Q&A: Robert J. Carey

Written by Harrison Donnelly

MIT 2010 Volume: 14 Issue: 1 (February)

Carey develops strategies, policies, plans, architectures, standards and guidance, and provides process transformation support for the entire DoN. Additionally, he ensures that the development and acquisition of IT systems are interoperable and consistent with the department’s objectives and vision. Carey is the department’s cyber/IT workforce community leader and also serves as the critical infrastructure assurance officer and the senior military component official for privacy.

Carey entered the Senior Executive Service in June 2003 as the DoN deputy CIO (policy and integration) and was responsible for leading the DoN CIO staff in developing strategies for achieving IM/IT enterprise integration across the department.

Carey’s federal service began with the Army at Aberdeen Proving Ground in 1982, after which he went to Naval Sea Systems Command in 1985. He joined the staff of the DoN CIO in February 2000, serving as the DoN CIO eBusiness team leader through June 2003. He also served as the director of the DoN Smart Card Office from February through September 2001.

Carey has a bachelor of science degree in engineering from the University of South Carolina, and master’s of engineering management from George Washington University. He is an active member of the Navy Reserve and currently holds the rank of commander in the Civil Engineer Corps and has been selected as captain. He was recalled to active duty for Operation Desert Shield/Storm and most recently Operation Iraqi Freedom, where he served in the Al Anbar province with I Marine Expeditionary Force.

Carey was interviewed by MIT Editor Harrison Donnelly.

Q: In your own blog and elsewhere, you have frequently spoken about the importance of Web 2.0 and social networking technology. What is your vision for how the Department of the Navy and DoD can take advantage of these new forms of communication?

A: Web 2.0 technologies and associated collaborative media are changing the way we in DoN interact/communicate with each other and the warfighters we support. These technologies enable open collaboration and sharing, all with minimal resource investment because they use tools already in place. I think that’s the beauty of Web 2.0; it’s not really a new technology, but just a new application of the tools we already have. These tools allow us to revolutionize how we solve problems and communicate. They provide a way to harness the intellectual capacity of the more than 850,000 Navy, Marine, civilian and contractor personnel. Problems can be posted and answers can come from those who believe they know the answer—not just those who are assigned to solve the problem. Leaders don’t care where the answers to challenges come from, just that they come as fast as possible. Web 2.0 and social networking tools flatten organizational hierarchies and allow for accelerated decision making.

Many of the warfighters we support are part of the Net Generation. These are the young people born in the 1980s and early 1990s who serve in the armed forces. In addition to being raised on computers, this generation thinks differently from the generations that have preceded it. We are in an age of mass collaboration, which requires parallel rather than linear thinking, and the Net Gen has certainly mastered that with their seemingly innate knack for multitasking. We Baby Boomers wonder how our kids can concentrate on homework while watching television, instant messaging their friends and surfing the net, but it is second nature to them. As a result of the way they grew up and the technologies that have always been available to them, they are visually oriented, expect variety and thrive on collaboration. With the Net Gen in mind, and considering the benefits that we of the older generations are realizing through the use of Web 2.0, I believe that these tools are here to stay and will be used in myriad ways across the Services.

In the DoN CIO, we started using these tools about two years ago. As you mentioned, I have a blog. It encourages open exchange and sharing of ideas and opinions. My intention with the blog was to open up a straightforward dialogue with DoN personnel, and specifically the brave Sailors and Marines who are out on the front lines protecting this country, so I can fully understand what their IT needs are. It is essential that they have what they need to do their jobs to the best of their abilities. Another Web 2.0 application we use is Real Simple Syndication [RSS], which enhances information sharing. DoN personnel may subscribe to a customizable RSS feed via the DoN CIO Website to stay informed of new policy and guidance in their areas of interest. We are collaborating on policy development using wikis; we’ve found that it shortens the time required to develop policy and streamlines the adjudication of comments.

Q: What DoN commands are using Web 2.0 tools?

A: Many commands across the DoN are using Web 2.0 tools. The Space and Naval Warfare Command developed an internal social networking application and a network of blogs they call “Blog Planet.” The Office of General Counsel developed “OGC Online,” which provides a collaborative forum for the legal community to share information and network. Commanders at sea are also using Web 2.0 tools to share information with the fleet and the rest of the DoN community. U.S. Pacific Command has a Facebook page, a blog and a podcast; Admiral James Stavridis, commander, U.S. Southern Command, also has a Facebook page. In addition, visitors to the navy.mil Website will notice icons for Twitter, Flikr, RSS and YouTube, as well as a link to a Navy social media directory. Visitors to the DoD Web site, defense.gov, will see icons for all of the above plus Facebook, a podcast and a DoD live blog. When I visited the site today, there was a survey question on the home page: “What social media site do you use most frequently?”

So, as you can see, DoD has started taking advantage of Web 2.0 tools, and I’m sure this use will continue. I signed out a memo to DoN more than a year ago to provide initial guidance for the use of emerging web tools to facilitate collaboration and information sharing. Since then, the Federal CIO Council released guidance for federal agencies that use social media to collaborate and communicate among employees, partners, other federal agencies, and the public. The guide recognizes that there are security implications that come with these new technologies, and as with anything else, there is a need to balance access to information with appropriate security. The guide speaks to these risks and how to mitigate them. DoD is also working on guidance regarding the use of Web 2.0 and collaborative media, and this policy should be available in the coming weeks.

My vision for Web 2.0 is to modernize our business processes around these collaboration tools where it makes sense, and connect the department using these tools to search for information (via a portal), communicate and collaborate inside the .mil domain, as this allows positive control of who accesses the sites. DoN personnel should use the Web 2.0 tools that make the best sense for what they are trying to achieve. In addition to enabling better communication and collaboration, these tools can help the department realize efficiencies and become more effective in achieving its mission.

Q: Your office is about to launch a secure extension of the DoN CIO Website for internal collaboration on IT initiatives. What are your goals for this project, and do you see it as a model for collaborative efforts elsewhere in DoD?

A: I’ve been blogging for two years now on the DoN CIO’s public Website, and I thought we needed to take the dialogue a step further. That’s why I asked my team to create a secure (Common Access Card enabled) site that will provide the opportunity to engage the DoN CIO team and the entire department more directly and candidly than possible on a public Website. Personnel from any DoN organization will have the opportunity to become involved and provide their input to ongoing discussions on this site.

So, with the goal of better and more candid collaboration in mind, we created a secure extension of the DoN CIO Website called “The Pulse.” It provides a forum for DoN personnel to discuss and collaborate on key information management/ information technology and cyberspace initiatives. Users will be able to post ideas in the form of a blog (initially) and participate in discussions regardless of their position within the organization. My hope is that this candid exchange will enable the subject matter experts here in the DoN CIO to gather ideas and feedback to support the development of strategy and policy. This forum will also provide insight into the concerns and challenges being felt across the department. It should identify any gaps we may have in policy and highlight those initiatives that are on the right track and viewed as valuable to the IM/IT community.

Regarding whether I see it as a model for collaborative efforts elsewhere in the DoD, I believe in information sharing, so if others see it as a model, they are welcome to follow suit. A year ago, I was said to be the first federal CIO with a blog. Since then, other federal CIOs have started their own blogs. I must say that the idea for a collaborative site jelled in my mind when I saw the one done by the Space and Naval Warfare Command. They came and did a presentation about their site for my staff, and we all saw the value. So for me, the initial model was SPAWAR’s site. But since the DoN CIO has a broader base of visitors and will be open to all DoD Class 3 digital certificate holders, I’m sure others in DoD may see it and use it as a model.

Q: You referred recently to information security as “the challenge of the 21st century.” How would you describe the security challenge facing DoD, and in what way is it similar or different from security issues in the private sector?

A: Information drives the Navy/Marine Corps team as it does industry in the private sector. DoD operates in a net-centric environment and shares information globally. Our challenge is to make sure the information we share is accurate, timely, reliable, authoritative and available when and where needed. In today’s net-centric environment, our security challenge is now compounded in that we rely upon digital information to support most decisions. DoD and DoN recognize that the threat we face in cyberspace is advanced, persistent, constantly changing and very aware of our reliance on technology. Therefore, we must ensure we maintain and defend a secure and interoperable network infrastructure.

The security challenges within DoD are much the same as those facing the private sector. They range from teen hackers to organized crime to nation-state threats. The main differences are that DoD is a larger target and the stakes (national security) are much higher. Therefore, DoD has to move to a “new normal,” and that means leaders have to understand the threat and get behind what’s required to address it. We must be more vigilant about securing the networks that carry our data. In addition to employing the layered approaches of defense-in-depth and defense-in-breadth, the new norm must include continual inspections of network traffic, an enterprise command and control posture toward IT security, standardized reporting, and the ability to support proactive and automated responses to threats.

My office has developed a Computer Network Defense [CND] Roadmap that spells out the efforts underway within DoN to evolve and continually improve our CND posture and capabilities. The cybersecurity threats are constantly changing, but the newer threats tend to be more clever ways of doing the same old things—stealing data, corrupting data or disrupting operations.

A new set of challenges to cybersecurity is the increasing popularity of collaborative Web 2.0 applications we just discussed. With Web 2.0, data is more accessible, but also more susceptible to confidentiality and integrity breaches. Users of social networking sites need to remain “net savvy” and not become victim to phishing attacks and other threats. Internet use continues to accelerate across the globe, and we must take the appropriate steps to ensure the integrity and security of our information.

Q: In that regard, what do you see as the future of flash drives and other portable information storage in the military?

A: The use of USB flash media and removable storage devices was suspended on all DoD networks in November 2008. Unfortunately, it was a combination of many factors, including our bad “IT hygiene,” that resulted in the decision to ban the use of this type of storage media. Policies and processes were in place to facilitate the safe use of USB flash media, but they were not being followed. We must keep in mind that security and convenience don’t always follow the same path.

We recognize the utility of portable storage media: They provide a simple, inexpensive and reusable means for transferring information. USB flash media are often used for deploying operating system patches, anti-virus updates, and other large data transfers in bandwidth constrained environments, such as shipboard or tactically deployed. However, introducing any device to the network without properly scanning it and declaring it safe to connect may expose our networks to increased risk of contamination by viruses, worms, and other forms of malware.

In the future, we can expect tighter processes and controls for use of portable storage media on DoD networks. We expect that government-owned and procured USB flash media will be permitted for use by authorized individuals. We are working on upgraded anti-virus and malware detection controls to deny network access to unauthorized USB flash media, and revised operating procedures for scanning and cleaning flash media. Those who are authorized to use portable media devices will receive updated user training and will be held accountable through compliance audits and inspections.

The flash drives we’ve become accustomed to using on our home PCs—those collected at conferences or trade shows or bought at electronics stores—are no longer allowed. Only approved flash media will be permitted for use, and only by authorized and trained personnel, in support of missionessential functions. If disconnected from the network, it will be re-scanned before connection. In the meantime, we are increasing our use of collaborative workspaces, file shares and portals within our protected enclaves. This will reduce our reliance on USB flash media and protect our data and information by keeping it stored within our network boundaries.

Q: How does the DoN CIO Campaign Plan for 2010 embody your cybersecurity strategy?

A: Our campaign plan outlines our commitment to enabling assured information access to the warfighter as a fundamental element of each goal. To ensure mission success, we need to secure the sharing of information and have the capability to protect, manage, and discover identity information across the full range of operations. DoN personnel must be able to gain access securely to information, trust in the integrity of that information, and know that their personally identifiable information is being safeguarded. Our campaign plan forces us to think through what’s important for us to accomplish this year—including the future investments we intend to make in cybersecurity—and determine a priority and action plan for implementation.

While Goal 1 of the plan is, “Protect and defend our naval information networks and critical infrastructures to maximize mission assurance,” not too long ago, security was considered an afterthought. Now it is being “baked in” to IT, including NSS system development and deployment. Information assurance and security are foundational elements of the campaign plan.

We recently published the DoN Computer Network Defense Roadmap, which lays out our strategy for sustaining and improving CND as we move to the Naval Networking Environment- 2016. We have already begun employing a number of the measures outlined in the roadmap—for example, data at rest encryption. Long term, we need to continue work on initiatives we have started, in an environment that includes increased threat and resource constraints. This means we have to improve our management and provide a holistic approach in dealing with cybersecurity investments.

Q: Portfolio management is another aspect of the campaign plan. What are you hoping to accomplish in this area in 2010?

A: We are focused on improving the management of our naval IM/IT investments. The department is committed to managing investments efficiently in order to redirect resources gained through efficiencies to the warfighter and warfighter priorities. These savings are achieved by selecting the best value investments to deliver capabilities and eliminating IT investments that are inefficient or redundant. While our IT budget exceeds $7 billion, only a small percentage of that is actually discretionary spending.

In 2010, we hope to institutionalize portfolio management across the DoN enterprise using the recently signed portfolio management policy [Secretary of the Navy Instruction 5230.14] as our roadmap. This will involve implementing the approved governance structure and working closely with the designated mission area leads in defining a core set of investment criteria to establish a more disciplined approach to our IT investment decision-making process. Portfolio management will ensure that our IT investments: are managed collectively and yield economies of scope and scale; are integrated with the full complement of investment programs in the department’s planning, programming and budgeting processes; and comply with departmental strategic guidance and policies for such areas as, architecture, security and risk.

DoN’s portfolio management process will enable greater rigor and fidelity in the DoN investment process, and I believe it will save DoN significant resources as it now has a defined, structured process to evaluate its IT investments and better identify poor investments that aren’t contributing to the department’s objectives.

Q: What are some of the other aspects of the campaign plan that you are working hardest on these days?

A: We are hard at work on a variety of things, but I would say that one of my top focus areas is the future—developing the strategies and plans to achieve the Naval Networking Environment- 2016 [NNE]. The NNE-2016 is the intermediate target state for the department’s IM/IT network infrastructure, and is envisioned to deliver secure access to information from any computer in DoN. The Next Generation Enterprise Network [NGEN] is the first step in this process, and we envision the overall NNE as guiding DoN’s enterprise architecture and core services toward the goal of a net-centric enterprise environment. This effort encompasses a lot of what we are trying to do in other areas, including implementing a green IT energy stewardship policy, Web 2.0 technology and tools, and the development of a DoN enterprise architecture governance and structure. Technology has changed rapidly over the last 10 years, from when we first rolled out the Navy-Marine Corps Intranet [NMCI], and we now have the ability to look at a whole new set of tools, like wireless, 3G and 4G networks, and make use of advanced technologies like cloud computing. Attaining NNE-2016 will require transforming our people, business processes and enterprise architecture to better support our military forces.

Q: How would you assess the advantages and drawbacks of the concept of cloud computing for the military?

A: Cloud computing is a logical step forward to make computing more effective and efficient. It offers the ability to significantly reduce the cost of computing infrastructures and significantly reduce our IT footprint, while also improving services and security. That being said, the concept does shift the paradigm for information security closer to the data level, and away from the network level. DoD and DoN are large enough to become “public/private” clouds themselves. One drawback is that agencies may need to “standardize” the applications they will use and access from a Web browser. New applications can be designed to run in a cloud environment, but legacy applications may require some engineering or the deployment of “virtualization” to work. Also, the cloud provider’s hardware would still need to align with the DoD Information Assurance Certification and Accreditation Process to assure that risk management is applied. The bottom line is that cloud computing holds much promise for enabling ubiquitous, convenient, on-demand network access, and we are working on the business case for leveraging cloud computing as a component of the NNE-2016.

Q: What is the current status of the NGEN project? What are you doing to achieve a smooth transition from NMCI to NextGen?

A: The NMCI contract, which provides our shore-based computing network, ends on September 30, 2010. The transition to NGEN begins in earnest on October 1, 2010, with the first element being the continuity of services contract with EDS, our NMCI partner. We are working on the early transition activities to lay the groundwork for NGEN. These activities are part of the strategy to maintain the current level of services for the sailors, Marines and DoN civilian users of the network. We are mapping the processes for assuming control of the networks to ensure continued seamless operations, and we’re developing the strategy for competing the elements required to deliver responsive and survivable networks into the future. The DoN CIO, Program Executive Office Enterprise Information Systems, and NGEN System Program Office [SPO] are focused on ensuring a smooth transition from NMCI to NGEN, with the goal of achieving the NNE-2016 vision. In fact, the SPO, led by Rear Admiral Bill Goodwin, consists of dedicated staff pulled together to coordinate and synchronize program activities because the network has to continue to operate. October 2010 will not see a spike in network capability; it will be the beginning of a transition with plans for continued incremental transition.

A major endeavor over the past few years, and in transitioning to NGEN, has been the reduction of legacy networks. Since December 2006, we’ve gone from more than 1,300 networks to 451 networks. We are continuing our legacy network convergence activities, with 130 more scheduled for termination by October 2010.

Q: How does NGEN relate to CANES?

A: In planning for the NNE-2016, NGEN is the ashore network infrastructure/architecture, and CANES is the shipboard C4I network architecture. We are working diligently to align these architectures to ensure seamless information access around the globe. We have to ensure that CANES and NGEN are both integrated and interoperable. Our sea-based force needs to be able to access and navigate the ashore network infrastructure to find and use necessary information, and vice versa. More importantly, when a ship pulls up to the pier and plugs into the network, it has to be speaking the same language. The ASN/RDA, DoN CIO and NGEN SPO drive working groups at senior levels to ensure the interoperability and integration of these two network architectures. The vision is to log on anywhere in the world, afloat or ashore, and securely get to your data. We discussed the fact that cloud computing holds promise for ubiquitous access; garrison environments are prime candidates for cloud computing. I envision NGEN and CANES both leveraging cloud computing.

Q: How do those efforts lead to creation of the Naval Networking Environment by 2016?

A: It has been and continues to be an iterative process. We are working to establish the logical set of linked actions that deliver the NNE-2016 consistent with Navy and Marine Corps operational priorities and investments. The DoD CIO and Joint Staff J6 are also working to achieve this vision of “enterprise user,” so we plan to be able to integrate rather smoothly as we move forward. NMCI successfully managed the department’s shore-based desktop computing for the past 10 years while enhancing security. NGEN will build on the lessons learned from NMCI and will restore government control of the network. We are looking to provide DoN with a secure network architecture that will be consistent across the enterprise, which will lay the groundwork for NNE-2016. The vision is to have a complete ashore, afloat and garrison network that is secure, interoperable and integrated. Our vision is for NNE-2016 to be a world-class, secure and cost-effective network infrastructure that can be leveraged by warfighters and warfighter support to deliver information in support of national security.

Q: What do you view as the next big leap in technology for the military services?

A: I think the next “big leap” is not such a leap at all, but making innovative use of current technologies, including 3G/4G wireless, virtualization, security at the data element level, Web 2.0/3.0, and cloud computing. There are challenges to be worked with all of these technologies: security risks, ensuring acceptable use, overcoming cultural resistance to collaboration, and ensuring that data in the “cloud” is secure.

Q: Is there anything else you would like to add?

A: One important concept we barely touched on is Green IT. This initiative encompasses reducing our IT footprint, which cloud computing will help facilitate. While an important outcome and driver of Green IT is its impact on the environment, there are many other factors that affect our drive toward this initiative. As technology continues to evolve, our workforce is becoming more mobile. Many of the tenets of Green IT promote and facilitate this mobile workforce. We, as a department, must become more agile both in the way we work and where we work. Additionally, Green IT offers the ability to further reduce our IT Infrastructure and improve the security, resulting in cost savings that we can pass on to the warfighter; and as I’ve stated several times already, the support and success of our warfighters is our ultimate goal. ♦

Back to Top