ADMIRAL JAMES WINNEFELD: All right. Well, good morning. Don’t feel so bad about the people who are stuck out there on the highway because this means I get to talk to all the smart people – (laughter) – who knew to leave early to get here on time. So this is sort of Darwinism of AFCEA, if you will – (laughter) – although don’t tell anybody I said that that walks in after I said that. (Laughter.) OK.
Anyway, great – good morning. Thank you for giving me a shot at you this morning on IT day. Many of you know, of course, as I know, that there’s a lot more to this than IT – a number of things that I have great interest in in this day and age as we move forward into a new sort of playing field, financially and in war fighting and that sort of thing, that have nothing to do with IT but have everything to do with AFCEA. But today is IT day, so I’m very delighted to be able to talk to you.
And when I accepted the invitation to talk today, I joked a bit about what a simple fighter pilot like me could say to an audience like this, one comprised of efforts who are literally designing the way we will use and leverage information technology in the future. And I’ll tell you , it’s a little intimidating being surrounded by so many smart people. So I brought a few reinforcements with me, as long as they are not stuck out there on Route 7 right now, but it includes a substantial chunk of the department’s leadership in the IT area. They’ll either be here now or during the course of the day.
And that’s General Mike Basla, the Air Force’s chief information officer; General Ronnie Hawkins, who’s out there as director of DISA; Lieutenant General Bowman, who works for me on the Joint Staff as our J6 and our CIO; Major General Brett Williams, director of operations for the United States Cyber Command; Robert Scott Jack, who’s the deputy CIO of the Marine Corps; and Robert Carey, principal deputy DOD CIO. So you’re outnumbered. We have a whole bunch of people here today who can talk to you, answer your questions and, I hope, will give you some pretty good insights into where we’re headed as an enterprise in the IT world. And there are a lot of good initiatives in the department for IT right now, and those folks have a lot to do with bringing them to life, as will many of you.
But the question I would pose to this room of professionals today is whether or not the Department of Defense’s information technology enterprise is really meeting our war fighter need, and if not, what we can do about it.
Now, I tell people that strategy is about balancing ends, ways and means. I’ve made that point during the SCMR and in testimony recently. And all three of those things are shifting under our feet as we speak, including the particular way that we call IT. We’ve learned a great deal about network warfare in the last 12 years of war. We’ve also learned a great deal about intelligence and operations, which is so heavily dependent on network warfare. Nobody does this quite like we do. Nearly everything we’ve learned over the last 12 years of counterinsurgency will actually apply in this area to future wars, no matter what kind they are, even though they are very likely to be different from the types of wars we’ve been fighting lately. And we’ll continue our innovation because of the great people we have out there working the many tough problems and great opportunities that we have, again, including a lot of the people right here in this room or who are stuck out there on Highway 7. So there’s a lot of good news in there.
But while we’ve been doing this, I can tell you the world has not stood aside and just watched. Our potential adversaries have been learning from us, including the ways we do this so that they can do network warfare themselves. They’ve been learning about ways they can disrupt our ability to do network warfare. And they’ve been of course learning about and actually executing ways to steal information about all the other technical advantages we have as a military.
And the communications and electronics industry, which is by far dominated by commercial applications, has experienced a breathtaking acceleration in what it’s providing to a voracious global consumer market. And those are things, of course, that we can and have leveraged. Indeed, unlike fighter jets and submarines and tanks, IT is one of the few things we have and do as a military that’s virtually indistinguishable from the things the civilian world does. So while we wallow along at a normal acquisition pace on the things that we don’t have in common with the commercial world, the big, bad commercial world sprints along at the speed of competition, and we in DOD have to fight very, very hard to keep up.
And we aren’t exactly fast. Let me give you a simple example from an operator’s perspective, a sea story. There I was, standing on the bridge of USS Enterprise, captain of an aircraft carrier, in the middle of an exercise in the Caribbean Sea. Now, the technology on the bridge of a carrier is pretty cool, but it doesn’t look like anything what you see in the movies. In fact, I was having a real problem with something you would think is pretty simple.
I was trying to stay away from a real live submarine that was simulating an enemy submarine. And I was really worried about that submarine. The nature of anti-submarine warfare is such that you sometimes get a contact on a sub, and then that contact fades away. So the captain of a carrier really wants to be able to draw a circle around that fleeting contact that expands automatically at the speed he thinks that submarine is moving, and of course that circle also is as big as the weapons range of that submarine. And then he wants to stay the heck out of that circle. Well, I had no system that could automatically draw that simple little circle for me on my tactical display, something we call GEEKS (ph; GCCS, Global Coomand and Control System). Raise your hand if you’ve heard of GEEKS (ph). Oh, look at all the hands. All right.
I would unapologetically say that GEEKS (ph) is slow, cumbersome, easily overloaded, time-late, and expensive, but at least it’s not responsive to operators’ changing needs. (Laughter.) It’s clunky, and in our world, clunky is bad. So I had to essentially draw this circle electronically by hand. Think of it, a $6 billion aircraft carrier with a couple of billion dollars’ worth of airplanes on it, and the best I could do is type in that submarine’s last known position by hand and drop an electronic circle on it, and every 15 minutes or so, my little poor brain would calculate how far the submarine would have moved, and I’d draw a bigger circle. So I calculated that myself, believe it or not. If I happen to get a new hit on a sub’s location, I had to start all over again.
Now, Christopher Columbus could have performed that very same exercise with an ink quill and a bottle and a piece of parchment. So I asked, hey, what would it take to put such a capability into GEEKS (ph)? The answer came back from our system: well, millions of dollars and several years with expensive testing required, and oh, by the way, we won’t get it to you until the next iteration of GEEKS (ph) comes out. Well, that’s not the way we want to do IT in the 21st century.
And I can tell other stories, such as the rules we had to bend and the ad hoc systems we had to fashion and the arm-twisting and persuasion we had to do on Roosevelt, later on, just to get a common signal used by all merchantmen, called AIS (ph), into GEEKS (ph) so we could see it. Any sailor in the same situation today would say, hey, there’s got to be an app for that, you know, something I can download and install and inexpensively run on top of a larger system, just like the apps on my smartphone. Well, there’s not, as far as I can tell, no apps, no app store, no way to layer a customization safely on top of the main system, no way for the user or the developers to take the initiative and make what we have more effective fast. Can’t do it.
But we can do better than this. We have to be more agile than this. We have to do a better job of what the commercial market is doing than this.
And to me, the key is to leverage the way the market is doing it at the speed of competition, but do so inside our own classified enclaves. We also have to get away from our dependence on proprietary software that creates, in turn, more dependencies. There’s no reason why we can’t do all of this. And many of you here today can help us do that.
The reality is that our way of war at all levels is enabled by information technology – what you do. From soldier and marine on the ground to the pilot in the sky to warfighters controlling remotely piloted aircraft from within our own borders, almost every element of our national security capability has an element of information technology at its heart.
The brains belong to our war fighters, but the nerves are the network that you create. Information technology is now a central driver of combat effectiveness. Providing our war fighters with the right IT and doing it in an agile way is just as important as providing them with the right weapons.
We know as a department that getting this right, doing this better is going to take investment – investment, even as we face a national security imperative of deficit reduction and within a political environment that has us guessing at how much money we’re going to have, when we’ll know how much money we’re going to have and what the rules are going to be when we find out.
One thing seems clear, we will have fewer means with which to achieve our national security ends, so we need to do our best to sharpen the edge on the military instrument of power in the most effective ways we can. And much of that sharpening right now is focused on IT. We emphasized the importance of information technology in the recent strategic choices and management review that we led.
In an era in which you’re doing pretty well in DOD if you’re not shrinking, where flat is the new up, IT could be the only growth industry within the current defense enterprise. IT is, of course, not only a driver of our combat effectiveness, cyberspace itself is becoming a battlefield, a means through which adversaries can attack us. We now live in a world of weaponized bits and bytes, where an entire country can be disrupted at the click of a mouse.
More than 20 nations now have military units dedicated to employing cyber in war and toxic malware continues to proliferate among militaries and hackers. The department is growing its capacity to operate in this domain. To do this, over the next four years 4,000 cyber operators will join our ranks. And we’re also investing $23 billion in cybersecurity.
At Cyber Command, three kinds of teams are going to operate around the clock for us. National mission teams are going to work to counter adversary attacks on our country in support of our civilian counterparts, the Department of Homeland Security and the FBI, who lead our nation’s response in the dot-gov and the dot-com domains.
A second and larger set of teams will support our combatant commanders as they execute our military missions around the globe. And the largest set of teams will operate and defend the networks that support our own military operations worldwide. These three teams will constitute our cyber force. And as anyone who reads the newspapers knows, we’re increasingly contending with how to prevent breaches from inside our own networks.
While we can’t stop someone from breaking the law 100 percent of the time, there are things we can do to reduce our vulnerability to insider threats. We can better scrutinize those we place in positions of trust, and we can and we are putting more oversight into place.
But the best thing we can do to defend against the most internal and external threats is to transform the very foundation of our network architecture, something that we’re calling the joint information environment, or JIE.
More or less since the invention of the telegraph, our forces have fought jointly, but have done so with each service maintaining separate networks, each with its own particular configuration and makeup.
It doesn’t take a roomful of IT professionals to tell you that makes little operational or financial sense in today’s world. So, led by Chairman Marty Dempsey, we as Joint Chiefs have taken on the notion of the joint information environment, and we’re making it real, despite a little bit of institutional resistance from time to time.
The JIE is not a panacea, but it aims to provide our war fighter and mission partners with a shared IT infrastructure and a common set of enterprise services, all under a single security architecture. It consists of networked operations centers, core data centers and a global identity management system with cloud applications and service.
JIE will allow better integration of information technologies and operations while increasing our ability to respond to security breaches across our own networks. It’ll move the military past our vision of IT as an array of business systems that function like a utility to one that treats them as core war-fighting capabilities that they are.
Our transition to JIE constitutes a new level of jointness in IT, akin to the higher levels of jointness we’ve achieved in other areas. The ultimate beneficiary of this jointness will be the commander and the forces at the tactical edge. As individuals transit in and out of a joint task force, their movement within the information environment will be virtually seamless and will allow them to operate from almost any electronic device immediately.
Our new data centers will allow these transitions to occur quickly, allowing commanders, troops and our mission partners on the ground to download their mission app at the pace of the problem and with the agility needed to support any mission, wherever in the world they might be.
Now for a joint IT environment for this – like this to flourish, we have to match centralized control with decentralized execution. The foundation, the platform, has to be unified within the department, and today it increasingly is, under the leadership of DOD’s CIO office and our own Joint Staff J6. These folks are our town mayors. They will set the rules and the standards by which the services must play, and as we have made clear, those standards have to be enforced.
Once the rules of the road are settled, the next step is to decentralize capabilities to match the needs of the war fighter at all levels of execution. In this way, we get the best of both worlds: standards that allow us to leverage our existing investment in infrastructure but also leave room for innovation at every turn. Creative and innovative technologies can be tested, accredited and deployed much more quickly.
So what will we be able to do under JIE that we couldn’t do before? Well, for one thing, we can actually email each other and all have access to the same online email directory. You might laugh that the greatest military in history can hardly email itself, but that’s true. I can’t count how many email addresses I’ve had in the last, well, however many years that email has existed. I’ve changed my work email addresses more often than I’ve changed physical addresses, and sometimes more often than I’ve changed uniforms. There’s no way like this to run a business and it’s certainly no way to run a military as interoperable as we have to be.
So the time is ripe for the JIE to standardize the common equipment and service delivery of both our corporate defense platforms and our operational battle systems. The kind of integration we’re finally achieving in email today will soon take place in other areas of IT, from how we share real-time information about our forces or allow units to work collaboratively with each other.
Ultimately, this system will allow far deeper and wider operational synchronization in areas like joint fighters and maneuver, something especially important as units at the edge increasingly rely on capabilities and effects generated at the center. By integrating, innovating and consolidating our IT systems, we’re moving away from a net-centric environment to a data-centric environment.
JIE is not just another set of lofty expectations. We’re making it operational today. As of July 31st, European command, or EUCOM, reached initial operating capability with JIE with an enterprise operation center responsible for all networks in its theater and that is connected to our global operation center at Fort Meade.
This is the first step in collapsing dozens more network command and control nodes for basis, posts, camps and stations, significantly reducing our network management overhead. We’ve never had end-to-end visibility in the enterprise like this before, or the added security that comes with it. And already experimentation within this architecture’s beginning to flourish. A year ago this was the device I used to access the secure network when I was away from my office.
Short story – didn’t work very well, many times not at all, didn’t fit in my pocket, didn’t work when I really needed it. And on most days, it was more effective I just turned it off and left it in the audience – in the office, I would say. I could leave it in the audience, though. (Laughter.) Less than a year ago, I went from that to this.
This is what we call a basic cellphone. Getting from one generation to the next to get to this thing was not easy. We have a few bugs to work out on this pilot, but we’re well on the way to general – genuine multilevel connectivity. And I have used this thing at my son’s baseball games to connect, you know, on a secure line to the national security adviser. And it’s really nice doing in on this rather than on this.
It uses commercial off-the-shelf technology and commercial cellular networks to provide voice over secure Internet profile and even SIPRNet on the go. Getting to this point required a lot of collaboration between the Defense Information Systems Agency and the National Security Agency. They had to determine which devices could be secured and which vendors and service providers were willing to make the changes necessary for the device to operate securely.
What I have now is not 100 percent solution, but it’s 100 percent better than what I had. We will continue to evolve this technology and operate it as one enterprise supported by JIE. And by increasingly being able to bring off-the-shelf commercial solutions into the classified environment, we’ll be better able to leverage the pace of innovation that all of you are setting today.
There’s yet another important element of JID – JIE that I intend to address, that I am personally addressing. And that is how we create a culture of excellence and accountability around IT. IT is now as important to the infantry platoon as its weapons. The networks on which they operate must be as ready to operate as their M-16s.
And we have well-established procedures driving how a soldier keeps a rifle operational and secure and safe and how we hold them accountable for it. But we don’t yet have the same set of practices or command attention surrounding IT. We simply have none done enough to evolve our culture as fast as our technology.
But there’s time to fix this, and we have a tremendous opportunity to shape this culture as it continues to emerge. I draw my model from my exposure to the Navy’s nuclear propulsion community, which I first encountered in the middle of my career. That this community has operated so safely is literally no accident, and here’s why they’re so good: Perhaps the most important thing is that they have a set of principles in which they really believe, things like the importance of integrity, level of knowledge, procedural compliance, forceful backup, a questioning attitude and formal communication. All of these principles apply especially well to operating cyber systems.
This community also has the best training in the world, which is very hard, and it starts inculcating their principles from day one. They use the best equipment and designs, which is where we’re headed with JIE. And they’re tough on themselves, with very rigorous major inspections and quarterly reports that sound like bureaucracy, but actually are very effective and they don’t sugarcoat bad performance. A naval reactor’s representative can show up at any time in the middle of a night on a ship in port and he has complete access, and the commanding officer of that ship owes a phone call the next morning to that representative addressing what he found wrong overnight.
And if someone makes a mistake, they admit it. That person admits it. And as long as it’s a sin of omission, not a sin of commission, they are simply retrained and thrown back into the field.
All of it sounds draconian, but it really works, and the Navy is not the only organization to have perfected these principles. There are other high-reliability organizations whose practices we can learn from as well. We have to challenge ourselves to produce a similar culture, not just in the military, but among the many contractors who support us and whose networks are being penetrated at will by our potential adversaries, at great harm to our national security.
In effect, they’re doing their R&D for them. IT is too important to our combat effectiveness to treat it with anything less than the highest ethic of professionalism that we can possibly achieve.
So back to my sea story: I suspect that 12 years later, a carrier captain is no closer to being able to automatically draw an ASW furthest-on circle than I was back in 2000. But there’s progress we can use as a model. At my desk today in the Pentagon, I can access the video feed from nearly any Predator or Reaper that’s flying around out there in the world. That’s an IT success story. That’s easy enough, but if I want to know where that thing is flying and what it’s really looking at, though, I have to look at the position data on the feed on the screen and then go over to an unclassified network and pull up an unclassified website, type in the latitude and longitude that’s on the screen from the UAV so I can see where the hell in the world that UAV is actually flying.
I don’t even think about pulling up GCCS, which I can also do on my desktop, because I probably won’t see the Predator on it, and certainly, not where it’s looking or what else is around it, like other Predators or Reapers, or U.S. ground and air forces. And if I saw it, it would probably be time-late.
So just like I had to do on the bridge of that carrier, I still have to kluge the things together that I really need; that is, until now. A little group of folks, sponsored by a certain combatant command, has worked hard to make it so that I and others like me can see all this in one place. It's really cool. You see a map – it can be Google Earth if you want – you click on the contact for where that Predator actually shows up, and up pops its video feed. And if there’s a Predator five miles away, I can click on that one and up pops its video feed. And I can move those feeds around anywhere I want on the screen. I can get Link16 information from all of the targets, all of the tracks that are on that screen, in addition to, guess what, GCCS data that’s fed into that as well.
A five-year-old startup company with a couple of dozen employees is more competitive at providing us solutions than our larger enterprise, which has been at it for over 30 years. In this world it seems to take small groups like that, with a little seed money and a lot of motivation and innovation, to come up with the kinds of things that we need. And big companies can empower small companies to do that for them. There’s no monopoly on the small company doing that.
This is happening all over the place, and in more than just IT, by the way. We just have to bring it all together and avoid a lot of redundancy. It’s the kind of innovation that we want and that I want. It’s the kind of innovation we need to keep our fighting forces relevant and powerful, and it’s the innovation that JIE is going to enable in every corner of our military, with your help.
Yes, we still build platforms the old-fashioned way, but the things that ride on them, including and especially IT, have to be super-agile. It will eventually be a matter of meeting the standard and then plugging the hardware and the software into a secure network to meet our war-fighter needs. And in the end, we all win. The war fighter is more effective, the nation is safer, and more businesses can work with DOD. Ensuring the dynamism of one of our most important competitive advantages in the world and ensuring our nation’s leading commercial sector strengthens our national security as well as our economic prosperity. May this virtuous circle spin ever faster.
So thank you all for making it here this morning. And thank you for what you’ve already offered to our national defense and for the great things that I know your innovation is going to continue to advance. I look forward to working with all of you. And thanks again for inviting me to speak to you this morning.
Thank you very much. (Applause.)