Former DoD deputy CIO Carey sees future of cyber in identity, data

Thursday - 5/29/2014, 11:36am EDT

Rob Carey, former deputy CIO, Defense Department

Download mp3

Rob Carey spent 31 years in federal technology, but his "wow" moment came toward the end of his tenure.

In 2006 and 2007, Carey, a Navy reservist, deployed to Iraq to work on technology and communications. He worked in a command center with 50 big-screen TVs, each relaying in real-time or near real-time data to help leaders plan and conduct the day's mission.

Robert Carey

"That's when it hit me, this information technology thing really is pervasive. There isn't something else out there," said Carey, who recently retired as the principal deputy CIO at the Defense Department and now is the vice president and general manager for cybersecurity at CSC. "This is how we manage everything we do in DoD. [Everything] is running on the backbone of the network, which then leads you to believe you need to secure it, you need to usher it and you need to do many, many more things to make sure what shows up on the screen is trusted, assured information because at some point you will be committing lives to operations that are built upon information coming off this thing called the network. Prior to that, you see all the incremental evolutions from the big 10-inch floppy drives to the 7 inches to the little 3˝ inch disks to the 100 megabyte drives to the whole evolution of the PC. But when you see it in practice and you see the consumption of the generation engine coming from 100 different sources you really start to believe that this is how organizations, whether they be government, military, industry or whatever, their whole business sits on the backbone of the network."

He said 10 or 15 or even 20 years ago, IT wasn't considered fundamental to the business, but rather a one-off.

Carey said over the course of his career, which started in the early 1980s writing reports using green screen computers and printing them out on dot matrix printers, every new and shiny technology that came to DoD was taken over by another new and shiny technology that offered even more potential capabilities.

But Carey said along with his experience in Iraq in the mid-2000s, the introduction of BlackBerry devices when he worked for the Navy's CIO office was the other seminal point during his IT career.

Carey said his first BlackBerry was one of the 957 models that many considered toys. But after the 90-day pilot, employees didn't want to give them up.

"Now you knew that the ability to send email and make phone calls from a portable device and not slaving the employee to his or her desk was a game changer," he said. "The era of mobility started some 14 or 15 years ago, and look where we are today. We take it for granted that we have a computer on our belt."

These experiences are part of the reason Carey decided to focus on cybersecurity over the last decade or so of his federal career and why he decided to take a position in industry that is all about information and network assurance.

At CSC, Carey has the latitude to solve cyber problems for federal, state and local government organizations as well as providing a short and long term vision of where cybersecurity is heading in the public sector.

"It's all about the data," he said. "It's about the information. The role of the CIO has been traditionally been that of nearly at CTO, run the hardware, run the network, run the boxes, but it's been less about how does the information help us further mission, and how can I now because of the threat landscape protect the data in an era I didn't have five years ago? We had cybersecurity or information assurance, now we have a threat that is going to be with us for the foreseeable future, and it will only get more complex and more capable ergo the investments to protect information will have to follow suit."

Carey said government is recognizing identity management and attribute-based access control needs attention to keep information on the proper side of the firewall and for mission support needs.

After 31 years in government, Carey said the one area he'd address if he could was the gulf between CIO responsibility and accountability.

He said some organizations have it and some do not, and some secretaries who trust and have confidence in their CIOs and some who do not.

"I think we need to reconcile those kinds of things. Federal IT has got to be woven in under the CIO and be made accountable and responsible for outcomes," he said. "We have varying degrees of that across the federal government. I just think it needs to be more coherently delivered."

RELATED STORIES:

DoD deputy CIO Carey to retire

DoD's revised cyber policy to shift toward governmentwide standards

PM-ISE shepherds secure data sharing tool from validation to expansio