Navy opens some IT ops to vendors
- By Dan Verton
- Aug 21, 2000
The ongoing debate about how the Defense Department should organize to support
the emerging high-tech field of information operations took an unexpected
turn last month when the Navy published new guidance that opens up certain
portions of the IO field to civilian contractors.
A memorandum signed July 25 by Dan Porter, the Navy's chief information
officer, provides Navy organizations with the latest guidance on what information
technology jobs are considered "inherently governmental" and what jobs are
open for outsourcing. However, in a change from a previous draft of the
document, the Navy has labeled all defensive information operations, including
information assurance and other defensive security operations, as "non-inherently
governmental" job functions.
Although the earlier version of the Navy document released last year did
not include defensive information operations as a job function open to outsourcing,
the new policy recognizes that grand-scale IT initiatives, such as the Navy/
Marine Corps Intranet, are changing the face of the IT work force.
"With the advent of N/MCI, some of what has been "traditionally' government
work will transition to contractor support," Porter said. N/MCI would replace
a hodgepodge of two dozen Navy and Marine Corps networks with a seamless
network owned and operated by a single contractor.
The Navy's new policy guidance also stipulates that offensive information
operations — which include computer network attack, perception management
and psychological operations — are inherently governmental. It adds that
even though contractors may perform some elements of inherently governmental
work, "this will usually be in a supporting or consulting role."
The Pentagon first codified its definition of IO in a formal guidance document
known as Joint Publication 3-13. The initial document vaguely defines IO
and outlines the interrelated roles of such disciplines as psychological
operations, deception, perception management, civilian affairs and various
intelligence-related fields [FCW, Dec. 2, 1998]. Since then, however, the
term has come to include electronic warfare, computer network attacks, critical
infrastructure protection and information assurance.
Some experts point to questions about the link between offensive and defensive
IO and say the Pentagon has yet to resolve all the roles and missions within
IO, including the role of contractor personnel (see box).
"There is still ongoing role confusion regarding information technology
in general and information munitions specifically," said a senior Pentagon
official who has participated in high- level discussions on the future of
IO. "Taking care of IT equipment has clearly been relegated to support status
[and is] commonly outsourced," the official said.
"On the other hand, good attack techniques often arise from a sound
understanding of defensive tactics. So the two are clearly linked, and our
50-year-old organizational structure will continue to have difficulty with
The policy change raises serious questions about the role of civilian contractors
in supporting ongoing military operations, in which uniformed personnel
have historically received legal protections from international conventions.
The Pentagon official said it's likely that the Navy is trying to ensure
through its policy guidance that offensive IO tactics "remain within the
province of trained warfighters." But he also noted that contractor personnel
are heavily involved in all aspects of IO. Civilian contractors, for example,
staff the entire IO cell supporting the U.S. Southern Command, which is
responsible for defense operations in 32 countries in Central America, South
America and the Caribbean, the official said.
A former intelligence officer who during the invasion of Haiti in 1994
served under Army Brig. Gen. Keith Huber, the current operations officer
at Southcom, said the contractor IO cell at Southcom is involved in coordinating
psychological operations with ongoing military operations, including counter-drug
missions and other classified operations.
John Thomas, the former commander of the Pentagon's Global Network Operations
Center (GNOSC), said the use of contractor personnel in the realm of IO
is nothing new. He added that one of his current employees from the information
assurance division within the AverStar group of Titan Corp., where he now
serves as vice president, directly supports the IO effort at Southcom.
"When I landed in Haiti with the Army's 18th Airborne Corps, GTE [Corp.]
contractors went with us," Thomas said. "They were side by side with us
"The military is at a crossroads here," Thomas said. "Their requirements
have outpaced the ability of the schoolhouses to produce trained students
[in IO]. The best thing the military can do is create a win-win situation
by partnering with industry."
Thomas said most of the staff members at DOD's five regional Computer Emergency
Response Teams were AverStar employees when he served as GNOSC commander.
"I could not discern between the contractors and the DOD personnel in terms
of dedication or performance difference," he said.
Although he has no firsthand knowledge of it, Thomas said, he is confident
that there are contractors involved in some aspects of offensive IO in DOD.
"You have contractors in every aspect of IO," he said. "They're working
hand-in-glove with the military."