Janice C. Haith became Director, Deputy Department of Navy Chief Information Officer (Navy) in April 2010, to the Deputy Chief of Naval Operations for Information Warfare. In this position, she is responsible for all CIO matters related to the U.S. Navy. This includes governance; functional area manager/portfolio management; enterprise architecture; information assurance; information management/information technology; efficiencies, and Clinger-Cohen Act Compliance.
Ms. Haith discussed the dimensions of strengthening cybersecurity to ensure mission execution within her role as DDCIO (N) in writing in mid-October.
Q: The Navy has been on a course for several years to modernize its IT networks and systems, reduce or eliminate legacy networks and increase cybersecurity. How would you evaluate efforts so far?
A: We have good success with migration of our legacy networks into the enterprise network environment — NMCI (Navy Marine Corps Intranet). Our overall in scope inventory has been reduced by 35 percent and we will have less than 25 percent to migrate post the NGEN (Next Generation Network contract) recompete in FY18. Several networks have also been exempt from this action due to the complexity of the network and the overall integration impact to the enterprise.
Q: Can you discuss the Navy’s progress in optimizing its data center infrastructure and building a cloud computing environment?
A: Our progress has been fair thus far due to the numerous challenges encountered by the team. The state of our application and system inventory has improved but not to the point where we can easily migrate to an enterprise data center or commercial hosted data center. We are starting FY17 with a new plan to not only accelerate but move more to the commercial sector and achieve our goal of 75 percent application/system hosting with commercial partners.
Q: In May you pointed out in an AFCEA-sponsored panel that as the Navy merges data centers and databases that consolidation creates its own kind of risk. Others might argue that it is easier to defend fewer networks and systems rather than many disparate systems. Is it reasonable to expect that the Navy can prevent an intrusion in either case when many cybersecurity experts say that you have to assume your system will be hacked?
A: We have learned from our previous intrusion that reducing the attack vector is important; however, it is equally important for us to have good “cyber hygiene” in all of our applications/systems to thwart the adversary.
Our cyber warriors are working 24/7 to defend our networks and are doing a good job. The adversary is very sophisticated, and we are also looking at new ways to do this without creating operational impact.
Q: The DoD CIO Terry Halvorsen recently said that he would like to make the Defense Department’s IT budget more transparent. Does the Navy have a good accounting of its IT costs? Are more IT efficiencies envisioned?
A: Navy’s accounting of IT is better than it was five years ago and is consistently improving with the ongoing audit as well as oversight, governance, and visibility of execution year spends generated by the IT procurement request. We continue to refine how we gain the appropriate level of visibility and governance and it has resulted in almost total elimination of “gray IT.”
Q: I understand that the Department of the Navy is working to update the accreditation and certification process. Is there a projected date when the new guidance will be released?
A: I cannot speak to DON actions; however, the U.S. Navy has implemented the DoD policy for certification and accreditation — the Risk Management Framework. We have delegated authorizing official authority to three of our SYSCOMs (systems commands) and security control assessors to four SYSCOMs. We are assessing risk for all Navy capabilities which generate a level of review not previously undertaken.
The U.S. Navy policy is in final coordination with the General Counsel and Director, Navy Staff. I
anticipate release by end of November 2016.
Q: Will the Navy be ready to roll out the Windows 10 operating system by the second quarter of fiscal year 2017? Will Win 10 help improve cybersecurity on the Navy’s networks?
A: Navy has already begun migration to WIN 10 for our enterprise network environment — NMCI. We anticipate 33 percent of the desktops will be WIN 10 compliant by 31 January 2017, 77 percent by 31 January 2018, and 100 percent before 30 September 2018. The program office continually seeks opportunities to accelerate the implementation for both NMCI and ONE-Net.
Yes, WIN 10 improves our overall security posture by establishing a standard baseline operating system, not just for U.S. Navy, but all DoD enterprise networks. This will reduce the overall attack surface vector.
Q: I understand that your team is trying to take advantage of Defense Secretary Ash Carter’s outreach to high-tech centers like Silicon Valley. What has your team learned about the experience?
A: This is a good effort to bridge the relationship between the public and private sector. It enables all of us to learn more about what we can do in the rapidly moving age of technology and how we can leverage commercial solutions faster in our environments.
Q: With the steps that the Navy is taking now to strengthen cybersecurity, will it be ready for the cybersecurity risks associated with the proliferation of devices in the internet of things (IoT)?
A: Yes, with a partnership among the Services and program offices, we are all embracing the IoT and how it will eventually help us streamline our business process and (unclassified) information sharing.
Q: You remarked in May at an AFCEA event that the Navy is struggling to recruit and retain cyber talent, especially when salaries aren’t competitive with industry. Can the Navy turn this paradigm around? What attracted you to pursue a career in public service? How can the Navy recruit more women into leadership positions?
A: [The] DON submitted input to the legislative community to identify opportunities to resolve the salary gap; however, this is not solely a DON issue but a U.S. government issue which needs to be addressed holistically for the good of all.
I pursued a career in public service as a means of giving back and to make a difference where I can/could for the overall constituents of the United States.
Women are continuing to move towards leadership positions across the Navy. It’s a balance between the traditional role for women and the workplace, and improvement in the past 10 years has been significant. Women are sitting in the board room and making decisions. This is evident by the first female VCNO (Vice Chief of Naval Operations Adm. Michelle Howard), and Vice Adm. Jan Tighe is one of several women who have been on the CNO’s staff in a key leadership position.