Air Force closes in on new directive for IT governance

The candidate for a top job at the Air Force updated senators on the department's IT plans at her nomination hearing.

Air Force officials are drafting a directive that would update the role of the CIO, more clearly aligning it within the service's broader organizational structure, according to a spokesman.  

The Air Force instruction will cover the CIO's "governance roles and responsibilities; identification of key players, policies, and procedures; and the definition of strategic organizational structures detailing where the CIO governing bodies fall within the larger Air Force governing structure," Air Force spokesman Ed Gulick said in a statement to FCW. "We are formalizing a governance charter, which will inform these updated policies."

The directive is the latest effort by the Air Force to provide organizational clarity on IT security.

Air Force Chief of Staff Gen. Mark Welsh in March initiated Task Force Cyber Secure, an approximately yearlong project to assess the service's IT security vulnerabilities, from its main networks to far-flung assets. In scope and intention, the Air Force's task force mirrors one unveiled by the Navy in November 2014.

Lisa Disbrow, whom President Barack Obama has nominated to be undersecretary of the Air Force, alluded to the new CIO-related directive in submitted testimony before a Dec. 15 Senate Armed Services Committee confirmation hearing.

"The department will soon publish an updated set of policies for how we govern and operate enterprise IT/cyberspace capabilities," Disbrow said in her testimony.

"We are undertaking a nascent effort to align the Air Force IT governance and requirements processes with the Defense Enterprise Service Management Framework," which will use best IT practices in the commercial sector to support mission work, she added.

Disbrow's testimony also referred to "significant challenges" posed by legacy systems to the nuclear command, control and communication system (NC3). Commercial solutions sometimes introduce cyber vulnerabilities to the NC3, she added.

Striking a balance between government and commercial solutions – "and having the patience and resources to fund potential solutions" – are therefore the most pressing NC3 challenges, Disbrow said.

The challenge of addressing cyber vulnerabilities in weapons systems is a steep one for the Air Force. The service's Space Command, for example, spent $3 billion on cybersecurity last fiscal year, but not a penny defending software vulnerabilities in weapons systems that Pentagon officials have said are at great risk. (NC3 is under purview of the Air Force Global Strike Command, not the Space Command.)

Testimony covered Navy, Army cyber challenges

Testifying alongside Disbrow were Patrick J. Murphy and Janine Davidson, the nominees to be undersecretary of the Army and undersecretary of the Navy, respectively. Their submitted testimonies also offered clues to how they would tackle 'those services' substantial cybersecurity and IT challenges.

Murphy, a former Pennsylvania congressman, said in testimony that the service must "continue to streamline the IT and cyber acquisition process" to stay ahead of threats, "which requires current and cutting edge technologies."

Davidson, a Council on Foreign Relations scholar, noted in her testimony that IT advances are changing the relationship between people and technology, to the point that there is "vast potential to change the balance of manned and unmanned platforms in combat aircraft and across all platforms."

Separately in the hearing, the committee advanced the nomination of Marcel Lettre to be undersecretary of Defense for intelligence. Lettre, who is currently serving as acting undersecretary, plays a key role in inter-departmental cybersecurity discussions.

Lettre's nomination now heads to the full Senate for approval. Sen. John McCain (R-Ariz.), the committee's chairman, later told reporters he was confident the full Senate could find time to vote on Lettre's nomination, despite the clock ticking on the 2015 legislative calendar.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.