The Department of the Navy is working to take the speed and agility its IT shop gained while responding to the coronavirus pandemic and turn it into a permanent state of operations moving forward.
CIO Aaron Weis said Thursday the future of the Navy’s IT operations will be focused on taking opportunities to pare down its disparate systems, enhance the workforce and rethink how it approaches cybersecurity.
In March 2020, the Navy IT shop surged its resources away from existing priorities to stand up a telework solution in a matter of weeks, a feat that had never been done before on that timeline. Weis described the move as that of a 50,000-person start-up, operating with agility that was unprecedented for the Navy.
Now the challenge is turning that into a lasting operational state, Weis said during the AFCEA Naval IT Day event Thursday.
The Navy wants to take “that moment and pivot into something that is enduring,” Weis said. The Navy CIO added that his greatest fear is “that it just snaps back to the way we used to do it.”
Among the changes the Navy is focused on is paring down its sprawling, disparate IT systems. The CIO’s office is leading a review —dubbed “Supernova” — of its data analytics platforms to figure out what can be culled and what can be expanded.
Typically, the Navy needs some level of redundancy and doesn’t reduce its number of systems down to only one, Weis said, but the department currently has too many different platforms doing the same task.
That type of thinking will underpin future decisions, he said, adding that his new boss, Secretary Carlos Del Toro, who is a former CEO of an IT company, will be looking closely at the Navy’s tech. In briefings the CIO has given, the top priority from Del Toro has been ensuring the IT systems the Navy buys are “at the right cost,” Weis said.
Weis also outlined a new approach to cybersecurity he wants the Navy to take, railing against the existing Risk Management Framework — the system the DOD uses to check the cybersecurity of an IT system before it can be given an authority to operate.
“The way that we do cybersecurity and accreditation in the [Navy], and in fact … the way that we do it in the DOD, is wrong,” he said.
Instead, Weis wants the Navy to think about cybersecurity as a “readiness” issue — one that needs to constantly be maintained — not something that can be checked once and forgotten about.
“We approach cyber as a compliance problem, and it is not a compliance problem,” he said.