The project hinges on five central goals: manage Coast Guard technical infrastructure as a strategic asset, build security into all solutions up front, harness tech innovation and commercial services, ensure the workforce transforms along with the operating model, become the broker of IT services and emerge as a true technical partner in all Coast Guard mission areas.
It’s a broad scope, but that’s not all Dermanelian has helped bring to fruition. He’s also behind Coast Guard moves to Defense Department enterprise IT offerings, including the Joint Information Environment and all it encompasses.
Dermanelian recently sat down with C4ISR & Network’s Amber Corrin to talk tech progress and the Coast Guard’s IT revolution.
C4ISRNET: First things first: What is Project Torchlight?
CAPT. DAVID DERMANELIAN: We started Project Torchlight about two years ago. To set the landscape, the Coast Guard C4IT Service Center comprises commands that are located in West Virginia for our software enterprise applications and our engineering center in Portsmouth, Virginia. Here in Alexandria is where our telecommunications, end-point devices and mobility devices are. We have a centralized service desk in St. Louis and people in California. We’re all over the country, I think seven states, with about 1,000 government, military and civil servants and another 1,200 to 1,300 contractors that work beside us.
So we assessed each of these centers of excellence; we brought in a firm to do really an uncomfortable deep dive into each of their businesses. And the reason is that Coast Guardsmen’s mission needs were growing, and they were saying, ‘Hey you’ve got to change something to keep up with us because our needs are constantly changing.’ Especially with intelligence-driven operations having such a great effect with our new national security cutter, and we’re routinely making hundreds of millions of dollars’ worth of cocaine busts, our IT has to support that range of missions.
Each one of those assessments takes about six months, and they talk to the end-users and customers, and some of that is some pretty unflattering feedback. But it’s good to get that honest feedback. And we were able to bring in some forensic accountants so we knew where every dollar was going.
Last year we spent about $530 million Coast Guard-wide — that’s a lot of money and a lot of services. Our muscle movements are through those contracts and those relationships. Long story short, we basically went on this assessment and discovered that with the pressures on budgets, the cyber threats going through the roof, the policy and architecture changes at the Defense Department with the Joint Information Environment…those are fundamentally changing, and the Coast Guard is following. So you have all these external drivers, and the needs of the Coast Guardsmen on the boat, airplane or cutter are great and growing. We just finished the last of the assessments…and now we’re changing the culture within the C4IT Service Center by adopting a much more robust business model, establishing a very firm vision.
The vision of Project Torchlight isn’t unique; it’s to move fast on stable infrastructure. What we found is that if we properly characterize a problem set to industry and stop putting so many constraints on the problem…we get a really good response. We need to learn much more from industry in the C4ISR space because that’s where the innovation is occurring. We’re sitting down and having a discussion with industry to talk about how they would approach our problem set.
C4ISRNET: What do those problem sets look like for the Coast Guard, and how are you hoping industry can help?
DERMANELIAN: We’re located at 832 sites. We follow DoD policy for dot-mil being part of the DoD Information Network. Our goal is to reduce our attack surface and improve the end-user experience because we’re a first-responder organization. How we were doing things in the past is not going to cut it. So we’re adopting a new business model; we’ve identified a slew of internal capabilities that we need to have; we’ve identified our core pillars and goals, and we’ve developed our road map to get the best from industry and bring back innovation into the Coast Guard.
We’re seeking efficiencies and we’re achieving those one at a time. We don’t want to be beholden anymore to routers and hardware and switches and gadgets. We’re trying to look at those things as services. Our radios and radars are not what I’m committed to — I’m committed to providing communications services and navigation services. I’m committed to providing classified and unclassified connectivity at sea, in the air and at terrestrial sites. So instead of hugging onto servers and hardware and rather talking to cloud providers…we’re hoping to get some interesting ideas to approach this in an acquisition that makes sense end-to-end.
Some things are just going to be unique to the Coast Guard, but the pieces that are commoditized in industry, we want to enjoy those. We’re on Defense Enterprise Email on the classified side, so we don’t need to own the infrastructure and that works great.
We need to do more of working with companies that have relationships with the Defense Information Systems Agency and work with the joint regional security stacks, where we’re always going to be behind. And the Coast Guard is on that JIE journey, but I still want to access Amazon Web Services or HP cloud, or XYZ cloud — I still want to have access to commercial cloud services for when it makes sense.
That’s what the transformation is about…enjoying the state-of-the-market services instead of trying to invent it all in-house. And that takes a massive culture change for people who, for the past 30 years, have enjoyed being the engineer, the one who actually makes it and creates it. That becomes their baby. So some of it gets controversial just internally to the organization as we culturally change.
C4ISRNET: How are you working with DoD in your transformation?
DERMANELIAN: We’ve benefited a lot from DoD services, getting behind their email and enterprise messaging gateway, their Tier 1 services. The Coast Guard has benefited a lot because of the strong security posture that they represent. As we move out with JIE and we employ those joint regional security stacks [JRSS], we believe that is going to make it much more difficult for our adversaries to disrupt our operations.
Part of JIE is that efficiency piece too, so normalizing all the networks and ordering off some of those strategic vehicles…trying to commoditize all of those into a much larger bundle of DoD services, I would expect some savings. The JIE journey, I think, is an intelligent one. It’s a matter of all the details that are going to eat your lunch if you don’t pay attention.
A year from now we will have ourselves positioned where we’re behind JRSS. We’re on, I think, the third phase of the implementation, and I think it’s exciting. It allows us to focus our efforts on more of the tactical elements of the security within our boundaries. Our portion of the DoDIN we’ll be able to defend much better once we know we don’t have to look out for certain threats; we can focus on the threats that are not caught by the Tier 1 gateway or the enterprise email elements or JRSS.
C4ISRNET: But your mission is really different from the Pentagon’s. How do you reconcile those differences and the commonalities?
DERMANELIAN: Coast Guard is a first responder organization, so we’re waiting for the next Deep Water Horizon, the next Hurricane Sandy. We work very closely with our port partners, and with the state, local and tribal governments, in a disaster-response scenario. It’s different because the Coast Guard isn’t an element of DoD — so we’re entering the [IT] environment through the mission partner gateway. The idea is we need to communicate with our [Department of Homeland Security] partners, who will also need to access information that we host. A lot of that is still to be figured out. Our allied partners, say NATO, are going to need to come in and work with not just dot-mil forces, not only DoD forces, but also Coast Guard dot-mil forces. Some of that is just evolving, and that’s OK.
You start tuning your firewalls, you start tuning your intrusion detection system and your JRSS capabilities so that you get access to those folks, but there’s no doubt in my mind that as we progress we’re going to break some things. And we’re going to get smarter as we go along. There will be some bumps along the way, for sure.
We have to understand each other’s data sets, and that gets back down to one of our goals for Project Torchlight, and that’s to treat our data as a strategic asset. We want to treat our infrastructure as a strategic asset, just like it’s a large cutter, an airplane, a facility, and our data needs to be treated like a strategic asset as well. Because at the end of the day my job is to deliver information, with all the adjectives — securely, reliably, affordably and so on.