On Point: Q&A With Raj Iyer

Raj Iyer, Army chief information officer, advises the secretary of the Army, setting the strategic direction and objectives for information technology and information management.

What are your biggest accomplishments as Army CIO so far?

It was important to establish a vision and strategy for digital transformation across the Army, and we accomplished that through the Army Digital Transformation Strategy. The strategy was important to align Army priorities and achieve unity of efforts across the Army—strategic, operational and tactical, and across all three components—Active, Guard and Reserve.

We implemented several foundational initiatives to support digital transformation. In the last year, my office worked to establish fully accredited cloud environments for various cloud service providers, making it easier for users to access and deploy within the Army’s cloud ecosystem. Additionally, moving many of our existing applications to the cloud makes them more reliable and available to the broader force, ultimately improving the user experience.

We also worked diligently to deploy the Army 365 collaboration suite, enabling remote users to work together more purposefully with information sharing tools. Overall, this makes us more versatile as a force and postures us to work as a team, whether located together or globally dispersed. At almost one million users, this is one of the world’s largest Office 365 implementations.

Furthermore, we made tremendous strides in meeting the secretary’s objective to transition to a data-centric Army. We established a world-class data platform called Army Vantage that enabled over 35,000 users worldwide to democratize data and analytics at echelon to support mission needs.

What is the Army doing about the poorly defined cybersecurity requirements for weapon systems?

We are currently implementing a new Cyber Readiness Framework for readiness of weapon systems owned by units from a cybersecurity risk perspective. We are also reestablishing the CIO’s oversight authority through the Clinger Cohen Act to ensure cybersecurity using zero-trust principles is built into weapon systems acquisition. Finally, we are holding system owners accountable for remediating known high-risk vulnerabilities. Systems can lose their authority to operate on the network if the risk levels are unacceptable in today’s threat environment.

Why are they still poorly defined?

We developed many policy and guidance documents that improve our weapons systems cybersecurity, though the guidance usually does not specifically address the ways in which acquisition programs should include cybersecurity requirements, acceptance criteria and verification processes in contracts. So, this is a shortfall for us, and we have to get better at writing this language into our contracts and following through with oversight to make sure our weapons systems are hardened and compliant from a cybersecurity perspective. Also, program managers need to acknowledge that cyber threats are not static and develop requirements for continuous monitoring so that programs can react quickly to dynamic threats.

What progress has the Army made inimplementing zero trust?

The Army is well on its way to achieve zero trust; however, this will be a continuous journey for us. We are actively modernizing our identity, credential and access management system. We are focused on building strong trust relationships between users, data and systems, which will give us greater all-around fidelity.  

Additionally, implementation of comply-to-connect is underway to ensure each endpoint is properly configured before it is allowed to connect. If not, automated solutions will correct the security posture appropriately.

Several other efforts are underway as part of the modernization of our unified network and are being integrated under our zero-trust implementation plan.

What results from Project Convergence will most impact warfighters?

Project Convergence has shown us the importance of being data-centric and how we can achieve decision dominance when we integrate data in innovative ways. It also highlighted the importance of ensuring systems can talk to each other using open standards and the need to acquire systems that comply with open architectures. Finally, Project Convergence is beginning to assess how we fight in the future leveraging data as our new ammunition through combined joint command and control.