The Defense Department CIO also discussed cybersecurity scorecards, accreditation processes and DOD's upgrade to Windows 10.
Defense Department CIO Terry Halvorsen
The Defense Department is lagging on an initiative to close data centers and save money. DOD CIO Terry Halvorsen said he believes the key to truly significant savings is cutting labor costs through automation.
"There is one huge cost driver with data centers -- it's people," Halvorsen said April 8 in a call with reporters.
Halvorsen has made data center consolidation a signature initiative of his tenure as the Pentagon's IT chief. However, a recent DOD inspector general report took his office to task for falling well short of a requirement to close 40 percent of DOD data centers by the end of fiscal 2015. The department had closed just 568 -- or 18 percent -- of 3,115 reported data centers by then, according to the IG.
"We're going to be more prescriptive from a DOD level about actions that everyone will have to take with data centers," Halvorsen vowed. One of the areas in which he said he plans to be more prescriptive is by installing automation tools at data centers. Having employees monitor and maintain servers is a poor use of labor, he added.
Halvorsen has said that closing data centers will save DOD a projected $1.8 billion through fiscal 2018, but he is not satisfied with that number. The department is "leaving money on the table that we ought to be able to use for really important things inside the department," he told reporters.
The IG report knocked Halvorsen for not adjusting his strategy to account for a revised definition of data centers from the Office of Management and Budget. But Halvorsen defended that decision, saying the revised definition focused on special-purpose processing nodes, which are data centers that have no direct connection to the DOD Information Network.
"Those nodes aren't where the money [is], and in most cases, there's no value in consolidating them," Halvorsen said.
Certification changes imminent
Halvorsen also briefed reporters on updates to the department's cybersecurity scorecard and its certification process.
He said he expects to announce revisions in the coming weeks to DOD's accreditation and certification process for commercial IT products and services.
"I think we have reached a point where we no longer can do specific hardware or software accreditation," he said, meaning a piecemeal approach won't keep up with continual updates to, say, cloud offerings.
"Our process wouldn't sustain that," he said of certifying cloud offerings that are always being updated. "We need to look at how we do certification and accreditation by process and at some point maybe even by vendor."
A group of private and government advisers, led by Marianne Bailey and Richard Hale in the DOD CIO's office, will soon recommend changes to that process, Halvorsen said.
There are also changes afoot to a monthly scorecard submitted to Defense Secretary Ash Carter that grades various defense agencies on their IT security practices. The scorecard will broaden to cover cybersecurity for missile defense, Halvorsen said.
"We're trying to make sure that we've aligned not just organizations but mission functions with improved security," he said.
In February, two Navy admirals asked Carter to add the industrial control systems that underpin U.S. infrastructure to the scorecard. Halvorsen said officials are considering it. Yet just because ICS doesn't have its own category on the scorecard doesn't mean system vulnerabilities are overlooked, he added.
He also held forth on a departmentwide goal of having all DOD IT systems upgraded to the Microsoft Windows 10 operating system by January 2017. Eighty-five percent or more of DOD will meet that deadline, including major enterprise networks such as the Navy's Next Generation Enterprise Network, Halvorsen said.
He added that there could be budgetary repercussions for DOD agencies that don't meet the Windows 10 deadline or get a waiver.