CHIPS Articles: Darren A. Sawyer Discusses the Navy Intelligence Community Enterprise Information Technology Transition

Prior to becoming a Department of the Navy Senior Executive in August 2013, Sawyer served in the defense industry as an executive consultant for enterprise architecture transformation and information technology solutions integration.

Mr. Sawyer is a retired Information Dominance Corps captain with over 26 years of service in the areas of operations, intelligence and information technology.

Mr. Sawyer responded to questions in writing in late June.

Q: Can you discuss Navy Intelligence Enterprise Information Technology strategy and its alignment to the Intelligence Community Information Technology Enterprise strategy?

A: Although we are currently crafting the Navy Intelligence Community Enterprise Information Technology transition and adoption plan, the details of this plan will show key activities that are either ongoing or have to occur in order for the Navy to transition to IC ITE. Equally important is this plan will also show clear alignment to Department of the Navy (DON) and Deputy Chief of Naval Operations for Information Dominance guidance and directives for enterprise IT efficiencies as well. The Navy intelligence IC ITE transition/adoption approach is a strategy that really speaks to guidance and directives from Navy leadership, shows alignment to Navy Information Dominance priorities, and enables the Chief of Naval Operations warfighting tenets of Warfighting First, Operate Forward and Be Ready!

The Navy IC ITE adoption strategy codifies Navy actions that must be conducted to ensure appropriate alignment to the IC ITE focus areas of a common desk top environment (DTE), joint cloud environment/commercial cloud (C2S) and government cloud (IC Cloud), an applications mall (AML), identity access and authorization (IAA) management, network requirements/engineering services (NRES) and security coordination services (SCC). These focus areas are designed to deliver on the Director of National Intelligence’s (DNI) mandate to generate greater IT efficiencies across the intelligence community, improve IC mission effectiveness, and improve the security posture of the IC computing environment.

All 17 of the agencies that make up the intelligence community acknowledge, and are pursuing, the expected value of IC ITE. All are moving out smartly crafting adoption plans or establishing enterprise services delivery models as dictated by the DNI through his Chief Information Officer, Mr. Al Turasiak.

The IC CIO has established an IC ITE governance model that focuses on delivering mature solution sets through the five major National Intelligence Agencies: the Defense Intelligence Agency (DIA); Central Intelligence Agency (CIA); National Reconnaissance Office (NRO); National Geospatial-Intelligence Agency (NGA); and National Security Agency (NSA). These five agencies have the lead for maturing IC ITE enterprise services aligned to the aforementioned focus areas.

The remaining 12 intelligence organizations of the IC are considered late or lagging adopters and are not required to start transitioning to IC ITE until fiscal year 2016.

As one of the “Agile 12” intelligence organizations of the IC, the Navy is nearing completion of drafting its IC ITE adoption plan, which is due in early FY15. Figure 1 shows the Navy draft integrated master schedule (IMS) with some of the key activities/actions that are being executed by Navy integrated planning teams. This figure also shows planned activities to include adoption pilots, rationalization initiatives, and activities designed to deliver IC ITE solutions to Navy programs of record, such as the Distributed Common Ground System-Navy (DCGS-N), Consolidated Afloat Networks and Enterprise Services (CANES) and Global Command and Control System-Maritime (GCCS-M).

The Navy IC ITE adoption strategy focuses on creating Navy intelligence enterprise IT behavior through governance, stakeholder commitment/engagement and alignment in reporting. Most believe that the Navy intelligence enterprise consists of just the Office of Naval Intelligence. In reality, the Navy intelligence enterprise consists of organizations across the Navy that range from Fleet Forces Command to a specific program office under the Program Executive Office for Command, Control, Communications, Computers and Intelligence (PEO C4I). Figure 2 shows a representative depiction of the Navy intelligence enterprise.

Consistent with the IC ITE framework and strategy, Navy IC ITE planning is initially focused on the Navy Sensitive Compartmented Information (SCI) IT fabric with the understanding that the IC ITE enterprise services will be delivered to the Secret High General Service (GENSER) and coalition domains where practical leveraging the Joint Information Environment (JIE), the Defense Intelligence Information Enterprise (DI2E) framework and enterprise cross domain services/solutions.

Navy IC ITE adoption planning consists of developing integrated planning teams who are tasked with conducting deep dives in the IC ITE focus areas to specifically identify Navy IC ITE requirements, touch points and adoption paths. These integrated planning teams consist of subject matter experts from key Navy SCI IT stakeholders which include members from the organizations listed in the bottom columns of Figure 2. Planning teams in the areas of cloud; DTE; IAA; data/mission applications modernization; information assurance; business/costs/pricing planning and networks requirements; and engineering services are all actively engaged with Navy internal stakeholders and IC partners to help build out the Navy IC adoption plan.

Imperative to the Navy IC ITE planning efforts and its ability to deliver on generating enterprise IT efficiencies, as directed by the DON CIO, DDCIO, IC CIO and DoD CIO, is a critical initiative to conduct a complete and comprehensive account of the Navy’s shore-based Sensitive Compartmented Information IT infrastructure. This initiative has been called the “Navy SCI IT As Is Analysis,” and will not only help with IC ITE adoption planning, but also drive improvements in the Navy’s SCI Federal Information Security Management Act reporting and IC CIO annual reporting.

The Navy SCI IT As Is analysis will enable the Naval Intelligence (NAVINTEL) IC ITE planning leadership to make informed decisions for data, applications, networks, and computing infrastructure rationalization. Applying defense industry and commercial best practices for rationalizing architecture transformation to cloud-based computing, a service-oriented architecture and a data-centric architecture is tantamount to being able to effectively generate efficiencies for consolidating/collapsing enterprise IT redundancies, modernizing or reengineering mission critical legacy data and systems, realigning or re-hosting capabilities at the enterprise level and/or completely eliminating systems, data or networks that no longer offer value to the overall mission of the Navy and intelligence community.

Currently, we are approximately 70 percent complete with our Navy SCI IT As Is Analysis and have already identified clear opportunities for greater efficiencies for enterprise IT services. Currently, the Navy has approximately 54 SCI IT domains with associated infrastructure that are in most cases independently operated and maintained. Figure 3 captures at a high level the current state of affairs and the future “to be” NAVINTEL SCI IT environment. The Navy SCI IT environment of the future will consist of a fully integrated and interoperable computing fabric that enables seamless information sharing across the Navy and IC — afloat and ashore.

One final area to highlight is the area of data. As communicated in the IC ITE strategy and architectural framework, data is an IC asset and must be securely shared with all who have the authority and access to do so. Leveraging cloud technologies, IC data should be delivered as a service to the fullest extent possible.

Most, if not all, have acknowledged that we are no longer operating in a net-centric environment. We are now, and for the foreseeable future, operating in a data-centric environment. Navy IC ITE adoption planning will focus its energies on maritime intelligence data, with particular interest on securing data, ensuring that data is broadly accessible via IC ITE data services, but also seamlessly accessible through afloat, ashore and aloft computing infrastructures across IC ITE, JIE and DI2E frameworks.

Modernizing legacy data stores is a significant undertaking; the planning teams will leverage the successes of not only industry partners, but also our intelligence community partners who have delivered on modernizing legacy classified data stores and have properly tagged the data that enables greater data access controls in an open, service-oriented computing environment.

Q: Can you talk about how naval intelligence can benefit from the Intelligence Community Information Technology Enterprise (IC ITE) enterprise services plan? Are there any pilots, and if so, have you seen tangible touch points for the naval intelligence advantage?

A: After two-and-a-half years of architecture and governance planning, the IC ITE’s shared services model is finally coming to life. Each of the large intelligence agencies (DIA, CIA, NGA, NSA and NRO) are charged with specific responsibilities of an enterprise service provider for the entire intelligence community. Although some initial capabilities and services were delivered as pilots over the past 18 months, the IC CIO is communicating that the IC is now at a point where the services are being scaled to allow the entire IC to begin transitioning its entire mission processes to the new platform — mandated transitions for the entire IC are not [scheduled] until FY16.

In the cloud computing focus area of IC ITE, a government-developed cloud computing service the National Security Agency has been creating for IC ITE is now up and running. This particular capability allows IC agencies to take a broad array of data, collected by various agencies, into a common computing environment that each of them will be able to access, using one set of search tools.

Part of the improving security objective of IC ITE is to build in data-tagging mechanisms such that data access controls are foundational under the identity authentication and authorization focus area of IC ITE — so that each piece of data, information and intelligence is only accessible by those who are legitimately authorized to do so. A commercial cloud solution was also stood up for this area. As tasked by the Director of National Intelligence, the CIA turned to Amazon to build a private cloud-based on Amazon's cloud services delivery model. Over the next few months, the CIA and NSA will integrate their separate clouds into a single construct the IC calls the "IC Cloud."

This is just one example of an enterprise service or capability under IC ITE. At full operational capability (FOC), projected for FY16, a multitude of shared enterprise services will be available to the entire community. At FOC, security services, enterprise service desk services, enterprise software licensing, cloud-based applications, data services and unified communications services will be broadly used across the IC. The DNI expects the entire IC to be IC ITE compliant by FY18.

Q: How does IC ITE fit in with the Defense Department’s implementation of the Joint Information Environment? Will the IC take advantage of both of these shared services? Will the infrastructures overlap? Are the standards the same?

A: DoD's JIE and the IC ITE both started at about the same time, and for similar reasons. The initiatives are both broad efforts to consolidate IT, improve security, improve information-sharing and achieve cost savings and efficiencies [by] eliminating or consolidating legacy, stovepiped and needlessly expensive IT infrastructures.

JIE and IC ITE are executing in parallel, but along different paths. Both initiatives have similar focus areas, often referred to as “big rocks.” JIE’s big rocks include: data center consolidation; network normalization; enterprise services; identity and access management; and single security architecture. IC ITE big rocks include the aforementioned JIE big rocks, but also common desk top environment (enterprise service); joint cloud environment (data center consolidation to cloud-based data centers); an applications mall (enterprise service); identity authentication and authorization management (IdAM); network requirements and engineering services (network normalization); and security coordination services (single security architecture).

It is important to note that although these two initiatives are executed under different approaches, JIE is focused on the SIPRNET and below domains, while IC ITE is focused on the Sensitive Compartmented Intelligence domain; they are pursuing interoperability under the auspices of the Defense Intelligence Information Environment – DI2E.

In order to ensure seamless interoperability and information sharing between JIE and IC ITE, the DI2E Council was tasked with establishing JIE and IC ITE interoperability standards across 10 key areas. These areas include domain naming services (DNS); cross domain services (CDS); identity managemen; collaboration; visualization tools; positioning, navigation, and timing (PNT) synchronization; content discovery and retrieval; service directory; and cyber security.

Figure 4 provides a high level view of how the DI2E fits into the larger integration and interoperability discussion for JIE and IC ITE information sharing. As shown, in Figure 4, the DI2E has developed a number of frameworks leveraging DoD architecture design standards: the Joint Architecture Requirements Model (JARM), which is depicted in the graphic behind the bridge; a DoD Architecture Framework (DoDAF) Operational View (OV-1), at the bottom of the bridge, and the 10 key focus areas that will serve as the enablers for sharing information through operationalizing the architecture frameworks against the DCGS family of systems (FoS).

IC ITE and JIE will standardize on these 10 key areas of enterprise interoperability and optimize information sharing across the SCI, GENSER and coalition operating environments. The DI2E guiding principles, shown in Figure 5 highlight key paths for success.

Q: Does the Distributed Common Ground System-Navy (DCGS-N) fit into the larger IC ITE enterprise services plan? I know each of the services has its own version of DCGS — will they all fall under the JIE as well?

A: The DCGS family of systems are key enablers for delivering IC ITE services and capabilities at the operational level of war and down to the tactical edge — afloat and ashore.

In November 2013, the Defense Intelligence Information Enterprise was tasked to serve as the bridge between the Joint Information Environment and IC ITE. In so doing, the DI2E Council is applying DI2E integration processes across key interoperability areas to ensure the DCGS family of systems are able to leverage the services, security and mission effectiveness offered by both IC ITE and JIE. The DI2E Council and Under Secretary for Intelligence (USD(I)) are laying the framework to align the DCGS family of systems along a structured path of incremental capabilities consistent not only with the acquisition principles for a major program of record but also consistent with delivering warfighter capabilities aligned with validated requirements.

DCGS-N Increment 2 will leverage the Navy’s Consolidated Afloat Networks and Enterprise Services, the DoD Joint Information Environment, and IC ITE hardware and software infrastructures, including the DCGS integration backbone (DIB). JIE and IC ITE will deliver integrated solutions in accordance with current DI2E interoperability standards while taking full advantage of cloud-based technologies.

Under the auspices of the PEO-C4I, the DCGS-N program office has developed a DCGS-N Increment 2 delivery path that takes full advantage of the maturing DI2E applications store, IC ITE applications mall, cloud storage and cloud data services and Navy tactical cloud capabilities to enable afloat cloud computing.

The DI2E Council is charged with ensuring the DCGS family of systems executes a distinct strategy that delivers clearly defined increments of capability in a manner consistent with the DI2E guiding principles and supportive of the bridging mandates for DI2E against the 10 major focus areas (mentioned above) of interoperability between JIE and IC ITE.

Q: The IC ITE objectives are: secure collaboration, data discovery and organization and data transformation. Can you explain what these objectives will mean to community members?

A: One of the key mission enabling goals of IC ITE is to provide seamless enterprise solutions for trusted collaboration — people-to-people, people-to-data and data-to-data — delivering user experiences that enhance mission success while ensuring protection of intelligence assets and information. Data has been declared an intelligence community asset that must be made broadly available but in a secure manner. Those who need access to critical information must be able to get it —regardless of technical or organizational boundaries. Access, discovery and exploitation of intelligence information must be improved. At the same time, analytic and collection communities must trust that their intelligence assets and information are protected against compromise.

The new IC IT Enterprise will provide intelligence customers and stakeholders access to information required to make informed decisions. Cloud computing solutions, such as cloud data services and cloud- based widgets (applications) aside, one of the key IC ITE solutions that will enable greater collaboration is the IC ITE desk top environment. DTE users will have an enhanced user experience, a secure phone number for life, more robust e-mail connectivity across the IC agencies, access to a full suite of applications not previously accessible, streaming video to their desktops, satellite radio to their Voice-Over-Internet Protocol (VOIP) phones, document management, collaboration tools, and access to data, applications and products independent of the end device used.

Q: Will foreign allies be able to use IC ITE services?

A: Yes — where it makes sense and where practical. Working closely with DI2E and JIE, IC ITE will deliver data services to mission partner networks through enterprise cross domain services. The nature of our strategic, operational and tactical engagements relies heavily on strong partnerships with our allies and coalition nations. We have standing partnerships where information sharing computing infrastructure already exists and is used regularly for collaboration, intelligence sharing and operations synchronization.

On the other hand, there are other operating environments whereby we stand up ad hoc partnership computing environments. A great example of this was demonstrated during Operation Enduring Freedom in Afghanistan where we activated the Afghan Mission Network (AMN) in order to improve warfighting information sharing and collaboration with our coalition partners. In this construct, we extended or adjusted processes, procedures, tools and computing infrastructure for the operating environment. I see the same happening, when needed, for future coalition operations.

However, I see some of the enterprise IT transformations under IC ITE and JIE introducing a greater degree of agility, flexibility and responsiveness to delivering enterprise IT services to a coalition operating environment. For our standing partnerships, processs and procedures already exist to sharing information, and we see the efficacy of IC ITE as a key enabler for more robust collaboration and information sharing. Considering the desired end state for our data tagging strategies, we should see significant improvements in information sharing with our mission partners –— allies — through cross domain solutions delivered at the enterprise levels under both JIE and IC ITE.

Q: Can you describe what the end state will be when IC ITE is fully operational?

A: IC ITE is the community business model devised to enable greater mission capability (IC integration, information sharing, and information safeguarding) and to improve the risk posture in the face of significantly reduced operating budgets through a common community service provider. The IC ITE approach is modeled after public cloud models prevalent in the private sector today. In order for the IC to fully realize the potential that IC ITE offers, every member, work element and organization has to fully adopt and embrace the capabilities provided by the IC ITE architecture.

The primary objective of IC ITE is to enable and improve intelligence integration across the IC while reducing costs. The IC will provide a modern, adaptable IT infrastructure environment, while simultaneously improving the protection of IC data and reducing the overall expenditure of IC resources on information technology infrastructure and support costs. IC ITE is intended to remove barriers for the IC mission and business users in performing their jobs across organizational and mission boundaries.

IC ITE has four major goals, these include:

Goal 1: Fortify the Foundation

• Define, develop, implement and sustain a single, standards-based, interoperable, secure and survivable IC IT Enterprise architecture that accomplishes mission objectives, and yet substantially increases efficiencies and safeguards across the enterprise, encompassing all security domains.

Goal 2: Deliver User-Focused Capabilities

• Provide seamless, secure enterprise solutions for trusted collaboration — people-to-people, people-to-data and data-to-data — delivering user experiences that enhance mission success while ensuring protection of intelligence assets and information.

Goal 3: Operate as an IC Enterprise

• Adopt an operating model that employs standards, common business practices, commodity IT, and joint community teams to deliver and sustain common enterprise services and capabilities across the IC.

Goal 4: Establish Effective Governance and Oversight

• Define and implement transparent IT governance and oversight processes that are driven by data.

Goal 5: Forge Strategic Partnerships

• Enhance trusted partnerships to better leverage innovative capabilities and integrate intelligence missions.

It is expected that the above goals will be achieved and in so doing will enable a number of key successes for the intelligence community:

• Increases in IC mission agility, making it easier and faster to integrate new mission capabilities into operations through common standards and components.
• Increases the IC’s capacity and ability to surge and support unforeseen mission requirements through virtualization/Infrastructure as a Service (IaaS).
• Enhances in discovery, access and secure information sharing through a common framework.
• Creation of a more defendable IT infrastructure.
• More efficient and secure IT operations across IC agencies by reducing the IT environment’s complexity.
• A strategic platform for innovation.

Q: Many experts say that the cybersecurity budget will continue to rise due to increasing threats, yet the DoD budget is dropping. How will naval intelligence address this challenge?

A: This is a really tough area to talk to because there is an overwhelming disconnect between what needs to be done today, what we are programming for and what are our real future requirements. Although the Navy recently experienced a “cyber awakening,” that awakening really only opened up our eyes to acknowledging the significant amount of work that must be undertaken to really deliver on cyber security.

The challenge of increasing cybersecurity requirements, increasing cyber threats and decreasing IT budgets is not just a Navy intelligence challenge — this challenge spans across the intelligence community, Department of Defense and the Department of the Navy.

We all are becoming increasingly aware of the disconnect between, and operational impacts of, raising the bar for data, network and information systems security while reducing IT budgets. Senior leadership at all levels recognizes the need to rethink this and restructure IT resourcing toward achieving greater effects in the cybersecurity domain. The efficiencies, cost savings, focus of JIE and IC ITE is shifting to more of a focus on security — the true costs of achieving enterprise level security are still being captured but it is my belief that current estimates do not accurately reflect the real costs of securing the computing environment across all security domains.

Cyber security capabilities are extremely important, but we cannot just invest in tools because the manpower and training piece of the equation warrants equal attention. In most cases, the manpower and training areas are afterthoughts of introducing new technologies; however, they are imperative to operationalizing technologies and generating desired effects.

The Navy is currently aggressively working cyber capabilities risk assessments in order to more effectively program cyber investments such that we enhance warfighting capability and improve network and cyber security.