CTOs are the tech folks behind CIOs

CTOs are the tech folks behind CIOs


The government has far fewer chief technology officers than chief information officers. But CTOs bear heavier responsibility to make sure their systems advance their agencies' missions, two tech chiefs said at the recent ComNet trade show in Washington.

Jeffrey D. Pound Sr., standing, and Air Force Research Lab technician Todd Wright combat professional hackers via VPNs.
Robert A. Flores, CTO at the CIA, and Jeffrey D. Pound Sr., CTO for the Air Force Research Laboratory at Wright-Patterson Air Force Base, Ohio, said their time is consumed by security and bandwidth issues.

'Every day something is bigger and more complicated than the day before,' Flores said. 'We're basically competing with CNN [for intelligence], but we don't get to charge for our services.'

Pound said he worries a lot about 'professional hackers, not just kids,' because the Air Force lab is 'one of the top U.S. targets.' He likes the security of virtual private networking, but existing firewalls and VPN software cannot handle the gigabit-level throughput of Air Force networks now being planned, he said.

Flores said the CIA 'spends a lot of time trying to break other people's networks. We turn inward and hack ourselves to death' to find vulnerabilities.

Encryption is not the answer, he said. If all transmissions and even stored data were encrypted against intruders, the encryption would prevent indexing and searching of files and video streams by CIA users.

'And we don't believe biometrics is the answer' for user authentication, Flores said. 'It's not hard to hack the middleware' that stores user identities. 'We've got iris readers, but we don't trust them.'

PKI security issues

Pound said the Air Force laboratory, like other Defense Department organizations, is putting its trust in a public-key infrastructure and digital certificates. 'But what happens,' he asked, 'if someone inserts a bogus certificate server in your chain? PKI is only as good as the guy who gives out the keys.'

Another problem, he said, is that Defense's PKI so far is using Netscape Communications Corp. certificates, which are incompatible with those of other vendors.

The two CTOs said they are 'scared to death' about malicious code reaching their secure networks via JavaScript, ActiveX and other scripting languages. Both their organizations are preparing to migrate to Microsoft Windows 2000 and its Active Directory services.

Wireless problems

Both CTOs said they also worry about the trend toward wireless handheld devices, which Pound called 'very scary. Bluetooth [short-range radio networks] destroy physical security. Someone could stand outside a window and read everything on your laptop.'

'Wireless is anathema,' Flores added.

As for bandwidth, Flores said his problem is 'to move information to low- and no-bandwidth sites and get information back' despite satellite hops whose delays can time out IP transmissions. 'There are always pockets that don't have the necessary fiber,' he said.

'We can't get enough bandwidth to our scientists and engineers,' Pound said. 'Bandwidth and computing power are more critically short than funds.'

Some outsourcing

Asked about outsourcing, Pound said it 'won't ever happen for core processes.' He said much DOD work is already outsourced, but often to other agencies.

The two CTOs said they have no governmentwide organization such as the CIO Council, but 'we've been talking about CTOs getting together.'

Pound explained the CIO-CTO division of work this way: 'The CIO is responsible for the balance and application of technology that the CTO comes up with, in answer to the chief requirements officer's requirements. In other words, everything has to align with the strategic plan.'

He said his job is 'different from a dot-com CTO's. There's more oversight and resource responsibility. I haven't coded in five years.'


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected