U.S. Defense Dept. Information Systems CIO Opens Up On Shared IT

John Garing
DISA Chief Information Officer and Director, Strategic Planning

The Department of Defense's Defense Information Systems Agency has always had a tall task: get all of the often competing military branches to buy into DISA as the hub of net-centric warfare and increasingly as a provider of shared IT services to the whole DoD.

These days, it's having some success, and innovative projects like a private cloud initiative and an open source repository won't hurt things. InformationWeek recently interviewed DISA CIO John Garing about DISA's role, initiatives, and topics from procurement to collaboration to cloud computing.

InformationWeek: What do you see as DISA's role today?

Garing: We provide what I'll call the heavy-lift IT work for the Department of Defense. That's the DoD's networks with major service delivery nodes that we deliver IT and telecom, too. That's heavy-lift data processing and -- although it's a bit embryonic -- behind-the-glass magic that allows us to share information. Look at Orbitz or Amazon. When you and I interact with Orbitz, there's a lot of glue that allows them to broker deals with airlines and hotels, and it's all transparent to you and me. That glue, based largely on a service-oriented architecture, is what we're moving toward.

This is going to be our cloud. It's going to provide common services so the military departments don't have to do them for themselves, so they can concentrate their hard work and investment dollars on the things that make their branches go. With the Army, for example, that's the technology for the combat teams in the tactical world. People throughout the Department of Defense will connect to this cloud and be able to consume services, just like you and I do as customers of Amazon or Orbitz.

It is a different set of processes and techniques to command and maneuver a brigade combat team that the Army owns, a Marine amphibious unit, an Air Force fighter squadron, and submarines that have nuclear weapons on them. However, the command and control systems have to be able to share information, because it's most often a joint deployment of U.S. forces for humanitarian relief, fighting a war, or anti-piracy. We provide the framework. It's been pretty much hard-wired, but command and control of the future uses browser-based Web services that ride on this enterprise infrastructure.

InformationWeek: What's your relationship like with the CIOs of the other branches?

Garing: The military services are independently funded and chartered by the Congress. There are some things in the Department that are joint, but we do not do the local bases, so whatever we do has to be in collaboration with military service CIOs. That group sets the tone for how we go after the enterprise infrastructure and the information sharing, and they are our customers.

Three-quarters of DISA's budget comes from our customers. Now you're talking about the exchange of money, which I think strengthens the partnership, and makes this evolution toward the enterprise infrastructure and doing things in the cloud more readily achievable than if we didn't have a business relationship.

John Garing
DISA Chief Information Officer and Director, Strategic Planning

InformationWeek: What are you doing to make sure you are able to carry out this mission without these other agencies going off and doing stuff on their own?

Garing: More and more the four military services are bringing things they traditionally did themselves into our data centers. I think there are probably five reasons.

The first is that the DoD network is a world-class carrier grade network, it's state of the art, and if not the best, among the best.

Second is the innovation in our engineering shop, our chief technology officer shop. We can talk about RACE [DISA's private cloud], and we can talk about Forge [an open source repository]. That innovation is drawing people into our data centers because they can take advantage of it. Just think about the capacity on demand, data processing, and storage we offer now where you can turn it on and turn it off like a utility and pay for it like a utility, and it is not buying a server for a million bucks and only using 10% of it, and then having the rest sit idle and having to depreciate that.

The third thing is financial transparency. We've made sure to make sure our costs are transparent and customers can see them and know what they're paying for, and if they don't like it, they can argue with us and negotiate.

The fourth is governance. The network infrastructure, the core that provides these 389 service delivery nodes and the interconnecting trunking, is governed by a council that looks at investments, execution, and all our network people have to go present what they're going to invest in, what they're not going to invest in, and get the military services and agencies on the council to say yes or no.

The final thing is market pressure. People coming into the department from the private will say that one thing that is lacking is market pressure, and that is to say, you're not creating in a department that's modified by P&L and where the market's going, but in my view, in the last two years or so, there has been market pressure. As the military services have to refit and modernize because of the war, they're choosing not to do things they don't have to, and building brick and mortar data centers is no longer something you want to do.

InformationWeek: One of the things I want to ask about is Forge. What does it bring to DISA and the DoD?

Garing: It's an open source development environment. If you just want to go in and collaborate as a developer or tester, we provide that environment. There are a thousand registered users today and 65 or so concurrent activities going on in that environment. This started on the Oct. 1, so this is rather good growth. The next phase is Project Forge, which is the same thing, but for a program or community of interest that doesn't want to go open source but wants to retain it in its own community.

We will do this in our own data centers, using our capacity-on-demand service. What that means is you don't have to build your own T&D lab. What do you do with a T&D lab? Well, when you're finished with it, you define another use or it goes obsolete and you have to replace it, now you don't have to do that anymore, because tech refresh is built into these capacity-on-demand contracts. The next iteration is certification Forge, or something where you can actually get your certification and accreditation. It gets the certification done for a system that's going to ride on the network.

You can just think about the almost limitless potential this brings to the department.

John Garing
DISA Chief Information Officer and Director, Strategic Planning

InformationWeek: What's your thinking about using open source, and making some of your projects open source so the rest of the government can use them?

Garing: It's a good idea. We embrace open source. There's a little wrinkle in that that you said "the rest of government" in how it's paid for, because we have to be careful not crossing appropriations. If we are funded by the Congress to do certain things, we've got to be careful not to be seen as Defense dollars subsidizing HUD or Education or whatever else, so that's something that has not been entirely worked yet, and I would hope that the new CIO and CTO in the government and OMB will take that on as one of the things that probably needs to be worked during Mr. Obama's administration.

InformationWeek:How about in terms of using more open source stuff?

Garing: Linux is one of the foundations of RACE, where we use a LAMP stack. We embrace it, we encourage it, and we think it's the wave of the future if it's not already here.

From my perspective, the collaborative nature of it actually strengthens what you get. There's a place for proprietary software, and there's a place for open source but when it's proprietary, it's a little more difficult to expose it and find its weaknesses. Open source seems to me to be more conducive to that.

The sharing -- just think of what we're doing with Forge and how that will I think free up resources throughout the department to go do development and testing without worrying about you buying licenses, everybody buying licenses, you can just go to this open source library and get what you need, I think there's a lot of benefit to it.

InformationWeek: What do you guys think about public, commercially hosted cloud computing?

Garing: As we use managed services to provide some of our service, the reaction of some of our customers is, "Oh my gosh, on the Internet." With the cyberthreat that we face, that's a challenge. I don't think we can go into a commercial cloud and do our internal processing today.

On the other hand, building everything ourselves isn't the ideal answer. I have to hope that there's a hybrid someplace that we can work. If you think about the Google cloud or the Amazon cloud or Salesforce, the very strength of the cloud is the cloud itself. If you take a piece of it, a chunk of it and put it inside our firewall, then I think you start to sub-optimize what that cloud is.

There are some things -- say maybe some social networking applications -- that we may be able to put in a commercial cloud, you go to somebody like Ning.com and you say, can we host something there that's not official stuff? You know, for retirees and families. The Army's Knowledge Online is largely like that, but I think that may be something we could do inside a commercial cloud.

InformationWeek: I did want to talk about collaboration. You've said over and over that collaboration and information sharing is one of the biggest things for you guys. What kinds of things are you doing there? Wikis, blogs, social networks, unified communications, etc.?

Garing: We hope wikis and blogs are going to be services you could get on this enterprise infrastructure. We use them internally, and they're growing exponentially.

Unified communications, that is part of what we hope will be a foundation of the enterprise infrastructure. The network is going to be everything over IP, and unified communications will be the way we do business.

This irresistible force of collaboration is driving us to use unified communications and all the Web 2.0 tools, but on the other hand, we've got to be judicious because we have to be able to operate whenever and wherever. The network is a war fighting system, it's a weapon. We have small deck ships with big pipes off them, and guys running up and down mountaintops in Afghanistan that have to face some real network limitations, so these technologies have to be there when they have to be there.

John Garing
DISA Chief Information Officer and Director, Strategic Planning

InformationWeek: You've got these high demands of security, availability, reliability, and it makes procurement an arduous process in some ways. Do you think procurement processes need to be or can be overhauled?

Garing: It's our belief that it has enough flexibility to allow the rapid and agile kinds of procurement you have to have to keep pace with technology that changes in months, not in years.

The tendency, though, is that the process owners in the larger procurement system sometimes tend to treat things that aren't battleships or carriers like they are, and the larger the program, the more certain that's going to happen. The technique is to do things in more easily achievable modules or increments, and if you do things in a collaborative environment where you put services on the network to be consumed as they are available, you can do the development, the testing, and the certification in parallel and not serially over time so that you can try to keep pace with the changing technology. It will prove to the world that you can do this much faster than anyone today recognizes.

One thing, though -- we need to handle risk commensurate with how serious it is, not assuming that everything is very, very risky. I think we just have to be a little more adept at assessing risk and treating what we're doing commensurate with the risk we're incurring and not overmanage it like we sometimes tend to do.

InformationWeek: Are there a couple information silos and technology silos that haven't been taken broken down yet that over the next few years that the infrastructure and processes you hope can be fixed?

Garing: This is me speaking now. I would like the business systems in the department to really be able to share information so that if the Army has a great way of buying bolts and a system to do it, let the Navy and the Marine Corps and the Air Force do it, too, and you expose that to the department at large. The DoD's business transformation agency is aimed just at that, and their whole purpose in life is to break down silos. We're partners with them on the back-end stuff.

Another is in the intelligence system and the ability to share information outside silos, to discover and consume, and that is as much a culture and policy as it is a technology issue. The goal then with the enterprise infrastructure is to enable that to happen, so that the systems are there and it becomes a question of policy and culture and not of systems, policy, and culture.

The president says technology can deliver more open government. InformationWeek has published an independent analysis of this topic. Download the report here (registration required).