Originally Broadcast July 21, 2007
Welcome to The Business of Government Hour, a conversation about management with a government executive who is changing the way government does business. The Business of Government Hour is produced by The IBM Center for The Business of Government, which was created in 1998 to encourage discussion and research into new approaches to improving government effectiveness.
You can find out more about the Center by visiting us on the web at businessofgovernment.org.
And now, The Business of Government Hour.
Mr. Morales: Good morning. I'm Albert Morales, your host, and managing partner of The IBM Center for The Business of Government.
The Department of Defense is transforming to become a netcentric force. This transformation hinges on the recognition that information is one of its greatest sources of power. Information is a strategic component of situational awareness which enables decisionmakers at all levels to make better decisions faster and act sooner.
Transforming to a networkcentric force requires fundamental change in processes, policy, and culture. Changing these areas will provide the necessary speed, accuracy, and quality of decisionmaking critical to future success.
With us this morning to discuss this critical transformation and the role of IT is our special guest, David Wennergren, Deputy Assistant Secretary of Defense for Information, Management, Technology, and Deputy CIO.
Good morning, Dave.
Mr. Wennergren: Good morning, Al. It's great to be here with you.
Mr. Morales: Also joining us in our conversation is Linda Marshall, partner in IBM's defense industry practice.
Good morning, Linda.
Ms. Marshall: Good morning, Al.
Mr. Morales: Dave, perhaps you could begin by describing the mission of your office and how it supports the overall mission of the Department of Defense.
Mr. Wennergren: Absolutely. So the Department of Defense Chief Information Officer is responsible for all of the information management and information technology initiatives across the entire Department of Defense -- Army, Navy, Air Force, Marine Corps, defense agencies, a rather broad set of responsibilities. Three and a half million people deployed in rather austere conditions around the world, millions of computers, thousands and thousands of systems, hundreds of networks, about $30 billion a year IT budget. Probably about 170,000 of those 3-1/2 million people as IT professionals working in the organization.
And it's kind of fascinating to watch what's been going on, because for decades the Department of Defense, like all large organizations, has functioned very effectively as a very decentralized organization: lots of chains of commands with the thought about local organizations develop local solutions to meet local needs. But the Internet Age happened, and so now we're in a world where it makes much more sense to band together to develop enterprisewide solutions. So as the CIO team, you're in a sense responsible for charting the course, to do what we call our transformation to networkcentric operations. It's the idea about together, we could share knowledge instantaneously around the world to be more effective in our role as the national defense for our nation.
Ms. Marshall: Dave, could you please describe your specific responsibilities and duties as the Deputy Assistant Secretary of Defense for Information, Management, and Technology, and as the Deputy CIO?
Mr. Wennergren: Yeah, it's rather a long job title, isn't it? So I work for John Grimes, who is the Assistant Secretary of Defense and the Department of Defense CIO, and I'm his deputy. So my team is responsible for the CIO portfolio. John is responsible for all of the command and control and communication systems for the Department of Defense, in addition to having the responsibilities of the Chief Information Officer. So my team, and my job as the Deputy CIO, is to take care of the CIO portfolio for DOD.
Ms. Marshall: So regarding those duties and responsibilities that you have, what are the top three challenges that you face in your position, and how have you addressed these challenges?
Mr. Wennergren: Well, front and center I think on everybody's plate is this idea about information sharing; that is, the world moved away from a world of decentralized organizations, local people making local solutions for local needs. There wasn't a lot of knowledge sharing going on. But the power of netcentricity is that the right person can get the right information wherever they are. So if you're a Naval Reservist stationed with Marines in Fallujah and you need to reach back to get to an Army system to get the knowledge that you need, you'll be able to do it in a networkcentric world.
Second, and probably front and center on everybody's plate, too, no matter whether you work in government or in industry, is the information security portfolio. The threats and attacks on our networks grow by the day, and people's privacies are in jeopardy, and information that the nation needs to defend itself is at risk. And so all of us are spending a lot of time focusing on security of our network and information assurance. And what it means to take care about information security changes as again you move away from a world of local networks where security tended to focus on defending the perimeter of your local network, to a world where everything's available on the web. And so now it's about sustainability and survivability of the internet, and the global networks, and being about to find the knowledge you need, when you need it to get your job done.
And third, and a little bit more challenging because it's a little bit more esoteric, is this idea about enterprise alignment. The very big organizations in this Information Age have to learn to work together. And so there's a lot of success stories, but there still are a lot of changes that have to be worked through as we learn to work together as a single DOD team across all of the services, and with our allies and coalition partners, with the rest of the federal government, with industry and with academia. So as you adopt to enterprisewide solutions that will service everyone, you have to behave like an enterprise, you have to be willing to use somebody else' solution, to take the test results of another organization, to use a system developed by another organization, and that gets into a lot of cultural chain stuff.
Mr. Morales: Absolutely. Now Dave, you've been in the information technology business within government for some time now. Could you describe for our listeners your career path, and how did you get started?
Mr. Wennergren: I probably have a non-traditional path for a CIO kind of guy, because I didn't grow up as an IT professional. I came to work for the Department of the Navy as a civilian employee directly out of college, and had a number of different jobs. At one point in my career, I did the public-private competitions of the OMB A-76 program. I did the base closure rounds of the '90s for the Navy. I was involved after the base closure rounds with installation, management, and logistics work, where one of my jobs was to go and reorganize the bases that didn't close.
Some people say that's like running from one program of hate and discontent to another, but I am a hopeless optimist, so I like to think that they're all programs that help people deal with change. And so I think I ended up then as the Deputy CIO because I had had a career of dealing with large-scale change management issues. And I became the Deputy CIO in 1998, so it was at the time when everybody was getting pumped up about Y2K. And I was the Deputy CIO for the Navy for about four years, and then became the CIO for the Department of the Navy for four years. And then six months ago, after 26 years, I left the Department of the Navy and came to work in the Office of the Secretary of Defense as the Deputy CIO for DOD.
Mr. Morales: So you've obviously had a broad set of experiences, both on the technology side and on the business side. So I'm curious, how have these experiences prepared you for your current leadership role, and how have they informed your management approach and your current leadership style?
Mr. Wennergren: Well, the good news, I guess, is that in assessing the world from my Department of Defense perch, we're working on the right side of stuff in the Department of the Navy. Our priorities then are still my priorities now, and I think I learned a lot. In the Department of the Navy, there are two services: the United States Navy and the United States Marine Corps, so there were a number of cultural change management issues in getting those organizations to work together, of which I was a big proponent, and so now I'm getting to put my money where my mouth was, because now I'm going to help the Navy and the Marine Corps and the Army and the Air Force all work together.
In a large organization that's very decentralized, as ours is, there becomes great power in the idea of team, and so a lot of the work that I've done over the course of my career is to help organizations function as effective teams. And I think that the IT workers, probably before anybody else recognized that every problem that they faced crossed traditional organizational boundaries, and so the only way to be successful is to get the right sets of people from the right sets of disciplines to work together, and even if they had disparate views to begin with, could become engaged in a common solution to get to the future.
And so oftentimes, you have to use a lot of tools -- you beg, plead, borrow, cajole -- whatever it takes to get people to begin to function outside of the comfort zone that they had to become part of a new team. The other thing I guess I would notice that having worked in the Navy for a long time for some really great leaders, is that it's really apparent to me that there is a covenant relationship, that leadership really is a covenant responsibility between you and the organization. You're here to serve the organization and the people of the organization.
When you realize that, then you understand the obligation that a manager has to create the environment where people are supported, encouraged, and challenged. And so if you get the right people in the right jobs, then great things can happen.
And that's really what being a CIO team is all about, I think.
Mr. Morales: Excellent.
What is the DOD's netcentric vision? We will ask David Wennergren, Deputy Assistant Secretary of Defense for Information, Management, and Technology, and Deputy CIO, to share with us when the conversation about management continues on The Business of Government Hour.
Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with David Wennergren, Deputy Assistant Secretary of Defense for Information, Management, and Technology, and Deputy CIO.
Also joining us in our conversation is Linda Marshall, partner in IBM's defense industry practice.
David, DoD is transforming from platformcentric to networkcentric operations. And the CIO is providing key leadership to meet this netcentric vision. Could you elaborate on DoD's netcentric vision? What are the goals of netcentric operations that are driving this transformation, and how does the recent acquisition of netcentric enterprise services fit into this overall construct?
Mr. Wennergren: Sure, absolutely. Netcentric operations, or netcentricity, is the buzzword de jure for the Department of Defense, and sometimes I think for people, it can sound a little bit jargony. I'm a relatively simple-minded guy. I like to tell the story about tinkertoys and plasma balls, because I think it gets to the heart of the matter.
In the old days, people developed point-to-point solutions, communications systems and networks, and it was much like building with tinkertoys. And I'd build one and then I'd have to connect to you, and Linda would have one and I'd connect to her, and you can begin to see that as you grow and grow in terms of nodes on the network, that interconnections become unwieldy. And so much like a tinkertoy tower that's been built too tall, it begins to crumble.
The idea of netcentricity is much more like the plasma balls that we've all seen, where energy -- or in this case, knowledge -- is in the center of the plasma ball, and wherever I touch the outside of the globe, the energy gets to me. So no matter where I am in the organization, I can plug into the global information grid, which is basically our network and data structure, and get the knowledge that I need. It's really all about the flow of knowledge and enhancing the flow of knowledge across the organization.
There was a Gartner statistic from a few years ago about how, in any large organization, public or private, about 70 percent of the knowledge of that organization lived on people's hard drives, which of course mean it wasn't really actually knowledge that you could share.
So this netcentric idea is really all about the flow of data, sharing of knowledge, and once again, knowledge management being a relatively new discipline, it begins to take on this academic aura of tacit knowledge capture and a lot of other jargons, and so we can actually simply that too, if you want. Because I'm a firm believer in the John Wayne School of Knowledge management theorem. There's a great movie clip where John Wayne's a Marine sergeant, he's talking to the young Marine and he says, "Son, life is tough. It's tougher if you're stupid."
And if you think about it, that's what knowledge management's all about. It's about the power that happens when people that work together learn together, it's what happens in the ward room or in the chief's mess on a ship when people who deploy together train together, that together we can be much smarter, much more agile, much more creative than we might be individually.
So netcentricity is really about making that happen. So it's not the sexiest thing around, but it really is all about the data. Making data visible, because the three problems I often face is I can't find it. And if I can find it, I can't access it. And if I can access it, I can't understand it. So working on those three sets of things are sort of crucial.
And you mentioned netcentric enterprise services, which is a series of core enterprise services. If you move to a netcentric world, there are some things that need to be provided by the corporation or the enterprise for the benefit of everybody, and that's what the NCES program is all about. There's no need for people to buy separate collaboration tools, federated search and discovery. We could have global directory services, we could have an enterprise portal. And so all these things that will be provided by the enterprise for the rest of the organization are what comprise the NCES program.
Mr. Morales: Now, this is likely related, but you've been quoted as saying that the world is not about separate networks. Could you elaborate a little more on what you meant by this statement?
Mr. Wennergren: That was probably a little bit more philosophical than practical, because it clearly does involve different networks now, but I think it is that idea about what does the word "enterprise" mean to you? Because different components of the Department of Defense are very big. In my Navy life, the Naval Sea Systems Command is a $30 billion a year organization. If I yank them out of the Navy and put them in the Fortune 100, they'd be way up the list. But if they're only building things that work for the Naval Sea Systems Command and the people that buy and maintain ships, they're missing the point, because the Naval Air Systems Command buys and maintains airplanes, and they're part of a broader Navy-Marine Corps team, they're part of a broader DoD team. They're part of a team with our allies and coalition partners, and on and on the list goes.
And so you have to have your mind firmly focused on -- you may be part of an individual organization, but you better be buying and building for the broader team. As a classic example, when a aircraft carrier leaves San Diego on its way to the Persian Gulf, it's got equipment and training to go do the job of being part of a carrier strike group. But halfway through the journey, they're diverted to do humanitarian relief because of a tsunami. Completely different partners, non-governmental organizations, different types of collaboration tools -- what we would call the unanticipated users. If you're not thinking about how to be connected to the rest of the world, you won't be able to be part of the network solution.
Ms. Marshall: What is the Department of Defense's data and information strategy for delivering timely, relevant, critical information to the warfighter in this new digital era, and how does this strategy seek to make data identifiable, accessible, and understandable throughout the entire enterprise?
Mr. Wennergren: It's a really exciting thing that's going on. We have a lot of folks that are working on this. Mike Krieger is one of my directors, and he's just been a true champion for change in this space. We have a netcentric data strategy, and then the corresponding directors and guides that tell you how to do it, and it focuses on what we were just talking about, about if you could make data visible, accessible and understandable, then you could share knowledge quickly.
And the way that it gets manifested is in what we call Communities of Interest, COIs. Communities of Interest are formed when people from different organizations that have a common problem or common issue get together to create a solution. There are lots of great examples of COIs. The one I thought I'd talk with you about for a moment is maritime domain awareness. So what kind of commercial vessels are out at sea? What are their crews, what are their cargos?
Interestingly, that kind of knowledge exists in databases that of course in the old days were stovepiped and owned by different organizations. So Community of Interest forums involves the Navy, the intelligence community, the Coast Guard, Department of Homeland Security, Department of Transportation. And in a matter of months and a few hundred thousand dollars, instead of what we would have done in the past, when we had a penchant for saying, I've got existing legacy systems, they're not quite fitting the bill, so let's go buy the multi-gazillion dollar new system that takes year to deploy. So instead of doing that, they got together, they found the data, they used the commercial state of the art technologies like XML to make the data available to be served up, and in a few short months, everybody is able to see this information.
So whether you are the captain of the Coast Guard cutter or the Navy vessel, you're able to see the information that you need on the commercial vessels. It's fabulous and it happens really fast, and there's lots of these COIs going on. There are COIs about blue force tracking, keeping track in the battlefield of all the people that are on your team, strike missions, which are all about planning targeting but use the basic issues of what, when, and where that are equally applicable whether or not you're planning a Tomahawk missile strike or you're trying to do disaster relief at FEMA, and the list goes on and on and on.
And it's a wonderful thing because it brings together people quickly to find the solution and deliver results in a few short months. I'm just so excited about it, because it's changing the way we do business. It's much like the model of weather. Everybody contributes local weather data because they'd like to know what weather is like in the rest of the world. So everybody's publisher serves up the stuff that they have for the benefit of being able to use the information that the others have too.
Mr. Morales: So it's really about a collaboration. That's sort of the key component to all this.
Mr. Wennergren: Yeah, absolutely. You know, we focus on the technical side of it at this point, but there are other aspects there, too. And so the technology exists to make data strategies happen, but there are other parts of it, too, because of course, there are process changes and policy changes and educational opportunities. So hand in hand with our netcentric data strategy, we have an information sharing strategy, and now we're working on the corresponding implementation plan that actually lays out the other kinds of changes that need to take place in order to break down the impediments to sharing of the paths.
Ms. Marshall: So Dave, what role does service-oriented architecture play in making your data strategy, as well as your overall netcentric vision, a reality?
Mr. Wennergren: Yeah, SOA is at the heart of the matter. There's a fascinating philosophical change that's going on right now. For years, we've had this systems view of the world. It's the way programs are designed, it's the way architectures are built, but the world really is now all about services, and this idea that you could develop a service and serve it up, I could do it as a self-service transaction. I could be standing, waiting for the bus, go to the enterprise portal from my little wireless device, and do a transaction because it's service-oriented, rather than standalone monolithic systems of the past. And so the document that we'll be publishing is called our netcentric services strategy, and it's the companion document to the data strategy that tells how SOA will be used to make this vision a reality.
Mr. Morales: David, how do you balance the need to procure best-of-breed technology with the security of DoD's information technology infrastructure? So for example, how do you deal with the reality that almost all commercial off the shelf software has at least some components of it that were developed in other countries?
Mr. Wennergren: Yes. I would say that the top two issues for me are information sharing on the one hand and information security on the other. And the challenge that we have is people often refer to them as a balancing act. How do you balance information sharing and information security, which is not the analogy that I like, because I think it pits one against the other. And it implies that advances in information security come at the expense of the ability to share, which are of course the simplest kinds of information security solutions.
And so one thing that's happening is the information security professional is viewed as the knucklehead that just wants to shut down access. The information sharing zealot is viewed as the crazy person that doesn't understand that it's a dangerous world out there and they shouldn't just be opening the door. And so it really has to be something that we focus on together, and so using a nautical analogy about the high tide rises all boats, we need to be extremely successful at both information sharing and information security.
And if you think about it that way, then you will choose for a different set of information security solutions, because the easy information security solutions are always about isolation, right? The more I wall myself away, the less bad things can get in, but of course, the less collaboration can go out. And so this idea about we must be extremely successful about sharing and security, that's what's driving the set of security solutions and secure collaboration solutions that we're looking at now.
It is a challenging time. Globalization happened, and things are built around the world, and so it is really important that people understand what they're buying and what they're using it for, and the pedigrees and the security of the different solutions, and one size never fits all. What's important for speed in an unclassified environment might be different than what's needed in a highly classified environment. So software assurance, what's made where, and the pedigree of it and the security of it are all things that people need to take into consideration, but there is a continuum about using this kind of technology for this sort of answer, different kind of technology for a more secure solution.
Mr. Morales: So let me expand on this theme, if you will. You've called for innovative partnerships with industry. Could you elaborate on what kinds of partnerships you are currently developing to improve operations or outcomes, and in what areas would you like to enhance or expand this public-private collaboration?
Mr. Wennergren: Absolutely. Gone are the days where people can go their own way. The government shouldn't be in the business of building their own stuff. There are wonderful commercial solutions that are out there, and government needs to leverage those. Gone also have to be the days where the government person built this really detailed spec and threw over the transom and expected a vendor to just deliver on it. It would seem to me in this information world that it's the height of arrogance to imagine that you as the government person trying to get a solution know all the answers.
And so what I'm a big fan of is performance-based contracting and managed service, and this idea that my relationship with industry ought to be one about a strategic partnership, where I talk about the results that I need to obtain and I talk about the service levels that I expect, and perhaps I have some kind of fixed price contract vehicle with incentive payments so that if you can exceed my expectations, you'll be rewarded for your innovation and performance, and then all of the great minds at your company are able to be brought to bear.
In my Navy life, when we did the Navy/Marine Corps Intranet, which was a large seed management contract, it was done as a performance based contract, we didn't tell the winning contractor that he had to buy Dell computers and use Windows 2000. We told him about latency and refresh rates and security and customer satisfaction, and then gave the company the freedom to pick the right products to deliver it for our behalf, and that's the future. You can't do this alone, and you need to leverage the fact that industry has this huge set of great brains that can help you find the path to the future together.
Mr. Morales: Great.
What about the DoD's IT innovation? We'll ask David Wennergren, Deputy Assistant Secretary of Defense for Information, Management and Technology, and Deputy CIO, to share with us when the conversation about management continues on The Business of Government Hour.
Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with David Wennergren, Deputy Assistant Secretary of Defense for Information, Management, and Technology, and Deputy CIO.
Also joining is in our conversation is Linda Marshall, partner in IBM's defense industry practice.
David, in your previous role as the Department of the Navy's Chief Information Officer, you led the Identity Protection and Management Senior Coordinating Group. Could you tell us about your efforts to oversee and coordinate DoD's biometrics, Smart Card and PKI initiatives? And what is the Department doing to better its performance on the Security Scorecard in accordance with the Federal Information Security Management Act, otherwise known as FISMA?
Mr. Wennergren: Yeah, I'm really fortunate that as I change jobs, I continue to get to chair of the Identity Protection and Management Senior Coordinating Group. That's a long acronym, IPM-SCG. It's been a wonderful adventure. I think we often underestimate the success of the Department of Defense's Smart Card and PKI, Public Key Infrastructure initiatives. Over the course of the years, we've issued 12 million Smart Cards with PKI credentials on it.
We have a workforce of 3-1/2 million people walking around with the Common Access Card with their PKI credentials on it. It's one of the largest smart card PKI implementations in the world, and certainly one of the most successful. And you know, 10 years ago, we would have been on a path for 50 or 60 different PKI solutions, where everybody that wanted to do something via the web and needed to do SSL or something like that would have gone out and bought its PKI solution and none of them would have worked together. And to have one card that's your military ID card, that's your physical access badge -- well, let me tell you a little bit about how it works.
So I have my Department of Defense Common Access Card, I can use it to do physical access to get on to the base. I can use it when I get into my office to do cryptographic log on onto my computer network, which is much more secure than doing user IDs and passwords. I can use the PKI credentials on the card to launch myself to secure websites. So once again, rather than having to remember 40 or 50 different passwords for different secure websites, I can use my PKI credentials to get to secure websites.
Passwords really need to go away. Passwords are not a secure way of doing business, user IDs and passwords. It's easy to crack passwords, and so that's why people keep wanting to make them more complex. They tell you they have to be longer, special characters, capital letters, and they're still easy to break, so they want you to change them. And so how many passwords do each of you need to remember? You probably write them on a yellow sticky, put them on your computer -- security professionals go crazy when I say that because of course I don't do that, but people do, right? And so this idea about being able to use the Smart Card with its PKI credentials has been a huge improvement to our security.
The number one attack vector against our networks a year or so ago was people cracking passwords, which we have dramatically reduced by having everybody in the Department of Defense use their card for cryptographic log on, but it doesn't just stop there because it's not just about physical security, physical access, and it's not just about cyber-security. So it actually is a key, forgive the pun, to doing e-business. So now I have a Defense Travel System, I put my card in, the hardware token, the card itself with the PKI credentials allows me to do a digital signature. So rather than having to do paper processes with wet ink signatures, I can do digital processes and speed up transactions, improve customer service, get paid in a couple of days now on my travel claim rather than the weeks it took to process the paperwork. So it's been a real accelerator for the transformation to e-government for us, too.
Homeland Security Presidential Directive 12, HSPD 12 has sort of said, well, this idea about a common card that you would use for physical access like we're doing with the Common Access Card, the DoD needs to be standard across all of government, and so we're a real leg up on implementing HSPD 12 because of what we've done with the card.
Biometrics are another fascinating area, because biometrics have the added advantage of telling you about somebody's history. The power of the PKI and the Smart Card is about I am who I say I am, and I'm still a valid member of the community. So this is Wennergren, and he's putting his card in the slot, and we have not revoked his certificate, so he's still a valid member of the community. The power about biometrics, like fingerprints, is that they connect you to your history. So a biometric of somebody trying to enter a base can be compared to the biometric that's in a database about a criminal activity, and allows us to connect people to problems. So biometrics work is a real growth industry for us, too.
And at the moment, fingerprints and iris scans and voice recognition and facial recognition are some of the big ones, but the number of biometric technologies that are being looked at grow by the day. It's really exciting to see. The interesting thing that's happened is that, as I mentioned earlier in the interview, what security means to us changes as you move to a web-based world. And so it's kind of fascinating now, a lot of the effort is being spent on what we call continuity of operation planning, because in this new world, it's all about being able to get to the knowledge that you need.
So a continuity of operation plan that you had a few years ago about how to protect the boundary of your network and what you would do if the server was down locally may not be the same kind of continuity of operation plan you need in a world where you're relying upon this single authoritative data source.
So there's a lot of work that's going on in addition to the things we've already done like the identity management work to improve our FISMA scores. There's a lot of work being done to make sure that we really understand the survivability and the sustainability of the network and the internet. How would you function if part of it's not available to you, and the fact that we're all in this together. I can do the best job in the world of securing my DoD computer, but I don't do this alone. I do this with partners in industry, I do this with partners in academia, and we're all sharing data together. So the security level of each of my industry partners, and the academic institutions that I do business with, has to rise with my security levels, too, or else they now become the weak links in the network.
Mr. Morales: David, I want to take us back to something that you said in our first segment. As the Deputy CIO, a big portion of your job is to put in place the policies, cultural change, strategies, and educational outreach to help staff recognize that they are part of this broader enterprise that you described. To this end, what are some of the common push-backs that you encounter in this role?
Mr. Wennergren: Push-back? People don't like what the CIO does? There is an interesting dynamic tension that happens. Because -- not to be clich�d, but I think the C in CIO actually should stand for "Change," because a majority of my time -- as a CIO, you have to understand technology because you have to be able to describe it to others, but I do spend the majority of my time focusing on cultural change issues. Not surprisingly. So we survey our workforce and our leaders and we understand who they are and -- so we're a bunch of type A personalities, and not surprisingly, we're a bunch of control freaks, right?
People want to have the -- give me the money, tell me what you want done, and I'll go get the job done, leave me alone. And we become very expert. And so now I'm an expert that wants to own it myself, because that's when I feel most comfortable. And yet in this Information Age, it's often about me relying upon somebody else to do something for me. So this shift that says it's time to step out of your comfort zone and begin to rely upon somebody else to do something for you or you're going to lose some personal control, it's a huge part of my job.
And so whether it's about the duplicative legacy system -- you build a time and attendance system, Linda -- Albert, you build a time and attendance system, how many time and attendance systems do I really need? So as the CIO, it's my job to tell you, Albert, that --
Ms. Marshall: That Linda's is better.
Mr. Wennergren: Exactly. Right. That maybe your baby's ugly, right, and doesn't need to be around for us anymore -- those are hard conversations, right, and so they often smack on the -- but I understand my business better than you because you're the IT guy, and I'm the -- fill in the blank, the doctor, the lawyer, the financial management specialist.
And so part of the job of the CIO is to help point out that there's a business case, right, and there's actually ways to measure. And so you can let these things be your guide to help you understand that there is a future path that might be more effective if you could come with us from where you are today in your comfort zone and be willing to step out of it.
Ms. Marshall: Dave, I think it's fair to say that information technology is an area sometimes noted for its turf battles and proprietary views.
Mr. Wennergren: Everybody has an opinion, don't they?
Ms. Marshall: Would you elaborate on your efforts to foster an enterprise view and to break down silos, and how does the Department's Enterprise Software Initiative support that effort, and how does it enable your organization to operate more like one enterprise as opposed to in those silos?
Mr. Wennergren: The DoD Enterprise Software Initiative is a wonderful example. There are lot of things that are going on, because you're absolutely right. The beauty of moving to the web, the beauty of having enterprise portals, the beauty of web services is that all those things help -- allow us to move from the world of local solutions to the world of functioning as an enterprise. So there are these great technologies that are forcing functions.
The DoD ESI initiative is focused on this idea about leveraging your buying power and being aligned in what you do. And so it's a great example about moving to an enterprise. And it's been so successful for us that it spawned the idea of the federal governmentwide smartBUY initiative. So they're sort of co-branded now, the DoD-ESI effort and the federal government led smartBUY.
It began as this idea about if you buy in bulk, you get a better deal. So if I need 10,000 copies of a software license and you do it, rather than each of us buying separately, we could band together. But it really grew into so much more, and we have Enterprise Software Initiative agreements with dozens and dozens of companies. And I think if you had them in here, Oracle would be a great example.
In my Navy life, we created a single enterprise licensing agreement for Oracle database products. It was great for me, because I knew I had an ever-increasing base of people that were using Oracle database products, and so how is it going to stay ahead of the licensing costs? I got one fixed price for the entire Department of the Navy to use the Oracle database parts, but it was a win for them, too, because it reduced them from having hundreds of separate contract vehicles and administrative overhead to one vehicle, one bill, one payment, and it allowed them to say, you already have my database product, may be you'd be interested in other products that I sell, too.
And so they really can be win-wins. And the efforts just continue to grow. We estimate that over the last seven, eight or nine years, we've probably helped the Department of Defense avoid spending about $2 billion in licensing costs by having done these agreements. The one that we're about to unveil is for data at rest, encryption technologies, which of course is a pressing concern of everybody now -- what happens if a laptop is stolen or lost. Was the data encrypted to protect any sensitive information on it? And this one's going to be incredibly groundbreaking for us. Again, it's a co-branded SmartBUY federal government DOD-ESI initiative to buy encryption technologies.
And so we will pick the two or three products that are the ones we want to buy and will not only be available to all of DoD, it will be available to every federal agency, and for the first time for one of these agreements, it will be available for every state and local government agency. So we'll be able to help make more efficient use of our resources and raise the bar of security not only across the federal government, but across federal, state, and local governments. That's what the power of working as an enterprise together does for you.
Ms. Marshall: Related to this discussion and regarding IT portfolio management, DoD-IT investment decisions need to be aligned to your strategic goals to improve combat capability, warfighting readiness, and mission performance. To this end, would you elaborate on DoD's capital planning process? What sorts of budget constraints are you dealing with now that you didn't have to face several years ago?
Mr. Wennergren: You know, people often don't fully appreciate the power of portfolio management. It often begins as an exercise that sounds like, well, it's about being good stewards of the taxpayer dollars, which is really important -- it's about what are you spending money on and how can you change the way you spend money. But it really is so much more.
So for us, it began as this idea about what you have, what have you got, tens of thousands of legacy systems and applications and hundreds of legacy networks, and do you really need those? And so which are the ones that are really part of your future? But what it really became was the forcing function to move us to netcentric operations, because you're able to have a preference. I choose four solutions that will be, and then fill in blank about what your future needs to be.
So for us, at the risk of far too much IT jargon, it's going to ride on an enterprise portal, it's going to be a web service, it's going to use the DoD Common Access Card to gain access. Those sets of things that help allow us to be netcentric. And so now you can choose in preference of those solutions. You can help move the organization from what they had before to what they need to have for the future, but it doesn't stop there. Because as we move away from the legacy networks, we move away from the networks that are less secure. And so the new solutions are improving security. So this portfolio management process, which helped me understand what I owned and what I was spending money on, and reprioritize and being more effective at how I spend money, has also helped me to achieve my vision of netcentricity and helped me to raise the bar in security.
Ms. Marshall: Would you tell us about your efforts to establish a standard IT product configuration to be used across the federal government and not just in DoD? What are the benefits and critical challenges to this effort, and what's the status?
Mr. Wennergren: If you want to be netcentric, you have to be aligned, and you have to be interoperable. And so the more that you can be aligned to commercial off the shelf solutions -- the more you can be aligned to standards, the better off you'll be able to be. If you have to build a solution for 28 different versions of an operating system, there's a lot of nuances there that go into what happens. And so the DoD team, the Air Force, the National Security Agency, a lot of folks have worked really hard -- the Army -- putting together a partnership with Microsoft to develop what the secure configuration of Vista looks like that every DoD computer will have, and it will be available through all the hardware sellers. And the secure configuration of Vista has been adopted by OMB and will be used by all of the federal agencies now, too.
So again, this idea about if you get together and talk with your industry partners, you can understand what you need and where they're headed, and you can create a partnership that will raise the bar on security and product conformance for everybody, and so it's a wonderful example.
Mr. Morales: David, I want to come back to this theme of partnerships and collaborations and focus now inwards again to the organization. As you've described, government work is accomplished by teams of employees. Could you elaborate on your approach to empowering your employees, and how do you lead change and enable your staff and those within the organization to accept the inevitability of change and make the most of it?
Mr. Wennergren: Change happens, get used to it. It's one of my favorite subjects. It smacks on human nature and psychology and all sorts of interesting disciplines. It really is at the heart of everything that we do. Organizations are often the last thing to change. It takes a long time to shut down an organization -- as they say, tear down the flag pole, move buildings and those sorts of things, but the challenges have spanned organizational boundaries. So getting people to function as a team is hugely important.
When I was the Deputy CIO for the Navy, we cared enough about this, we actually wrote a book called The Power of Team, and it was geared to help organizations create effective CIO organizations, and the only way to have an effective CIO organization is to have an effective team. And so this idea about being a positive force for change and being able to work with rather than work against others is hugely important. It doesn't have to be a case of my victories at the expense of your defeat, right? We really can find ways if we work together that it will be better than if we went our own individual ways.
There's lots of great leadership books about this. One of my favorites is Max DePree's book, Leadership Is an Art, and it's just fascinating to read. It's one of those great books with big print, lots of white space, a few number of pages, a great easy book to read.
Mr. Morales: Pictures, too?
Mr. Wennergren: No pictures, but every time you read, you will get something more out of it. And he has this great quote about, "Great leaders see opportunities where others see challenges or problems." And that really is the key, are you going to be a cynical voice for change or a positive voice for change? I think people fail to recognize that if you're an IT professional, whether you're in government or industry, you are viewed by all of your peers as knowing more about the subject.
And so your level of cynicism, your level of reticence, your level of reluctance or fear becomes like a magnifier for them -- it's a resonator, it's like the ripples in the pond, a little bit of perturbation on your part creates great angst in the rest of the workforce. It's not to say that you want to endorse things that are bad ideas, but to the extent that things are a good idea, you have to be an avid vocal storyteller about why they're a good idea.
It's no surprise that if you drew a bell curve of an organization, the majority of people are not like early adopters of change; they're change-neutral or change-averse. And so if you want to get an organization to move from where it is to where it will be, you have to help the organization have courage and be willing to understand the new idea. We often underestimate the power and importance of storytelling. You can't do it alone, right? Everybody has to be a good storyteller and everybody has to work together as a team.
There's another great book that I love -- forgive me, I have lots of books that I love. Another great one is the book Execution by Larry Bossidy and Ram Charan. And in it, they have a fabulous quote that says, "Leaders get the behaviors that they exhibit and tolerate." And it is so true. If you're going to be a positive force for change, if you're going to be a leader of teams that are empowered to do great things, wonderful things will happen. If you're not, then you'll fret and fear and things won't get done.
Leaders help others find their gifts and find their talents and help create a better future. If you empower smart people to get the job done, amazing things will happen. If you feed their creativity and don't be an impediment in their way but support them as they go, fabulous results will happen.
Mr. Morales: So David, not to add more challenge or complications to this equation, could you tell us then how federal managers can effectively manage an ever-increasing blended workforce, which is composed of both contractors and federal employees? And can you tell us a little bit about the intrinsic differences to these two groups?
Mr. Wennergren: Yes. It's a fact of life. Workforces are blended workforces. In the Department of Defense, we use a term called "total force." It is a recognition that an effective warfighting team is composed of active duty military personnel, selected Reservists, government civilian employees, contractors, we're all in this together. So clearly there begins with this conversation about what are governmental functions that have to be performed by government decisionmakers, what are functions that don't have to be performed by government people. Get yourself past that and get yourself to this idea about we're all in this together. Because I find organizations of the past often have like a class system, where contractors are like vendors or they're somebody that I'd just like feed things to, and they're not equal participants.
The successful organizations that I see recognize who needs to do what jobs and then function as a fully integrated team to get the job done. Once you understand who has what set of responsibilities, you need to be able to use the great ideas of everybody on the team. Offices that have large numbers of contractors in them are very effective, because companies are able to bring the right talent to bear quickly. And so there's this partnership of government decisionmakers with understanding of the organization and continuity, contractor teams that are agile and flexible and can help augment the knowledge of the organization quickly.
And that's the key recipe for success in my mind.
Mr. Morales: Great.
What does the future hold for DoD's IT efforts?
We will ask David Wennergren, Deputy Assistant Secretary of Defense for Information, Management, and Technology, and Deputy CIO, to share with us when the conversation about management continues on The Business of Government Hour.
Mr. Morales: Welcome back to The Business of Government Hour. I'm your host, Albert Morales, and this morning's conversation is with David Wennergren, Deputy Assistant Secretary of Defense for Information, Management, and Technology, and Deputy CIO.
Also joining us in our conversation is Linda Marshall, partner in IBM's defense industry practice.
Dave, you are the vice chair of the CIO Council. Can you tell us about the Council's role and responsibilities and its initiatives to address federal IT challenges?
Mr. Wennergren: Sure. In our last segment, we were talking about a couple of books, and the role of the federal CIO Council reminds me of another one, The Power of Alignment by George Labovitz and Victor Rosansky, and it's a powerful book about the key issue that faces us all today, and that is, how are you aligned as an organization?
And in the book they talk about what's the main thing that you do. And understand your main thing, then you can work on issues of alignment, both horizontally and vertically.
And in a sense, that's what the federal CIO Council is all about. It is the forum where CIOs from every federal agency can get together to achieve alignment and sustain alignment, to share ideas, to share best practices, to not go it alone. There's a healthy amount of stealing of each other's ideas, and that's what it's all about. So I've been really fortunate to be involved in the federal CIO Council. It's the way that we implement the President's Management Agenda. It's the way we collaborate and share ideas. I have this great opportunity working with Karen Evans, who's the OMB information technology leader and the chair of the Council with me.
It's all about strategic use of information. We have three committees. We have a committee that focuses on architecture and infrastructure issues. We have a workforce committee which has done an outstanding job, and then we have a best practices committee. It's wonderful, because the group meets regularly, and so as issues emerge, like pressing issues that we have today about privacy and security, CIOs are able to volunteer time and resources to help resolve those kinds of issues.
Mr. Morales: With the evolution of the global threat environment, and the many challenges associated with it, how do you envision DoD and its information technology efforts evolving in, say, the next five years to meet these challenges?
Mr. Wennergren: You know, I do a strategic plan. I try to get the team to focus on the next two years, because the farther out you go in the IT world, the world becomes fuzzier and fuzzier. Five years doesn't seem like much when it comes time for doing Department of Defense budgets, but it's a great length of time in terms of all the wonderful innovations that take place. But as I look in my crystal ball, the importance of the web is huge, and we will continue a rapid migration -- rapid migration to portals and web services. And again, that speaks to the security issues then that we've already touched on about the sustainability and survivability of a global enterprise network that relies upon the commercial sector, and it speaks to the issues of can I trust the data; is there integrity of the knowledge that I'm using, because not being able to trust the data is as bad as not having the connection.
The other idea is of course we're all in this together. And so we've got to keep looking for ways to raise the bar in collaboration, to raise the bar on security, across government -- with industry, with other governments, with academia. And I guess the last part is that people need to keep their eyes on the innovations of the future. What often begins as something that seems recreational only actually fosters collaboration. I'm intrigued by YouTube, I'm intrigued by Second Life.
Second Life, which seems like a game to most people my age, is really like this virtual reality that companies like IBM have been huge users of. I understand they have like 2000 accounts to do virtual online collaboration. I think that's a fascinating example of the kind of thought leadership that IBM has had in this business. There is a hotel chain that uses Second Life to do virtual floor plans and see how the six million inhabitants of Second Life traverse. Two countries have embassies on Second Life now; Maldives and Sweden, and Reuters has a news desk now. If you're an old fashioned guy, you might look at that and say well, Second Life is this video game. But Second Life is actually this innovative new way to collaborate, and so we have to keep our eyes focused on the non-traditional ways of helping to get to the future quicker.
Ms. Marshall: So Dave, with innovation and transformation, these things create new competitive areas, new competencies, new ways of having to do business. What qualities will be needed in the warfighter of the future and those IT staff who provide support? And to that end, what steps are being taken to attract and maintain a high quality technical and professional workforce that are willing to take on that change?
Mr. Wennergren: It really is all about the people. Deputy Secretary of Defense Gordon England, who was my boss before when he was the Secretary of the Navy as well, he used to point to an aircraft carrier and say, "You see that aircraft carrier, big, giant, massive thing, it's not worth anything until it's manned by a crew of 5,000 men and women who are trained and equipped and ready to go." If you don't have the right workforce, you'll never be able to be an effective warfighting force of the future.
The interesting thing is that we survey the workforce extensively, and the common wisdom was that -- the number one issue facing us was the graying of the workforce, the workforce is about to retire. But we find that not to be true for the Department of Defense workforce. The much more pressing issue for us is the need for retraining, that people came into a job and they want to stay. But the skills that they developed initially are not maybe the skill sets they need for the future. COBOL programming, not such a big thing anymore. Being a knowledge manager, being an information security professional, being a website developer, so it's this retraining of the workforce that's really front and center for us. It's all about being a learning organization.
Peter Drucker was one of the great leadership minds of 20th century and he said a lot about the importance of continued learning, and I'm taking that to heart. He said that good management is all about making people's strengths effective and their weaknesses irrelevant. And that's what a continually learning kind of organization does. And so we are expending a lot of energy helping people to get professional certifications, which doesn't sound like a big deal, but it's something that the government wasn't so good at doing a few years ago.
Helping people understand that if you want to attain these competencies, this is the career path that you ought to go on and these are the kinds of training that you need to do and those sorts of things. Second and related to that is it's not just about the IT workforce, it's about the entire workforce and their expectations. You know, the average age on an aircraft carrier is 21 or 22 years old. People that are coming into our organization at that age, what are their expectations? What do they have as the technologies and advantages that they have in their life at home or at school, and are we going to provide them that kind of technology.
In my Navy life, our commercial of the day is about accelerating your life, which is a fascinating message, because accelerating your life implies that come and join us and you can be part of something better faster. And so we better make sure that we're staying abreast of the kinds of technologies that they're used to be using and using very effectively, and having them available for when they work here.
Ms. Marshall: Dave, you are the recent recipient of a Federal 100 Award, which goes to individuals who have made a difference in government technology, and as well, you have been a previous John J. Frank Award recipient. Given that peer recognition, first, would you tell us a little something about these awards? But more importantly, what emerging technologies hold the promise for improving federal IT?
Mr. Wennergren: You know, both being an Eagle Award Winner, the Fed 100 this year, and the John. J. Frank Award last year were really great honors for me. It's kind of humbling to be recognized by your peers for making a difference in the IT space, and especially humbling when these people who have been mentors and friends of yours have received these awards in the past, and to be able to join their ranks has really been a wonderful experience for me, and it's a nice feeling to be recognized for whatever work you do.
And you know, the fascinating thing is of course that the hard work that I do pales in comparison with the people that I do the work for. And so what motivates me everyday is the fact that there are tens of thousands of young men and women who are deployed far from home in harm's way defending the nation, and they chose careers of service and sacrifice. And so if I as the IT guy can help make that life more effective and better for them, then that's great motivation to come to work.
And so what are we going to give them to have them have a productive future? And I think that's the heart of your question, and I think we've sort of touched on it. You know, this idea about it's a web-based world is really at the heart of it, that if I'm a Naval CC officer and I'm stationed in Fallujah with the Marines, and when they reach back to get knowledge from an Army organization, can I do that? And we're saying yes, you can. And it requires all of us to be really vigilant about adopting these enterprisewide solutions, buying the right stuff, being interoperable, making the right choices about when's the right time to buy the one big system versus when's the right time to just ensure interoperability, to allow people to go do things with speed and agility, but have them do it in a way that's interoperable.
So portals, service-oriented architecture, web services, the security portfolio will continue to be a growth industry for us. We've made a big difference with Common Access Card and PKI, but there is much more to be done, much more to be done about attribute management, that is this combination of my identity and attributes about me that ought to give me access to data and the world of biometrics.
So there's lots of opportunities for growth.
Mr. Morales: Dave, you've had a very interesting and highly successful career within public service. What advice would you give to someone who is out there perhaps considering a career in public service?
Mr. Wennergren: Well, it's been a fabulous opportunity for me. And I think people choose one of two career paths. Some people have very organized career paths, where they plan they're going to do this for two years and do that for three years and plan out their whole lives, I kind of have managed my career by chaos. You know, one adventure has led to another, and I've been very fortunate in where those adventures have led.
I think working for the federal government has been great. It's a wonderful opportunity. You know, you get a chance to get leadership experience very early. In the military and in the civil service, you're a leader of large groups of people at a very young age, and so you learn leadership skills quickly and you get to work on some things that are very big stages. The scope and size of the military departments in the Department of Defense is unrivalled pretty much anywhere.
And so you get to be part of something really big. It does take the right blend of patience and impatience. Large organizations are like large ships, they sometimes turn slowly. You need to be impatient because you need to keep pushing for the next thing to happen. You need to have a certain amount of patience though so you don't become too frustrating where sometimes you have butt heads or don't make progress as fast as you like. But I think it's been a really rewarding experience for me, and I think it's an opportunity for somebody to be a positive force for change and make a difference quickly.
Mr. Morales: That's fantastic. We've unfortunately reached the end of our time here together this morning. So I do want to thank you for fitting us into your busy schedule, but more importantly, Linda and I would like to thank you for your dedicated service to our country across your federal career.
Mr. Wennergren: Thank you. Thank you, Albert. Thank you, Linda. It's been great being here with you. I guess I would offer to the audience that I'm easy to find. If you have questions, firstname.lastname@example.org, and if you're interested in any of the things we talked about today, we do have a website; it's www.dod.mil/cio-nii. And all of the documents that we talked about today, you can find there.
Mr. Morales: That's fantastic.
Mr. Wennergren: Happy hunting.
Mr. Morales: Thank you.
This has been The Business of Government Hour, featuring a conversation with David Wennergren, Deputy Assistant Secretary of Defense for Information, Management, and Technology, and Deputy CIO.
My co-host has been Linda Marshall, partner in IBM's defense industry practice.
As you enjoy the rest of your day, please take time to remember the men and women of our armed and civil services abroad who can't hear this morning's show on how we're improving their government, but who deserve our unconditional respect and support.
For The Business of Government Hour, I'm Albert Morales.
Thank you for listening.
This has been The Business of Government Hour. Be sure to join you every Saturday at 9:00 a.m., and visit us on the web at businessofgovernment.org. There, you can learn more about our programs and get a transcript of the day's conversation.
Until next week, it's businessofgovernment.org.