Interview: Robert Carey
Navy CIO charts course for NGEN, CANES
Robert Carey was appointed to be the Navy’s chief information officer while serving as a naval reservist in Iraq, taking up his CIO duties in March 2007. He began his career in the Navy in 1985 and first joined the Navy Department CIO’s staff early in 2000.
As CIO, Carey is overseeing an active period in Navy information technology development, with the expected switch from the Navy Marine Corps Intranet contract in 2010 to the Next- Generation Enterprise Network (NGEN). At the same time, the service is consolidating its shipboard networks into a single network under the Consolidated Afloat Networks and Enterprises Services (CANES).
Carey spoke recently with Defense Systems contributing editor Brian Robinson about the issues involved in this transformation.
DS: What are some of the major lessons learned from NMCI, and how will you apply those to NGEN?
Carey: The biggest lesson learned is that just having this network has proven to be a very good thing from a command-and-control perspective. By that, I mean the ability to do things consistently across that network domain, while in the past, we would have to struggle with multiple domains. This has been a good thing from a security perspective, from how services get out to people in the fleet as well as here inside the Pentagon.
The downside has been that, though we intended it to be an agile decision-making process about how we would make changes and deploy things, it did not turn out that way.
When we wanted to make a change, it became a subject of a contract negotiation, and when EDS was not amenable for whatever reason, we would bog down on something we thought was really important to go and do.
DS: Given the experience that you’ve had with NMCI, how did you decide which functions to keep in-house and which ones to outsource?
Carey: The overall control of the network is going to be the Navy’s and the Marine Corps’ and the government’s because we’ve recognized how important command and control and this network is to our very existence.
We are still deciding how much contractor support is required to do certain things, based on where our skill set is and where our manpower loading is.
DS: Is it going to be easy or difficult to extend NGEN to warships at sea?
Carey: What we want is a consistent architecture, and NGEN will not extend afloat just yet. We have the Information Technology for the 21st Century (IT-21) initiative and other networks afloat … and we’re moving all of that towards CANES.
What we want to make sure is that the CANES architecture and the NGEN architecture are interoperable. We’ve got to be mindful of putting everything under a single, solitary cloud all at once, because then our complexity level goes up very high.
DS: What’s the timeframe? Does CANES come first and then NGEN?
Carey: CANES has done a fair amount of the engineering associated with service-oriented architecture (SOA), ahead of that which has been accomplished by the NGEN team. So will we take the work that has already been done on CANES and embed it into the NGEN architecture where we can? The answer is yes.
DS: What is the overall timeline for NGEN?
Carey: Broadly, we are now working on an analysis of alternatives (AOA), which is [an element that will] drive the acquisition and contracting strategies. So the AOA is being worked now, which we’ll complete in early 2009. In parallel, we’re working on the acquisition strategy and the contracting strategy. Those two can’t complete until the decisions on the AOA are finalized, and then we’ll push into the next stage of contracting activities.
And we all know when the current contract ends: on Sept. 30, 2010.
DS: How does cybersecurity play into what you will be doing with NGEN?
Carey: Security has our undivided attention as far being able to defend and protect our information. We do have a fair amount of influence and control over that, as the EDS team works very well with the Navy Network Warfare Command team and the Marine Corps Security and Operations Center team down at Marine Corps Base Quantico.
But one of the reasons we want to make sure we can control outcomes is when Strategic Command through [the Joint Task Force-Global Network Operations] issues a standing order, we want to make sure that it is carried out immediately and that there isn’t a contract vehicle that has to be negotiated in the middle.
Thus, the drive to us is making decisions.
Will contractors still be in the middle of the security enclave? Yes, but we will be fielding directions from above, and we believe we will be able to execute them faster and more efficiently than we are doing today.
DS: What are some of the plans you have in place to deliver greater bandwidth, both onshore and to the fleet?
Carey: Bandwidth is a limited resource, so one of the things we want to do is partner with the Defense Information Systems Agency and the [Global Information Grid] bandwidth expansion program to align where we will have data centers to where those big pipes are.
But we don’t have an infinite budget, so there are opportunities to embrace some of the technologies that reduce bandwidth and other innovative things.
For example, if you imagine we had greater use of video teleconferencing (VTC)…could we reduce the travel budget and move pots of money not associated with IT as a form of macro offset? So IT is demonstrating an ability to achieve savings writ large compared to what we are doing today. We do a lot of VTCs now, but we have to examine some of the high-definition VTCs that some companies produce that make the VTC experience a whole lot more like being there. Having people work from home in a more robust manner than they do today, we could make savings in ways that we hadn’t previously thought of.
Is that a take on bandwidth or a put on bandwidth? We’ve got to come through on those decisions, but we know ultimately that we are going to need more bandwidth.
DS: But isn’t it true that with SOA, you can’t predict the capacities needed as precisely as you can with other architectures?
Carey: I predict that the move to SOA will be a very deliberate migration because the applications will change, and therefore you have to have your authoritative databases lined up. And you also need your services as the third component.
Now the effect on bandwidth is that we should be able to reduce it a little bit, but my sense is that we will be establishing a lot of services across DOD.
As we move into the future where people are demanding more real-time information from Web-based access, then the expectation of connectivity — bandwidth — goes up. And we know that the connectivity from afloat to ashore is governed by radios and satellites, and that’s different than having fiber running across the continental United States or Europe.
Our ability to drive our business processes to be more efficient and effective and make better use of the bandwidth we have is the task that my office has.
DS: What do you need to put in place to guarantee security in a network- centric environment?
Carey: When you go netcentric, it requires you to have defense in depth and breadth of the information across many layers, such as having a demilitarized zone, such as having identity management and authorization to get to certain things. [You need to] have attribute-based access control in place and have data-at-rest and data-intransit encryption methodology in place.
So the Navy is going to be at risk until we completely secure all aspects of the enterprise.
Our enterprise is large, and the money that we have is never going to be sufficient to do it in a big-bang approach. As the threat evolves, we will continue to work different approaches to net-centric security.
DS: You’ve been a proponent of the use of Web 2.0 tools in the Navy to increase collaboration, but how do you marry the need of increased security with the inherent openness of these tools?
Carey: That’s exactly the question people asked when I put out the memo a few weeks ago, and I said that if you get anything out of the memo, it’s embrace 2.0 but be mindful of security — period.
I actually put the memo out there as an encouragement for people to explore possible answers to mission- based problems they may have.
Don’t be bashful if this helps you solve a problem, go do it. But also be mindful that you can’t break a security paradigm with these technologies.
But they are not an end-all be-all.
Web 2.0 is an innovative means to a collaborative end that is a mission result that someone is trying to accomplish.
But they are tools. We are not doing Web 2.0 to do Web 2.0. We are doing Web 2.0 to advance and solve a problem that we have.
DS: Is there an inherent demand for Web 2.0 functionality, or is it something you will need to inculcate into the Navy mind-set and culture?
Carey: Like the open-source memo that I wrote in 2007, its purpose was basically to say that open-source software is acceptable to use, should it fit your needs and is consistent.
Treat it like commercial [software]. That’s what the community was silently crying out for. Give me some top cover so that my boss, who doesn’t understand what I do, does understand that I can go out and buy this tool.
In the Web 2.0 world, I’m really trying to encourage people to innovate, to collaborate, but again, to do so within the security and privacy policies that exist out there.
DS: You have said in the past that IT had a big impact on you. How has your approach to IT been colored by your time in theater?
Carey: It did, and I will tell you that when you get to look over the shoulder of these young marines and sailors using IT to conduct warfare and to present information to decision-makers, it basically brought home the point that the war and decision-making processes run on IT.
I guess if I hadn’t experienced it, I wouldn’t have seen the real impact that IT was having. Similarly, I did walk away with the sense of urgency that, at the highest levels of the Navy and Defense departments and the IT space, we are not really connected to the understanding of what IT is really doing at the business end of what we do in conducting warfare and in our national security objectives.
Generals and admirals in theater, like it or not, they weren’t born with this stuff. Young kids, they are all over it. They expect to collaborate, to have instant messaging, to be able to chat, and to have Web-based things. They don’t need training on a lot of things, they can just run with it.
DS: But have you been able to convince your bosses about all of this?
Carey: They get it now. I think the bosses recognize the power of the Millennial Generation, I believe they recognize the power of IT.
That’s why you see NGEN wanting to be owned and controlled and that we have more of a decision-making role in IT on the government side because they see a need, they have a sense of urgency, and they see that we have to have the abilities that we don’t have today.
DS: Given the new administration, somewhat new Congress and the pressures of the overall economic situation, what are going to be your priorities?
Carey: For the next 500 days after January, I’m going to go with a new campaign plan, I am going to get my new boss’ fingerprints all over it so he understands and has a chance to shape what we are working on. But finalizing NGEN and the way ahead, developing a security [concept of operations], and a path to a measured, metric-based security paradigm for the department with our DOD brethren — security links across the DOD, so there’s no way that any particular military service can get out in front of anyone else — we are going to push on those things.
We are also going to push on IT governance because we need to have a consistent decision-making methodology from the Navy secretary on down to the deck plate. We have a good one today but we need to improve it, so there’s consistency and agility across the department.
And we are going to work hard on enterprise architectures. We have enterprise architecture, we want to put some emphasis behind it so we can get it to be something that non-IT guys understand, as an enabler and mapping of business processes, technology and people and how we deliver our results.