WASHINGTON — Across the U.S. Department of Defense, digital modernization is a significant priority. The department is moving to the cloud and trying to harness emerging technologies to support the war fighter.
John Sherman, the new principal deputy chief information officer at the Pentagon, is four months into his new job after leaving his last position as the CIO of the intelligence community, where he led major cloud and digital modernization initiatives. Sherman joined the department’s chief information officer in June after the retirement of his predecessor Essye Miller and serves under DoD CIO Dana Deasy.
Sherman broke down silos across the IC and expanded the use of cloud services - two areas the DoD is also working to improve to able joint war fighting. Sherman recently spoke with C4ISRNET about his first four months and what lessons he brings from the IC to the DoD.
This transcript has been edited for clarity and brevity.
C4ISRNET: You’ve been in this job for about four months. What have you been working on?
JOHN SHERMAN: What is going on here in terms of cloud modernization, cybersecurity, C3, AI and data is nothing short of amazing as far as I’m concerned. And this does track in many ways, but at much larger scale, [with] what I did in the intelligence community as the chief information officer over there. For example, in terms of cloud computing and software development on that front, with what’s going on with cloud here. Moving out at much larger scale, though, of course.
As we really put our shoulder into the National Defense Strategy and make sure we’re able to deal with that threat environment, the cybersecurity steps that are being taken here are very much in line with what we were doing on the IC side. The AI area with the Joint Artificial Intelligence Center, or the JAIC, .... And I’ve worked with the JAIC from [the] IC side, but coming over here to be even more directly involved with them has been a real privilege and learning about what they’re doing on their national mission initiatives.
C4ISRNET: Is there anything else in your portfolio you’re excited about?
SHERMAN: One other area I’ve been very focused on is the Fourth Estate, or the defense agencies and field activities (DAFAs). There’s 28 of them. I dealt with the four in the IC very closely, but the other 24, Defense Logistics, Defense Threat Reduction Agency, Missile Defense Agency ... [I’m] their representative and working with them as both their advocate and interlocutor, with their DAFA CIOs, the DAFA directors.
Now a lot of great work had been done before on IT reform, Fourth Estate network optimization, cybersecurity. On that IT reform, I want to give Ms. Danielle Metz, the principal director for enterprise environment, a major shout out so I was building on the great momentum they have. But I have stood up a DAFA CIO forum ... where we talk about issues of mutual concern among the DAFAs, working across and also looking at metrics on which we’re holding them accountable. But that’s an area I’m very excited that Dana’s asked me to lead.
C4ISRNET: The DoD is making a major cloud push and has had a bit of trouble procuring two major cloud contracts. What did you learn in that area during your time as IC CIO?
SHERMAN: Moving to a cloud enterprise is not just a technical question. It’s a question of culture, making sure people think cloud first. As they do things like software development and DevSecOps, not just forklifting capabilities to the cloud, but really focusing on cloud native approaches. That’s one big area and this is a major paradigm shift for agencies and enterprises to get their head around.
Also moving from a capital expenditure to an operations expenditure, or a CapEx to an OpEx model. Of course, CapEx, is where you’re paying for the infrastructure, the heating, the cooling, the real estate, all that, whereas operations expenditure or OpEx, is where you’re just paying for the on demand, compute that you need. Much more focused, and, dare I say, efficient. But it takes some time to get our head around this for how do we budget for that? And how do you contract for that? So that was a major shift there.
And then also on cybersecurity, getting our cybersecurity professionals in the IC to get their head around that a cloud environment is actually, in many cases, most cases, I would argue, much more secure than a legacy architecture.
C4ISRNET: The DoD is expected to release its data strategy later this year with data for joint warfighting as the top priority. The services are also making a push on Joint All-Domain Command and Control. What steps does the DoD need to take on data to enable JADC2 and joint warfighting?
SHERMAN: We must be even more forward leaning in this area. So that’s what JADC2 or the joint war fighting is about is to be able to have our battlefield operational commanders have every bit of knowledge they need that’s most complete, most timely, and most interconnected and interoperable that they need at that point in the battlespace.
So how do you make that happen? What does the CIO do about this? Data is probably the most important foundation of this. The data at the point of use, the point of need. When I say data, not only from U.S. producers, but our coalition allies, the intelligence community at the proper classification levels that are needed in a way that is discoverable, tagged, identity credential access management, or ICAM is critical to undergirding this, things like APIs and interfaces are going to be critical to getting this. But it comes down to getting the data in order to do this.
C4ISRNET: Where does artificial intelligence fit into this?
SHERMAN: Part of this as well would be artificial intelligence, what the JAIC is working on. As we move through massive and massive, ever-increasing amounts of data for intelligence, surveillance, and reconnaissance and other types of data, you’re going to have to be able to sense-make at speeds of mission that far more quickly than we have historically. And the JAIC is working on those areas.
So that’s another critical piece of this is to free up the human minds to be able to focus on those key decisions they have to make in the battlespace to be able to get through areas of joint warfighting, and joint operation centers, and so on, which is actually one of the mission initiatives.
C4ISRNET: One of the things you had to do as CIO of the intelligence community was break down silos between all the 17 intelligence agencies. How do you apply those lessons to the services?
SHERMAN: Leadership, plain and simple. Leadership. You need governance, you need structure. I found, back to my IC experience, this isn’t malicious or hoarding. I can go back to when I was an analytical manager in the intelligence community, and there would be times I would stumble over an analyst who would have a lot of data on a key issue and the individual wasn’t trying to keep it out of the networks and so on. They just didn’t know that they needed to surface it and I think if you amplify that all across a large enterprise, that starts to add up. As the congressman or whoever said kind of in a metaphorical way, ‘a million here, a million there, you’re talking real money.’
Well think about a pocket of data here, a pocket of data there, suddenly you’re talking about a lot of data that decision maker needs. So it comes down to leadership and engagement, having a strategy, and I mentioned the data strategy and governance. So [DoD CDO] Dave Spirk has stood up at CDO Council, and has strong buy-in on this. And that was something we saw on the IC side, too, to have a CDO ... who really put their shoulder into this, and a lot of this is wearing out shoe leather. Building the networks, trust building with the data stewards - notice how we don’t say data owners anymore - the stewards of the data, to make sure that they can trust you as to what you’re going to do with that data and to understand where that’s gonna go into.
There are technical, where are you going to store the data, how you’re going to compute. But in my experience, a lot of it is pure leadership, and doing those structural sort of things to make sure you can surface it in a timely and efficient way.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.