Lt. Gen. Bruce Crawford is quick to remind his audience that the United States Army is one of the largest organizations in the world.
Crawford understands the scope because, as the service’s top uniformed IT official, any way the Army wants to take advantage of the revolution taking place in information technology must go through his office.
Crawford became the service’s chief information officer in August 2017 and since then has focused on the move to the cloud, hiring staff and protecting data.
“A lot of things that we’re looking at are aspirational, but what I will tell you is institutionally we are fundamentally in a different place than we were just 12 months ago,” he said.
Crawford spoke recently with C4ISRNET Editor Mike Gruss.
C4ISRNET: Talk about the Army’s enterprise network and the major muscle movements taking place.
LT. GEN. BRUCE CRAWFORD: For about the last 18 months, the Army’s been focused on the tactical network. We really needed to take a step back from 17 years of continuous combat and say, “Have we properly networked the soldier?” Of course, the answer was “No.”
In terms of the enterprise, there are about three big pieces to it. One has to do with our data. It’s not just about storing our data. How do we better protect our data? If you pay attention to a lot of the research, 90 percent of the data that exists in the world today has been generated just in the last 24 months. You combine that with investments in cloud. So today it’s about $200 billion. By 2020-2021 it’s supposed to go to about $500 billion.
One of the big focus areas has to be shifting from defending our networks to how do we protect our data.
C4ISRNET: What else?
CRAWFORD: I call it a triad of opportunity: you have got cloud, identity and access management and credentialing.
Once we put our data in a secure, accessible, elastic environment, then how are we going to make sure that we can authenticate who you are, but you can actually access that data? So, taking on the issue of identity, credentialing and access management is the second leg in that stool.
Last, but certainly not least, is the power of artificial intelligence and machine learning. The real value of that data is your ability to analyze that data, to predict what some of the challenges may be.
C4ISRNET: Do you expect to see two-factor authentication or biometrics being used on the battlefield?
CRAWFORD: That technology is here today. The vast majority of our Guard and Reserve forces don’t get a government-issued Blackberry. When they come to work, they bring their device. So why shouldn’t they be able to leverage their personal device and get access to information that has been put behind a two-party authentication firewall?
One of the efforts that we have ongoing is to do exactly that. We’re looking at the next six months before we have that capability, at least able to test it and put it in the hands of soldiers.
C4ISRNET: Some of those technologies will rely on the cloud. How does the cloud help the Army make decisions faster?
CRAWFORD: Right now, the Army has 1,112 data centers. Our goal is to have about 296 centers by 2022. So, you’ve got to ask yourself, with cloud technology available, do we even need data centers?
Being able to aggregate that data, allowing the deployed soldiers to not have to take servers to the battlefield with them. Giving them the ability to be lighter and more mobile and being able to access that data from anywhere they are on the battlefield. It’s pretty powerful in terms of increasing their mobility and the survivability of their data.
C4ISRNET: How does cybersecurity fit into the Army’s modernization process?
CRAWFORD: You’ve heard about this concept of multidomain operations. It’s not moving from this domain to this domain to this domain; it’s organizing ourselves as an Army and posturing ourselves as an institution to be lethal in all these environments at once if we had to. So this idea of cybersecurity is critical to that. It has to be a part of our DNA as we move forward.
The vast majority of the intrusions and vulnerabilities are human error. Cybersecurity has to be a part of who we are. The position now is that every domain that you’re operating in is a contested environment. That requires a culture change to remain lethal.
C4ISRNET: We hear a lot about Agile and Waterfall development. What’s needed across the Army to make sure that it happens?
CRAWFORD: A shared understanding of the problem.
We recognized software optimization was a problem. The Army’s expending a considerable amount of resources just on software sustainment over the [Future Year Defense Program]. Recognizing that it’s an issue and then pulling together key stakeholders, not just the services, but organizations like the [National Security Agency] or organizations like FBI and CIA, which can innovate at a pace much faster than we can.
My No. 1 concern when it comes to software optimization has to do with the resiliency of the applications developed by industry. A lot of the applications, they work great in the lab. But when you put them on a network, especially our tactical network, and then you have to try and extend that to the disadvantaged user at the tip of the spear? A lot of the applications don’t perform as well as they would in a sterile environment. Applications have got to be more resilient.
C4ISRNET: The storage of data is a challenge, but also the integration between networks or databases. What are the steps you’re taking to make sure that soldiers can get all the information they need?
CRAWFORD: One of the efforts that excites me the most has to do with this idea of a common operating environment. You’re going to take 19 disparate battle command systems and collapse them onto three specific environments — a handheld environment, a mounted environment and a command post environment — and each is going to have the same look and feel. Now think about the infrastructure. If you can collapse these systems — all with their own server farms, all with their own standards, all developed by different people, all from different organizations — if you can collapse those all onto a common operating environment, think of the things that you can divest of, but also think of the complexity.
We really need to remove the burden of integration from the backs of soldiers. There is a lot of value in that, to include increased mobility for the soldier.
C4ISRNET: What are some of the technologies that get you excited?
CRAWFORD: The U.S. Army is the third-largest organization of any kind in the world. You’ve got to ask yourself, “Do we have total asset visibility? Do we have the ability to know what’s on our network?” Enterprise license agreements and the things of that nature.
Imagine the power of that, if you had 100-percent visibility — not just of your network from a cybersecurity perspective, but when it comes to a term that I am calling information technology accountability, or investment accountability. If you had 100-percent investment accountability, meaning you knew every time an IT dollar was spent, who spent it and was that done against one of your modernization priorities.
C4ISRNET: Those are a lot of the same problems that we see in the business world. You’re not starting from scratch. You can use commercial products.
CRAWFORD: Absolutely. So, there are several things that we are looking to partner more closely with industry. It’s the technologies that give us total asset visibility and reduce the number of tools, reduce the number of enterprise license agreements, help us with better visibility of cybersecurity.
Then there’s another that I’m really interested in: it’s talent. Do we have the talent, right now on board, to deliver the technologies that the Army’s going to need in 2028 and the answer is no.
We’re in a race for talent. We’ve got an effort called “Workforce 2028” that is looking at the 13,600 IT professionals ... We’ve looked and asked, “OK, what skill sets are really required, based on what we know now, in the next 5 to 10 years?” That’s a tough one.
C4ISRNET: What do you hope to accomplish in the next 12 months?
CRAWFORD: I talked about a race for talent. That’s really important that we posture ourselves to get the right people on the team.
C4ISRNET: How do you measure that, though?
CRAWFORD: Well, you’ve got to measure it in terms of knowing what skill sets you need, so there’s some work that has to be done upfront and we’re doing that work now. And you either began — you created a process to allow you to iterate and field the skill sets — or you didn’t. It won’t be that difficult to measure, but it’s got to be an institutional approach. It’s not just in the Pentagon. I want to be able to tell you a year from now that we have created a process or leveraged an existing process, because we’ve actually been granted some authorities by Congress and others over the last couple of years to better posture ourselves.
The other thing has to do with protecting our data. Over the next four years, I want to put 25 percent of 8,000 existing applications in a cloud hosting environment. And I’ve created a process that allows us to do that. It’s in support of and synchronized with where the DoD, Mr. [Dana] Deasy is going with the JEDI effort. We live in times now where status quo can no longer be the norm.