Page 1       TOP OF DOC
[H.A.S.C. No. 108–5]



FOR FISCAL YEAR 2004—H.R. 1588






 Page 2       PREV PAGE       TOP OF DOC


APRIL 3, 2003




JIM SAXTON, New Jersey, Chairman
JOE WILSON, South Carolina
JOHN KLINE, Minnesota
ROBIN HAYES, North Carolina
 Page 3       PREV PAGE       TOP OF DOC
JO ANN DAVIS, Virginia
W. TODD AKIN, Missouri

MARTY MEEHAN, Massachusetts
ADAM SMITH, Washington
MIKE McINTYRE, North Carolina
BARON P. HILL, Indiana
SUSAN A. DAVIS, California
RICK LARSEN, Washington
JIM COOPER, Tennessee

Thomas Hawley, Professional Staff Member
Jean Reed, Professional Staff Member
William Natter, Professional Staff Member
Curtis Flood, Staff Assistant



 Page 4       PREV PAGE       TOP OF DOC


    Thursday, April 3, 2003, Fiscal Year 2004 National Defense Authorization Act—Department of Defense's Information Technology Programs and Policies


    Thursday, April 3, 2003




    Meehan, Hon. Martin T., a Representative from Massachusetts, Ranking Member, Terrorism, Unconventional Threats and Capabilities Subcommittee

    Saxton, Hon. Jim, a Representative from New Jersey, Chairman, Terrorism, Unconventional Threats and Capabilities Subcommittee


 Page 5       PREV PAGE       TOP OF DOC
    Brown, Rear Adm., Nancy Brown, USN Vice-Director for Command, Control, Communications, and Computer Systems, Joint Staff

    Cuviello, Lt. Gen. Peter, Chief Information Officer/G–6, United States Army

    Gilligan, John, Chief Information Officer, United States Air Force

    Raduege, Lt. Gen. Harry, Jr., U.S. Air Force director, Defense Information Systems Agency

    Stenbit, John, Department of Defense Chief Information Officer

    Thomas, Brig. Gen. John, Department of the Navy, Deputy CIO for USMC

    Wennergren, David, Department of the Navy Chief Information Officer


[The Prepared Statements can be viewed in the hard copy.]

Brown, Rear Adm., Nancy Brown

Cuviello, Lt. Gen. Peter
 Page 6       PREV PAGE       TOP OF DOC

Gilligan, John

Raduege, Lt. Gen. Harry, Jr.

Stenbit, John

Saxton, Hon. Jim

Thomas, Brig. Gen. John

Wennergren, David

[The Documents can be viewed in the hard copy.]

[The Questions and Answers can be viewed in the hard copy.]

Mr. Meehan


House of Representatives,
 Page 7       PREV PAGE       TOP OF DOC
Committee on Armed Services,
Terrorism, Unconventional Threats and Capabilities Subcommittee,
Washington, DC, Thursday, April 3, 2003.

    The panel met, pursuant to call, at 3 p.m. in room 2212, Rayburn House Office Building, Hon. Jim Saxton (chairman of the subcommittee) presiding.


    Mr. SAXTON. Good afternoon. The Subcommittee on Terrorism, Unconventional Threats and Capabilities meets this afternoon to consider the Defense Department's information technologies policy and programs for fiscal year 2004.

    The Department of Defense (DOD) annually invests billions of dollars in information technology, IT, to support its business operations and plans to invest similar amounts in fiscal years 2003 and 2004. The defense IT budget request for fiscal year 2004 is approximately $28 billion. This is a sizeable amount of funding for IT programs, systems and services that needs to be properly managed at both the Department of Defense Chief of Information Officer Department and the Service Chief Information Officer levels.

    Technology changes evolve rapidly, and its integration is equally complex, thereby raising concerns that if IT programs and investments are not wisely planned with sound best business practices, coupled with an investment strategy, they are doomed to fail and cost billions and billions of dollars. This is a critical issue for DOD because its past investments have met with only limited success.
 Page 8       PREV PAGE       TOP OF DOC

    The subcommittee is concerned that one reason for this lack of success may be attributed to the fact that DOD does not have the corporate blueprint or enterprise architecture to guide and constrain its IT investments in a manner that promotes interoperability and minimizes duplication and overlap.

    DOD is now developing a Department-wide enterprise architecture that encompasses seven functional areas: One accounting; two, collection of accounts receivable and cash management; three, financial and management reporting; four, human capital management; five, logistics; six, procurement, payables, acquisition and disbursement; and, seven, strategic planning and budgeting. The subcommittee is interested to learn from the witnesses what progress the Department and the individual services have made in regards to each of these functional areas.

    Secretary of Defense Donald Rumsfeld has stated on multiple occasions that IT is an enabler behind defense transformation. What is needed today is the ability to leverage the technology to ensure its operable capacity in both business and warfighting environments.

    While the subcommittee recognizes the critical efforts and difficulty of IT modernization, concerns have been raised that there is not sufficient oversight at the Department nor at the service Chief Information Officer (CIO) levels to achieve the objectives contained in the Department's enterprise architecture. The General Accounting Office (GAO) has recommended that the Department develop an enterprise architecture in the investment management controls for effectively implementing the architecture.

    GAO recommends that DOD should limit its IT investments to, one, deployment of systems that involve no additional development or acquisition costs; second, stay in business maintenance needed to keep existing systems operational; third, management controls needed to effectively invest in modernization systems; and, four, new systems or existing system changes that are congressionally directed or are relatively small, cost-efficient and low risk.
 Page 9       PREV PAGE       TOP OF DOC

    The subcommittee is interested to learn more about how DOD and the service CIOs are managing their IT plans, programs and processes and if the enterprise architecture is broad enough to give the Department and service CIOs the authority to effectively oversee both DOD's corporate transformation and DOD's force transformation command and control. This hearing will attempt to determine how successful are the Department and the services at modernizing its IT business systems and to effectively and efficiently—and how efficiently it is delivering the necessary IT tools and systems to the warfighters.

    Let me just at this point yield to Mr. Meehan for any remarks that he might wish to make, and then we will introduce our panelists.

    [The prepared statement of Mr. Saxton can be viewed in the hard copy.]


    Mr. MEEHAN. Thank you very much, Mr. Chairman. I want to associate myself with your opening comments, and I join you in welcoming our guests and I thank you for calling this hearing.

    As you know, Mr. Chairman, I view information technology, or IT, as critical to both national security and economic strength of the United States. It is, in the words of Defense Secretary Rumsfeld, a true enabler of defense transformation. Indeed, it holds the promise of consistent global time-critical targeting. With the national security establishment growing increasingly reliant upon commercially available information systems, the Department of Defense IT modernization pushes the private sector to stay at the forefront of technology development, just as our defense establishment endeavors to ensure stable economic markets abroad.
 Page 10       PREV PAGE       TOP OF DOC

    Not all is rosy, however. Many of the existing Department of Defense IT systems remain redundant and outdated; some are inefficient; and many are vulnerable to cyberattacks from terrorists, transnational criminals and even foreign intelligence services.

    To guard against such attacks, we must successfully initiate both corporate and force transformation in the Department, even if suggested, as GAO historical assessments, that DOD's most important development projects often experience cost overruns, take longer to produce and deliver less than promised.

    Just this week the General Accounting Office delivered more bad news. The DOD financial management system remains inefficient and vulnerable to fraud, waste and abuse, but we have little choice other than to modernize. IT products and services have become essential to the Department of Defense operations and battle plans. The solution must include a commitment to invest, reorganize and, finally, to empower those in need of information. I am hopeful that we can be successful but recognize it will take time, patience and considerable resources.

    Just as I am encouraged by Department proposals, I am also realistic about the daunting task we face. I look forward to working with the Department and also with my colleagues on this subcommittee and my colleagues on the full Armed Services Committee. Thank you, Mr. Chairman.

    Mr. SAXTON. Thank you, Mr. Meehan.

    Before we introduce our panel, let me welcome our special panelist, Congressman Howard Coble, who is chairman of the Judiciary Subcommittee on Crime, Terrorism and Homeland Security.
 Page 11       PREV PAGE       TOP OF DOC

    We have two panels of witnesses for our proceedings this afternoon. Let me welcome the Honorable John Stenbit, Assistant Secretary of Defense for Command, Control, Communications and Intelligence (C4I). As such, he speaks for the Department and advises the Secretary of Defense on these issues. Rear Admiral Nancy E. Brown, Deputy Director for Command, Control, Communications and Computer Systems on the Joint Staff; and Lieutenant General Harry Raduege, Director of Defense Information Systems.

    At the outset, let me ask unanimous consent that your full statements be included in the record; and let me say that we are going to be looking to you over a long period of time for your help and guidance on these issues. They are issues that are being for the first time discussed in this context, and we look at it as a major responsibility inasmuch as nobody would call $28 billion less than major, particularly in regard to these issues that help to make our lives easier but, more importantly, more efficient. So we look forward to your testimony.

    Mr. SAXTON. You may proceed as you see fit, Mr. Secretary.


    Secretary STENBIT. Thank you very much, Mr. Chairman.

    I am going to lead off with a brief statement. You have my statement for the record. You actually have a summary of that, as if I would summarize it.
 Page 12       PREV PAGE       TOP OF DOC

    What I thought what I would try to do this afternoon is give you a couple of examples of what it is we are talking about to set an overall context, and then we will be happy to hear the statements from my colleagues as well as answer all of your questions.

    First, hearing the opening statements, I think I need to make a comment about definitional terms. The term ''business system'' and the term ''IT'' and the term ''national security'' sometimes get confused in all of this. I am here to represent, as the CIO of the Department, all of the aspects of the IT community. That is the business systems as well as what we call the national security systems or those that have the warfighters actually able to do their job.

    There is a big difference between those two kinds. For instance, one of you mentioned that the GAO recommended that we do not use any IT systems that don't have any R&D in them. I am sure by the time I finish giving my talk you will understand I can't do that, because we do have research and development that are required to put satellites in space, that put laser communications in space, that actually build an infrastructure for our battlefield to be able to be done more effectively. So we need to keep track of at least several subjects at the same time.

    I am going to try and go over the entire issue, because, from my point of view, information flows in the Department. While it is easy to tell a targeting loop and it is easy to tell a paycheck, they actually go together because we need to know where that person is, we need to do their health care, we need to do their logistics for them. So from my point of view it is all an integrated system.
 Page 13       PREV PAGE       TOP OF DOC

    But, for the record, I believe the $28 billion breaks out approximately one-third for business-oriented things. So the eight functional areas that you described are in the range of a third to a quarter of the $28 billion, and the rest is what we refer to as the—what Congressman Meehan referred to as getting the warfighters to be able to use information effectively.

    When the Secretary says IT, he is talking about the whole gambit. He is actually in his mind even talking about satellites. Because, to him, that is all information, and he is thinking about that as part of the transformation.

    So with that introduction, just to make sure we understand we are covering the entire waterfront, although we are happy to talk about any of the details you might like, I thought it would be appropriate to talk about where we were, where we are and where we are going and see if I can use some analogies and tell you about why it is we think we are moving forward in the way we are going.

    You are correct. We do need an end-to-end architecture and an end-to-end game plan that talks about how do we actually continue to fund what we are doing today and dependent on while we move forward. Because it is a difficult management task because we can't just sort of unplug the system at any point in time.

    About 25 years ago, I actually had the same sort of job then, working for Mr. Rumsfeld, that I do today. I don't move very fast in my career, I guess. Actually, I am one door down the hall at the Pentagon. We ran a system that fundamentally you could think of as a telephone system.
 Page 14       PREV PAGE       TOP OF DOC

    I would like to start today by thinking of a telephone system as a smart-smart-push system. If anybody found anything out, they had to be smart enough to know that it was important; and then they had to be smart enough to know to whom they should tell it to, because they needed to know the telephone number of who it was that might be interested in that.

    There was a Congressman from West Virginia—his name was Mollohan—who had almost in continuous session an investigative subcommittee that looked at the failures of that particular system over and over and over again, basically because it was too slow and it was a fundamentally impossible information system to make work.

    I will use as an example, when the North Koreans captured the Pueblo, it took them 30 hours to get the Pueblo from where they captured it back into the port. But because we had this telephone system where people were dealing with a subject they didn't understand and they weren't used to the phone numbers, weren't on the list of who to call, it took us 36 hours to figure out that the Marines had aircraft in Okinawa that could have gone and intercepted it. Well, that didn't do us any good because it was already back in port.

    We had cases over and over and over. Those were fundamental to this idea that we were in a telephone world, a smart push that you had to know what was important and then a second smart that you had know to whom you sent it.

    Today, we are not in that mode, absolutely not in that mode for a big reason. From an information standpoint, we now have a smart push system, but it is more like direct TV. What it is today is anybody who finds anything out still has to be smart and know that it is important. But today they put it on a broadcast system, and they don't know to whom it is going. It goes all over the world.
 Page 15       PREV PAGE       TOP OF DOC

    That is what you see in action in Iraq right now today. If you go out and examine the command and control systems that are around in the military Department, as Admiral Brown and I did in the Middle East in January, you will see very large elements that have a thousand people or so with big complex networks and lots of satellite dishes out in the backyard all listening to these broadcasts, pieces of data. So when NIMA has a picture they think it is important, it goes on the National Imagery and Mapping Agency (NIMA) broadcast. When National Security Agency (NSA) has something that is important, it goes on the NSA broadcast. When the Air Force has something in JSTARS, it goes in the Joint Surveillance Target Attack Radar System (JSTARS) broadcast.

    So we have separated, if you wish, the requirement for somebody who finds something interesting to know who might be interested in it. That is a big, big difference. What it has done is to transform what used to be a—we were fixed in time, and we were fixed in space in the old telephone system. If somebody wanted to talk to somebody, it only worked if they were there at the same time. So we are fixed in time.

    It also worked—only worked if you picked up the phone; and if you went too far away, your phone stayed where you were. So you were sort of fixed in space as well. We may have been spread out, but we couldn't wiggle too much from our common ground.

    Today, we are now open in where we go. We can go anywhere and receive these broadcasts. We are still stuck being fixed in time, because the picture only goes out once on the NIMA broadcast. You have to record it. You have to process it along with NSA data, along with the operational data, along with the JSTAR's data.
 Page 16       PREV PAGE       TOP OF DOC

    That is what these people are doing in these command centers and fusion centers around the world these days. They take all of these real-time data—if you think about watching all the NFL games simultaneously on Sunday and figure out what is the best tackle play while looking at all the channels at the same time, that is sort of what we have to do in our command and control system today.

    But what that allows is the proverbial guy on the wooden saddle on the horse in Afghanistan to say, I want a bomb over there, put it in a broadcast, and a B–2 pilot who is coming from Missouri and has been in the plane for 16 hours puts the bomb at that particular place. They don't know each other. They didn't have to know each other. They didn't have to know the phone number. They just had to know, on the one hand, I want something there and, on the other hand, I got a bomb and I can get it there. That is how we are doing it today. An amazing transformation. It is a big, big deal.

    However, this subcommittee is actually about terrorism and unconventional things and so forth and so on. The very heart and soul of those subjects is that we are going to spread even further out in geography and we are going to deal with smaller and smaller groups of people that can do nastier, nastier things as a function of time. So that means we not only have to be flexible in space as we are today, we have to make it cheaper to allow somebody to participate in this, rather than buying eight satellite dishes and a thousand terminals and having a big, complex system to record all of those data and figure out what they say.

    In order to do that we need to go away from smart push and go to smart pull, and the comparison to that is the Internet where the person who has the job goes back and finds the data they need. They don't need big, complex computers. They don't need big, complex storage or satellite antennas. They need an access to the Internet.
 Page 17       PREV PAGE       TOP OF DOC

    So the transformation that we are doing within the Department, while at the very same time we are operating in this very dynamic broadcast system we have today, which I call smart pushes, is we are moving toward a smart pull system.

    Now if you think about that, there are a couple of things that are important: One, more than one person might pull the same data at the same time. It might actually be quite interesting. I need more bandwidth. I need to be able to use communications efficiently in order to allow personal tailoring of the information.

    Today, it is sort of like you can subscribe to any magazine or book, but you can't call up the authors. You get what they send you. How many times have we heard at the end of a review of something bad that happened, the information was available, it just wasn't at the right place at the right time? Well, that is a statement that says smart push wasn't quite smart enough that day because they didn't think those pieces of data were important in the context.

    Right now, today, if a satellite goes over Iraq, I assure you the pictures of Iraq go out first. But if I happen to be in Afghanistan and it is my job to go over the hill this afternoon, it doesn't do me any good if the picture comes tomorrow. That is this tyranny that we are fixed in time today, not fixed in space.

    In the smart pull, I will be able to do that. I will be able to pull the picture, maybe not have the expert look at it, but I will be able to take it and do it on my time scale with my kind of criteria.

 Page 18       PREV PAGE       TOP OF DOC
    That is the big overview of what we have been doing. In my statement, I summarize some of the programs; and I will be happy to talk about that as we move forward. But I thought it would be appropriate to give you a sort of a bigger picture view of what it is we are trying to do and why.

    I think I would go back and summarize and say we went from the telephone to the television, and we want to go to the Internet. We went from—we were locked in space and time. Today we are flexible in space but not in time, and we want to go to we are flexible in both time and space. That is the big, overriding move of virtually everything we are doing.

    Hopefully, that was helpful.

    Mr. SAXTON. Thank you very much. Great explanation.

    [The prepared statement of Secretary Stenbit can be viewed in the hard copy.]

    Mr. SAXTON. Admiral Brown.


    Admiral BROWN. Thank you.

 Page 19       PREV PAGE       TOP OF DOC
    Mr. Chairman, members of the committee, I want to thank you for the opportunity to testify here today. Before I begin my remarks, I would like to thank all of you for the support that you provided to the men and women of the Department of Defense and the military services and especially at this critical time that we are facing. Your continued investments are key to our ability to complete current operations in Iraq and carry out the war on terrorism.

    I would also like to offer Lieutenant General Kellogg's regrets, as prior commitments precluded his appearance here today.

    My testimony will focus on the Chairman of the Joint Chiefs of Staff top priorities: winning the war on global terrorism, enhancing joint warfighting capabilities and transformation. I will emphasize how networking and connecting our existing systems in new and creative ways support the achievement of these priorities.

    I will start by discussing an overarching concept that guides all our Command, Control, Communications, and Computer investments, commonly referred to as ''net-centric operations.'' .

    Finally, I will share with you some of the important progress we have made in identify some of the challenges we still face.

    The net-centric concept is based on the premise that a weapons system itself is not nearly as capable alone as it is when it is seamlessly linked to other platforms, all receiving the latest intelligence and command and control information. It also assumes that the supporting communications links will allow timely exchange of information and enable commanders to synchronize all available sensors and weapon systems to dramatically increase combat power, a true transformation of military affairs.
 Page 20       PREV PAGE       TOP OF DOC

    The Global Information Grid (GIG) is the underlying infrastructure that provides the secure networking capabilities that make net-centric operations possible. Net-centric operations is not an exotic concept requiring decades of research and development. We can reasonably achieve a limited capability through the use of existing and emerging commercial off-the-shelf and military technology, including new wireless systems. However, more and more frequently we find ourselves in competition with the frequency spectrum, with the commercial sector. While we recognize the growing private demand for spectrum, our ability to operate continues to be threatened by the transfer of military spectrum to the commercial sector.

    Over the past few years, we have expanded the capabilities of our command and control infrastructure, including significant expenditures on leasing commercial satellite capacity. While the commercial capability provides a valuable surge capacity, it is not a substitute for a military program. We must aggressively pursue new technologies as well as identifying, developing and then sustaining the proper mix of military and commercial satellite capabilities to ensure that we meet the operational requirements of our tactical and strategic users. We must make important strides toward solving the interoperability challenges of our legacy command and control communications and computer systems, while ensuring our future systems are born joint, including prioritizing critical information systems efforts in the development of a new streamlined capabilities base requirements system.

    There is no shortage of challenges and opportunities in the information superiority arena. One of particular note is information assurance. Our increasing reliance on information resources and systems, combined with the growing number and sophistication of network attacks, underscores the need to protect our information. This requires development of the tools and techniques along with retaining the trained personnel to rapidly detect intrusion, determine the source and respond appropriately.
 Page 21       PREV PAGE       TOP OF DOC

    Finally, we must not use our C4ISR budgets as billpayers for other programs as we may risk the information superiority advantage that we have already gained.

    In conclusion, I believe we are making solid progress toward implementing a joint strategy for information superiority that supports our warfighters.

    Mr. Chairman and members of the committee, I look forward to helping make the information superiority strategies that I have shared with you this afternoon a reality and to addressing you in the future regarding our progress and the way ahead. Again, I would like to thank you for the opportunity to be here this afternoon and stand ready to answer any questions you may have. Thank you.

    Mr. SAXTON. Thank you very much.

    [The prepared statement of Admiral Brown can be viewed in the hard copy.]

    Mr. SAXTON. Just for the benefit of members of the panel, General Raduege is going to use this set of slides that are in everyone's packet.


    General RADUEGE. Thank you very much, Mr. Chairman. It is a pleasure to appear before the subcommittee today and discuss the Defense Information Systems Agency (DISA), the combat support agency that supports our Nation's warfighters and other defense activities.
 Page 22       PREV PAGE       TOP OF DOC

    I am now going to go to page two of the charts I provided.

    [The charts referred to can be viewed in the hard copy.]

    DISA plays a key role in the success of three quadrennial defense review goals we have underlined on the left side of this chart. This also performs an important part in enabling the other three goals. Shown on the right are DISA's five core mission areas, plus other best-fit mission responsibilities that we have been assigned.

    Chart 3: To fulfill our responsibilities, DISA has people stationed worldwide supporting C4 systems that serve the very needs of the President and all of the Department of Defense.

    Chart 4: DISA provides global communications primarily through commercial assets supplemented with military value-added features which are listed in the center of this chart. These military features are critical to ensure U.S. Forces are not denied access to information, geography or space. The Defense Information Systems Network, or DISN as we refer to it, carries the vast majority of DOD's communications. DISN is the linkage between every military fixed location and our Nation's deployed forces and provides classified and unclassified voice data, video and conferencing.

    We also have several initiatives to increase DISN capability. The Global Information Grid Bandwidth Expansion allows us to provide that needed bandwidth that Mr. Stenbit noted earlier. This provides bandwidth to critical command centers and intelligence centers to benefit our Nation's warfighters.
 Page 23       PREV PAGE       TOP OF DOC

    Today I will also briefly discuss the DOD teleport program which I have listed on that chart. The DOD teleport program will improve deployed warfighters' access to the DISN by greatly expanding connectivity. In the past, deployed forces connected to the DISN on X band frequencies through military satellites. Now they will be able to also gain access through teleports to many commercial satellite frequencies. To meet combatant commanders' needs, we have accelerated DOD teleport fielding. The increased capabilities represented by DISN services are integral for a warfighter's success.

    As examples, real-time operational pictures of the battlefield, Predator video and soldiers calling in air strikes from horseback, as Mr. Stenbit described, are all made possible through the DISN.

    Chart 5: We have made tremendous strides in expanding the global DISN infrastructure and dealing with increased system usage. As you can see, in the U.S. Central Command area of operation alone, we have experienced tremendous increases in DISN services. Interestingly, some of our greatest increases have occurred in mobile satellite telephone usage where warfighters can acquire DISN access anywhere and at any time. Since September 11, the number of users has increased by 300 percent, and usage has peaked at 2.5 million telephone minutes per month. Additionally, fixed commercial satellite communications usage has increased by approximately 800 percent.

    Chart 6: It is also important for commanders to have tools for joint command and control in order to understand where red and blue forces are located, to receive status on supplies and maintenance and to communicate via secure messaging. DISA's command and control systems provides commanders with these tools. DISA's Global Command and Control System, referred to as GCCS, provides information to decision-makers.
 Page 24       PREV PAGE       TOP OF DOC

    GCCS has been essential to Operations Enduring Freedom and Iraqi Freedom. Real-time data feeds are providing situational awareness of the air, land and sea battle space, complete with the accelerated fielding of key intelligence enhancements that have significantly improved sensor-to-shooter coordination.

    Today, GCCS is the system responsible for providing Predator unmanned aerial vehicle (UAV) feeds directly to our pilots who are delivering precision-guided munitions onto the most critical enemy targets.

    Commanders also require accurate information on combat support functions such as logistics and maintenance. This Global Combat Support System, referred to as GCSS, is currently providing this accurate information picture in seven combatant commands. GCSS is credited with reducing airlift information retrieval time from hours to minutes.

    Unclassified and classified messaging is handled by the Defense Message System, referred to as DMS, and is derived from commercial products with military enhancements to ensure delivery, message integrity, authentication, security and positive identification of recipients. Today, DMS is operational at 270 military installations and is on schedule to allow us to shut down the 41-year-old automated digital network in September of this year.

    Chart 7: DISA provides several key capabilities to achieve interoperability among U.S. And coalition forces. We try to ensure that interoperability is built in from the beginning as systems are developed and maintained through their life cycle. Our interoperability efforts include establishing DOD standards, information exchange, testing and certification, on-site support for operations and exercises, and spectrum management. These capabilities are delivered through DISA's joint interoperability test command, defense spectrum office and joint spectrum center.
 Page 25       PREV PAGE       TOP OF DOC

    Chart 8: Defensive information operations permeates every aspect of our organization from physical security to developing, fielding and operating all DISA systems. Our most responsive and flexible initiatives are the Global Network Operations and Security Center, referred to as GNOSC, and the DOD Computer Emergency Response Team, referred to as the DOD CERT.

    The DISA GNOSC is the single DOD network operations center with a complete view of the secure and nonsecure global networks of the DISN. The GNOSC controls actions across the DISN to protect and manage DOD communications. Once the GNOSC identifies a suspicious event, the DOD CERT then takes over and analyzes it to determine the appropriate response. The GNOSC and the DOD CERT then provide direct support to U.S. Strategic Commands Joint Task Force for Computer Network Operations, also referred to as JTF-CNO. This is DOD's lead organization for computer network defense and attack operations.

    As shown in this picture, the GNOSC, DOD CERT and JTF-CNO are co-located to achieve the synergy required to defend DOD information networks. During calendar year 2002 they detected, analyzed and responded to more than 46,000 intrusion events on DOD's nonsecure networks.

    Chart 9: This also provides secure and nonsecure mainframe and server computer operations for more than 700,000 users and 1,200 applications. Our facilities have been designed to provide a secure, available, protected, disciplined and interoperable environment that is under military control.

    Figure 10: Over the past 11 years, DISA has reduced the number of computer processing sites by 97 percent and decreased government manning by 90 percent, billing rates by 80 percent and operating costs by 70 percent. This occurred despite a 60 percent increase in mainframe workload. The latest customer survey conducted by the Gartner group showed that customer satisfaction ranked significantly higher than the average for commercial service providers.
 Page 26       PREV PAGE       TOP OF DOC

    Chart 11: In addition to our DISA core missions we have responsibilities for some other very important missions. Specifically, our White House Communications Agency supports the President, Vice President and other executive members with communications. Our Defense Technical Information Center hosts more than 100 DOD Web sites and is a clearinghouse of scientific and technical information to support DOD research. DISA's E-business Applications Division supports electronic commerce with on-line solicitation, paperless contracting and bill paying. Finally, our Enterprise Acquisition Service provides contract vehicles to DOD and nonDOD activities to support every telecommunications need.

    The last chart: DISA exists as a combat support agency to provide C4 capabilities for our Nation's warfighters and Defense Department.

    I want to thank you, Mr. Chairman and members, for this opportunity to appear before you today; and I welcome your questions.

    [The prepared statement of General Raduege can be viewed in the hard copy.]

    Mr. SAXTON. Well, thank you very much for three really outstanding sets of testimony.

    As I was listening to all of you, it reminded me of a time in 1985 right after I had been elected to Congress. I went out to Fort Dix, which is in my district; and the military folks there started with a set of acronyms that I was unfamiliar with. As I listen to your testimony, I see I have some more learning to do.
 Page 27       PREV PAGE       TOP OF DOC

    General RADUEGE. I tried my best, sir.

    Mr. SAXTON. We thank you.

    Something I learned wearing another hat here in Congress you have reinforced today. As the chairman in the last session of the Joint Economic Committee, we set out to determine what it was that was different about the conditions that permitted almost 20 years of continuous economic growth that took place during the 1980's and 1990's. We looked at government activities, and we saw maybe tax policy had something to do with it, maybe monetary policy had something to do with it, maybe spending policy may have had something to do with it, maybe promotion of international trade had something to do with it.

    After we looked at all of those things, all of a sudden we got a new staff member that said, you don't understand how productive technology has made the American worker. And the charts you have showed us, particularly the charts on slide 11—the four charts that appear on slide number 11 go to reinforce that very concept.

    So we thank you for those presentations; and I can certainly relate to it, having studied the benefits of technology from the other perspective.

    Mr. Meehan, would you like to lead off?

    Mr. MEEHAN. Sure, thank you, Mr. Chairman.

 Page 28       PREV PAGE       TOP OF DOC
    Mr. Secretary, I was amused with your analogy about the IT challenges and responsibilities. It is like watching an NFL game on Sunday and determining where the best tackle play was on a given Sunday. Being an NFL fan makes me wonder if perhaps the DOD should have hired Parcells instead of the Cowboys.

    What is the status of the enterprise architecture and the investment management controls needed to implement it, and when will DOD have a plan in place?

    Secretary STENBIT. We have a set of policies and procedures in place today which I use in my CIO function to determine the programs are in fact meeting the criteria that are both embodied in Clinger-Cohen and those that we wanted to use for our own management purposes and so forth. I can say that it is a first try, I think is the way I would look at it.

    When I try to bridge both the three types of systems we have, we still have circuit-based, point-to-point communication systems where we need to deal with detailed interoperability argument. As I said, we rely today on the broadcast environment; and we are moving toward the net-centric environment.

    The standards against which we measure existing systems and future systems started out rather broad. They are narrowing down dramatically as we speak because we are now investing in this very hard core infrastructure upgrade that I described—there are lots of parts to it, but, fundamentally, if we don't get the bandwidth higher, we won't be able to go to smart push. Once we do that, there are going to be a lot of people that are going to be a lot more concerned whether they can sell things to the Department of Defense if they don't match. So I think I can say we have the processes in place.
 Page 29       PREV PAGE       TOP OF DOC

    We had a review this morning of a very large personnel business system that has had some troubles in the past and has exactly the same kind of troubles, which is there is a past set of systems, a new one. Are they moving in a direction that is coherent, first of all, with respect to just their own little view? But then are they moving in the direction that we are going to make for them when they finally finish their program?

    So, yes, we have such a program. It is embodied by reference in the 5,000 series—8,000 series for information assurance. I forget, actually, the number of the procedures, but they are there, and people actually do respect it.

    We are going to move with the GIG Bandwidth Expansion program. That is a program we have asked you for about $500 million in 2003, which you most graciously gave almost all of it to us and an almost like amount next year—it is less, but same order of magnitude—to facilitate about 90 fixed installations around the world that are the heart and soul of either the intelligence or the command and control aspects of our Defense Department.

    We intend to put one color of laser light via a fiber-optic to every one of those places. So when you saw General Raduege's chart that he is going from a couple of megabits a second to hundreds of megabits a second, we are talking—one color is 10 gigabits a second. So that is a factor of a thousand more than 10 megabits a second, which is equivalent to about three or four TV sets. So we are trying to jump-start the problem, get a lot of bandwidth there.

    Once we do that, the end-to-end connectivity has to meet a much more rigorous requirement for standardization in the future than we have allowed in the past. No question about that.
 Page 30       PREV PAGE       TOP OF DOC

    There is a similar program called the Joint Tactical Radio System, which is a move to take what are today basically lots of radio programs that are done in the old acquisition mode of R&D, procurement, deployment, modification. We then attempt to make them interoperable. That is one of Nancy's big jobs. And we are going to do it with software control radios. But we have to establish a standard for those software controls, and then we will be able to have interoperable radios in the future. So we are moving toward a much tighter set of standards.

    Mr. MEEHAN. Secretary Stenbit, I would like to raise an issue that deals with the upcoming Base Realignment and Closure (BRAC) round in 2005. I don't believe you have direct responsibility for developing BRAC evaluation processes or for executing the evaluation. Your area is relevant to the last active duty base we have in Massachusetts, Hanscome Air Force base, the home of the Electronic System Center (ESC).

    You understand, Mr. Secretary, better than anyone just what role the ESC plays in C4I acquisition management and the value of those resulting systems to the warfighter; and I think you also understand better than anyone how important it will be for the Department of Defense to continue to have access to our Nation's greatest technological capability.

    My concern is that those who are now determining the BRAC categories and evaluation criteria also understand these facts and work them into the process. As you may know, the past BRACs did not do that. Past BRACs were very good at adding up real estate totals and excess building space or evaluating the ability of training ranges. These criteria have only a passing relevance to the creation of an effective joint C4I system.
 Page 31       PREV PAGE       TOP OF DOC

    The last BRAC, for example, Hanscome Air Force base was actually evaluated by the length of its runway. It doesn't have a runway and doesn't have airplanes. What it does have is access to world-class technology and high-tech industry and academic institutions around it, labs, Federally Funded Research and Development Centers (FFRDCs). The programs that any of the services—product centers, if they are moved, it seems to me the disruption of program management, the programs that you oversee, could be significant and the disruption will cost money. It seems to me that this risk to programs is another crucial factor that has not found its way into the whole BRAC evaluation process.

    So that the way I see it, creating a successful joint C4I management organization will entail all of the expertise and careful consideration that any large high-tech company would employ if it were embarking on a major reorganization. They would bring in their best technical minds and foremost management experts and best human resources people. The facilities and real estate people would be included, but they wouldn't run the effort.

    So my concern is that we don't have the situation that we had in past BRACs so that the real estate people basically don't run the effort. I fear that the result if that same approach would be applied, that the C4I product centers would be victimized under such a process. So I am wondering how or if you would recommend to the Secretary that he adopt or adapt this BRAC process to optimize the joint C4I management capability; and if the Department were to shut down or move organizations in this procedure, what the effect would be.

    Secretary STENBIT. I agree with several things you said. One, I don't think I have anything to do with it; two, Hanscome contributes mightily to the solutions to the problems that I am interested in; and, three, there are switching costs in any large organizational move.
 Page 32       PREV PAGE       TOP OF DOC

    My view of the way the current Department works, which is all that I can refer to, is the Secretary has what is called the Senior Level Review Group. It is a SLRG. I don't like being called a SLRG, but we all are—all the direct reports including myself are on that committee, and we discuss the serious issues of the Department.

    I think that is all I can say. I would be surprised if any other process doesn't follow the normal process where we all get to make sure that our points of view are taken.

    Mr. MEEHAN. I just think it is important when you look at technology that intellectual and technical capital play a role here and that these facilities and labs aren't evaluated based on the length of their runway.

    Secretary STENBIT. I recognize switching costs, and if they move one of the places that I am going to put one of these new fibers I have got to put it someplace else. That is a switching cost. There are lots of them.

    Mr. MEEHAN. Thank you, Mr. Chairman.

    Mr. SAXTON. Mr. Wilson.

    Mr. WILSON. Thank you, Mr. Chairman.

    Secretary Stenbit, I am impressed that you have been in this field 25 years.
 Page 33       PREV PAGE       TOP OF DOC

    Secretary STENBIT. Doing the same thing.

    Mr. WILSON. Well, no, it isn't the same thing. That is, what is so amazing to me, the versatility that you have. I feel like you have come from the era of Alexander Graham Bell to the era of Mike O'Dell.

    Mr. MEEHAN. He is not that senior.

    Mr. WILSON. It just seems this way. But I am really impressed.

    You also identified my major concern and that is the information being available but not the right place at the right time. Do you feel that we are making the right strides to achieve the goal that the information get to the right place at the right time?

    Secretary STENBIT. There is no question that today we are much better at distributing important information more broadly than just a precise definition of exactly who needs it, and that comes from this broadcast system that I was describing. That has helped an enormous amount to allow people to get the data and use it in different ways based on the data.

    As I said, it is a bit like being able to subscribe to any magazine you like, but you can't go to the library. So the answer is we are still dependent on the institutions that determine what is important to select the information which is said.

 Page 34       PREV PAGE       TOP OF DOC
    We have some experiments—we have a notable experiment here locally which we started last year, if I may say—in anticipation of that question—which we call the night fist exploitation facility. It is built to be a model of what life would be like if we had all the bandwidth that I was talking about and we could interactively talk with the data sources, as opposed to take what they give us and analyze what we get. We have a subset of that with the folks in Tampa. Both of those have come up with really very, very startling results.

    For instance, if you were are to compare 1991 in Iraq and today in Iraq—and this is an unclassified hearing, is that correct—we were not very good at closing the time loop when a Scud would be shot; and if we could go over and try and shoot the tail after they shot it, we have been very good at that. This time, almost the reverse. We have had as many hits as we had misses and many misses as we had hits.

    Mr. WILSON. It is like eight out of ten.

    Secretary STENBIT. I am not going to go there, but you are right. It was closer to one out of ten last time, and closer to nine out of ten this time. And Night Fist has been part of that because it is a highly interactive, very specialized focus, as opposed to a global distribution of information where people piece together what is best. So we have some experimental data that says once we get to a total smart pool network, we will do a lot better than we are today.

    Mr. WILSON. For all three of you, as we all enter into an era of wireless technology and the concerns that we have about security in a wireless world, what were your concerns and then what precautions or protections have been made to protect security?
 Page 35       PREV PAGE       TOP OF DOC

    Secretary STENBIT. Let me start with that. That is a touchy issue. People like their cell phones and their Blackberry, and those are very dangerous devices for more than just the data you put into them, and I am not going to go into that while we are in an unclassified environment. But just the existence of those without somebody putting data into them are dangerous for the security of people around. So we have imposed a policy within the Pentagon about who can use what kind of devices where. It has caused all the screams, and people are objecting and all the rest of that stuff, but we had to do that in order to protect the security. So we are paying attention to that.

    That is what General Raduege has to deal with, and that is what Admiral Brown has to do. Because in the networks it is the weakest points that count and not the strongest. But I need to get my colleagues who are doing it in an operational level other than the policy that I put out to discuss what you just asked.

    Admiral BROWN. I do think that the policy is important, and it has given us some guidelines, but we also have to be able to take advantage of the technology that is available to us. So we have to work very closely with the commercial industry to help us resolve the security risks that those devices present and get them to help us come up with the security that will allow us to take advantage of that technology. That is what we are trying to do, and trying to stay ahead of that is very difficult in mitigating the risk at the same time.

    General RADUEGE. I would just add it really comes down to the risk involved and what you are willing to accept. I know that I always think of my Blackberry that I used to have, which was—it has been taken away from me now. I do have a Cryptoberry now that allows some protection. But I always felt that those and any wireless telephone that I had, my cellular phone, anything that I said on that should be able to be posted on the front page of the Washington Post the next day. So it is a complement to the way you conduct your normal business, but you need to remember what you are speaking over and how it is going into the air.
 Page 36       PREV PAGE       TOP OF DOC

    Now for our warfighters today I will say we do have wireless capabilities, satellite systems and telephones that they use in Iraq and in Afghanistan that are secured. There is no probability or there is low probability of ever the people using them being detected, which, as you know, we turn that around on other people who transmit in the clear. But we have systems that we have given to our warfighters today, and they are being used very effectively. That is where we cannot accept risk or, if there is, it is very minimal.

    We are also, as I mentioned in my brief statement in the beginning, we work the White House communications for the President. There his activities quite often in certain settings are very perishable information where we could use wireless capabilities to move him quickly. But after someone would detect it, he is already gone. So we are carefully using that type of technology in that setting.

    So there are varying degrees of very secure versus acceptable risks and even complementary capabilities for the way we use and pass information over wireless systems. But certainly we look to industry to help us in each one of those regards.

    Mr. WILSON. Thank you.

    Mr. SAXTON. Thank you very much.

    Mr. Kline.

    Mr. KLINE. Thank you, Mr. Chairman; and thank you very much, gentleman and lady, for being here today. I have got a couple of questions.
 Page 37       PREV PAGE       TOP OF DOC

    It seems through a number of years of my service in an earlier life I must have attended hundreds, probably, of exercises of one kind or another; and I can't ever remember a report where we didn't report that everything went great except for calm. I suspect there is still some of that out there now. In fact, I was just looking at a magazine article, I think in Jane's, that was talking about some complaints that the Marines had with some interoperability; and I have been listening with great interest and great optimism and hope that we are going to move to a case where we can speak to each other in a common language over somewhat common equipment.

    But two questions: That is, the plan—and Admiral Brown is working very hard making sure that is interoperable, but where are we right now in that ability to communicate back and forth? And if we are not there—and I just suspect that we are not quite there yet, based on your earlier testimony—when will we be there so we are, in fact, talking together over secure net?

    Secretary STENBIT. You will find the report on what is going on in Iraq that we have a lot of confidence, and it is working very well. And I hesitate to say that on the record in front of the kind ladies over here, but it is going to be in the following context.

    But it is going to be, in the following context that I described, a very robust, broadcast-based system, satellite-based, fiber-based. It is working extremely well in the large complexes that have the money to build the little tent cities and all the satellite dishes in the back. We have a lot better ability to tie those together today with the forces, because those forces are also in a lower bandwidth sense, feeding information so that there is a lot better two-way communications.
 Page 38       PREV PAGE       TOP OF DOC

    Is it good? No. I mean, is it—I think it is good. It is not perfect. What won't happen in the future is, if we don't spend as many months as we did this time—and we didn't set up all of these places, and it took us months to do it, and yet all the commercial communications—General Raduege and I worked the problem on the 12th of September, getting satellites up; it was a very exciting day.

    So we are an awful lot better than we ever were before.

    I am not too worried about going on the record that people will say it is really good. Now we have to be able to do it for those people that were in the convoy that went the wrong way on the bridge.

    Mr. KLINE. Exactly. My concern is not so much that one headquarters cannot talk to another one, and probably secure; I am more concerned about the soldier/Marine that is out driving along in a Humvee or in a helicopter, as I was, and trying to get everyone in sync and go secure and not secure and all that.

    Secretary STENBIT. You would be surprised.

    Admiral BROWN. I do think you would be surprised. We are not there yet. But I think this year we made more progress under addressing our legacy systems and making them interoperable and planning that and getting the money in the budget to do those things that you mentioned than we have made in the past 10 years. We actually got new money, over $2 billion put in the budget for specifically that item. And we will be able to, by 2008, we believe, have true interoperability, not just in our new systems that we are making sure they are both joint, but in our legacy systems that we still have.
 Page 39       PREV PAGE       TOP OF DOC

    Mr. KLINE. That is excellent. I am, of course, concerned about the legacy systems, because that is what we are using and 2008 doesn't sound like there is still time for that.

    Admiral BROWN. But we have a good, solid plan. We have prioritized our systems so that those critical tactical systems are going to be the first ones addressed. That will be long before 2008.

    Mr. KLINE. Okay. Thank you very much.

    I see we are getting paged all over the place to go vote.

    I have another question which I will just throw out. There has been some discussion about troops in the theater about being able to phone home one way or another. Is that bringing in a commercial system, or can you just very briefly answer that before we all spring up here and go run across the street?

    Admiral BROWN. We are attempting to make sure that they can do that with phone cards, the capabilities are there, and it is just a matter of working out the details. I brag on my own service because the Navy has done that with cellular phones for a long time. It is a quality-of-life issue.

    We are very concerned about it; and I think that we have a solution, and we are working toward implementing it.
 Page 40       PREV PAGE       TOP OF DOC

    Secretary STENBIT. Once again, in a broadcast system we are sending more than we are building the ability to come back. We need to go both ways. There is no question about that.

    Mr. KLINE. Thank you.

    Mr. SAXTON. Just two pieces of information. This little baby just told us that we have taken Baghdad Airport. So that is cool. Second is that——

    Secretary STENBIT. That means he is going to walk when he runs?

    Mr. SAXTON. The second is that those bells that you just heard announced the vote on the Cunningham amendment, which is to remove a billion dollars from the supplemental appropriations bill which is aid to Turkey. So we will spend 5 minutes on Mr. Bartlett's time, and then we will go vote and we will hustle back.

    Mr. BARTLETT. Thank you very much.

    At 9/11, our communications capabilities were overwhelmed and we were limited in whom we could talk to. That, of course, is a challenge that you are trying to meet. There is a limited system supported, funded by the National Guard—so many acronyms—National Defense Fiber Optic Network (NDFON). Are you familiar with NDFON? This is set up in Oklahoma, and it is a dedicated fiberoptic system that is dedicated to the military so that we will not lose—we are not sharing capability with anybody else.
 Page 41       PREV PAGE       TOP OF DOC

    So it has advances and a security, it has advantages in accessibility. And my question is, do you know of it and why shouldn't we consider that approach as a competitor to the beginning approach that you are now taking?

    Secretary STENBIT. Let's see. We need an enterprise-wide system that goes not only from fibers in the ground—and let me assure you that the problem of sharing bandwidth was not the problem on 9/11. The problem was at the tails, at the cell phone end.

    As a matter of fact, General Raduege just did it on any voice system. We have distributed cards, and we have a system that is available in the United States that overrides the busy signal in the voice switch system if you are on a regular phone. And that all works fine and that is not a problem.

    The problem we had on 9/11 was a cell phone problem and that we have made a little bit of improvement and, in fact, are prepared to do more, but it actually turns out to be, these days, a homeland defense issue. However, it is much better for us to be able to use an enterprise, end-to-end system as opposed to having multiple, special purpose systems as long as we provide the capacity to make sure that people don't get thrown off because that is how we are going to go from the special purpose—from the system to the radio that somebody needs because they are out running around in the Humvee that Mr. Kline was talking about. And, in general, the guard kind of systems connect up their own sites, but won't do very much good for us in Iraq.

    So it really is an end-to-end enterprise system that is needed. And if there is capacity in alternatives, we would be happy to use it. But it is very important that we can get end-to-end the whole way.
 Page 42       PREV PAGE       TOP OF DOC

    Mr. BARTLETT. Can you look at that and tell us why that is or is not a good idea? Clearly, it is not—it doesn't go overseas, but tell us, for that part of the system with which it is competitive, why it is or is not a good idea.

    Second question is, it has been a long time since we were pushing the envelope. Your use of satellite phones, is that going to make them available at reasonable rates in the marketplace now? Because they are not now available at reasonable rates.

    Secretary STENBIT. I don't think we have done enough to the general commercial marketplace to change the economics.

    Mr. BARTLETT. It would be nice if your technology was good enough to change that.

    Secretary STENBIT. We are applying fiberoptic technology that the commercial people use in our case.

    Mr. BARTLETT. You are not doing that with satellite phones?

    Secretary STENBIT. But we are using the same technology, that is, going to lasers to go to satellites.

    Mr. BARTLETT. Last question. How much of your system will still be available to you after a robust Electromagnetic Pulse (EMP) lay-down?
 Page 43       PREV PAGE       TOP OF DOC

    Secretary STENBIT. You mean delivered by nuclear weapons?

    Mr. BARTLETT. Yes, sir.

    Secretary STENBIT. There are lots of problems with the existing system when faced with nuclear weapons. The most likely EMP-only attack, this is a high-altitude attack, when you try to spread the electrons over as large an area as possible, in general the military systems will be okay; but we have trouble with respect to our dependencies on some of the commercial systems.

    Mr. BARTLETT. For instance, your space communications, you move about 7 percent of all of your space communications over your own satellites; the rest, 93 percent, are moved over private-sector satellites which are the weakest, the softest link.

    Secretary STENBIT. I think your number is a little low, but I will grant you that there is a lot of commercial.

    Mr. BARTLETT. On your U.S. Military Communications Satellite Program (MILSTAR) satellites, which is the only really secure space that you have.

    Secretary STENBIT. The Defense Satellite Communications System (DSCS) satellites are hardened to EMP. They have large bandwidth. The military satellites are hardened.

 Page 44       PREV PAGE       TOP OF DOC
    I take your point, which is, there are satellites that we use that are commercial that have large bandwidths that are not hardened to EMP blasts. That is correct. The magnitude of the problem that you described, I believe is overstated.

    Mr. SAXTON. We are going to have to go. We need you to stay for a few more minutes.


    Mr. SAXTON. Thank you for waiting. I detected that maybe you have some other things.

    Secretary STENBIT. No. I knew I had four colleagues that wanted to have their opportunity.

    Mr. SAXTON. We are going to give them their opportunity. We talked—you started out, Mr. Secretary, by saying that about one-third of your responsibility, or IT responsibility, for lack of a better term, is business oriented, and the other two-thirds is warfighter technology oriented.

    We have spent most of the time so far talking about the warfighter two-thirds, and I think that is good. And there are a lot of things we haven't talked about on that side that—I was sitting here; things pop into my mind like the great capability that we have to protect our fleets with AEGIS technology, which is great IT stuff. We will be able to reduce the number of people that it takes to man the next generation of warships, DDX, from whatever it is now—from 300, 400 to a little over 100 because of technologies.
 Page 45       PREV PAGE       TOP OF DOC

    My able friend, Tom, here and I were recently at Coronado and saw some unbelievable stuff that the SEALs are doing to help with certain functions with IT. Just this morning we saw—we had demonstrated by the Department of Defense the capability to know where all our forces are.

    Secretary STENBIT. Full-force tracking, yes, sir.

    Mr. SAXTON. Neat stuff, very valuable stuff.

    You mentioned Patriot Advanced Capability-Phase 3 (PAC–3), and the successes we have had in countering international intercontinental ballistic missiles recently is also impressive. And that is cool.

    I would like to talk about the other third for a minute. We need your help and advice in understanding how to evaluate what we do on the business side. The evaluation of—from our point of view, of what we do on the business side is less exciting than the things we have been talking about here, but obviously, from a fiscal point of view, just as important for positive reasons as well as for reasons that make it hard for us to understand.

    I am not saying that there are things that we see that are questionable or anything like that; it is just hard for us to understand, when we are used to counting airplanes and buying bullets, and all of a sudden have to count computer capability. That is what we have to count; that is what you have to count, and you know more about it than we do.

 Page 46       PREV PAGE       TOP OF DOC
    So let me start with this question: How do we begin, as committee members who are not experts in this area—and we are trying to get some staff that is an expert in this area—how do we fulfill our oversight role with regard to that one-third of business-oriented technology in evaluating that capability—how much you need, how much we want to fund, and how to go forward in an intelligent way?

    Secretary STENBIT. First, the one-third was the upper end of what I said. My instinct would have been to tell you, it is about $5 million of the almost 30. But I didn't have the courage to because they threw a piece of paper down in front of me that didn't say that. So I will get you a better viewpoint if we can agree that there is a difference. That is really all I was trying to do as you rattled off eight functional areas.

    In addition to that, those functional areas, we do the infrastructure that allows those functional areas to, after they develop their software and all the rest, to actually operate. General Raduege showed you part of the mainframe computer business and the communications that go with it. So it is a little difficult to pick which number.

    Let's you and I agree that we are talking in the $5 to $8 million range for the business. And as we get to 8, we are getting pretty joint use, like logistics that is getting a lot closer to what the military forces use, and when we get to the 5 we are hard core paying somebody, or making sure they got their shots last week or something like that. It is in that range.

    Now, actually, the government, the defense department as part of the management efficiency request that we are intending to put back over here, are actually making some suggestions that what we are told to do for Clinger-Cohen compliance on the business side has a lot of stuff that isn't particularly useful for either you or me.
 Page 47       PREV PAGE       TOP OF DOC

    So I think the dialogue you are suggesting, which is, how do you best get comfortable with how these programs are going and how do we best manage them, is a subject that should be of some interest to the Department. Because there is a lot of overhead reporting that is interesting, but not how you run programs, and I think that would be a place to start.

    But in answer to your question directly, the reason that IT programs are difficult—and it is not unique to the Department or to the Government; it is true in large organizations as well—is because the people that own the processes, the finance people, the salespeople, the engineering people, it is their business process that needs to be changed that allows the investment in the automation to actually come to a positive result.

    Just automating an old process has some utility, but it is not where the real leverage is. And it is this intersection that you were just describing, which is between the techie nerds like myself, who can figure out how to get software in computers and communications to work; but it is the intersection of that with the business process that the actual functional people use where the trouble comes.

    And so my recommendation would be that you, as you look at the IT programs, you make sure the two things are going on: one, that the owner of the process is vitally and integrally interested in the program and has a handle on the requirements and has some process that doesn't allow just open-ended changes, because we have learned on the military side there is—the worst word in the world is, We can make that a little better; all we need is a software change, okay? And that is what causes programs to take longer and cost more and not work as well and all the rest.
 Page 48       PREV PAGE       TOP OF DOC

    In the IT business it is all software. And so the pressures that go on, the actual people that are doing the business process reengineering, when some guy comes and buzzes in their ear they have this great idea, they have a tendency to succumb. And what you need to assure is that on the requirement side, the people that own the process have a vigorous way to understand how they do it today, how they are going to do it tomorrow, how they are going to train their people to go through the transformation.

    And then you need to look to me and make sure that I am managing the actual implementation of the program that is, in general, described as the computers and the communications and the rest that happens.

    Now, I am ultimately responsible for the Secretary, but I am not responsible for the finances of the Department; Dov Zakheim is. So when he is doing his financial modernization, I can review his program and make sure that he is meeting the Milestone requirements. But it is not my job to figure out, nor should it be my job to figure out, how he wants to conduct the accounting standards of the Department. When Pete Aldridge is doing the acquisition, or the manager of the Defense Logistics Agency, they have their priorities.

    You asked me a question about how I would recommend that you do it. I would recommend that you look at both sides, that you pick whatever one you want to pick; you had eight areas, some of those have very good requirements processes.

    I will share with you, at the expense of getting in trouble here, the medical community is very robust at how they are defining the requirements for their automation programs, how they reach out to the pharmacy—pharmaceutical industries to do integrated supply chain management so that they don't have to store all the drugs, that they are connected, as Wal-Mart is, to their suppliers, an unbelievably fine job of business process engineering. And there the issue of the money to be saved is so large that even if we overran the computers, it would be a good deal.
 Page 49       PREV PAGE       TOP OF DOC

    I am not suggesting we want to overrun the computers. But there are other cases.

    Mr. SAXTON. What does ''overrun the computers'' mean?

    Secretary STENBIT. We have a program that we think is going to take 24 months and it is going to cost $8.6 million, and it costs $12 million. That is what I meant by overrunning, doing a bad job of performance.

    Mr. SAXTON. That is a—we often draw the comparison between what the Department of Defense may want to do when increasing technology and capability, and we often compare it to business. Well, if you are Mr. Wal-Mart, Mr. Wal-Mart has to say, Do I want to make this investment to gain these capabilities to make my company more profitable? So there is a built-in measure in the private sector which isn't necessarily built into the Department of Defense.

    Would you agree?

    Secretary STENBIT. No. I think the pressure—I am basically from the private sector. I have been in the Government twice, but there is no question that I am not a government person and my colleagues will be happy to attest to that.

    But the Clinger-Cohen process absolutely requires a cost-benefit analysis, a return on investment analysis, for every IT program that the deputy does or any other part of the Government does. The process is there to come up with the same kind of analysis that the Chief Finance Officer (CFO) at Wal-Mart would do about whether he should or shouldn't invest the money.
 Page 50       PREV PAGE       TOP OF DOC

    The problem is that that is done at the beginning of the program to get it going. But it is taking a look at the end of the program and the changes that occur as you go along; it is not as interactive as it would be at Wal-Mart. I think that is one of the problems.

    But it is not true that return on investment and cost effectiveness are not used; it is just that the Government doesn't tend to do that in an iterative way; they tend to do that in a review way, and then the recovery paths are more difficult to handle.

    So I wasn't trying to be obstreperous, but that is one of the things that I was worried about. If I come up to you with precision down to the $100,000 level on a $30 million job, which I don't know it is to that accuracy, because I haven't done the job yet—I would know it within $5 million maybe—I have overdone the precision at the beginning and I have underdone the ability to change the authority as we move forward. But you have heard the complaint by lots of people who have talked about program elements before.

    The key, though, is that we both collectively know that the requirements are under control and that the processes to make sure that they make sense and that the business process reengineering that makes the money gets saved is what is really important.

    Mr. SAXTON. Well, thank you very much. We appreciate all three of you being here, Mr. Secretary and Admiral Brown and General Raduege. Thank you for what you are doing, and for the watchdog role that you play in making sure that we have the best capabilities that we can.

 Page 51       PREV PAGE       TOP OF DOC
    It has often been said, at least in the circles that I run in, that today's threat is such that they may have the element of surprise on their side, but we have got the element of technology on our side, and so far it is working out pretty good.

    So thank you very much. We appreciate you being here. We look forward to working with you in the future.

    Secretary STENBIT. We appreciate the opportunity to have you help us apply the technology as fast as we can. Thank you very much.

    Mr. SAXTON. Our second panel this afternoon will provide an outline of the IT issues and challenges that lay ahead for the service Chief Information Officers, CIOs. Our witnesses are Lieutenant General Peter Cuviello, Chief Information Officer, Department of the Army; John Gilligan, Chief Information Officer, Department of the Air Force; David Wennergren, Chief Information Officer, Department of the Navy, and Brigadier General John R. Thomas, Director of Command, Control, Communications, and Computers, Chief Information Officer for the Marine Corps.

    Welcome aboard. We are glad to have you here to continue this dialogue this afternoon. We will let you proceed when you are ready, as you see fit.

    Mr. SAXTON. General, I think you are probably first up.

 Page 52       PREV PAGE       TOP OF DOC

    General CUVIELLO. Thank you, Mr. Chairman. Mr. Chairman, members of the subcommittee, great to be here.

    I am the CIO of the Army, but I am also the G–6 of the Army which is the operational arm within our Army. I am pleased to be here today to appear before you, and I want to share with you how the Army is leveraging information technology to transform into a network-centric, knowledge-based organization and an objective force that we are moving towards.

    I would like to thank you also, as the others did, for your support in this year's fiscal year 2003 budget and your concerns regarding our C4, Command, Control, Communications, and Computers and our Information Technology capabilities and program supporting the Army both at war and in our day-to-day business.

    What I will describe to you today is not just a vision; it is happening today, as exemplified in Southwest Asia and in our day-to-day operations. The Army is fundamentally changing the way we fight and creating a force more responsive to the strategic requirements of the Nation.

    At the same time, the Army C4 and IT must also change for this transformed force. To quote a 107th congressional report directing action by department CIOs, ''The committee believes that the overall interest of the Department of Defense and the Intelligence Community would be best served by quickly moving to a network-centric environment.''

    The Army has completely embarked on this, and the Department of Defense's network-centric warfare vision scene is making significant progress as we transform our systems platforms and processes to achieve the network-centric and interoperability in the Joint, Interagency, and Multinational environment as exemplified—as we are doing today.
 Page 53       PREV PAGE       TOP OF DOC

    The Army has consolidated management of information technologies into a single effort which we call Army Knowledge Management, AKM. The overall strategy is to improve information delivery to the warfighter while reducing overall costs. To that end, we are integrating best business practices; managing the information technology infrastructure as a single enterprise; providing Web-based, secure network access for the entire Army; and most importantly, harnessing our human capital.

    This will enhance lethality on the ground and decision-making at all levels, supporting both the warfighters and the goal of the President's management agenda to secure the best performance and the highest measures of accountability for the American people. The fundamental shift in culture and process has resulted in tremendous efficiencies and increased capabilities in the command and control arena; and we are aggressively applying the same processes to our business systems and accompanying infrastructure.

    The Army Knowledge Management strategy firmly supports the information management requirements established by the Clinger-Cohen Act. The Secretary of the Army and the Army Chief of Staff have empowered the CIO G–6, me, to oversee the IT investments to ensure efficient utilization of resources. I now provide not only critical oversight through strategic direction, but also through enterprise investment strategy and performance-based management of all programs within the Army.

    As a part of the global information grid, as we have talked about before, our Army knowledge enterprise strikes the Army's IT framework from posts, camps, stations, National Guard armories and Reserve centers to the deployed combat forces. We have established the Network Enterprise and Technology Command, NETCOM, that brings together network operations across all components of this single enterprise. As the single network operator and defender, NETCOM provides the information assurance that is critical to the Homeland Security and our combatant commanders.
 Page 54       PREV PAGE       TOP OF DOC

    Protecting essential C4 and the infrastructure from potential cyberterrorist threats, our Army Knowledge Online provides the enterprise portal to this protective network. We are over 1.3 million subscribers accessing increasingly vital information and online services. Our AKO provides collaboration of Web-based applications that ensure information sharing among the warfighters, our business stewards and even our family members.

    The Army continues to leverage the full potential of the technological advantages of our Nation's industrial, science and technology communities. The objective force is being designed from the bottom up around a single, integrated Army Knowledge Enterprise within the larger global information grid. We have a number of programs that enhance situational awareness and understanding across the force. Advanced technologies include commercial off-the-shelf software systems that provide the foundation for a ''factory to foxhole'' continuum of operations necessary to support our future combat system and our objective force. These solutions support processes across the enterprise, providing timely, reliable and quality information and replace ''stovepipe'' legacy applications with an integrated system of systems.

    Another example, which you referred to before, our Blue Force Tracking System, fielded now in Southwest Asia, allows real-time friendly unit and material tracking and situational awareness for our combatant commanders.

    We are leading Army transformation through information technology. On all levels, from the individual to the strategic, we are aggressively transforming to a network-centric, knowledge-based objective force. But we still have much to accomplish. With your help we will attain our shared goals in this decade and meet the guidance of both the Office of the Secretary of Defense and Congress.
 Page 55       PREV PAGE       TOP OF DOC

    Thank you, Mr. Chairman and distinguished members of the committee, for allowing me to appear today. I look forward to answering your questions and comments.

    Mr. SAXTON. Thank you very much.

    [The prepared statement of General Cuviello can be viewed in the hard copy.]

    Mr. SAXTON. Mr. Wennergren.


    Mr. WENNERGREN. Good afternoon, Mr. Chairman and distinguished members of the subcommittee. Thank you for the opportunity to appear before you today.

    It is a time of transformation, and as the Department of the Navy's Chief Information Officer, I have the honor to work across the Navy and Marine Corps team in harnessing the power of technology for our sailors, Marines and civilians.

    Our Naval Power 21 vision sets the course for interoperable, network-centric operations that will link warriors, sensors, networks, command and control platforms, weapons and commanders into a networked, distributed force. We are creating a seamless enterprise network structure comprised of the Navy, Marine Corps Intranet, or NMCI, the Department's shore-based network, IT–21, for afloat forces and Marine Air-Ground Task Force Tactical Data Network as our contribution to the DOD vision of a trusted, dependable and ubiquitous network.
 Page 56       PREV PAGE       TOP OF DOC

    As we roll the NMCI, we are seeing the power of a single enterprise network improving access, interoperability and information security and the value of a performance-based contract and integrated service delivery team as demonstrated during the incredibly swift reconstitution effort for the Navy team after the tragic events of September 11th.

    But an enterprise network alone is not enough, and so we are simultaneously transforming the way in which information is shared to truly achieve knowledge superiority through collaboration and communities at practice. Our E-government efforts and E-business operations office have successfully transformed labor-intensive paper processes into reengineered, Web-based solutions to improve both quality of service and to produce substantial efficiencies across the Department.

    Now we are beginning development of the Navy-Marine Corps portal and enterprise portal structure that will secure our vision of a Web-enabled department, providing our sailors, Marines and civilians with access to the intellectual capital of the Navy-Marine Corps team.

    Mr. WENNERGREN. I am also pleased to report that we are making significant progress in pursuing an enterprise approach to portfolio management of our information technology resources. We have identified functional area managers and assigned them the responsibility for managing processes and applications within their area of expertise, and they have used this authority to reduce the number of approved applications in the Department by almost 90 percent from 67,000 down to 7,000.
 Page 57       PREV PAGE       TOP OF DOC

    Security continues to be a top concern for us, and our information assurance efforts focus on a broad array of initiatives to ensure defense in depth strategy. We are benefiting not only from the significant security enhancements of Navy/Marine Corp Intranet (NMCI) but also from our use of public near digital certificates.

    As the Chair of the DOD Smartcard Senior Coordinating Group, I also lead the DOD-wide rollout of the common access card. To date DOD has issued 2 million smartcards, with the Department of the Navy accounting for 900,000 of those cards. We leveraged industry best practices and standards to develop a solution that strengthens both our physical and cyber security efforts. Our critical infrastructure protection efforts focus on mission assurance. We have put into place an integrated vulnerability assessment process for our regions and we have fielded a groundbreaking self-assessment tool that allows our base commanders to have the capability to assess potential infrastructure vulnerabilities and then remediate them.

    Maybe even more importantly, we have partnered with State and local governments and industry in areas like Virginia, San Diego and the Pacific Northwest to share analyses, to share lessons learned, and to share consequence management strategies to raise the bar of security for all of us. But ultimately it is our people, those brave sailors and Marines deployed far from home in harm's way, that are the heart and soul of our organization. What they know and how they translate that knowledge into action will define how successful we will be.

    So we are committed to provide them the opportunity they need to stay current in an increasingly complex technology based environment.

 Page 58       PREV PAGE       TOP OF DOC
    And finally, we have embarked upon a significant restructuring of information technology management in governance that will strengthen, integrate and align our information technology management efforts across the Navy-Marine Corps team. A key element of that restructuring was the designation of Rear Admiral Tom Zelibar, the Chief Operations Director of Space, Information Warfare, Command and Control, and Brigadier General John Thomas, the Marine Corps Director and my colleague here today, to be dual hatted as Deputy CIOs for the Navy and the Marine Corps respectively, working with me. These designations will ensure that our information technology and command and control communications teams are truly aligned and providing the best value to the warfighter.

    Again, thank you, sir, for your support of our information technology initiatives and our transformational agenda to achieve network-centric operations and knowledge superiority. I am happy to answer any questions that you have.

    [The prepared statement of Mr. Wennergren can be viewed in the hard copy.]

    Mr. SAXTON. Thank you, sir.

    Mr. Gilligan.


    Mr. GILLIGAN. Thank you, distinguished members of the subcommittee. I appreciate the opportunity to address you today.
 Page 59       PREV PAGE       TOP OF DOC

    The Air Force is undergoing the most significant transformation in its relatively short history. This transformation is largely based on how we use information and information technology to increase our operational effectiveness. As an illustrative example, in Afghanistan information technology permitted us to combine precision guided munitions, rapid target identification to turn the Cold War era B–52 bomber into an effective platform for performing as close air support for small numbers of special forces on the ground.

    Likewise information technology is permitting us to significantly shorten our air operations planning cycles and improve coordination of joint assets and forces in the current situation in Iraq.

    Information technology is at the heart of every one of our warfighting systems. Within the Air Force we are now placing significant emphasis on improving the integration of our intelligence, command and control, and surveillance systems. Our goal is to leverage the power of modern information technology, including implementing what we call machine-to-machine communications to horizontally integrate information available in our joint and coalition air, space and ground assets. This permits us to shorten decision cycles and improve the quality of information available to commanders.

    In support of this objective, we are investing in improved flexible communications links with our airborne platforms, enhancing our command and control systems to better leverage commercial standards and technologies, upgrading our base infrastructure to permit us to fully exploit DOD bandwidth expansion programs and improving the capabilities used to protect our networks and systems from cyber attacks.
 Page 60       PREV PAGE       TOP OF DOC

    The Air Force operates using the Air and Space Expeditionary Force, or AEF construct. We support overseas commitments by rotating AEF organization units from fixed bases usually on a 90-day cycle. In support of that we deploy forces and equipment worldwide, leaving many of the support functions at home. Moving information rather than people reduces airlift and logistics required as well as the cost of operations.

    It also improves the decision-making by linking experts real time across geographic distances using our Department of Defense global networks. Our Air Force Global Combat Support System, or GCSS, program is central to our ability to link Air Force users worldwide. Using a standard Web browser based interface called the Air Force Portal and Web enabled applications, GCSS Air Force allows our airmen to access information and services worldwide on a 24-hour a day, 7 day a week basis. The online capabilities available through the Air Force Portal organize over 50 combat logistic services such as aircraft maintenance, status and spare parts ordering and tracking as well as over 100 self service capabilities for personnel pay, medical and other support functions.

    By leveraging commercial Internet technologies and changing our operational paradigms, we are getting Air Force members out of the customer service lines and back on the flight line; in other words, IT initiative consolidation of the management and operation of our many networks and servers. We have completed the consolidation of over 70 percent of our existing network and servers to date and we project we will be almost 90 percent complete by the end of this year.

    By reducing our hardware inventory and standardizing system operations we have already been able to return to core mission functions, man-hours equivalent to over 1,000 man-years. We continue to work to enhance the tools, processes and personnel skills that we use to protect our systems and networks. We know that our adversaries are working hard to exploit vulnerabilities and destruct our military networks.
 Page 61       PREV PAGE       TOP OF DOC

    In 2002, we monitored 4.4 billion suspicious connections, a fourfold increase over 2001. Most suspicious activities were dealt with quickly by terminating the offending connections with no operational impact. However, we did have 93 events that resulted in some compromise of information or denial of service. This was approximately the same number as we had in 2001.

    To continue our transformational efforts to support the expeditionary forces of the future I see a number of opportunities and challenges ahead. The ability to support information dominance through network-centric operation demands a highly skilled work force. Retaining our highly skilled work force in a competitive industrial market environment is a continuing challenge for us. We are using a variety of methods, including bonuses, to retain our experienced personnel.

    In parallel, we are also looking to leverage industry capabilities to perform some information technology functions currently performed in-house. Our objective is to free up some of our military and civilian IT professionals to align them with higher priority missions. However, we are finding that the current legal and policy framework makes outsourcing enormously complex and that it takes far too long to accomplish, often 2 to 3 years.

    Finally, by leveraging commercial capabilities and software products, we find that we also reap the consequences of the poor quality of current commercial software products that have numerous logic flaws that could permit compromise of our systems and interrupt our warfighting capabilities. We are now spending more money to patch flaws in these commercial software systems than we pay to purchase the system. I believe that poor software quality is a national crisis and deserves the attention of our government and corporate leadership. I personally talk with software vendors about this issue, but your support could assist us in this endeavor.
 Page 62       PREV PAGE       TOP OF DOC

    Although there are significant challenges that we are addressing, the Air Force is proud of the progress that we have made in leveraging information IT technology to increase our mission capabilities and improve cost effectiveness of our support activities.

    This concludes my testimony. I would be happy to answer any questions that you may have. Thank you.

    [The prepared statement of Mr. Gilligan can be found in the hard copy.]

    Mr. SAXTON. Thank you, sir.

    And General Thomas.


    General THOMAS. Good afternoon, Mr. Chairman and members of the subcommittee.

    Mr. SAXTON. We save the Marines for the last.

    General THOMAS. I will try to keep it short then, sir.

 Page 63       PREV PAGE       TOP OF DOC
    The Marine Corps strategy is a very simple one, and we have heard a number of the issues that the Marine Corps is currently working with our sister services. The Department of Defense as well as Marine Corps strategy is built on three principles: Build the network, exploit the network and defend the network.

    The network consists of people, Command and Control (C2) nodes, weapons systems and weapons platforms. Building a network involves having well-educated, well-trained, well-motivated people, and the Marine Corps is marching smartly to make that happen.

    Another aspect of building the network is technology. The Marine Corps program currently has those programs in place and allows us to build that robust integrated seamless network that Mr. Stenbit talked about earlier. We talked about the joint tactical radio system, the communications program and the bandwidth expansion programs. All of these efforts are designed to allow to take us and push power to the foxhole. Building a network is about pushing power to the foxhole.

    To exploit the network we need command and control tools that allow the operators, the commander out there to make decisions. Programs like the Global Command and Control System, the Global Combat Support System, the Unit Operations Center, the Deployable Joint Command and Control System, all these programs are being fielded with the intent of providing commonality and joint interoperability horizontally across the force.

    To defend the network not only requires technology but it also requires training and education of our Marines. The Marine Corps has an initiative that we are proud to highlight. Our information assurance program where we are sending staff Non Commissioned Officers (NCOs) to the Air Force Institute of Technology to gain degrees in information assurance is just one example.
 Page 64       PREV PAGE       TOP OF DOC

    So exploiting the network and defending the network are key components as well. The Marine Corps has a program in place and we are happy to say that with your support we will continue to move forward and provide the support to the warfighters in the future.

    Mr. Chairman and members of the committee, those conclude my remarks. I will be happy to answer any questions.

    [The prepared statement of General Thomas can be viewed in the hard copy.]

    Mr. SAXTON. We thank you very much for your comments. Could each of you share with us your service's IT investment strategy and how your goals match up with the process through which you procure technology that is needed? Why don't we start with Mr. Gilligan?

    Mr. GILLIGAN. I would be happy to do that. Following on the distinction that Mr. Stenbit made, the distinction between our business and infrastructure and our warfighting within the Air Force, approximately half of our $6 billion budget is strictly warfighting, approximately half is business and infrastructure, infrastructure which Mr. Stenbit put in his 70 percent figure. I distinguish them a little bit differently for a reason. As CIO I focus a lot of my attention on our common use infrastructure, which is our base capabilities, classified and unclassified, as well as our business systems. We spend a little bit less than $3 billion in that area, and my objective in terms of the strategy is that becomes a relatively fixed investment for the future.
 Page 65       PREV PAGE       TOP OF DOC

    That has been the characteristic in the budget in the last couple of years. And my intent is that what we do is look for opportunities within that budget to reprioritize, to be able to modernize some of our business systems, to make additional investments in our infrastructure, to be able to basically reduce the cost of those capabilities, and thus far we have been able to do that.

    On the other side, the warfighting side, we have actually seen some growth in those expenditures and capabilities, but that is to be expected. In fact, that is where we would like to continue to invest. It is that investment that is giving us increased capabilities in our warfighting area. For example, about half a billion dollars of increase in our budget was directly attributable to the Airborne Warning and Control Sytem (AWACS), increased tempo of operations (OPTEMPO) of AWACS, data link enhancements, improved mission planning capabilities, et cetera. And each of those are looked at in terms of a cost-benefit analysis in terms what is the operational benefit. But in many cases we are getting significantly improved operational capability and in a few cases actually relieving, reducing the numbers of people required to perform those functions. So that is a top level strategy, sir.

    General CUVIELLO. Mr. Chairman, the way we approach it is from an architectural standpoint. The architectural process has the first thing when you have a requirements generation by the users, whether the users are warfighters or business stewards, and that operational architecture is the first one. That is how I want to do my business, how I want to warfight, do personnel, logistics, et cetera. Then we talk walk down to the system as architecture, which is then how do the technologists apply technology to the solutions to those requirements that are based in an operational architecture. How we leverage that is that we are the proponents for the technical architecture, and that is all the standards and protocols, and this is called the joint technical architecture. So it is not service unique. It is from the joint perspective and from Office of the Secretary of Defense (OSD) and then try and apply across the board what is needed.
 Page 66       PREV PAGE       TOP OF DOC

    Now, the things that we control, we control the command and control systems, the warfighting aspects, because each one of the services are fairly different in the way they do their warfighting. The thing that is the real challenge is on the business side, because there is not much that we can do with our personnel and logistics and finance because it is all a defense activity. And that is what Mr. Stenbit was talking about, is that trying to get that operational architecture of how I want to do finance business within the Department and logistics business, and then it works its way on down.

    I know that what was being referred to in the General Accounting Office (GAO) report is that we each have lots of little systems out there in each of those areas. The reason why is because there is no operational architecture. People have gone to the systems architecture and said I need this function to happen right here, right now, on this post or in this function, and they come up with their little software program and then we have all kinds of black boxes that tie it together.

    General CUVIELLO. So that is how we are managing from the standpoint of where do we want to put our resources. We want to put them in enterprise solutions to things on the business side of the house. And then on the warfighting, as I mentioned, we have—and that is what we call our objective force and our future combat system. And we are starting, as I mentioned in my comments, right from the ground as to how we want to warfight and then we come in and say, okay, here is what technology can do for you and then put the money to it.

    Mr. SAXTON. Thank you. I am going to excuse myself for a few minutes to make a telephone call that I must make, but Mr. Wilson is going to take over for me.
 Page 67       PREV PAGE       TOP OF DOC

    Mr. WENNERGREN. We each have a similar situation in that our IT budget does include a large portion of money going toward direct warfighting systems. So our approach has been one of looking at end processes. On our warfighting side, we have our FORCENet construct, which is an enterprise architectural view and operational construct to look at mission capabilities from end to end, understand those processes and then make these smart investments that will get you the systems and capabilities to meet those processes.

    Also recognizing the importance of our business systems, too, though, we have created a set of functional area managers that I mentioned in my opening remarks, and we have given these functional area managers the responsibility to look after that portfolio of applications, the entire logistics domain, the entire manpower domain, regardless of what organization originally generated a requirement for a manpower system. And by having that sort of portfolio management strategy in place they are able to make decisions that have allowed us to reduce the number of applications we have in each of our business areas.

    Each of us of course as CIOs have the Clinger-Cohen Act responsibility to make sure the investments are happening correctly, and we are able to manage and monitor that process. But as part of our restructuring effort in the Navy and Marine Corps team, we have also added in this idea about an enterprise implementation plan, detailed guidance to our commands and system buyers of what is the right type of investments to make to match our IT strategy for the future so they can know their dollars are being spent in a way that will make sure that we have a joint solution that is knowledge centric, Web based in the future.

    General THOMAS. Similarly the Marine Corps marches in step with the Department of Navy. Our requirements are clearly concept based and capabilities based and we are constantly looking for the enterprise solution. The Marine Corps has taken the lead, as some of you may know, in having the first enterprise network capability in the Department of Defense. We also have published an IT capital planning and investment strategy which for the E business side of the house lays out the ground rules for how we should do business. As a CIO, I have also laid out an IT procurement strategy. OIT procurements come through the CIO of the Marine Corps. Similarly, we stood up an information technology steering group to take and help review all of our IT purchases, ensuring that we are getting the best bang for the buck. We also initiated activity based costing so we can associate a dollar value to the IT procurements that we are pursuing.
 Page 68       PREV PAGE       TOP OF DOC

    And as the Army has done, we have implemented an enterprise architecture effort where we are developing those operational system and technical architectures that allow us then to take and understand how these new capabilities will plug into the overall architecture.

    Mr. WILSON [presiding]. Thank you very much, and at this time, I will recognize the Congressman from Minnesota, Mr. Kline.

    Mr. KLINE. Thank you very much, gentlemen, for being here. Because of my background I guess I want to talk about the Marine Corps program for just a little bit. General, you are marching in step with the Department of Navy and I appreciate that very much and I am sure you are working together very closely. You did say, however, that you have put together an IT procurement strategy for the Marine Corps, I assume. And the dollars for that—those are green dollars that you get through Marine Corps programming?

    General THOMAS. The—for the IT side of the house, that is correct, with a couple of exceptions. All of the crypto modernization is funded with blue dollars, or Navy dollars. The only other exception is that there is a small piece associated with the Navy-Marine Corps Internet that is funded with blue dollars, again, talking specifically about IT now.

    Mr. KLINE. And I am a little bit interested in your IT steering group. Who is on that?

    General THOMAS. We have representatives from the advocates throughout our departments. We have, you know, the ground combat element advocate, the command element advocate, the aviation combat element and the logistics command or logistics advocate. These are all three-star advocates. We also have representation from the operating forces that make up this information technology steering group as well as representation from the requirement side of the house.
 Page 69       PREV PAGE       TOP OF DOC

    Mr. KLINE. I like the coordinated approach there, but I am just interested because I recall so vividly now, it has been a long time ago, 15 years ago when the Marine Corps was trying to put together a strategy for modernizing—we just called it sort of computers, we needed computers back in those days. And the approach was so slow and so tedious and required winding through so many folks by the time we decided what we were going to do, everybody in the Marine Corps had gone through a couple of generations of buying computers just to get things done. Can you bring me into the modern world?

    General THOMAS. We definitely changed a great deal since then. All Marine Corps computer procurements are funded centrally now. You are absolutely correct, sir, it used to be where the commanders out there would use their Operations and Maintenance (O&M) dollars to buy computers and what we were finding was that it eventually starts to cut into readiness. We moved into centralized procurement just as we moved to an enterprise network to ensure that those resources are not impacting readiness.

    Mr. KLINE. I applaud that as long as it is fast and I assume that would apply to all the services that probably dealt with this at some way or another or some time or another where the centralized process was simply too slow. So I guess I am asking for assurances that while it is great to be centralized and have some commonality and not eat up O&M funds that could have been better used for training or other purposes, that you all feel like that it is responsive and fast enough and you don't have people sitting out there snapping their pencils and chafing at the bit saying we are 5 years behind date on our hardware or software.

    General THOMAS. Absolutely, sir. And I can tell you that the current process that we have in place is very responsive. Of course, as you know, we will migrate or we have started to migrate to the Navy-Marine Corps Internet. And again that holds the opportunity to have an even greater refresh rate than what the Marine Corps was able to program for on its own using its enterprise approach. And of course the Navy-Marine Corps Internet is a Department of Navy-wide enterprise to take in and address those kinds of issues you were talking about.
 Page 70       PREV PAGE       TOP OF DOC

    Mr. KLINE. Thank you very much. I yield back.

    Mr. WILSON. Thank you. And gentleman, I want to let you know that I have been a real beneficiary of the Web sites that you helped establish. And as a JAG officer, the JAG Web sites have been very helpful in being able to call up will forms, download them immediately, prepare wills particularly for persons being deployed recently. It has been very helpful and as you run into people between different States, it is particularly helpful, and also guidelines for rules of engagement, it just goes on and on how helpful what you are doing and how it makes all of us confident of the ability of our military.

    But I do have concerns and may have been addressed really to the first panel more, but in terms of security. Again, I am concerned about that and what safeguards are made. And as a novice in all of this, it would seem like to me that clutter itself would add to the security. And if all of the military personnel have cell phones or hand-held computers, that it would be extremely technologically difficult to penetrate or understand. Could anybody comment on that?

    General CUVIELLO. I guess I will start with like as an example our portals where people go in to do all the self-service applications to things like that. It is secured. It is triple secured, sort of like when you do your credit card for Amazon.com. Our e-mail now is all encrypted using public key encryption, using our common access card that all the Department of Defense is moving towards. And we are trying to from a—in the unclassified world use encryptions to help us out. And of course on the secure side, everybody is on the secret side of the house.
 Page 71       PREV PAGE       TOP OF DOC

    When it comes to the wireless devices, as General Raduege mentioned, we are all also moving toward the encrypted ones, using the Cryptoberry not just the Blackberry, using the Sectera and other phones that are able to be secure. And it is a regular cell phone that you can talk secret on and all these are National Security Agency (NSA) approved. As we move more and more open to the Web base, our security from cyber warfare is at risk and there are a lot of issues, and I won't walk you through all those things that we are doing in the information assurance area.

    Mr. WENNERGREN. Mr. Congressman, if I could add on to that a little bit, the power of these public infrastructure digital certificates is really central to our digital security efforts. I mentioned the common access card, the smartcard we are giving out. It has changed my experience both from a physical and cyber security aspect. When I walk in the building, I use this card not only to get myself in the building, but I go up to my office and use this to cryptographically log onto the network in a much more secure way than user IDs and passwords.

    I then use the power of these digital certificates to be able to sign e-mails to prove that it really was David Wennergren that sent you the e-mail. I can use the digital certificates to encrypt information. I can use the digital certificates to launch myself to secure Web sites so I can have a secure transaction with a Web site to do a transaction that I don't want other people to get in the middle of. And when I came out to come to this hearing I pulled the card out of the machine. It locks up and nobody else can be me.

    So as we continue to leverage the use of these certificates, we are working and talking with our industry partners to say things like, hey, you do wireless devices. If you had a smartcard reader on that device you could use the power of these certificates to add an additional level of encryption to the wireless signals.
 Page 72       PREV PAGE       TOP OF DOC

    Mr. GILLIGAN. If I could add an additional comment in endorsing the comments made by my colleagues but also adding another dimension, the specific question you focused on was the ability to in a very cluttered communications environment focus on perhaps intercepting a particular communication. And your premise is right to a degree; that is, it does get fairly complex if your objective is to try to intercept. And of course the cryptographic capabilities we are using mitigate largely against that. But one of our biggest threats now is not the intercept but is denial of service, and that is if an adversary can time the exploit of vulnerability or weakness to perhaps not compromise any information, but prevent us from using the systems that we are depending on, that can be in fact in many cases more damaging to operational effectiveness than the compromise of information. And so there are really several dimensions of cyber security that have to be addressed kind of in unison, and each of us have programs to try to deal with not just the protection of information from compromise, but protection of our systems and networks from denial of service or other attacks so that we can withstand those types of what is an increasingly frequent occurrence, as I mentioned in my testimony, where we are seeing these types of attacks.

    Mr. WILSON. What I was envisioning is we are dealing with terrorists and they appear to be sort of low tech individuals as opposed to a superpower that could monitor everything is what I am hoping we can evolve. And really in line with what Congressman Kline had already indicated an interest in, and that is you work so closely with the private sector IT virtually seamlessly and the lag time—is there a lag time in working with the developments of technology, change in technology and is there anything we can do to help you overcome any red tape or hindrances to working with the private sector?

 Page 73       PREV PAGE       TOP OF DOC
    Mr. GILLIGAN. I would echo a comment that I made in my oral testimony. Today what I find in the Air Force and I am sure the other services see as well is the most frequent avenue for attack against our systems, that in most cases, as you point out, it is from a relatively unsophisticated group is exploiting publicized software vulnerabilities in our commercial products that we get from Microsoft, Cisco and Oracle. About one a day of these flaws are discovered. They are published. They are published on hacker sites along with the software that you can use to exploit the vulnerability, and it becomes a race situation for us to go and patch these systems. Now we are talking about software programs that have many millions of lines of codes. So it is impossible for us to go through them and find out where these logic flaws are. So it becomes a discovery process of finding and patching and fixing and trying to outwit, you know, the speed with which somebody can exploit.

    I think the software industry is awakening to this as a problem, but it is something that really needs a lot more emphasis and we need to change the fundamental business paradigm that through the 1980's and early 1990's was speed to market and quality was second order of concern. Now we are reaping some of the benefits of that and we need now to change the dynamics and quality of the software. It is important for us to being able to protect our system.

    Mr. WENNERGREN. Industry partnerships are tremendously important to us and when we are able to leverage best practices in industry that is when we get our best solutions. So the only thing I would ask is your continued support of the types of initiatives we are working, like the Navy-Marine Corps Internet, which really have leveraged best industry practices to help us keep that fresh technology in place.

    Mr. WILSON. Thank you all again for your service.
 Page 74       PREV PAGE       TOP OF DOC

    Mr. SAXTON [presiding]. Mr. Wennergren, the Navy IT budget increased from 4.1 billion to 6.1 billion over a 2-year period. Given the NMCI contractor's experience of continually discovering more local systems, tell us what the Navy did to define functional requirements before you let this contract and where are you now on this.

    Mr. WENNERGREN. Yes, sir, Mr. Chairman. It is at a very important point. As we rolled out this enterprise network it has done a tremendous thing for us. Besides just the value of the contract in terms of access and interoperability, it has served a wonderful forcing function. One of the forcing functions was actually finding all those applications. When you had hundreds of disparate networks that were local and not visible, it is very easy for commands to build applications and use them locally and, you know, through no fault of their own good intentions, we would build the same applications over and over and over again. By moving to an enterprise network structure we are able to get that visibility, and it was that shock of how many applications really had developed over the course of the years that led us to this legacy applications rationalization process.

    So it has done two great things for us over the last 6 months. It has allowed us to assign functional managers that say you have to look at those 3,000 applications within your domain and work that down to a reasonable number because I don't need multiple solutions that do time and attendance.

    Mr. SAXTON. Just from a common sense point of view wouldn't it have been better if we identified these systems that we were going to integrate before we bought the system to integrate them?
 Page 75       PREV PAGE       TOP OF DOC

    Mr. WENNERGREN. That is the best approach and that is the approach that we really try for. And I think some of the things we are doing now with portfolio management and our FORCENet structure that we are actually looking at processes before we go buy new things. That is going to help us do a better job of that.

    Mr. SAXTON. You have a complicated job. General, can we talk about future combat systems for a minute? Boeing was in the other day and they brought their charts with them, and when I look at that system or the proposal for such a system, I guess one way of saying it is it makes me nervous and the reason it makes me nervous is because we become so dependent on the technology, which is very useful but does that dependence on technology worry you at all?

    General CUVIELLO. It worries me because there is a lot of unknowns out there because a lot of this technology is still sorting itself out. But if we don't move in this direction—I mean right now, today, over in Southwest Asia we are dependent on technology. Now it is current technology. There is some proof of principle and prototype technologies that we are using over there, but situational awareness, blue force tracking, being able to know where piece parts are as compared to 12 years ago, I mean the difference between 12 years ago and now is it is like a miracle. What we are trying to do is take those lessons learned and in the future be able to lighten up, lessen the footprint, and some would say trading iron for digits. Now I also have a lot of the iron guys that say, you know, digits haven't killed too many people these days, but that is all about precision. You have to do things more in precision and no longer in mass, mass fires versus precision fires.

 Page 76       PREV PAGE       TOP OF DOC
    So I believe that the technology will get there, that we will be able to take this net-centric, knowledge-based construct and architecture and then apply different kinds of weaponry to it than we have today. It is stepping out of the box. I know that is what you are referring to. But I believe that the technologies are coming along and that we will be able to do it in the future.

    Mr. SAXTON. Forgive me for oversimplifying these kinds of situations, but I have to look at them from my perspective and here is what makes me nervous. I have a sailboat and on my sailboat I have a Global Positioning System (GPS) and I have a radar and all of a sudden I found out I can feed input from the GPS and the radar into my laptop computer and buy a system, a software system to put in the laptop computer that would integrate all three systems. And every once in a while the screen goes blank and so I found out to keep my compass in good shape and to keep my paper charts on board, and I sure wouldn't want to be out in the ocean on a trip and have a storm come along and have that system crash and not have my paper charts and compass. That may be a simple way of looking at this, but that is the first thing I thought when I saw those Boeing slides of this tremendously integrated system of systems, worries the life out of me and maybe I shouldn't be worried, maybe I am just old fashioned and don't understand how this technology goes together, but that worries me.

    General CUVIELLO. It is a concern because we are not comfortable. It is all about change, change management. Sort of like when computers came in. We could not get rid of typewriters. I mean we couldn't. Well, now you try and find a typewriter, you can't find it. In our—as an example in our digitized division, the 4th Infantry Division, in the backroom they always kept the maps and the grease pencils besides these flat screen displays with all the great technology on it. I will tell you what, they are taking very few of the grease pencils and the maps with them because they are very comfortable with the kind of technology that they have and it is going to take time. And I think over time that you will become more comfortable with the situation, too. I agree, we have not stopped training map reading and compass use.
 Page 77       PREV PAGE       TOP OF DOC

    Mr. SAXTON. On the other hand, on the positive side at least from my point of view is I live next door to the AEGIS integration facility up in Morristown and we have developed a great deal of confidence in that system. So I guess it is kind of a different application of very similar technology.

    General CUVIELLO. Absolutely.

    Mr. SAXTON. Any more questions from anybody? Well, listen, thank you for being here.

    Let me ask you one other question, and I don't know whether you have input on this or not. But General, on Future Combat System (FCS) again, somebody was here to testify the other day and they happened to mention that the family of vehicles would be vehicles that would average about 20 tons. Are you——

    General CUVIELLO. Yes. That is within the framework.

    Mr. SAXTON. This isn't exactly your area?

    General CUVIELLO. Let me tell you, I sit in on enough meetings on this.

    Mr. SAXTON. I say this whenever I get a chance to say it, because I want everyone to know that we are concerned about this weight problem, and there are a couple of things that ought to get back to the right people in the Pentagon. One is if it is going to be 20 tons, then we got to buy enough big airplanes to carry them because the C–130 doesn't do it. I have been with Air Mobility Command (AMC). I have asked them for examples. I have been on board a C–130, the Stryker, which weighs real close to 40,000 pounds. I have talked to the pilots of C–130's and I have been out to Scott via telephone and received information back on how far a C–130 will fly with 40,000 pounds on board and how much fuel you have to offload the wings so you can take off on various lengths of runways, and 40,000 pounds is too heavy for a C–130 to be a functional, deployable situation. So if it is going to weigh 40,000 pounds we ought to buy enough C–17s to carry it.
 Page 78       PREV PAGE       TOP OF DOC

    The second issue is a more positive one, and that is that it appears that the Army has developed knowledge about processes to process titanium and in conjunction with titanium producers that could provide us with a huge advantage, and I guess that is probably not in your bailiwick either but whatever we can do to promote that notion would be good because it really is all part of the same system and obviously we want it to be as capable as possible.

    General CUVIELLO. Absolutely.

    Mr. SAXTON. Thank you all for being here. I appreciate it, and I know the other members of the committee appreciate it, too, and we look forward to working with you in the future as we move down the road and learn more all the time.

    Thank you.

    [Whereupon, at 5:30 p.m., the subcommittee was adjourned.]