FCW Insider: Rob Carey's NGen update, and the Navy CIO's reading list

Robert Carey, the CIO of the Department of the Navy, spoke Monday at an . It was a pack house -- there were more than 125 people registered and it seemed that just about all of them showed up. Despite the fact that Carey is one of the best and brightest of government CIOs, most of the industry audience was there to hear about NGen, the Navy's follow-on contract for the Navy Marine Corps Intranet. If that's what people came for, they left disappointed. Carey largely reiterated what he told us last month in a story we headlined , one of .He did say that NGen is getting high-level attention from the Navy Secretary himself, and from Capitol Hill, of course. Navy officials were briefing Hill staff earlier this month, and expect to be back early next month. And he acknowledged that Hill staff are asking the same question that industry is asking: When can we know more? But, Carey said, the goal is to come out with a well-thoughtout message and, he said, they just can't say anything at this point. (Slightly off-topic, but... I understand that government officials believe they can't say anything and these big contracts are carefully watched by just about everybody. And this contract is of particular interest. So this is more about the government contracting/acquisition process in general, but... I just don't get why people can't say anything. I'm sure somebody will enlighten me, but it seems this would be a perfect opportunity to tap into the Web 2.0 kind of thinking about what procurement method would be best. I actually wouldn't recommend doing it in the case of NGen for obvious reasons. That being said, I'm going to use it as an example. If government officials were talking publicly about their thinking aboutNGen, they could tap into some of the knowledge out there. What were NMCI's strengths and weaknesses -- and why. What could be done better? What would be the best acquisition strategy? And why? It would seem to me that the Navy would get a better result -- and other government agencies could tap into the wealth of knowledge that the Navy has in areas such as service level agreements and the line of what is 'inherently governmental.' As I say, I'm sure there is a reason -- and I wouldn't recommend it in this case. Furthermore, I have a lot of faith and trust in Carey -- he really is one of the best. It just seems like a weakness in the way government operates. I'd love to see somebody try it on a smaller, less high-profile contract.)Back to Carey's presentation... He did offer the goal of what the Navy is looking for from NGen:In the years since NMCI was awarded, the Navy is more fully cognizant that the network is a key part of its operating force. Therefore, he reiterated, the Navy needs to own -- or have control -- over more of the pieces.The Navy has a definite deadline: The NMCI contract expires in September 2010. Carey said that the capabilities of NGen will be delivered over time and will provide "improved reliability, adaptability, security, governance, and enable warfighter mission accomplishment." The governance structure, which is currently being hashed out, will allow for greater governmental oversight and contractual flexibility. And he said the Navy will use an enterprise purchasing model will be used to provide cost savings for standard desktop suites .The requirements document was signed off in May and Carey noted that they are working on the governance structure right now.That was essentially it for NGen.But Carey did offer up some recommended reading.* Verizon 2008 Data Breach Investigations ReportThis report was released on June 11, but it didn't hit my radar until Carey pointed it out. You can read the PDF of the full report at . I've printed it out -- I know, how old school. Verizon analyzed more than 500 data breaches in both the private and public sectors between 2004 and 2007. Carey highlighted some of his take-aways from the report:- 73 percent  of the attacks were from external sources and 18% were caused by insiders- Insider breaches were much more damaging than those from external sources- 59 percent of breaches resulted from hacking and intrusions- 90 percent  of known vulnerabilities had patches available at least six months prior to the breach – 83 percent  of the attacks were not highly difficult and 85 percent were the result of opportunistic attacks - 87 percent were considered avoidable through reasonable controls* Carey's take on open sourceCarey noted that earlier this year, he put out a document that essentially gave the Navy explicit permission to use open source products. The official lingo: "This memo provides guidance for all Navy and Marine Corps commands regarding the use of open source software, which supports the Department of Defense goal of achieving an interoperable net-centric environment." Again, I didn't see this one -- and it is from June, 2007.Find a link to the PDF of Carey's memo at Carey noted that he is putting out a similar memo for Web 2.0 applications.* Rule Number Two: Lessons I Learned in a Combat HospitalThere were two books on Carey's recommended reading list. One was by Heidi Squier Kraft.Carey, of course, served a tour in the Middle East, including Iraq -- frankly, when Iraq was a more dangerous place then it seems to be today. But he said that Kraft's book captured some of the mind-set. Lt. Cmdr. Heidi Kraft is a Navy clinical psychologist and the title of the book comes -- and one of her toughest lessons learned during her deployment. The title comes from the TV show M*A*S*H: "There are two rules of war. Rule number one is that young men die. Rule number two is that doctors can't change rule number one."* The Pentagon's New Map: War and Peace in the Twenty-First CenturyThe other book Carey referenced is the 2004 book, by Thomas P.M. Barnett.:Read more on .* A CJD Carey recommendation: Carey spoke about a bit, and I would definitely recommend it. (We listed it as one of the earlier this year -- and that is still the case.) You can find it at .Carey is the , something I think deserves a lot of credit. I think it is an innovative way to reach out to people in a new and interesting way. Carey is a somewhat sporadic poster -- and I have publicly and privately urged him to post more. He says it is difficult to post as much as he does -- and I certainly feel his pain. That being said, as I noted in my , I think a blog can be an opportunity to develop a conversation. I think a CIO could blog about the development of a policy -- literally as it is being crafted. (We always talk about rolling out systems incrementally, yet we still take a 'big bang' approach to policies and decisions. These could be developed over time -- incrementally and transparently.)All of that being said, I continue to heap praise on Carey for his blog. It is a big and very positive step for government and he deserves all sorts of credit for making it happen.