Steve Grewal, the Education Department's chief information security officer, joined Federal News Radio on March 6, 2014, for an online chat.
Grewal answered questions about his agency's new security operations center (SOC), the cyber workforce, and challenges with security at the agency. View an archived version of the chat.
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Ask the CIO
NNSA IT transformation taking 3-step approach
Thursday - 3/15/2012, 8:55pm EDT
Federal News Radio
Robert Osborn wasn't brought into the National Nuclear Security Administration because he spent his entire career working with nuclear technologies. Rather, the agency's chief information officer is there because he knows how to make change.
Osborn is transforming the agency's technology infrastructure with a three step-approach: improve and modernize the network, create a joint cybersecurity center and create a cyber science laboratory.
"When I first got here a year ago, I spent 100 percent of my time on strategy," said Osborn, who retired from the Marine Corps after 27 years and was the deputy CIO at the U.S. Transportation Command before coming to NNSA. "Now, I'm more focused on operational."
Cloud of clouds
At NNSA, which is a bureau of the Energy Department, Osborn is building a cloud of clouds. It's a three-part network transformation to include virtual desktop services to let employees use any device to access data from anywhere at any time.
The second part of the network vision includes a cloud for laboratory and research workers and one for the planning and production environment.
"Those three environments have some unique requirements, and fundamentally they handle different information and collaborate with different groups of people that they have to accommodate," he said. "Rather than just try to have a one-size fits all or to federate between architectures, which in my experience has a very low probability of success and a very high cost, we decided to embark on a cloud of cloud approach where we take advantage of all the promise of the hybrid cloud and we allowed the practitioners in all three groups to define what their architectures look like."
NNSA is rolling out the federal or employee cloud in 2012, and is in the design phase for the other two programs.
"When we decided to do the cloud of cloud approach, we were trying to understand what is the best technology for our applications," Osborn said. "We wanted to take the approach of which application of that works for us from the perspective of security, accessibility and the ability to create an independent for our different sectors, laboratories, plants and federal workforce."
He said NNSA will use a hybrid cloud for all three, which means partitioning off a segment of a public cloud provider's offering that is just for the agency. The vendor is doing the management and operation of the technology, but NNSA owns the data and sets specific security and privacy standards.
Osborn said along with the virtual desktop, employees will receive infrastructure-on-demand capability so they can implement applications in a cloud that has been certified, accredited and provisioned.
"The other part is the one DOE network we are creating," he said. "We need big pipes, a lot of video we are throwing around now with desktop video capabilities, and we are harnessing the power of our science network in a true collaborative fashion across our entire enterprise so we have a nice big infrastructure to handle the downloads that we will be throwing at it."
Osborn also said NNSA is looking at voice-as-a-service approach, which is an integrated communications capability that includes collaboration and social networking.
Cybersecurity a top priority
The second and third parts of the transformation focus on cybersecurity.
NNSA is creating a joint cybersecurity center, which helps the agency understand the health of their network, systems and data.
"Today we have three disparate organizations that look at cybersecurity for us," he said. "The director of NNSA intelligence directorate, the DoE CIO Mike Locatis and I came together and we agreed there were great efficiencies to be gained and a real uptick in effectiveness by co-locating and integrating those three organizations."
The Joint Cybersecurity Center will provide cross-collaboration capability between DoE and the labs as well as better integrate existing data on cyber threats and vulnerabilities. Osborn said he expects the center to reach initial operating capability by the end of the 2012.
The cyber science lab will bring together the research and develop capabilities of the DoE national laboratories to create a virtual environment to share and collaborate on how to protect systems now and in the future.
Osborn said one theme throughout the transformation initiative is partnership. He said he's working with Locatis on enterprise services that would be based on the cloud of clouds, including the one voice capability.
Facing cuts, Energy IG recommends sweeping changes