Halvorsen ‘broke a lot of stuff’ so DoD could respond to threats with agility

Terry Halvorsen likes to say he spent the last two years as the Defense Department’s chief information officer breaking things.

Halvorsen, who left DoD at the end of February, didn’t just break things, but pushed the military to take advantage of leading edge technology today and in the future.

Halvorsen, who held a media roundtable on Feb. 16 before he left government, said DoD is making good progress on several signature initiatives, but the Pentagon still faces a big cybersecurity hurdle to overcome.

CIO
Terry Halvorsen left in February after spending two-plus years as the, CIO of the Department of Defense.

He said DoD needs to get to a risk-assessment mode for cybersecurity and move off of set processes.

“We are going to continue to push that and we are getting great cooperation from industry in how do we push that. That has to happen,” Halvorsen said during the media roundtable, excerpts of which played on Ask the CIO. “Some of the things in security have to be moved faster. We’ve got to be willing to put some things online without the traditional testing because, frankly, the risk of waiting out-weighs any of the gains you would get from some of the long-term testing plans.”

Halvorsen said there is a reason why industry already is following this model. He said it’s not just profit, but they can’t keep up with the cyber threat if they aren’t being agile.

Part of that agility Halvorsen is talking about is more use of the cloud, or as he likes to call it distributed computing.

The Defense Information Systems Agency is running the MilCloud 2.0 procurement to give military services and agencies access to commercial cloud services. DISA also recently released the draft solicitation for the Defense Enterprise Office Solutions (DEOS).

DoD says it’s a suite of collaboration and productivity software for the end user that will enable the department to move toward a distributed computing model.

Halvorsen said the draft request proposals represents one of the first times that all of the military services agreed with the statement of work.

“One of the things that we did very disciplined this time was say, ‘OK services, what can you agree that needs to be enterprise?’” Halvorsen said. “We had high level leadership playing in that to say, ‘OK, yes, I didn’t get this one thing I wanted, but I also didn’t have to accept something I didn’t want.’ This is the agreed upon set of basic services.”

Responses to the draft request for proposals are due April 1. Halvorsen said he expects industry to come back with comments that will further DoD’s planning.

“We will try to play this so we will take the best of industry,” he said. “Some people have said, ‘you are giving industry a vote in your requirements.’ No, I’m giving them a vote in how I roll out my requirements and how effectively I can procure, not acquire, procure those in a way that makes mission and financial sense. That is a huge culture change for both industry and us. That will take a lot of time to make it work, but I think we are all headed in the right direction.”

Several of the initiatives started under Halvorsen are cloud dependent or make cloud possible.

One of those is the DoD’s migration to Windows 10. He said the migration to Windows 10 is the foundation that will let DoD move to the cloud.

Halvorsen said getting to a mostly homogeneous operating system will let DoD move with the agility it needs.

“One of the reasons that industry can generally do things faster is they are generally more homogeneous than we are. That is a big win,” he said. “It lets us do more complete and automated patching. It lets us take advantage of a whole lot more commercial apps because I think the other thing Windows 10 and the cloud will empower us to do absolutely move further into the commercial space.”

The automated patching and better cybersecurity also will come from the DoD’s investment in artificial intelligence.

Halvorsen said all of the services, large Defense agencies and international partners are reviewing how AI could change the cybersecurity landscape.

“Given the volume and where I see the threat moving, it will be impossible for humans, by themselves, to keep pace. We can, and are very close to being able, to put more autonomy into the security tools, and we will get to the point, I think in the next 18 months, where AI is becoming a key factor in augmenting the human analyst in making those decisions about what you do, when do you quarantine, what parts of your network do you change structure on?” he said. “I also think that will let us get predictive, not 100 percent. But are we going to be better about predicting trends and threats so that we are ahead of the game? Yes. Are we ever going to get where everything is completely invulnerable? No. But what the AI also will be able to do is once you have an attack, AI can take the configuration of the network and change that configuration, if it’s done right, so you get the effect of water-tight doors. It will take the damaged area of the network, isolate it fast, but keep the network as a whole producing and working and doing the mission it has to do.”

Halvorsen said one of the biggest challenges holding DoD back from the benefits of agility is the data center consolidation effort. He said DoD has a new strategy, released in July, and is getting good feedback on it from the Hill.

“How do we partner with industry so when we consolidate these data centers, the full impact of what you might see if you immediately close the data center—there are lots of impacts to the workforce and to the surrounding communities—so how do we reach the savings we want while minimizing some of the impacts,” he said.

DoD will brief lawmakers on its data center consolidation plan in the coming month or two.