New Department of Navy CIO Aaron Weis is quickly building out his redesigned office, selecting two civilian officials to oversee newly formed core directorates under his purview.
Sasala assumes the role after serving as CDO in the Army, while Rathbun will dual-hat hers in addition to serving as deputy assistant secretary for command, control, computers, intelligence, information operations and space. Rathbun will maintain an acquisition focus from her original title in the new CTO role, Weis said.
The CDO and CTO roles will lead two of four directorates the Navy created to support the evolved department-level CIO function, formally called the special assistant for information management. Weis told FedScoop the other roles — chief information security officer and chief digital innovation officer — have been filled from outside of the Department of Defense and will be announced within weeks.
“This is an org chart that you would tear right out of the pages of the industry CIO organization because it really does consolidate multiple areas which today, for better or for worse, the Department of Defense overall is still wrestling with,” said Weis, who took over the new CIO role in late September after serving as an adviser in the DOD CIO’s office. “But if you look at what the Department of the Navy is doing, it’s coming right out of the box with this fully empowered organization.”
Rounding out the office’s leadership, the Navy and Marine Corps — as the two military services that report up to the Department of Navy — will each have three-star deputy CIOs that work under Weis. He announced that Marine Lt. Gen. Loretta Reynolds and Navy Vice Adm. Matthew Kohler have assumed those deputy positions.
Spurred by the Navy’s cybersecurity review
Weis and Undersecretary Thomas Modly detailed how the new CIO organization was created in response to a highly critical departmentwide review of the Navy’s cybersecurity.
“Although the cybersecurity review was a bit of a wake-up call for us … we didn’t respond by just creating a new cybersecurity office,” Modly said. “Because the bigger problem was the entire information management portfolio, we felt we needed to address it in a holistic, coordinated way.”
Modly had been serving as CIO in addition to his undersecretary duties, something he said “was overly challenging and spread my attention too thinly.”
“I accept responsibility for that. At the same time, the study misses that one of the reasons that was to elevate the responsibility” of the CIO, he said, adding that he will still be “very much involved” in the new office as it reports into him.
The new CISO role within the office, in particular, Weis said, “will be critical to … working across the Marine Corps and Navy as well as kind of spearheading our efforts to work with the Defense Industrial Base,” as the review pointed out earlier this year has been an area of concern.
Modly described the “cultural challenge” of working with second and third-tier contractors who don’t have the right resources to secure their operations. “It’s the tier two and tier three areas that are most exposed,” he said, not prime contractors.
“So we have to think really creatively about how we keep that supplier base vitalized and at the same time protect the data, because a lot of those breaches that we had came through that second and third tier,” Modly said. “And once our adversaries start figuring out ways to get in and get a piece of information here, a piece of information there, the next thing you know, they have the whole picture about some very sensitive technology that we’re working on.”
The Department of Defense writ large is working on this issue, too. In September, DOD issued draft cybersecurity standards under the new Cybersecurity Maturity Model Certification that defense contractors will have to adhere to in order to earn the department’s business and handle its sensitive information.