The U.S. Department of Defense is expected to spend an estimated $23.5 billion this year on IT -- the most of any federal agency -- according to market research firm Input.
One of the people with a say in how that money is spent is David Wennergren, deputy assistant secretary of defense for information management and technology and the deputy CIO at the Defense Department. Wennergren joined the Defense Department five months ago after spending 26 years at the Department of the Navy, where he most recently held the CIO position.
This week Wennergren spoke at an Input event in Washington, D.C., about the 10 most important IT issues on his mind, including becoming net centric, implementing security in the new age of information sharing and effective management. Here are his priorities:
1. Developing net-centric operations
The world of networking used to be like Tinker Toys, Wennergren says. “You had point-to-point solutions, and as more and more people embraced the power of information technology with point-to-point solutions, the Tinker Toys became unwieldy as you tried to grow a network where more and more people are collaborating,” he says. “There had to be a better way. And it’s plasma balls.”
Plasma balls are those psychedelic lamps that have cool glowing light inside (powered by low-density gas and an electrode), which responds when someone touches the outside. Just as there is light available to anyone who touches the plasma balls, there is knowledge available to everyone to consume in a net centric world, Wennergren explains.
“It’s all about the data. That’s what makes all of this work,” he says. “A few years ago it was all about the infrastructure, the network haves and have-nots. This generation’s story is all about the data -- how you get access to it, and how you use it.”
While the concept is easy to understand, it’s not easy to implement across a huge organization that has all branches of the military underneath it. Wennergren points to three problems that need to be addressed as net centric operations are deployed and supported across the Defense Department. “I can’t find it, if I can't find it I can’t access it, and if I can’t access it I can’t understand it,” he says.
The Defense Department’s net-centric data strategy is all about addressing those problems, he says.
“We’ve spent decades being highly decentralized organizations,” Wennergren says. It wasn’t too long ago that “70% of an organization’s knowledge was stored on C drives and wasn’t accessible to anyone else. So we have to change the culture.”
Being net centric is about how you use XML to expose data and create a common platform that everyone understands, he says. It’s also about using Web services that are accessible using common smart cards issued to Defense Department employees. The smart cards, a big initiative in the government, use Public Key Infrastructure (PKI) credentials so employees can access the Defense Department’s enterprise portal, he says.
One recent net-centric project is the efforts of the Defense Department and the Department of Veteran Affairs to jointly develop an electronic health records system that lets physicians share the medical records of veterans and active military.
2. Taking an enterprise view
A priority for Wennergren is getting the Defense Department to operate like one big enterprise, not in silos. One effort that supports this is the department’s enterprise software initiative, which began as an attempt to leverage the agency’s buying power, Wennergren says. “But it has turned into something so much more.”
Instead of creating a new contract with, say, Oracle for all Air Force users, now there is a master contract that offers better rates and is easier for both the Defense Department and the software vendor to manage, he explains.
In addition, the Defense Department and the National Security Agency have been working closely with Microsoft to be sure it has a secure version of Vista for all federal agencies. That’s a case where it’s not only about buying power, but also the ability to ensure the government is buying secure products, Wennergren says.
Within the Defense Department, Wennergren says an effort to rationalize applications and networks is part of an overall approach to look at the operations as an enterprise. The agency is executing an enterprise portal strategy to make information accessible to employees everywhere, for example.
Service-oriented architecture is one software technology that’s key to this initiative, he says. “It’s the glue you need to have to support things like federated searches and portals.”
3. Portfolio management.
The Defense Department's portfolio management efforts began with removing network elements and applications that weren’t connected.
While it’s not a very sexy subject, portfolio management is “one of our primary tools to move from the world of disparate applications and networks to the world of the Web,” Wennergren says. “It’s a way to reprioritize from the mainframe and client-server worlds to Web services.”
“It’s also a huge part of the security portfolio because the older stuff tends not to be as secure,” he says.
4. Strengthening security
Security is a big part of the job for Wennergren, who is chair of the Defense Department’s Identity Protection and Management Senior Coordinating Group, which oversees and coordinates biometric, smart card and PKI initiatives at the agency.
“Security is front and center on every CIO’s mind,” he says. “Like all organizations we have to work to stay ahead of the curve when it comes to security.”
Still, the Defense Department, along with the Department of State, is struggling to keep up. Both agencies received F grades on their latest security scorecards, which were issued in accordance with the Federal Information Security Management Act.
These days smart cards are “hugely important,” Wennergren says. “We have an active user base of 3.5 million people,” using smart cards that let users securely access Web sites and also support digital signatures so the agency can do away with paper processes.
“Passwords need to go away,” Wennergren says. With more users accessing the Defense Department’s network using smart cards, the agency has “seen a dramatic reduction in successful exploits against our network where people are cracking passwords.”
“It helps improve the security of our network -- and we can demonstrate that -- and it helps us reduce costs because we can also get rid of labor-intensive paper processes,” he says.
Biometrics is another important security initiative at the Defense Department. “We’re up to date on the latest in biometrics, which are fascinating. Not only can they verify a user, they also can track a user’s history. The ability to connect the dots is very important,” he says.
Wennergren calls security “a balancing act in a world where you’re sharing information more and more. But that implies that you have to sacrifice one to support the other. The challenge is to increase security while dramatically improving how we communicate.”
5. Mission assurance
The ability to get a mission done -- whatever the mission -- is key. After Y2K, Wennergren says he’s not sure those in IT have kept up with continuity of operation plans. A wide variety of natural and unnatural disasters can cause an organization to lose part of its network. If these plans aren’t up to date and adhered to, the group’s mission is in jeopardy. Making sure those plans are in place and are being followed is crucial, he says.
6. Recognizing the importance of the IT workforce
The workforce is not rushing out the door of the Defense Department, but some retraining may be required.
“Our surveys show people want to stay, but they grew up as COBOL programmers and now we’re asking them to be knowledge managers and Web site developers,” Wennergren says. “We all have the job of being sure our workforce is prepared for the future.”
Providing employees with the ability to seek out professional certifications is key, he says. “This is an area we weren’t very good at not too long ago. But now we’re much better.”
7. Striking innovative partnerships
Adopt before you think about buying. Buy before you think about creating.
“These are short ways of saying we don’t want government-only stuff,” Wennergren says. “As we’re moving to a Web-based world, we want to use commercial solutions, but they have to be open.”
Getting this point across to vendors will let the Defense Department and other government agencies create partnerships that work for both groups.
This idea also applies to managed services, Wennergren says. He’s a fan of performance-based contracts that measure results. “If you exceed my expectations I will reward you,” he says. It’s about holding service providers accountable for delivering what’s expected.
8. Combining communities
Wennergren says he’s looking for solutions that will help people work across organizational boundaries. This includes using and executing a strategic plan that brings common communities together.
“I cannot afford an organization that is many stove pipes all over the place,” he says.
When it comes to managing employees, Wennergren is a believer that an employee’s ability to execute on any plan comes from those in higher-up positions.
He refers to a book, Execution: The Discipline of Getting Things Done, by Larry Bossidy, Ram Charan and Charles Burck, in which the authors emphasize performance management. (See related story on Wennergren’s book recommendations.)
Some tips for better managing employees so they can better execute an organization’s plan include:
* Know your people
* Insist on realism
* Set clear goals and priorities
* Follow through
* Reward doers
* Expand people’s competency
10. Leadership change
IT leaders should be vocal proponents of the transformation within their organization,Wennergren says.
“I believe this migration to the Web, this improvement of security and shoring up privacy are important,” he says. So you believe in your IT department’s goals “you just can’t be quiet about it.”
“Celebrate your success and talk about the value propositions of change and new technology. Be voices of positive change.”
Learn more about this topicReport: AT&T wins an $11.5 million contract with DoD agency
03/05/07DOD cyber sleuths swap secrets in Florida
01/12/05U.S. agencies to develop electronic health records system