Navy CIO Sees IT Challenges from Cybersecurity to Spectrum

At the latest AFCEA NOVA’s Naval IT Day the Department of the Navy’s Chief Information Officer (CIO), Rob Foster, gave insights into some of his current priorities and challenges after being in the job for nearly a year. His background includes Deputy CIO positions at Health and Human Services (HHS) and at the U.S. Immigration and Customs Enforcement (ICE) at the Department of Homeland Security (DHS).

His presentation spanned the gamut from leadership and policy-setting to technical and acquisitions. Here are a few comments that seemed most interesting and relevant.

• Cybersecurity – He wants to move from a compliance mentality to one of actual operational security. For their Cybersecurity Scorecard he wants to focus on high-benefit activities – blocking and tackling within the cyber-realm.
• Cyber- Effectiveness – He wants to have cyber- delivered correctly the first time versus delivered wrong and paying for it multiple times. They’re working with the N2N6 and C4 sides and looing to use innovation labs to test approaches.
• Risk Management Framework (RMF) – Foster has been at DHS, HHS and now the Navy. The RMF is not new. His perspective is to take their development lifecycle activities and remove the schedule element (I.e. security testing done at the end) and shift security elements upstream to build them in. It will take time for people to adjust to this shift, but he doesn’t think it will add time in the end.
• Spectrum Policy – Everyone is competing for spectrum, internationally and domestically. We need the ability to operate in a degraded technological state and spectrum is important in this regard. Tech innovation is needed to help the Navy operate in an increasingly crowded and contested spectrum space that is changing. Since our delivery cycles are 5 and 10 years we don’t want to deliver something that will operation in spectrum that’s been sold, etc.  We need flexibility.
• Everything-as-a-Service is a disrupter to traditional and installed infrastructure and processes, so we need to adjust how and what we contract.
• Agile – We must move in this direction, from a waterfall development methodology to agile. Reward those who succeed, but also those who fail b/c in this environment failing fast is much better than failing slow and after a long time.
• Industry Engagement and Acquisitions – He understands industry’s desire (and frustration) with getting those within government (especially in acquisitions) to be more engaged. He believes that increased education will help raise awareness among acquisition personnel on how late in the process they actually are allowed to speak to industry without running afoul of the rules.

From an IT budget perspective, the Navy’s spending may be flat going into the next year or two. For FY 2017 the Navy and Marine Corps requested a combined $6.5B for IT, a slight 0.4% decrease of -$26M from the FY 2016 enacted level, but still 7% above the FY 2015 level of $6.1B. The 0.4% IT reduction is a much smaller cut than the overall Navy base budget, which would fall 2.5% from FY 2016 to FY 2017.