CHIPS Articles: Kevin C. Cooley

From December 2006 through August 2009, Mr. Cooley served as the Director, Information Technology Governance & Information Management (OPNAV N61). The Information Technology & Information Resource Management Directorate supported the Deputy Chief of Naval Operations for Communication Networks (N6) and the Deputy DON Chief Information Officer (Navy). Mr. Cooley had overall information technology architecture and governance responsibility for the Navy's IT infrastructure. Additionally, Mr. Cooley exercised oversight of IT programming, budgeting and fiscal execution. Please go to Navy.mil for Mr. Cooley’s complete biography. Mr. Cooley responded to CHIPS questions in late September.

Q: Can you talk about your role as the executive director and command CIO for Fleet Cyber Command?

A: As the FCC executive director and senior civilian official in the command, my role is to assist and advise the commander on matters related to integration of requirements and programs, synchronization of financial execution with requirements, and civilian workforce and performance management for the FCC organization. I represent the commander in various joint and Navy flag and senior executive panels related to the FCC mission, the planning and budgeting cycle, and financial management. Chief of Naval Operations Adm. Jonathan Greenert has directed that his commanders know their business and that they be judicious in their use of resources. A primary focus of my work as executive director is to help the FCC commander meet the CNO’s direction in this area.

I also have a second set of responsibilities, those of the FCC command information officer. My primary responsibility in this role is to be the commander's principal advisor for information technology architecture, IT investment priorities, and to ensure FCC meets requirements for IT portfolio management within the FCC domain.

The architectures, investments and portfolios span all classification enclaves and keeps me engaged in both the Navy enterprise (due to our global mission set for the Navy) and FCC specific domain arenas. Given the nature of FCC ’s responsibilities in a new warfare domain [cyber], I execute my CIO responsibilities in close coordination with the cyberspace operations, strategy and planning, and communications directorates at FCC. This means that I season the more traditional technology policy and governance roles of the CIO with a healthy portion of perspective from tactical cyberspace operations executed in a Maritime Operations Center (MOC) context, cyberspace strategy and planning at the operational level of war, and the reality of large scale and global network and security operations.

While these responsibilities can be a bit overwhelming at times, I very much enjoy working with the extremely professional uniformed and civilian personnel at FCC. Hardly a week goes by without me being amazed by the creativity and dedication of our people. It is my high honor to be a part of their leadership team.

Q: Does Fleet Cyber Command have a role in the Department of the Navy's IT efficiencies effort to improve business IT processes, including: consolidating data centers, developing a data and cloud strategy, and using department-wide enterprise licensing agreements?

A: FCC understands the Navy’s need to have IT systems that are both operationally relevant and affordable. Because of this, FCC also understands the Navy’s imperative to gain efficiencies in its IT environments and as such is working in two dimensions. The first is inside of the FCC domain where we apply significant scrutiny to our own IT environments to ensure that we are as efficient as possible in our own expenditure of resources; including leveraging enterprise solutions wherever feasible.

The second is to support both OPNAV and the DON CIO in their Navy and department-wide initiatives to reduce expenditures on IT systems. Specifically, as one of several Navy second echelon commands and the operational authority for the Navy’s networks, FCC has a significant role in the Department of the Navy’s efforts to realize greater IT efficiencies.

For example, FCC provides direct support for the Fleet Forces Command sponsored 'Fleet FAM' initiative to eliminate unneeded applications from the afloat environment. Particularly, as the operational authority for networks, we provide the network communications and security perspective for decisions to retain afloat applications. I personally sit on the Business Executive Advisory Board established by the DON Deputy Chief Management Officer (Deputy Under Secretary of the Navy Mr. Eric Fanning) to specifically address opportunities for business process improvement across the DON.

Additionally, FCC, upon the request of OPNAV N2/6, is taking a lead role in the further consolidation of the remaining 'legacy' and 'excepted' networks into the NMCI environment. FCC is also directly supporting the DoD planning and implementation of the Joint Information Environment (JIE) which incorporates at DoD level cloud and implicit data strategy.

Q: In his statement to the House Armed Services Committee July 25, which addressed emerging cyber threats and capabilities, Commander, U.S. Fleet Cyber Command Vice Adm. Michael S. Rogers said to reduce the attack surface exposed to criminals and adversaries, the Navy engaged in a comprehensive campaign to achieve shore network consolidation and modernization by terminating all Navy legacy networks by 2014. I thought all legacy networks had been either retired or modernized with the implementation of the NMCI and the Cyber Asset Reduction and Security effort, or not?

A: With the dynamic nature of the Navy’s mission, there will be continued activity to improve and maneuver the Navy's network to meet the mission and counter a dynamic, persistent and sophisticated set of adversaries. Therefore, being better organized and having a smaller exposed attack surface will improve our mission assurance posture.

The Navy has made substantial progress afloat and ashore in fielding our enterprise networks: NMCI, ONE-NET and IT-21. These major network programs have dramatically reduced the variability in [the] security posture of the Navy's networks, and Operations Cyber Condition Zebra (CCZ) and Cyber Asset Reduction and Security (CARS) were the first logical steps to both more thoroughly secure the perimeter and more completely field NMCI and ONE-NET.

It's worth noting that the original task for Operation CARS was to reduce the Navy's networks by 51 percent. In fact, over 1,040 individual Navy networks were terminated during Operation CARS, mostly by migrating key mission applications into a better-protected enterprise perimeter. This included discovery of over 300 previously unregistered networks and equates to roughly 90 percent reduction of the total and far exceeding CNO's tasking. During this period, approximately 300 networks were reviewed and determined to not be a good fit in the near term for immediate migration into the enterprise environment.

These were defined as excepted networks that would be a part of the overall Navy network environment, just not inside of one of the three primary enterprise networks. Some good examples of these include Navy Medicine, our systems commands' RDT&E networks, educational networks for the Navy's degree granting institutions, as well as some tactical networks. What Vice Adm. Rogers was referring to in his comments was the initiative to re-look at these excepted networks to further consolidate wherever feasible.

Our past experience with Operations CCZ and CARS helps us understand that continued consolidation of networks will require corresponding consolidation or elimination of applications. So in this way, there is a linkage between the ongoing network consolidation efforts at FCC, which are focused on March of 2014, and the overall DON Data Center Consolidation effort. Interestingly, we also see the importance of architecture as a part of reducing attack surface. The use of cloud technologies and design approaches that can enable thinner or stateless end use devices can go a long way towards reducing our attack surface and we are working with the technical authority and the acquisition community in this area as well.

Q: Can you talk about the "Cyber Wholeness Review" efforts?

A: The cyber-warfare wholeness review is being conducted by OPNAV in conjunction with Fleet Cyber Command, Fleet Forces Command, Pacific Fleet, Navy Cyber Forces, Navy Warfare Development Command, the Office of Naval Intelligence, and the Program Executive Office for Command, Control, Communications, Computers and Intelligence (C4I). The review is examining the state of current doctrine, organization, training, materiel, leadership and education, personnel and facilities (DOTMLPF) that enable Navy's cyberspace operations. All in our Navy have an interest in assuring that our investments in cyber warfare are balanced, sustainable and meet the operational needs of the Navy. The wholeness review is simply a part of the process that OPNAV executes to see to this balance.

Q: Vice Adm. Rogers also said in his testimony that 75 percent of FLTCYBERCOM's workforce operating the networks day-to-day is "out of whack and very dated." Consolidating and centralizing servers and networks into a "cloud" approach will free up personnel from running the networks to actually defending them — and, perhaps, attacking adversaries' systems. Are you beginning to plan how the workforce will operate in this paradigm switch?

A: Absolutely, we are aggressively working both inside of FCC and with our partner type commander, Navy Cyber Forces (NCF) to plan and execute this switch. This speaks directly to a transition from a primary and 'traditional' focus on operating the networks to a more comprehensive and fully relevant focus that explicitly includes a proactive defense, and the capability to support exploitation or attack on an adversary’s networks as directed by U.S. Cyber Command. Integrating these functions along with the other areas of our mission set: information warfare, electronic warfare, signals intelligence and space, will further extend the capabilities of the cyber fleet.

The establishment of the Information Dominance Corps was a first visionary step on this road and FCC is absolutely committed to completing the transformation.

We are specifically working with NCF to evaluate the billet and training requirements to enable our fully integrated operating model. Any new billets will either come from excess lists (via SMRD — Shore Manpower Requirements Determination) based on billets no longer required under the previous model and repurposed, or they will be a part of FCC POM (Program Objective Memorandum) inputs to OPNAV.

We expect that the transition to more operationally sustainable cloud technologies enabled by virtualization, the increased use of automation in operating our network and server infrastructures, combined with continuing consolidation of networks to accelerate. This presents an opportunity for FCC to refocus resources from network operations and traditional information technology end user support to more operationally valuable aspects of operations in and through cyberspace.

Q: Vice Adm. Rogers said that the cyber components are warfighting organizations just like every other mission set within the Department of Defense. Can you give examples about some of the taskings that the cyber warriors of Fleet Cyber Command receive from U.S. Cyber Command?

A: FCC is a warfighting organization and executes its responsibilities vigorously and with this as a touchstone. FCC has a fully capable MOC established at its headquarters, as well as an associated set of combined task forces (CTFs), to execute its mission sets. While security classification prohibits the ability to be very detailed, I can speak in more general terms to FCC's mission tasking.

FCC functioned as a U.S. Cyber Command co-lead for a crisis action team and service lead for a follow-on operational planning team in response to recent contingency operations. Planning for options for the delivery of cyber effects encompassed all aspects of cyber operations. Also, FCC is currently tasked with intelligence development and operational planning for the delivery of cyber effects across all aspects of cyber operations in support of various regional COCOM (combatant commander) readiness requirements.

Q: Could you speak briefly to the functions of command and control, intelligence, fires, movement and maneuver, sustainment, and protection tested in Terminal Fury 2012?

A: FCC functioned as the service component lead for Terminal Fury 2012. Of note, the cyber fires process exercised in Terminal Fury paralleled existing kinetic fires models. Objectives to integrate operational and fires processes between FCC, as the service level component, and U.S. Cyber Command were successfully achieved. These processes included command and control, fires, maneuver and protection.

Terminal Fury is a large and comprehensive exercise that tests our capabilities and generates insights that drive further improvement. One insight we gained highlighted the value of remote support for operations. Importantly, FCC executed successfully using both resources located remotely at its fleet headquarters in [Fort Meade] Maryland and resources forward deployed into the theater of operations.

FOR MORE INFORMATION

FLTCYBERCOM/10th Fleet - www.fcc.navy.mil