Q&A: Gregory L. Garcia
Driving War-Winning Decisions Through Responsive Solutions
Interview with
Gregory L. Garcia
Director
754th Electronic Systems Group
The group develops, acquires, sustains and operates worldwide communications-computer capabilities for the president, secretary of defense, Department of Defense, chairman of the Joint Chiefs of Staff and unified combatant commanders to direct military forces. The group’s personnel are responsible for acquisition, sustainment, operation and support of secure integrated business, logistical, network and combat support information systems valued at more than $15 billion.
Garcia entered federal civil service in 1984 as an inventory management trainee at the San Antonio Air Logistics Center, Kelly AFB, Texas. He served in a variety of assignments at the ALC, culminating as chief of the Mechanical Systems Branch, C-5 System Program Office. Garcia also served as a policy analyst in the Maintenance Management Division at Headquarters U.S. Air Force. Returning to San Antonio, he held several positions within the ALC and the Cryptologic Systems Group, an Electronic Systems Center geographically separated unit. Garcia has served as the director of information assurance at the CPSG and executive director of the Aerospace Maintenance and Regeneration Center at Davis-Monthan AFB, Ariz. He has a bachelor’s degree in communication arts from Texas Lutheran University, a master’s degree in business administration from Incarnate Word University, and a master’s degree in public policy from Princeton University.
Garcia was interviewed by MIT Editor Harrison Donnelly.
Q: What does it mean to you when the 754th ELSG is billed as the Air Force “IT Center of Excellence for the Warfighter?”
A: The 754th ELSG, as part of the 554th Electronic Systems Wing [ELSW], is responsible for acquiring, fielding and supporting the information technology capability in the three major portfolios of Air Force logistics, combat support infrastructure and enterprise services. Through our partnerships with the HQ Air Force Chief Information Office [CIO] in SAF/XC, Air Force Communications Agency, and HQ Air Force lead functional requirements owners, we aim to meet our goal in providing and supporting key warfighting capabilities to our commanders and leaders of the Air Force, Department of Defense and other federal government agencies. Our vision in being a center of excellence is to deliver information that drives war-winning decisions by shaping, acquiring and sustaining warfighting capabilities through responsive, adaptive and cost-effective solutions. It’s a complicated and ever-changing milieu, but we enjoy the challenge and accomplishment of helping our services meet their mission assignments.
Does that mean we are always perfect? No, not in any sense of the word. But the key factor is that we are always working to become better—through reduced acquisition cycle times, more efficient processes, and leveraging a greater degree of enterprise integration across our programs to bring even better results. Our team has really embraced the Air Force’s strategy laid out in AF Smart Operations 21. It’s about improving our business processes so we can improve those of our customers. It’s that focus—on both the warfighter and our own processes to improve—that defines in my mind what a center of IT excellence works to accomplish.
And that is accomplished by the truly incredible men and women of this fantastic organization, who directly enhance our ability to accomplish our vision despite the complexity and challenges we face. These great airmen of the 754th are the power of IT. They bring excellence in commitment, character and capabilities to the service.
We provide these solutions through a wide range of systems, tools, products and services, utilizing a variety of contracts and agreements. We try to be vigilant regarding market dynamics that influence the integrity of existing support systems as we track technology enhancements, budgetary cycles and political reforms that may affect opportunities to deliver more effective and responsive enterprise services.
We work to deepen our knowledge and understanding of the commercial marketplace of our supplies and improve the contracts and licensing agreements to acquire these products competitively.
Through programs such as the Global Combat Support System-Air Force [GCSS-AF] and the forthcoming enterprise resource planning system called the Expeditionary Combat Support System [ECSS], the 754th ELSG is able and will be able to provide accurate and secure combat support information to joint and Air Force commanders and fundamentally transform Air Force Logistics.
Another important effort is the field assistance service we manage, which provides 24/7 help desk to our warfighters from all over the globe. We support not only 754th ELSG applications, but also other applications from other wings and groups within the Electronic System Center.
In the area of AFSO21 and lean training, over the last year we graduated 11 new Green Belts, with another 17 in the pipeline. We completed nine rapid improvement events, with 11 ongoing. Additionally, we have 21 in the initiation stage. One project, for example, reduced our quarterly enterprise buy process time by a factor of eight with reducing rework by more than 50 percent.
I also have to mention that we get great support from our sister organizations within our wing. The 643rd Electronic Systems Squadron provides our engineering and technical edge within all programs, while the 554th ELSG functional staff helps our 754th ELSG contingent at Wright-Patterson AFB with critical contracting support. It’s a great team throughout the wing, which allows us to bring to the field exceptional capabilities and solutions.
Q: Why was the Application Software Assurance Center of Excellence established as part of your organization, and what are some of the key initiatives under way there?
A: A couple of years back, the Air Force—like most organizations— had one of its systems compromised, and the intruder was able to obtain personal information on about 33,000 Air Force personnel. This really forced us to look hard at our greater corporate processes, and that led us to recognize the importance of not only understanding and protecting the network, but it also revealed the fact that we also must focus on securing the work of the net in addition to the network. That work occurred within our applications.
A pilot study was conducted that used source code analysis tools to analyze nine different applications. The source code analysis found potential vulnerabilities in all nine of the applications. Since much of the value sought after by these cyber-antagonists is the data or manipulation and corruption of such, we are more focused on protecting and defending that data within and between applications. This initial effort revealed to us that there is more work needed, so we, through great support from the senior leaders within the Electronic Systems Center, decided to take a proactive approach and form this center of excellence to specifically address software assurance.
We partnered with the Department of Homeland Security, DoD and industry to help coordinate our initiatives and direction. We decided to start with the area of code analysis, penetration testing and application shielding, combined with a focus on helping individual program offices understand the importance and process of addressing security throughout the life cycle of code. The initial result was a request for proposal for software assurance services as well as automated tools to conduct source code analysis, database analysis, dynamic Web penetration testing, database monitoring and application shielding.
The competitive contract was awarded August 31, 2007, and the Air Force stood up the Application Software Assurance Center of Excellence. The center’s mission is to build security into the software development life cycle. The center provides knowledge, tools and processes to software development programs offices to assist them with including security throughout their development process. The center is also working with the acquisition community to get better language put into contracts to assure any newly acquired software has gone through a structured assurance process. Finally, the center provides program offices with operational tools, such as database monitoring and application shielding, to mitigate any vulnerabilities that cannot be readily fixed.
One thing we have learned from our experience is that it is best to work with development efforts from the start and ensure program managers include security throughout their schedule. We also learned that to successfully address software assurance, it takes top-down support and bottom-up commitment to ensure program managers do address the full life cycle of code design, security and upkeep. A key tenet is to ensure program offices budget consistently for continued initiatives to address security. As have we all seen, the threat keeps evolving well after the code is fielded.
Q: What are you doing to improve the data security of laptops and other removable storage media?
A: In October 2006, the Data at Rest Tiger Team [DARTT] was formed in response to a number of security incidents involving lost and stolen laptops and removable storage media. The team’s mission was to provide a threat/risk analysis and market survey and to develop the DoD’s technical requirements for encryption of unclassified, sensitive and personally identifiable data often found on these devices. The DoD Enterprise Software Initiative [ESI] joined the DARTT one month later to serve as the acquisition support element. Shortly thereafter, NATO became part of the team, and in December of that year, the GSA SmartBUY team joined the DARTT and ESI to co-brand the acquisition as a joint DoD/ESI and SmartBUY initiative. The SmartBUY team facilitated the inclusion of other federal government agencies, such as the Transportation Security Agency, Department of Agriculture and Department of the Interior, as well as state and local agencies.
By January 2007, the DARTT established a team of subjectmatter experts in information assurance data security and acquisition. This collaborative group pioneered a successful technical evaluation and acquisition process for time-sensitive acquisitions. Upon the development of the data-at-rest encryption technical requirements, consolidated from multiple DoD services and federal agencies, the government revealed its plans for the release of a new DAR encryption policy and acquisition to the vendor community to ensure our requirements were competitive.
After gaining critical input from the vendors, DARTT was able to complete and release the final technical requirements document in April 2007. The team evaluated 23 proposals and 30 different technology solutions. It was determined that 10 DAR encryption products met all the technical, interoperability and cost requirements at substantial volume discounts available to all DoD, federal, state and local agencies. In June 2007, 11 blanket purchase agreements were awarded.
The 754th ELSG, the principal acquisition division of the DoD ESI, assisted the team by providing valuable insight regarding technical requirements. I was privileged to serve as the source selection authority for the DARTT and helped ensure the team had taken the critical necessities of the federal, state and local government into consideration.
The hard work of the team has not gone unnoticed. On January 28, the DARTT, DoD ESI and GSA Smartbuy team were collectively awarded the prestigious DoD Excellence in Information Assurance award.
The work the DARTT did was fantastic. It is absolutely crucial that we do all we can to protect the personally identifiable information and sensitive government data so often found on portable media devices. It was obvious that the DARTT had worked extremely hard to provide a valuable security service, and I am proud that my group was a part of the process. Since June 2007, the DoD, federal, state and local governments have already placed sales orders for more than $11 million in products with an overall cost avoidance of more than $45 million.
While these encryption-related products will undoubtedly be a huge help in the protection of sensitive data, it is not yet a “perfect solution.” The incidents that led to the development of DARTT continue to this day. The DARTT solution does not represent a panacea for all sensitive data loss. However, it does provide a rapid, low-cost and flexible response to a difficult program set that plagues the spectrum of U.S. government agencies.
Today, we are partnering with the Combat Information Transportation program office within the 653rd ELSG at the Electronic Systems Center to formulate a way ahead on a comprehensive approach for Air Force implementation DAR requirements by leveraging what we have already set in place through our ESI/GSA SmartBuy effort. It’s a great joint effort I believe will greatly strengthen our ability to defend our data.
Q: What is involved in managing the Air Force standard desktop environment, and why is it important?
A: There is a lot involved in managing the Air Force SDC [Standard Desktop Configuration]. The main thing is a lot of teamwork and partnership has gone into the development of the SDC. The Air Force Standard Desktop environment comprises standard core applications and a group of security settings derived from a settings review board. The board was composed of representatives from various federal agencies, such as DISA, NSA, NIST, Army, Navy, Homeland Security and many others, and was facilitated by the Air Force. The Air Force image also has quite possibly the largest driver repository available throughout the entire federal government. These consensus settings are the essence of the desktop.
In 2004, the Air Force began configuring all of their 525,000 desktop computers to the SDC. The idea of a standard configuration has since been adopted by the federal government, and the Office of Management and Budget required federal agencies to move to it in the form of the Federal Desktop Core Configuration [FDCC]. Projects are also underway to expand the standard configuration from more than just computers to include servers, printers and cellular devices. The importance of the standard desktop environment lies in the advantages it brings to the Air Force and the federal government.
There are several advantages we have realized through the use of the standard desktop image. One huge advantage it offers is ensuring security compliance. Maintaining information security continues to be a critical element of mission effectiveness throughout the DoD and broader federal government. There is a constant threat to the cyberrealm, and having the ability to react quickly to threats is of paramount importance. Having a common configuration allows patching and security configuration changes to happen quickly to counteract threats. Additionally, having one common configuration gives developers a stable target to build toward, and compatibility is now required for new system acquisitions.
Another advantage it offers is improved technology life cycle management. When machines are purchased through our quarterly buys, they come configured to support all Air Force applications throughout their entire life cycle. The buying standard provides sufficient performance to run mainstream software operating systems throughout the expected three-year life cycle for laptops, four years for desktops and seven years for monitors.
Q: Your office is responsible for Air Force software program management under the auspices of the DoD Enterprise Software Initiative, as well as for managing the Air Force single enterprisewide license contract. What do you see as the chief issues in the area of software management, and what are your primary goals?
A: The most prominent issue regarding software management is the diversity of terms and conditions in software license purchases, which lead to an endless number of unique software management processes. To tackle this issue, the 754th established the Software Enterprise Acquisition Management and Lifecycle Support [SEAMLS] office. Using existing Air Force enterprise software purchases and their associated software management processes, the SEAMLS office’s goal is to document a consolidated software management process to use for all enterprise software purchases.
The SEAMLS office has achieved one of their goals to take charge of the front end of software management by acting as the Air Force’s procurement and management arm in the ESI and other Air Force enterprise software purchases. Through the SEAMLS office, the 754th is taking control of software management by decreasing the diversity of enterprise software contract terms and conditions and consolidating the multitude of existing software management processes.
Q: What has been your experience with strategic sourcing under the IT Commodity Council [ITCC]? How does that work, and do you think the approach is a viable one throughout DoD?
A: The ITCC has been a fantastic success. Lowering life cycle cost is a key component of ITCC strategies. We are the benefactor of a superb vision from the Air Force CIO and senior acquisition contracting staff in the Pentagon in understanding and addressing the importance and value of a commodity approach for IT.
The Air Force has developed buying standards for PCs to increase standardization of Air Force’s 525,000 PCs. A quarterly enterprise buy [QEB] process is used to refresh products and prices at the enterprise level. This process helps the Air Force leverage its collective buying power. Front-end market research and work with Air Force customers to define requirements so they are competitive is key. Now in its fifth year, more than 568,000 computers have been purchased using the QEB, saving the Air Force more than $167 million in IT hardware purchases.
The Air Force also uses the FDCC as the standard Air Force image. This image works across all QEB machines and greatly reduces the time needed to image/reimage PCs. The Air Force has reported cost avoidance in FY08 of $53 million for the desktop/ laptop strategy alone. Similar strategies have been developed for digital printing and imaging and cellular services and devices. DoD is certainly interested in, and will benefit from, strategic sourcing.
Q: How would you assess the current state of the NETCENTS contracts, and what are you looking for in a new version to begin next year?
A: The NETCENTS contracts have been very successful in many ways. Air Force customers and DoD customers use the NETCENTS vehicle due to its ease of use, as well as its ability to meet mission capability and technical standards such as interoperability, reliability and security.
Net-centricity is a transforming initiative that will drive and has driven change in the Air Force and the DoD. NETCENTS has been instrumental in the transformation through task orders that have been focused on recapitalizing the force by the use of changing technology, streamlining business processes resulting from AFSO21 initiatives, and meeting the demands of the warfighter.
Much of the work under NETCENTS has helped to globally interconnect the network environment, has ensured the timely and seamless sharing of data among users, and has helped to shorten decision-making cycles. NETCENTS has enabled the Air Force, DoD and other federal agencies to effectively and efficiently integrate and implement commercial-off-the-shelf netcentric solutions worldwide—paving the way for convergence by installing and upgrading switches and providing savings by way of efficiency and discounts, with the right mix of primes and subcontractors. Through strong partnerships and collaboration, optimal and standardized solutions are provided to the Air Force warfighter or other DoD customers. Teaming partners bring responsive specialized expertise and extended geographical presence to the prime contractor and at a significant value to the warfighter.
Because of the NETCENTS contracts, the Air Force has made progress toward a more standardized net-centric infrastructure while enhancing competitive and small business opportunities for these requirements.
These contracts have also far exceeded small business goals required by the contract. At the time of the award of NETCENTS, we awarded contracts to four small and four large businesses. As of August, the small businesses have captured $1.6 billion of the $3.8 billion placed against the NETCENTS contract. Additionally, each large contractor has a subcontracting plan that further promotes small business participation through teaming arrangements.
Looking ahead to NETCENTS 2, we expect the contracts to be awarded in the 2009–2011 timeframe. The requirements for NETCENTS 2 encompass the current requirements for netcentric products and services. The contract also includes A&AS, telephony products and services, content and presentation services, networking products, application software services and AFNETOPS.
The proposed strategy for NETCENTS 2 is a result of lessons learned from the current contract, where systems integrators provide all products and services. We garnered savings when compared to other government product contracts. However, we incurred passthrough costs while taking advantage of discounts that resellers provide via volume purchasing and strategic partnerships with original equipment manufacturers.
The Air Force arrived at the decision to separate product offerings from services after careful consideration of a variety of issues. The Air Force started by seeking feedback from current customers, which included recommendations for ease of u se and content improvement such as additional cost savings, increased competition at the task order level and clearer mandatory use policy. We proceeded by studying two DoD audits and one Air Force audit incorporating the recommended changes into the proposed strategy. I believe we have done a solid job of reviewing, researching and gathering lessons learned from other service and agency approaches similar to NETCENTS.
We feel these differences will have quite an impact on the Air Force, its vendors and the warfighter. One of the primary objectives of the NETCENTS 2 acquisition is to provide the Air Force with a wide range of hardware and software tools to support, interconnect and enhance its highly complex and critical command and control and cyber missions.
NETCENTS 2 is posturing to support the Air Force’s mission and will be an acquisition vehicle to deliver innovation, agility and efficiency to the warfighter for the life of the contract.
Q: How important a role do the GCSS-AF and ECSS programs play in assuring the Air Force’s ability to support the warfighter?
A: The mission of the GCSS-AF is to provide timely, accurate and trusted agile combat support information to joint and Air Force commanders, their staffs and other agile combat support personnel at all ranks and echelons, with the appropriate level of security needed for the Expeditionary Aerospace Force to execute the Air Force mission throughout the spectrum of military operations.
With more than 800,000 DoD, civilian and contractor customers, GCSS-AF is the Web-based, service-oriented system that enables the Air Force to deliver asset visibility to Air Force major command and combatant commanders for decision-quality information and to integrate combat support information for the warfighter. We are partnered with the AF CIO office, the Air Force Communications Agency, and most HAF two-letter functional communities to assist us in understanding and addressing their infrastructure needs. It is a good partnership that is allowing us to prioritize requirements and make the best investments for the Air Force.
GCSS-AF provides a common hosting and messaging environment, a common secure entry point for a reduced sign-on capability to mission applications, and a presentation layer to both non-classified and secret networks. It also serves as the infrastructure on which our enterprise resource planning tools [ECSS, Defense Enterprise Accounting and Management System, Personnel Services Delivery Transformation] sit.
GCSS-AF also features a data services warehouse, which is a consolidated repository of Air Force combat support information. The warehouse allows for a consolidation of automated information systems data to enhance business processing efficiencies, and the warehouse provides business analytics to allow our warfighting airmen to execute the Air Force mission throughout the full spectrum of military operations.
With regard to the ECSS program, it represents the single biggest change in the history of Air Force logistics. As a part of Expeditionary Logistics for the 21st Century, or eLog21, ECSS is the cornerstone enabler of a number of other initiatives that will transform Air Force logistics to better support the expeditionary warfighter.
ECSS is more than technology. It will fundamentally change the business processes, personnel roles and organizational structures across the spectrum of the Air Force logistics community. When fully configured and implemented, it will replace the disparate processes and data of approximately 250 legacy logistics systems with a single integrated solution. We are quite fortunate to have superb partners in the HQ AF/A4I offices in Washington, the Logistics Transformation Office located at Wright-Patterson, and the hundreds of subject-matter experts from around the Air Force who participated in blueprinting efforts.
These partners help us keep focused and attuned to the critical needs of the greater logistics communities and how to best support them. It’s a real partnership of rolling up your sleeves and working on the myriad of challenges to ensure timely and meaningful delivery of capability wrapped up in one of the largest ERP systems in the world. It’s tough but meaningful work that has to be accomplished to help our Air Force accomplish the worldwide missions we are charged to do.
ECSS will touch every aspect of Air Force logistics, from flight line to factory, including both wholesale and retail logistics efforts. It represents a radically new approach and is meant to be comprehensive, engineering Air Force logistics for rapid, responsive change.
Air Force logistics will look much different once ECSS is fully implemented. It will have new standard logistics processes implemented by an integrated team who knows what the future Air Force supply chain needs.
Q: How big a role does Air Force IT Conference [AFITC] play in accomplishing the Air Force mission?
A: AFITC actually plays a significant role in how we do business. It is, just as the name states, the IT conference of the Air Force. It is the one time of the year when we can get more than 6,000 people representing DoD, industry and academic communities from all over the world together to work toward answering one question: How can we best apply the latest, cutting-edge technology to keep the Air Force the most advanced, most lethal fighting force the world has ever known? This past year, AFITC attracted more than 200 vendors who were more than excited to share how they can help us answer that question and provide market research insight to Air Force buyers and customers.
In conjunction with the city of Montgomery, Ala., we have hosted AFITC for the last 26 years. Each year it seems to get better and better. AFITC is one of the primary tools for keeping Air Force IT users, developers and managers current on the latest technologies.
Specifically for the 754th ELSG, AFITC gives us the opportunity to not only advance current relationships we have with current customers and contractors but also, as more companies and attendees become involved in the conference, create new relationships. Our mission is to deliver information-driving warwinning decisions by shaping, acquiring and sustaining warfighting IT capabilities through responsive, adaptive and cost-effective logistics, enterprise services and infrastructure solutions. The relationships we build and foster through AFITC ensure we accomplish that mission as efficiently and effectively as possible.
Also for attendees, AFITC offers targeted training seminars and showcases product demonstrations from the government, industry and academic communities. This past year alone, we had more than 200 session breakouts on such key topics as AF NETOPS, knowledge now/collaboration opportunities, and leveraging our current infrastructure, and we discussed our goal of moving to a greater service-oriented architecture construct in the future.
AFITC also featured a small business match-making session. This session serves as an opportunity for small IT businesses, large companies and government agencies to gather for the purpose of matchmaking and identifying future business opportunities. It also serves as a tool in helping government agencies meet future contracting requirements.
AFITC is a fantastic annual opportunity of which the Air Force takes full advantage to ensure our capabilities and skills remain on the pinnacle of technology and expertise. If you get the chance, make it out to our 2009 conference, which will be held August 24 to 27. Then you will see for yourself why AFITC is hands down the number one IT conference in the Air Force. ♦
