WASHINGTON — Former intelligence community IT chief John Sherman will fill in as acting Defense Department chief information officer during a high-profile review to root out any damage from a major government cybersecurity breach through a software supplier.
Sherman, who served three years as intelligence community CIO, will replace DoD CIO Dana Deasy, who left as the presidential administration changed Wednesday. Sherman will lead the department’s IT operations until President Joe Biden nominates, and the Senate confirms, a new CIO. The job became a Senate-confirmed position for the first time under Deasy’s tenure, which started in April 2018.
Sherman served as Deasy’s top deputy since June 2020. With the intelligence community, he led major information technology efforts to implement cloud computing and break down collaboration barriers across the IC’s then-17 agencies. (There are now 18 with the Space Force.)
During his time as Pentagon CIO, most employees will still work remotely because of the COVID-19 pandemic. Plus, the department will continue its search for potential damage from the hack pinned on Russia, a breach that one U.S. senator called Tuesday “the greatest cyber intrusion in the history, I think, perhaps, of the world.” The hackers infiltrated numerous government agencies through IT software from contractor SolarWinds.
Under Deasy, the department released a digital modernization strategy that included a heavy focus on cloud computing and emerging technology, though the department failed to acquire a long-desired enterprise cloud environment, known as the Joint Enterprise Defense Infrastructure, due to court challenges and protests. Sherman’s cloud computing experience includes helping prepare the intelligence community for a multicloud, multivendor environment known as the IC’s Commercial Cloud Enterprise.
“Moving to a cloud enterprise is not just a technical question. It’s a question of culture, making sure people think cloud first,” Sherman told C4ISRNET last year. “As they do things like software development and DevSecOps, not just forklifting capabilities to the cloud, but really focusing on cloud native approaches. That’s one big area, and this is a major paradigm shift for agencies and enterprises to get their head around.”
The DoD, like the intelligence community, is challenged by the isolated nature of its agencies and offices. To enable joint war fighting, a major effort across the Pentagon, the silos will have to break to enable the services to share the data critical to multidomain operations. The key to breaking down those stovepipes is “leadership, plain and simple,” Sherman said in an interview with C4ISRNET last year.
“There are technical, where are you going to store the data, how you’re going to compute. But in my experience, a lot of it is pure leadership, and doing those structural sort of things to make sure you can surface it in a timely and efficient way,” he said.
While serving as principal deputy CIO, Sherman led the department’s modernization effort for its fourth estate agencies, those that don’t fit squarely under a military department. That effort, known as fourth estate network optimization, is expected to increase efficiency and save money by consolidating networks and other IT systems across those entities, such as the Missile Defense Agency or Defense Information Systems Agency.
Andrew Eversden is a federal IT and cybersecurity reporter for the Federal Times and Fifth Domain. He previously worked as a congressional reporting fellow for the Texas Tribune and Washington intern for the Durango Herald. Andrew is a graduate of American University.