For Teri Takai, the key to overseeing cybersecurity for the world’s largest defense organization is striking a delicate balance between enabling mobility and safe-guarding information that is often crucial to national security. In her role as the Department of Defense’s chief information officer, she must also convince a widely diverse group of constituents that a shared approach is best.
DOD has always had a highly mobile workforce, but the proliferation of mobile devices is radically altering the department’s already challenging security environment.
This article originally appeared in the latest edition of CGI Initiative for Collaborative Government‘s Leadership journal. For more news and insights on innovations at work in government, please sign up for the AOL Gov newsletter. For the quickest updates, follow us on Twitter @AOLgov.
On the one hand, mobile technology offers immense potential for gaining a tactical edge in military operations. For instance, the Army is deploying troops to battle zones armed with smart phones and is developing specialized mobile applications for a wide range of functions. On the other hand, the security risks have never been greater, with public, commercial and military digital assets under constant attack.
Because there is no single method for using commercial mobile devices in military situations, Takai is considering multiple approaches.
In the past, the Pentagon typically developed proprietary technology with built-in security and other requirements. But now mobile devices are blurring the line between personal and professional activities, and something as innocent as an employee wanting to check work e-mail from a smart phone can have unexpected security consequences.
We’re faced with a very different dynamic, which is commercially available devices that were not built for defense being introduced into our network.”
As a result, DOD increasingly has to work with partners outside the defense industry to ensure security.
“Now we’re faced with a very different dynamic, which is commercially available devices that were not built for defense being introduced into our network,” Takai said. “That’s been a real challenge for us.”
Balancing Flexibility and Security
Takai’s team has formed a working group to create policies for using mobile devices “not because people are going to do something intentionally wrong,” she said, “but because they won’t appreciate the threat and the risk of these devices.”
The Commercial Mobile Device Working Group, which includes representatives from the Army, Navy, Air Force, and other agencies within the Department of Defense, is developing policies to cover the full range of security requirements, which must be especially rigid with regard to classified information.
“What we’re looking at right now is: How do we set policy that allows for uses where mobile technology actually makes sense, and which is also restrictive enough so that people don’t go out and buy just anything?” she said.
“We put out one policy that actually started down the path of saying, ‘Here are the things to think about,’ or ‘Here are the things that you have to consider as you’re deploying.’ We have a second policy that’s in the works that’s the next level of being restrictive, to be prescriptive about what devices you can use that are not connected to the network but that have the capability to display information,” she said. “What devices can you use if you’re using unclassified information, and then what devices do we need to have in our classified environments?”
The key is finding equilibrium between users’ need for flexibility and DOD’s need for security.
“The challenge is that as we push down the ability to make the decision on whether you can use a device, it’s very difficult to say when somebody will thoroughly think through the ramifications of making a bad decision,” Takai said. “The farther down you push it, folks are going to be more focused on the operational need than the security.”
Forging the Supply Chain
Takai is also working on the processes that DOD uses to certify commercial devices for military use, including how officials might investigate supply chains to understand what is embedded in the software and hardware of weapons systems.
Takai brings deep experience in managing complex supply chains to the DOD’s challenge.
As part of her 30-year career at Ford Motor Company, she served as director of supply chain systems responsible for coordinating a massive worldwide network of parts suppliers, e-commerce exchanges, production lines, and dealers. After Ford, she also served as managing director of global supply chain for EDS (now part of HP) and worked with Federal-Mogul Corporation, a global supplier of automotive supplies and systems. (Then came opportunities to serve as the CIO for the states of Michigan and California.)
The supply chain is very big in terms of our thinking because DOD can’t ‘legislate’ companies to protect their supply chains.”
Now at DOD, she is exploring the Pentagon’s relationships with the producers of mobile devices and the software that runs on them. Before the department will allow employees to use mobile devices, providers must modify them to meet DOD’s security requirements.
The supply chain “is very big in terms of our thinking,” Takai said, because DOD can’t “legislate” companies to protect their supply chains.
She has three approaches to supply-chain management.
The first is traditional: ensuring that threats don’t have an entrée through components in weapons systems. To address that, she’s looking to partner with technology companies worldwide.
“We have to partner with those private-sector companies,” she said. “We can’t, if you will, proceduralize them to protect their supply chain. We’ve got to work with them. That’s No. 1.”
Second, DOD is pilot testing processes, particularly in major defense acquisition programs, to see how officials can study the supply chain to understand what’s embedded in the software, hardware and weapons systems the department uses. For several years, DOD has partnered with the Department of Homeland Security on the Defense Industrial Base Cyber Pilot. The project allows DOD to share information on threat intelligence with defense contractors and commercial telecommunica¬tions providers. By doing so, DOD aims to protect its assets by protecting those of its private-sector partners.
“The third piece that we’re beginning to look at is that going forward, there will be a certain amount that we cannot detect,” Takai said. “So we’re working very hard on what we call resiliency. Understanding that there will be some level of breaches, how do we react to that, how do we ensure that that does not damage our ability to carry out our mission? I think that’s going to be a growing area going forward.”
Getting to the Right Answer
Takai admits that the transition from her role as California’s CIO to her new federal role – where she oversees an IT budget of nearly $33 billion and must contend with a range of organizational cultures – has involved a steep learning curve.
“Folks in DOD will laugh when they hear me say it, but things really do take a lot longer,” Takai said. “Every time I look to make a change, I find some rule or process that I didn’t know that I had to go through.”
And one difference between being the DOD CIO and a state CIO is that “when you’re in state government, you’re actually much more citizen-focused because you’re just closer to the citizen,” she said. “You’re very focused on how to help provide technology services that impact the citizen directly.”
At DOD, “that’s the least of my job,” Takai said. “It’s not that I don’t worry about being a custodian of the citizens’ money. My job here is much more internal to DOD: How do we make sure that the warfighter is supported? And so that’s a very different kind of role and it’s got a different kind of dynamic.”
She has also been learning how to meet the needs of a wide variety of constituents in a department with more than 650,000 civilian employees and more than 1 million active-duty troops.
“When you’re in the private sector and you’re leading an organization, you have different levers that you can use in order to move an organization through a change process,” Takai said.
“You have a different kind of process by which you can actually move leadership around into different kinds of positions. You have different processes around how you can reallocate resources, how you can reallocate dollars. Within government, it’s a much more focused and proscribed process.”
She’s also getting used to changes in budget management.
In the private sector, numbers are set within an organization through a single chain of command. In public work, the budget is a collaborative effort among agency officials, various departments and even taxpayers and the media “because media is the conduit to the way that we get our messages out to the citizen around what we are spending their taxpayer dollars on,” Takai said.
“Clearly one of the things that I didn’t get right when I went into government was to really understand the importance of working with the legislature and the legislative body,” she said, “and the importance of getting involved in selling your message about the budget.”
“The other piece of the leadership challenge here at DOD has been in the context of really understanding the culture of our career civil servants and our career members of the Senior Executive Service,” Takai said. “Then there are the political appointees and the relationship there. And then the military. And each of those three has their own culture and their own approaches to looking at things.”
“One of the tricky things about information technology implementation, unlike some weapons systems, is that it’s as much about customer experience and the way people feel about their technologies as it is about the technology,” Takai told reporters at the annual Defense Information Systems Agency (DISA) conference in Baltimore in August.
“It’s not about a power struggle for me. It’s about getting to the right answer, which is the ability for everyone to collaborate.”
Fiscal Crisis Management
Her job at DOD is the latest in a series of tough assignments she has tackled at budget-constrained agencies. “I do have this little cloud following me around,” she joked. “The budget deficit always seems to show up where I am next.”
For instance, the financial crisis hit Michigan earlier than other states, and American auto makers such as Ford have been fighting foreign competition for years. California, too, has experienced tough times, as evidenced by the fiscal emergency declared there in 2008 that led to large cuts in aid for public education and social welfare, and reduced benefits for state employees – issues that persist today.
Takai is drawing on her extensive private- and public-sector success in increasing an organization’s efficiency by streamlining its IT architecture. Among her initial projects is the consolidation of DOD’s IT systems while devising a cloud strategy in accordance with the Obama administration’s 25-point plan for reforming federal IT management, released in December 2010.
In addition to the eight data centers she had already closed, Takai had plans to close 44 more by the end of fiscal 2011. “The sheer size of the DOD makes streamlining IT operations or changing IT investment management daunting, yet this size makes the payoff of successes that much greater,” she wrote in a blog post on the CIO Council’s website.
The next challenge will be cloud computing, which is a key facilitator of mobile technology, enabling warfighter access to data and mobile applications from anywhere using a wide range of devices.
“As we begin to consolidate our data centers and as we begin to virtualize and standardize, then we’ll be able to look at cloud services,” Takai said, adding that the department will likely consider a private cloud at first “because there are certain areas [involving classified work] where we’re not yet able to go to commercial cloud services.”
DOD is an active participant in the Federal Risk and Authorization Management Program (FedRAMP), which was established to provide a standard approach to assessing and authorizing cloud computing services and products. “We are actually instituting a next-level FedRAMP that takes the FedRAMP requirements and then imposes the additional DOD requirements,” she said. “And that will give us the ability, in parallel with the standardization, to look at private cloud services as well as commercial cloud services.”
To forge ahead with her plan, however, Takai is collaborating with IT leaders in the various military branches to shape and adopt an enterprise approach that makes the most sense.
“It’s not something we’ve done very well, but the technology is pushing us to go there,” Takai said at the DISA conference. “While we’ve talked about the net-centric environment before this, now we’re there.”
Never Say Never
Takai admits that working for the federal government wasn’t part of her career plan. She had not worked in the federal market or the defense industry before arriving at the Pentagon. Therefore, her path to a top leadership role in federal IT was far from predetermined.
After earning a bachelor’s degree in mathematics and a master’s in management from the University of Michigan, Takai started her career in the automotive industry. At that time, if you went to work in the Detroit area, “you were going to end up in the automotive industry,” she said.
Takai made a name for herself at Ford as an expert developer of large applications, before joining EDS and Federal-Mogul Corporation. Public service didn’t enter her mind. “People talk about your career plan, and that was not in my career plan, to work in government,” she said.
But in 2003, as Takai tells it, fortune intervened.
“The governor of Michigan at that time had just been newly elected, and a friend of mine knew her and knew that she was looking for a CIO,” Takai said. “And I have a golden rule, which is that you always talk to people when they have something that looks interesting. You never turn it down out of hand because it wasn’t in your game plan. And it was really one of the most fortunate things I did because former Gov. Jennifer Granholm really is a terrific lady.”
Although Takai found the prospect of working for the state intriguing, she said that before she met with Granholm, she didn’t know what public service involved. “She actually talked to me about public service, something that I had not thought about in any sense before,” Takai said. “It was a real gift to me that she spent that time at a point that I felt I needed something different.”
As Michigan’s CIO, Takai earned plaudits for streamlining the state’s IT – and plenty of awards, including Governing magazine’s Public Official of the Year in 2005. In addition, the Center for Digital Government ranked the state No. 1 in digital government for four years in a row during Takai’s tenure.
In December 2007, Takai was recruited to lead California’s 130 CIOs and 10,000 IT employees as the state’s CIO. During her tenure, she formed the Project Management and Policy Offices to develop statewide policies for project development and management, released the California IT Strategic Plan, helped secure passage of the governor’s billion-dollar-saving IT Reorganization Proposal to consolidate state IT functions under the CIO Office, and made state agencies more accountable by requiring them to submit Five Year IT Capital Plans to her office.
With jobs in two state governments under her belt, Takai said she still hadn’t considered joining the federal government. But her high-profile work and former Defense Secretary Robert Gates’ cost-cutting drive eventually led to her discussions with DOD.
“It was an interesting ‘never say never’ because I did say at one time I didn’t want to go to federal government – you know, it was too big, I didn’t have the experience,” Takai said. “And certainly as it relates to coming to DOD, one of my concerns was that I don’t really have a military background at all.”
But as she talked to Gates, former Deputy Secretary William Lynn III, Gen. James Cartwright and others, Takai became more intrigued.
“So that’s how I got here – not through planning, but obviously I feel very fortunate,” Takai said. “I spoke to a group of DOD senior executives recently, and I said to them I feel fortunate that I’ve been able to join the ranks of what they do because they are the senior professionals who really make the place tick. We, as political appointees, come in to play our role, to try to move things, but they’re the individuals who really make a huge difference on a daily basis. We should always be very appreciative of their dedication.”
As she seeks to empower DOD’s workforce with the latest smart phones and tablets, Takai is dedicated to securing the supply chain for those devices and the information they access. It’s a difficult balance, but one she’s well prepared to deliver.