirements and acquisition strategy for our naval networks after we reach the end of the present Navy-Marine Corps Intranet contract.
Goal 4, “Efficiently Manage Naval IM and IT Investments,” covers a gamut of areas that include identifying a financial management system, centralized management of enterprise software, and an enterprise telecommunications management structure and processes. Many components of IM/IT are consistent across the Navy and Marine Corps, and we must capitalize on these in a consistent portfolio management process that allows us to maximize the capability achieved from IM/IT investments.
Goal 5, “Efficiently and Effectively Use Spectrum Technology,” speaks to the DON’s reliance on the electromagnetic spectrum to conduct its mission around the globe and provides for maintaining global leadership in the spectrum arena. This global leadership was recently realized through our success at the World Radiocommunications Conference this past fall in Geneva, Switzerland. Working within the U.S. delegation, the DON team assured key agenda items were resolved to the department’s benefit and our equities in the spectrum arena were protected, thus directly enabling the warfighters to operate as required.
Under Goal 6, “Enable DON IM/IT Workforce Excellence,” one of the tactics that our work force team is working on is developing, validating and documenting the job roles, responsibilities, competencies and credentials required to support development of a fungible work force. We are recruiting the “net generation” to become the next young sailors, Marines, and civilian employees of the department.
Goal 7, “Improve Knowledge Management Capability,” is a call to build on earlier successes that have integrated knowledge management [KM] into the department. We will continue to provide direct assistance to commands implementing KM projects and programs, and develop follow-on strategies and guidance for DON KM.
Q: What are your chief initiatives in the area of balancing access and security?
A: Information access and knowledge sharing are key to DoD and DON operations; the Internet was made to be an open exchange and Web technology is ideal for collaborative work. However, security is paramount, and a major challenge for the DON is balancing this access to information with appropriate security. This challenge is not about the technology, but about the culture and getting people to understand it and change their behavior.
A great deal of the technology needed to create this balance is there; we have enhanced security through the use of public key-enabled Websites, role-based access and the Common Access Card with public key infrastructure certificates, to name but a few. Soon, multi-level security technologies will be deployable in numbers, allowing further control of information while ensuring access for authorized personnel. At my desktop, I log on to the network every day by putting in my CAC and typing in my PIN. This process, cryptographic logon, which also protects the content of e-mails, is far more secure than trying to remember passwords. It requires a few more steps than sending a basic e-mail, but from a security perspective it is worth it. In addition to cryptographic logon, the CAC enables access to secure Websites, the ability to securely arrange travel using the Defense Travel System, and digitally signed e-mails and forms. This solution affords access as well as security.
To provide this same level of security for our mobile users, we have begun to roll out a solution for Blackberries that also uses the CAC. It is a Bluetooth-enabled CAC reader that allows me to sign and encrypt e-mail from my Blackberry, which I couldn’t do before.
The Navy-Marine Corps Intranet [NMCI] network, which is the largest intranet in the world, has succeeded at providing access while greatly enhancing security. There are approximately 124 million browser transactions per day on NMCI, and more than 100 million e-mail messages sent per month. Since 2005, the security inherent in NMCI has stopped over 2 million unauthorized access attempts; trapped, quarantined and disinfected more than 3,000 new viruses; and stripped about 4,000 potentially hazardous e-mail attachments daily.
Lastly, an important initiative that has more to do with cultural change than technology is the protection of PII. While many members of the department require access to PII to conduct their jobs, we must improve our handling of this sensitive information so that we maintain the trust of our sailors, Marines and civilians. In the Department of the Navy, there are three main types of media that are vulnerable to loss: hardware, which usually translates to the loss or theft of laptops or thumb drives; paper, which is usually the loss of PII actually printed on paper; and electronic, which is the erroneous posting of PII on Websites and/or contained in e-mail.
It is our job to make sure our warfighters can focus on their mission without worrying about whether their PII has fallen into the wrong hands. I mentioned that this is an issue of cultural change. The breaches we’ve seen—hardware, paper and electronic related—have been primarily due to a lack of rigor in how we handle this information. So we need to be mindful of the fact that this information should be treated as seriously as we treat classified information. We have increased awareness through Navy messages on the importance of PII that are distributed to every command and to the fleet, articles in the Navy’s CHIPS Magazine, and a podcast that is available on our DON CIO Website. We have also instituted mandatory training and compliance spot checks, and we are going to begin holding senior leadership accountable for improper handling of PII. Finally, to further protect data on laptops and thumb drives, we are pursuing the deployment of a data-at-rest encryption software solution across the department using the blanket purchase agreements under the DoD Enterprise Software Initiative/SmartBUY program.
Q: What are some recent examples of the effective use of knowledge management by the Navy?
A: Knowledge management—that important intersection of people, technology and processes required to enable informed decision-making and accomplish our mission—is flourishing in the Navy and Marine Corps. A few examples illustrate this.
During the global war on terror, many Navy personnel are serving in unfamiliar combat operations ashore. To provide them with a continuous knowledge source pertinent to their situation, the Naval Personnel Development Center built the Individual Augmentee Community of Practice [CoP] and hosted it on Navy Knowledge Online. It provides pages for each country to which Navy personnel deploy, including key points of contact, maps and other important information. It includes a list of required Navy e-learning courses and a discussion forum to share unclassified information pertaining to daily deployed life. The CoP also has a page on cultural “do’s and don’ts,” validated by the KM teams at the Center for Naval Intelligence and Center for Information Dominance. In less than two years, the CoP has had more than 1.3 million visitors.
My office developed templates and guides to help commands use the KM processes—peer assists, action reviews and retrospects—that enable organizations to capture and transfer knowledge before, during and after an event or task. Naval construction forces utilized the KM retrospect process to capture knowledge and lessons learned by construction battalions while deployed to Iraq and Afghanistan. This knowledge will assist pre-deployment workup and deployment of future units. We also developed a two-day course that provides attendees with a fundamental knowledge of KM and the ability to implement KM processes at their commands. In three years, 327 students from more than 60 commands have attended the course.
For several years now, carrier strike group staffs have included a knowledge officer, charged with the vital task of efficiently managing the flow and sharing of strike group knowledge and information. These few examples illustrate the fact that KM has been integrated into the way we do business in the DON.
Q: What do you envision for the NGEN project, and what are you doing to prepare for the transition from NMCI? What lessons has the Navy learned from NMCI?
A: As I mentioned, NMCI is the largest intranet in the world. It has been successfully rolled out to 97 percent of the planned shore-based users in the continental United States. We are more than seven years into the contract, and it has proven to be a reliable, mature network supporting our mission needs.
NGEN will be the future DON network environment, replacing the NMCI contract, which expires in October 2010. NGEN has to be operational and running smoothly by then, because so much of the department’s mission is fully embedded with IT-based processes and networks. With its focus on reliability, adaptability and security, NGEN will ultimately ensure that its users have timely access to the information and services necessary for them to accomplish their missions and functions. We plan to incorporate additional capabilities beyond that which the current networks possess during the transformation of the NGEN environment to the Naval Networking Environment 2016. Our goal will be to close the gap between the access afforded in CONUS and the access required while deployed and enable more rapid decision making with greater clarity of information.
The DON is currently defining NGEN requirements, strategy and a concept of operations. We are moving forward with the leadership team to get aligned and decide exactly what we’re going to do and when. It is important to note the personal involvement of the secretary of the Navy, the chief of naval operations and the commandant of the Marine Corps in this decision-making process. This is a testament to the recognition of how important naval networks are to the mission of the Navy-Marine Corps team. It is our vision that we can interconnect our network environment, use it around the globe, and make it fungible and agile to allow us to better support the warfighting mission. Information is at the heart of every warfighting mission, so our goal is to ensure that getting information to warfighters from wherever it exists is realized as we march toward the Naval Networking Environment 2016.
Rather than the lessons learned from NMCI, I think the more important focus is how NMCI has been a forcing function within the DON to attend to our legacy infrastructure of applications, servers and networks. Our functional area manager [FAM] process grew out of NMCI, whereby FAMs are responsible for approving or disapproving applications necessary to conduct missions that will ride on our networks. Through this process, we have greatly reduced the number of networks and applications in use, eliminating redundancy and moving to a more standard suite of applications. The NGEN effort will again become that forcing function to align our resources and continue the infrastructure rationalization so that the department has what it needs to execute its mission most efficiently and effectively.
Looking back at NMCI, it took the aligned efforts of the department IT leadership to bring it to fruition. We will be working diligently to make sure we provide the resources to deliver this next set of capabilities for the NGEN. This will be potentially the biggest network effort in the world, because in the end state it may far exceed that of the NMCI.
Q: You have suggested revisiting the idea of “skunk works” for rapid technology development. Looking at your current challenges, what types of technologies would you like addressed in that environment?
A: “Skunk works” is a term coined in 1943 for the name of a division within Lockheed Martin when they were given the go-ahead to start development of a jetfighter before the formal contract arrived. They built it in less time than normal, and this became a common practice. Many times a customer would come to the skunk works with a request, and on a handshake the project would begin, with no contracts in place and no official submittal process. What allowed them to operate the skunk works so effectively and efficiently was the unconventional organizational approach. They broke the rules, challenging the bureaucratic system that stifled innovation and hindered progress.
The Federal Acquisition Regulations currently allow developments to move very quickly, but the process and the complexity of the end item sometimes require longer developmental cycle times than desired. We need to have the ability to alter this process in developing and fielding new capabilities. We need a concept of how to build solutions to rapidly provide capabilities to the Navy-Marine Corps team, and we are defining how we can do just that.
We’ve talked to the Space and Naval Warfare Systems Command and the Office of Naval Research, and they are excited about dramatically reducing cycle time of developing and fielding IT solutions. Perhaps you cannot build a new torpedo, ship or plane in much shorter amounts of time, but IT solutions can be developed more rapidly and their capabilities given to warfighters when needed.
We also have to balance speed to capability to make sure it is done within acquisition regulations. We can use other transaction authority [OTA] to facilitate development and acquisition of IT systems. OTA provides tremendous flexibility because the prototype projects, awarded pursuant to this authority, generally are not subject to federal procurement laws and regulations. OTA improves, streamlines and strengthens technology access and development programs by encouraging open-market competition, technology-driven prototype efforts that offer increased military capabilities at lower total ownership costs and faster fielding times, and exploit the cost-reduction potential of accessing innovative or commercially developed technologies. OTA is a vital tool for prototype projects that will help the department achieve these objectives that should be used wisely, when it is appropriate.
There is a lot of good technology insertion that can happen rapidly, but we must test the technology before it gets into theater as well as ensure that it is supportable.
Q: In today’s military there’s obviously more emphasis on technology than in the past. What are you doing to attract, retain and develop the DON IT work force?
A: Our work force is diverse—50 percent are civilians, 48 percent are military enlisted and 2 percent are military officers—so we don’t have a “one size fits all” approach. On the military side, we screen for aptitude. The qualification scores of our enlisted IT sailors are equal to the scores required to enter the nuclear propulsion field. We educate and train our sailors throughout their career to ensure that they stay current with rapidly evolving technologies. Much of their training is specifically related to the systems and applications they operate and maintain, but they also have the opportunity to train in areas that will allow them to grow into different areas. Network operations and maintenance are critical to the DON—afloat, ashore, in garrison and deployed. Some of our sailors are detailed to the network operating centers, working side-by-side with industry, learning and receiving training and commercial certifications.
Some of our sailors are also eligible for enlisted-to-officer transition programs, and training is provided to support this transition. We provide our officers continuous learning opportunities through Web-enabled computer-based training courses, distance learning and industry certifications. Additionally, there is a wealth of classes available to them at the National Defense University. They are also encouraged to participate in professional organizations.
Our civilians are hired with the skills needed for the positions they will fill, but we do offer educational opportunities to meet emerging and career growth needs. Information assurance [IA] is one area that has moved to the forefront in our IT environment. IA skills are critical to our mission of defending our cyberspace ensuring reliable, available and secure systems to warfighter and warfighter support personnel and missions. All DoD IA/computer network defense [CND] personnel with privileged access, or who perform IA management tasks, are required to obtain one of several approved commercial certifications depending on the tasks they perform.
IA/CND personnel with privileged access must also take the appropriate operating system commercial certification. New processes and procedures are being developed to support this mandated commercial credentialing, including a process to buy commercial certification test vouchers at the enterprise level, an electronic paperless test voucher system, and the Navy Credentialing Opportunities On-Line Web tool, whereby sailors can learn about resources available to help them gain civilian job credentials. As DON IA professionals become credentialed, they will be highly desirable to joint operational leaders because they will be interchangeable in performing the IA warfighting mission.
Retaining our IT work force depends on providing opportunities for learning and advancement. Another program that provides such opportunities is the Information Technology Exchange Program [ITEP]. In this program, exceptional federal and private-sector IT work force members can participate in an exchange program that enables both sides to share critical IT expertise. For DON organizations, the exchange program provides an opportunity to learn private industry’s best practices and management concepts, infuse organizations with fresh ideas, improve personal and organizational capabilities, and close skills gaps within organizations.
Lastly, we fully support and participate in the DoD IA scholarship program, which helps equip the DON with highly trained IA personnel through full scholarships for eligible civilian and military personnel.
Q: What about the “millennial generation,” now being called the “NET generation” in many circles and DoD? How are their capabilities and expectations affecting the DON?
A: In talking about the millennial generation, I like to explain the challenge using the terms “digital immigrants” and “digital natives,” which I borrowed from Brigadier General George Allen, the DON deputy CIO [Marine Corps]. The digital native grew up using PCs, the Internet, chat, e-mail and cell phones. This is the millennial generation—the generation of sailors, Marines and civilians entering our forces today. Born between the mid-70s and early 90s, they are today’s fastest growing work force population. These young people joining the Navy and Marine Corps are totally wired, totally digital, totally mobile and able to multi-task, and they use collaboration as a means to deliver results. They expect to use familiar tools, like those of Web 2.0, to get their work done. In looking at how to reach this generation, as well as the remainder of our work force, the department must explore all options, be open to innovation, and create an environment for them to excel. The older, more senior DON personnel are digital immigrants and did not grow up with IT, but had to become acclimated to the use of IT to do their jobs. Interestingly, these are our senior leaders, the decision makers, and educating them on what the younger folks already know is paramount.
The entire department must take advantage of the NetGen’s skill sets and embrace the tools/applications they use—the Web 2.0 applications that facilitate sharing and collaboration using the current Internet that they’ve grown up with. The DON is taking advantage of some of these Web 2.0 applications. Blogs are not sanctioned in theater due to operational security concerns and bandwidth constraints, but personal blogs proliferate and enhance the real-time dissemination of crucial and time critical information. The Marine Corps Center for Lessons Learned uses a lesson management system, a content-controlled blog that reports findings, trends and issues. Wikis are being investigated by several Navy commands, and my office just established a working group to explore the use of wikis within the department. Real Simple Syndication [RSS] is being developed into the redesign of the DON CIO Website and should be available later this year.
Our challenge is harnessing the raw talent of the NetGen and making it a central part of the work force. We are investigating the creation of an IT intern program as a means to recruit NetGen civilians.
Q: You’ve mentioned in different speaking engagements the importance of “acting like an enterprise.” What are the major initiatives in trying to shape the DON in acting like an enterprise?
A: Acting like an enterprise means that we better align our activities in the IM/IT arena to ensure that a consistent best value is achieved for the sailors, Marines and civilians that support them. One step toward acting like an enterprise is our use of the DON Information Executive Committee [IEC], which I chair (comprising the senior IT leadership within the DON, such as the deputy CIO [Navy], deputy CIO [Marine Corps], assistant secretary of the Navy [research, development and acquisition] and assistant secretary of the Navy [financial management]. The DON IEC represents the IM/IT leadership of the DON and is empowered to make collaborative decisions in support of our mission.
Acting like an enterprise requires enterprise solution strategies for funding and procurement as well as better aligned IM/IT governance across the department. While DoD is also moving in this general direction, the office of the DON CIO is working on strategies to deliver more value from enterprise IT investments.
We have worked very hard with the Navy and Marine Corps to develop a portfolio management process to align investments better to department priorities while ensuring accountability at all levels. Taking advantage of enterprise opportunities allows us to maximize the value received for the resources spent, while freeing up other resources for higher priority items. For example, our enterprise approach led to the establishment several years ago of functional area managers, who are fully engaged in reducing the legacy infrastructure significantly before the arrival of the NGEN. Taking an enterprise approach to DON IM/IT also led to our telecommunications recovery audit pilot, which demonstrated an opportunity to recover nearly 20 percent of the spend. Efforts such as these enable us to use money saved to better support the warfighter.
There is a lot going on within the DON’s IM/IT arena and it is an exciting time to be part of it. IM/IT is at the heart of every warfighting and business decision we make, and we are working hard to ensure that information is available to the right person at the right time to enable agile and informed decisions. ♦
