Interview with Lt. Gen. Michael Peterson
Lt. Gen. Michael Peterson has served as the Air Force’s chief information officer and chief of warfighting integration since late 2005. In that capacity, he leads four directorates and four field agencies that have about 1,600 personnel. Peterson manages a command, control, communications, computer, intelligence, surveillance and reconnaissance (C4ISR) portfolio valued at $17 billion.
Peterson spoke with Defense Systems contributing editor Barry Rosenberg about some of the challenges he has faced in his three years as Air Force CIO.
DS: During your tenure, you’ve overseen a huge shift in the information technology manpower at the Air Force. How would you rate how well you’ve managed to balance the reduction in manpower with the increased role of IT in warfighting?
Peterson: When I came into this job, I recognized that we had not leveraged best business practices. We hadn’t leveraged emerging technology. We just hadn’t done the same thing that industry had done when it came to network services delivery.
We also had about 5,000 too many people in the workforce. What we were doing was following our model from the 1980s, where our networks were built one building at a time, one face at a time, one major command at a time.
We had not gone back like any modern company has done and asked: “What are the tools out there? What are the practices out there? Where can we take people out of the workforce and replace that with the standard practices, standard software loads and tools that are so common in industry today?”
Now, how are we doing? I’m thinking that I get a “C” in this area. We made the reductions, and we put many of the standard techniques, tactics and procedures in place. But not all the tools are out there so that we get out of the touch-labor realm across the board.
DS: By touch labor, do you mean having to reconfigure every system every time?
Peterson: When it’s time to patch or put new software on a PC or server somewhere in your enterprise, you don’t have to send a technician out if you can do it remotely. Our configuration is such that you can’t do it remotely. You must do it with local systems administrative privileges, and then you have to send a technician out for touch maintenance. That’s what eats up a lot of our systems administrators’ time.
For much of the network, we have those tools. The problem is that we can’t operate some of the applications in that mode. For example, our medical community has to rely on the American Red Cross Blood Bank software so that they can interoperate with blood banks. That particular application can’t reside on our standard desktop or server. It requires local touch maintenance. There are literally hundreds of similar examples where we are either using software that we don’t own or control where we aren’t able to migrate to the standard configurations.
The effort is continuous. I get a monthly metrics review about how many of these we have left. We think it will be down to a handful by the end of 2009.
DS: How do you view cyber warfare as part of the Air Force’s overall mission, and what changes do you think still need to be made in the Air Force’s structure to meet that mission?
Peterson: If you asked anyone in the Air Force today how important the cyberspace domain or IT is in terms of fighting a war, there is no one who wouldn’t say it’s very, very important. And it’s not only command and control and not only the weapons systems but all the logistics systems that allow us to get parts, fix items, and transport parts and personnel. The list seems to be endless in terms of our reliance on that domain.
Once you have that discussion, then it is easy to understand that this becomes an asymmetric advantage for the Air Force. Because you have a seamless information flow and real data that you can trust to make decisions, the advantage is huge regardless of who you compare yourself to. So how do you protect that asymmetric advantage? If you read the press, then you know that that domain is not secured sufficiently. We need to put more focus there.
DS: Why are they not secured sufficiently?
Peterson: Because of the attacks and the actual information that is exfiltrated from that network. Occasionally, we see a successful attack ... whether it’s stealing the information, denying the flow of information or corrupting that data, those are the pieces we have to address. We haven’t seen any successful attacks in the secure domains, our Secret IP Router Network or our topsecret networks, but there is still critical information that is unclassified that we still have to protect.
DS: What programs within the Defense Department are critical to giving the Air Force the tools needed to operate in the cyber warfare domain?
Peterson: I’ve never seen better cooperation among the services; the Office of the Secretary of Defense staff and Defense Information Systems Agency; as well as the combatant commander staffs. Our networks, surprisingly, are not joint. You can always trade e-mails, send files, but for me, to find someone’s e-mail address in the Army, it’s not that easy. It’s not easy because we haven’t shared global address lists. The reason we haven’t is that there are lots of fundamental technical problems that have to be worked out first. Certainly, you can set the policy that we will be joint, we will share, but it’s not about flicking a switch.
We’re moving down a path of creating joint bases in which the Army or the Air Force or the Navy or even the Marine Corps would serve as the host for two or more bases. They would provide all of the core services for those installations.
One of the sticking points has been the networks. An application that was designed to run on the Air Force standard framework and the settings that were required were different from what the Army or the Navy ran their applications on and would have required more of that touch labor I spoke about earlier to put them there. And because we didn’t share that global address listing, it would be difficult for someone in the Navy to do business on an Air Force base.
For the past year, I’ve seen enormous progress on security framework, on the different services leading things such as the working groups that resolve the naming convention, working groups that resolve the information assurance architecture and working groups that resolve the question of what should our enterprise e-mail solution be so that we can all share a single e-mail solution.
DISA led the information assurance architecture group. The Air Force led the naming convention work. The Army is leading the standard e-mail solution. Everyone is leading multiple working groups. Before we started we all agreed that whatever the working group solution was, that’s what the solution for the enterprise would be. So it’s been a very open and active dialog.
DS: You’re scheduled for retirement in February. What would you consider your most important accomplishments? The next CIO will set his own priorities, but what do you think will be at the top of his list?
Peterson: The first thing that comes to mind is, where did 35 years go? But over the last three years here, I am personally very pleased at where the Air Force has taken us. When we went to Air Force Secretary Michael Wynne and Chief of Staff Michael Moseley on the first of November 2005 and told them we had to retool the network services delivery across the Air Force, both of them told us to press ahead. We started with best business practice standardization and also started to create the manpower pool that we needed to do other work.
In the midst of that, there was an opportunity to help the Air Force understand how much more capability we could create in terms of information flow to support mission areas.
Wynne dubbed that effort “transparency” because we were exposing data and exposing information and making it all available. The way we do that is not by giving speeches but by working closely with our acquisition teams on how they buy products and how our enterprise architecture works.
We started down that path for new systems. At the same time, legacy applications can benefit from this because exposing information through a standard server drives down the cost of annual sustainment dramatically. That transparency can work in terms of new capability by allowing real collaboration to occur between a fighter squadron at Base X and an air operations center that’s doing the planning.
They can collaborate in real time without having to rely on a client/server environment. That’s one of those things that you’ll see us roll out here in the near term.
So the Air Mobility Command and the air control center at Scott Air Force Base can be a virtual real-time partner with the coalition air operations center at Al Udeid, [an air base in Qatar,] so that the work for air mobility doesn’t have to be redone at Al Udeid. You can leverage each other’s capabilities. That gets into the technology pieces.
The other things that I was really pleased with was our ability to engage with allies and engage with sister services. It has been a lot of fun and a personal satisfaction to work with many of our key allies. It spans the Pacific Rim, much of Europe, certainly all of North and South America, where we’ve gone out and had face-to-face talks with men and women from those air forces so we can learn and share with them.
DS: Do you feel those links between those partner nations and armed forces have been improved in the past few years because of the use of IT?
Peterson: I know they have. It is so easy to trade information today. With a touch of the button I can share a paper, a briefing, a set of standards with our allies in Europe or elsewhere. We do that routinely or point them to a technology by sending them a link on the Web. They’re happy to let us know what industries in their part of the world are doing that we may have overlooked. It’s a two-way street.
DS: What will be left on the plate when you leave, and what do you think will be the challenges facing Shelton, who will be replacing you as Air Force CIO?
Peterson: In 2001, we installed a storage-area network capability at Langley Air Force Base, Va. I thought to myself, “Great, my work in data storage is done.” That was another one of my major mistakes in my career.
Work in this area is never done. We keep track of the time it takes to respond to a time-sensitive target in Iraq. In other words, if there’s a call for air support, how long does it takes us to deliver weapons as requested?
And that’s worked its way down to a very few minutes. So you think your work’s done — except for the fact that two-thirds of the time it takes to respond remains manual communications, making voice calls, pumping data back into a computer system or updating a weapons systems. So Lt. Gen. Shelton will have plenty of work left to do, plenty of opportunity to educate the Air Force and lead the Air Force. One of the big things on his plate will be to create a seamless global command-and-control capability for air space and cyberspace power. It is linked today. It is not seamless, it is not complete. And we very much hope that that work is useful in the joint environment where we can create for the combatant commanders a seamless, global command and control capability that’s easy to use and meets their needs.