INTERVIEW: Arthur Money, former DOD systems chief
Security tops Defense's priority list
In his three years as the Defense Department's top systems chief, Arthur Money oversaw changes in procurement, an emphasis on information warfare, preparations for year 2000 and a continuing push toward joint systems. He spoke with GCN shortly before stepping down April 6 as DOD's chief information officer.
In February 1998, when Money first took over as CIO, two teenagers from Northern California were charged with launching an attack against Pentagon systems. At the time, FBI officials called the attack, dubbed Solar Sunrise, 'the most organized and systematic attack to date.'
Money, who also was assistant secretary of Defense for command, control, communications and intelligence, said the damage caused by Solar Sunrise 'almost brought this department to a halt.'
Today, thanks to information assurance initiatives, Money said a similar attack would be nearly impossible to pull off.
Money has more than 40 years of management and engineering experience in defense electronics and intelligence, both in government and industry jobs.
Before taking his Pentagon post, he spent two years as CIO for the Air Force. He also spent a stint as assistant secretary of the Air Force for research, development and acquisition. Money came to the Defense jobs after management posts with TRW Inc.
Money has a bachelor's degree in mechanical engineering from San Jose State University and a master's in mechanical engineering from the University of Santa Clara.
GCN staff writer Dawn S. Onley interviewed Money.GCN: Identify the Pentagon's biggest information technology goals?MONEY:
The first one is information assurance, and the second one is to be more able to buy IT as companies do. Things like enterprise licenses come to mind and getting the department to act as a wholesale buyer versus hundreds of retail buyers. Most of what we do in the Defense Department is, in fact, buy what's commercially available, and DOD wants to do more of that.
There's no way in heck the department could keep up with the commercial market if it tried to develop this stuff in-house. So that's the good news. The bad news is the arcane way DOD procures things'especially IT'limits and diminishes the value of the hardware and software because it takes so long to get it.
The department has an opportunity to get modern IT-wise. There's a lot of work being done to acquire things more easily. Probably the most salient is the new approach as demonstrated by the Navy-Marine Corps Intranet program, where the service is not buying any equipment, and it's not leasing any equipment. The Navy is buying a service.
Electronic Data Systems Corp. will put in the new equipment, and the Navy doesn't have to fool with the procurement cycle. It's just paying a monthly fee to the contractor, and EDS is then rewarded to keep the Navy-Marine Corps Intranet modernized. I see some model like that being the way to go across all of DOD.GCN: Could you expand on Defense's information assurance work?MONEY:
The department last year had 28,000 cyberattacks. These were blatant attacks, so obviously information assurance is paramount. There are some things DOD has deployed: intrusion devices, firewalls, etc. But there's more that can be done and should be done.
The biggest program DOD has in that regard is public-key infrastructure, which the department will be rolling out during the course of the next five years. A PKI will strengthen the overall defensive posture of DOD's networks.
That work is not ever done; it must continue as the threats become more sophisticated. Consequently, the defense part has to become more sophisticated, so it's a continuous effort. Of those 28,000 attacks, all but a handful'half a dozen'DOD handled readily.
I estimate Defense is probably spending $2 billion to $3 billion a year in response to cyberattacks. The department would rather spend that money somewhere else.GCN: Can you tell me some of your IT accomplishments?MONEY:
I think the enterprise license was a major accomplishment; and getting NMCI through is a major accomplishment.
When I first took over this job in February 1998, we were wide open to hackers. We had a thing called Solar Sunrise: Two kids in California almost brought this department to a halt. Three years later, that's impossible with what's been done. So information assurance is a major accomplishment.
Last book read: The Confirmation by Thomas Powers
Military Service: Army, 1957 to 1958
Leisure activity: Golf
Favorite Web site: www.c3i.osd.mil
Another is IT buying in an enterprise sense. NMCI is changing the model of how to procure things in a service sense.
Probably another thing is the Global Information Grid, where all this stuff ties together. That was a major accomplishment. It's still a work in progress, as is all of this. I'm proud of what DOD has done, but there's still a huge amount that needs to be done.GCN: How would you rate the procurement process?MONEY:
It needs to be speeded up. We've gone through a lot of trouble to make it more flexible, but it's still more weapons-centric and -oriented versus IT-related. I don't mean to bash the current process. What's here today is a heck of a lot better than what was here two years ago. But it's still too slow.
Consider another success story. DOD in the last year has been able to set an enterprise software license for the whole DOD, not just the Army, Navy, Air Force, Marine Corps or some subset of it, but the whole DOD.
By buying wholesale for the first time, that's huge savings and future cost avoidance. The department has that going on through the Enterprise Software Initiative, where DOD buys office products, network products, database products on a DOD license. What's being saved is a huge sum, in the hundreds of millions of dollars.
Defense is still just doing this in very select areas. It should be done broader, but it runs against the culture to have centralized buying.GCN: How is DOD dealing with recruiting and retaining IT workers?MONEY:
Defense does a lot of training for people who eventually go out and are part of the economic engine in industry. The department is trying to retain people. DOD officials recognize some of the attributes these people have. For example, the department pays extra for pilots, lawyers and doctors, and things like that.
I think it's time that we ought to be paying extra for some systems skills. Systems administrators are the heart of the whole network-centric department, so having continuity in those jobs is critical.
Some people are not in their jobs just for money. They enjoy the mission and the excitement of it, but at the same time, they ought to be recognized and not impeded in their careers.
The department is doing OK, but I think it will always be OK. It will be recognized that people will want to get training and go out and make two, three, four times what they did in the services. That's going to happen.
So DOD is trying to retain those people in the reserve units, where the department has some benefit of them, even if it's not full-time.
The department is also sponsoring scholarships now for people to get their doctorate degrees. Of course, part of that would require the recipients to spend a number of years in DOD, Army, Navy or Air Force to pay back that commitment.
There are a lot of initiatives ongoing, but I think we'll always have some outflow.GCN: How do you think it will affect DOD having former Defense people such as Dick Cheney and Colin Powell in high-ranking positions in the Bush administration?MONEY:
I think it's got to help in the context of they've certainly been there, done that, and have a greater appreciation for what goes on within the department. But the world's changed, the department's changed in the 10 years since Powell and Cheney were at DOD, and clearly it's changed in the years since Secretary Donald Rumsfeld was last here.
I think back in 1973 when Rumsfeld was at DOD, there may have been a hand calculator or two, the computers were in the basement, and everything was batched.GCN: Talk about the need to offer services on the Web while also maintaining security.MONEY:
That's a great challenge. New recruits are buying stuff off the Web, so DOD needs to have ties to the Internet, but it doesn't want to let just anybody come through. So having this e-anything take place is important.
The department distributes $40 million an hour, 24 by 7, 365 days a year, so there has to be a tie, but there is also the nemesis of what could come in. So DOD's strength is its IT prowess, and its weakness is its IT prowess.