John Grimes | Barriers to info sharing remain
Interview with Defense Department CIO John Grimes
- By Dawn S. Onley
- Sep 07, 2006
John Grimes is the Defense Department's CIO and assistant secretary of Defense for networks and information integration. During the attacks on Sept. 11, 2001, he was working for Raytheon Corp. in Virginia and could see the black smoke billowing from the Pentagon. Now he is in charge of the IT at the Pentagon and, now five years later, understands the progress the federal and private sectors have made and where they still need to go.
He provided GCN senior writer Dawn Onley with e-mailed responses.GCN:
What significant actions or responses where you involved in in the aftermath of 9/11?Grimes:
The chief executive officer of the company I worked for was the chairman of the President's National Security Telecommunications Advisory Committee, and I was Chairman of the NSTAC's Industry Executives Subcommittee. This technical committee represents the telecommunications industry group that advises the president on National Security Emergency Preparedness matters relating to the nation's commercial telecommunications and information service providers and infrastructure. Members of the NSTAC also serve on the government's National Coordinating Center for Telecommunications. In coordination with the Federal Communications Commission and the Joint Telecommunications Resource Board), the industry immediately began restoring services on a priority basis in New York. Our nation's telecommunications industry is to be commended for how quickly they restored services under very stressful conditions.GCN:
Now 5 years later, where has the government made the most significant progress?Grimes:
At the national level, recognition of the need to share information has increased dramatically over the past five years. Recent operations both at home and abroad have continually highlighted the importance of creating teams that can both interoperate and communicate.
At present, the ability to share information with the full range of potential partners is being addressed. Strategies for sharing are being pursued throughout the federal government, with state and local governments, with non-government organizations, with other nations (allies, identified coalition partners, potential future partners), and with business and industry. Policies related to accessing information, crossing domains, assuring integrity and responding to ad hoc needs have been addressed.
Most importantly, the activities supporting information sharing represent a significant culture shift that largely resulted from recognition that government users are stewards of information and do not have ownership of information to be shared.
Information sharing enablers [include]:
- The DOD Net-Centric Data Strategy has been embraced by our allies and NATO has adopted the same approach.
- Increased emphasis and priority has been placed on technology advances to mitigate the increasing cyber threat.
- The priority placed on the cyber component of Critical Infrastructure Protection at the defense and national levels has significantly increased. Programs and procedures for interagency sharing of cyber warning information have been established.
- Organizations throughout the public and private sectors are increasing both the frequency and sophistication of preparing for and responding to network attacks. The pace of exercises, including continuity of operations, has increased dramatically.
- Spectrum management ('access to the airwaves') has been recognized as key to improving communications and facilitating interoperability among federal agencies, state and local partners and foreign allies, DOD has worked to identify interoperability channels in various bands (CHF and UHF).
- Terrorism information sharing networks have been established in support of presidential executive orders. A network has been established that provides for the sharing if intelligence between DOD, the Department of Homeland Security, key intelligence organizations and the FBI.
- Provisions for information sharing with allies and coalition partners have been made through the establishment of a multi-national information sharing network.
What projects were developed post 9-11 that you wouldn't have been working on pre 9-11?Grimes:
The need to share information was recognized before the 9/11 attacks, but cultural barriers had suppressed its importance. The terrorist attacks on the United States became the needed stimulus to break the pattern of complacency and resistance, and replaced it with a recognition of importance and spirit of collaboration. That said, we have along way to go.
While not a 'project' as such, a huge change has been made to how we view data. In the past, data tended to be presented based on the collector and producers perspective. It reflected the analysis, publication, and distribution perspective of 'we know what is needed, when it is needed, and who needs it.' Typically, data was collected and analyzed on timelines that were not necessarily consistent with user needs.
That paradigm has been turned upside down. In the net-centric environment of information sharing, data is user-oriented. It is posted quickly (earliest point of usability), pulled as needed, and formatted based on user preferences'User-Designed Operating Picture. Access is allowed based on an authenticated identity and an authorized role. This approach reflects today's common Internet and World Wide Web experience, rather than the push, pre-formatted, tightly controlled approach of the past.
In addition to rethinking our procedures and changing priorities regarding information sharing, new efforts were also initiated:
- The Continuity of Operations program relocated [Defense's] mission critical data from the Pentagon to a remote facility. This nine-month effort successfully established a high-speed data link to a remote facility, set up a storage area network and connected all Office of the Secretary of Defense mission critical systems to the network. The process also incorporated regular tests that supported the development of the concept of operations and related procedures.
- Based on recognition that information sharing with allies and coalition members must be improved, the Multi-National Information Sharing effort was established. This effort seeks to develop standardized means for sharing information with ad hoc coalitions. In the past, techniques for sharing information with established allies such as NATO via Link016. Operations in Afghanistan and Iraq have highlighted the need to construct information sharing networks that could incorporate unanticipated coalition members and partners as well. MNIS will provide a means for commanders to develop information sharing guidelines and provide the means to actually share the information. It will also aid users in understanding disclosure policy rules and help with language translation.
- DOD has partnered with DHS and other agencies in developing the National Command Capability as mandated by the president. The NCC provides the means to command, control and coordinate our land-aero-space-sea operation among federal, state, territorial, tribal, insular, local governments, private organizations, U.S. government assets abroad, foreign governments and international entities (e.g., United Nations) to achieve national objectives through all emergencies and hazards. Authority and accountability across the governance and management structure has significantly been improved.
- Since 9/11, the tempo of operations and the needs of deployed units have skyrocketed. Demands for more information sharing capabilities have resulted in a corresponding increase in the development, purchase and application of security systems.
GCN: What is the most important thing the government still needs to deal with? Please provide some examples of things we still are at risk of forgetting or have overlooked?
Grimes: Despite extensive efforts, the cultural barriers that inhibit information sharing have not yet been completely broken. Stovepipe systems still exist that cannot interface with other systems without extensive pre-engineered interfaces. These same challenges are reflected in our struggle to improve protection levels of the federal sector information enterprise and the nation's critical infrastructure.
Breaking down the firewalls that prevent accessibility of information among national defense organizations, diverse federal agencies and coalition allies must receive even greater emphasis and progress faster. The notion of 'need to know' must be replaced with 'need to share' and 'right to know'.
The processes that served us well in the past also need to be re-examined in light of the current security context and pace of technology. Acquisition systems and requirements processes have traditionally focused on buying 'things'' big, expensive things. To meet demands of increased and fast paced operations, to keep up with technology advances, and to ensure IT capabilities are fully leveraged, we must change our acquisition philosophy and processes. Procuring a weapons platform is different than establishing an information environment.
GCN: What are the most important priorities now that grew from 9-11?
Grimes: Information is a strategic asset. It must be recognized as such and given the same level of emphasis as traditional weapon systems such as guns, tanks, ships and airplanes. Leveraging the power of information will provide the agility to deal with uncertainty, make better decisions faster and act sooner.
But information is of little use if it cannot be trusted. The entire information assurance community has been and must continue to be energized to solve problems ranging from stolen and corrupt, to lost and late. Today firewalls and software patches attempt to keep intruders out and data safe. Tomorrow's assured information will require that the individual data be secured throughout its useful lifespan. Identity management has been and will continue to receive high priority as biometric capabilities are further developed, and access controls implemented (specifically, Common Access Card and Public Key Infrastructure).
Finally, establishing teams both within the government and across public/private boundaries must get increased attention. More than just communications, plans and processes to address adversity as a team must be further developed, refined and institutionalized. Connectivity, communications and command challenges must be solved. Nowhere is this more apparent that in the intelligence arena. While net-centric approaches will help, collaborative environments depend upon attitude and behavior as well. In short, a Goldwater-Nichols modeled push to jointness should be applied to both the interagency and outside partners.
GCN: What has been or is the true lasting impact of the changes since 9-11?
Grimes: The good news is that awareness of the significant changes to the strategic landscape is now well established in our culture, our policies, and our programs. The needs are known and the challenges have been identified. The recent strategy and policy updates have firmly rooted the move to net-centric Operations. The net-centric information environment is understood and generally underway. The path to enable timely and trusted access to information, sharing of information and collaboration among those who need it has been laid. We must confront uncertainty with agility. Sharing information is the foundation upon which unprecedented levels of agility will rest.
The lasting impact could, however, easily become a fleeting, squandered opportunity. Slipping back to our old way of thinking of information as 'owned' and its use limited to proprietary tools and systems are still possible. We could fail to breakdown the stovepipe mentality that still exists today. The sense of urgency has dampened in the past five years. As long attacks continue to occur 'over there', complacency can develop 'over here.' The lasting impact, therefore, must become the culture and capabilities to allow information sharing among known and unanticipated partners'partners with the common objective of securing our future.