Navy elevates CIO role

The new plan is to establish a special assistant to the secretary for information management/chief information officer with broad authority over technology, data, digital strategy and cybersecurity, Navy Undersecretary Thomas Modly announced on a conference call with reporters Aug. 16.

There is a candidate set to accept the position, but Modly declined to name the individual because the hiring paperwork is not complete.

Modly has been serving as CIO in addition to his duties as undersecretary and chief management officer for the past 20 months.

The shift comes in part as a response to a scathing cybersecurity review released in March that recommended the Navy improve top-down governance by naming a CIO to take control of cybersecurity standards, to have approval over IT acquisition and to report directly to the secretary of the Navy

"I don't think anyone had any major arguments with the findings from the cyber study and the need to sort of develop a broader strategy, a more integrated strategy between the Navy and Marine Corps and across the department," Modly said on the call. "I sure hope that no one thinks this is just a refresh of what we've done before, because it's not."

The old Department of the Navy CIO organization "was more of a compliance shop and less proactive in developing strategy for the department," Modly said. He's looking to the newly elevated CIO to be more strategic.

The new office will be in the Pentagon's E-ring -- to convey its importance -- and will have a staff of 15 to 20. Additionally, the Navy will be hiring four senior leaders to run directorates inside the new CIO shop: a chief technology officer, a chief data officer, a chief digital strategy officer and a chief information security officer. Marine Lt. Gen. Lori E. Reynolds and Vice Adm. Matthew Kohler are being tabbed to serve as deputies in the new office but will maintain other roles and responsibilities.

Modly said the Navy hopes to attract private-sector talent to the four director slots. Special pay authority authorized by Congress allows the Navy to offer pay in certain special areas to 1.5-times the salary of the vice president. That puts potential compensation above $300,000. While that salary alone might not entice a top cyber professional to leave a job at major bank, Modly said he expected to find candidates motivated by "patriotism, fascinating elements of the mission itself and the complexity of the challenge."

So far, there are no plans to seek congressional authority or legislation to support the new organization. The funding and basic roles are already in place, Modly said. "We are not adding a huge staff here at the corporate headquarters," he said. "We are moving pieces around on the chess board."

One of the major challenges of the new office will be to figure out how to improve cybersecurity across the defense industrial base. The March Cybersecurity Readiness Review was pitiless in its assessment of the weaknesses of contractor systems. "For years, global competitors, and adversaries, have targeted and breached these critical contractor systems with impunity," the report stated.

On the call, Modly noted that a key priority is to get second- third- and fourth-tier suppliers to enforce stricter cybersecurity standards. Modly said that Chinese, Russian and Iranian adversaries are able to access leaky vendor systems and obtain information that, while not classified or critical to national security, can be combined with other sources of information to give rivals a clearer picture of what's going on inside the service. He floated the idea of working with the supplier base to build an IT solution hosted by the Navy that could be offered to vendors as a way of managing sensitive or controlled data.