Excellence in Leadership: DoD CIO Takai Talks IT

Protecting digital Information– Cyber security, is a growing priority within the Department of Defense (DoD).  In a June 2013 speech at the University of Nebraska-Omaha, Secretary of Defense Hagel told the crowd, “…the Department of Defense is rebalancing its portfolio of military capabilities to meet new technological challenges, especially in cyberspace. Malicious cyber attacks, which hardly registered as a threat a decade ago, are quickly becoming a defining security challenge for our time, for all our institutions. They are putting America’s economic and technological advantages and our industrial base at risk. And they threaten our critical infrastructure… the Department of Defense must continue to increase its cyber capabilities. The president and I asked for an increase in our cyber capabilities in the 2014 budget…”

One of the leaders in meeting this challenge is Ms. Teri Takai, Chief Information Officer of the Department of Defense. Chosen in 2010, Ms. Takai serves as the principal advisor to the Secretary of Defense for Information Management/Information Technology and Information Assurance as well as non-intelligence Space systems, critical satellite communications, navigation, and timing programs, spectrum and telecommunications. She provides strategy, leadership, and guidance to create a unified information management and technology vision for the Department and to ensure the delivery of information technology based capabilities required to support the broad set of Department missions.

Before Ms. Takai was pegged for OSD leadership, she was picked as CIO of California, but became nationally recognized as one of the top IT Executives from right here in Michigan where she served as Michigan’s Director of IT and Chief Information Officer from 2003 to 2008. Before being recruited by Michigan’s Governor, she served three decades at Ford Motor Company developing the company’s information technology strategic plan. Among Teri Takai’s many honors and accolades is 2005’s “Public Official of the Year” by Governing Magazine and the 2013 “Excellence in Leadership” award from Women in Defense-Michigan (WID).

During a recent trip to Washington, D.C., a team from the Michigan Defense Center sat down with Ms. Takai in her office at the Pentagon to find out how Michigan’s companies, uniquely positioned with large Fortune 500 companies and a highly skilled talent pool, can help the Department of Defense meet its cyber security and IT needs.

A backdrop of what the Defense Department is doing on IT and cyber can help clarify how Michigan’s companies can help DoD meet its cyber security and IT needs. Ms. Takai explained that the Department’s IT “ranges from desktop computers to commercial satellite communications, and includes much more. These diverse data and technologies support mission-critical operations delivered in an office environment and at the tactical edge on the battlefield.” And securing it all against cyber threats can be a challenge.

Ms. Takai said that the most important way in which her organization is working to increase the cyber security of the Department’s IT networks and systems is by achieving the Joint Information Environment (JIE). “DoD is undertaking an ambitious effort to realign and restructure the construction, operation, and defense of its IT networks and systems,” she explained. “This will result in a secure JIE with shared IT infrastructure, enterprise services, and a single security architecture that will increase our ability to secure our networks and protect DoD IT across the country and around the world.”

Achieving the JIE will also protect DoD’s digital information in many other ways, such as through compartmentalization. “We’re designing enclaves around protected data, so that when you get access to one network enclave, it doesn’t mean that you’ll have access everywhere,” said Ms. Takai. Some data within the compartments will be then be tagged and provided added defenses, enabling more targeted information access and protection. In turn, she continued, this will help ensure that the DoD’s information, information systems, and networks are protected against known vulnerabilities and resilient to threats.

In addition to implementing the JIE, the DoD CIO is working on diverse cyber security-specific initiatives. “Right now, we are moving forward with two Department-wide strategies that take new approaches to how we manage cyber defense and to how we build, maintain, and retain our cyber workforce,” she said. Ms. Takai’s organization also is working to better secure DoD’s mobile devices, like smartphones and tablets, and collaborating with other federal agencies on government-wide cyber security standards.

These are just a few of the ways in which Ms. Takai is leading the way to help meet the DoD’s complex and changing challenges of cybersecurity.  When it comes to small businesses and cybersecurity, Ms. Takai says the primary focus should be on initial access and containment & privileges.

Initial access controls are important to preventing or thwarting intrusion or unauthorized access, while containment & privileges strategies are required for countering poor data control, account misuse and unpatched vulnerabilities, and credential theft.  Accordingly, Ms. Takai offers the follow tips, courtesy of the Federal Communications Commission , to small businesses to help them  make their networks as secure as possible:

1. Train employees in security principles. Establish basic security practices to protect sensitive business information and communicate them to all employees on a regular basis. Establish rules of behavior describing how to handle and protect customer information and other vital data.  Clearly detail the penalties for violating business cybersecurity policies.

2. Protect information, computers and networks from viruses, spyware and other malicious code.  Install, use and regularly update antivirus and antispyware software on every computer used in your business. Such software is readily available online from a variety of vendors. Most software packages now offer subscriptions to “security service” applications, which provide additional layers of protection. Set the antivirus software to automatically check for updates at a scheduled time of low computer usage, such as at night (midnight, for example), and then set the software to do a scan after the software update.

3. Provide firewall security for your Internet connection. A firewall is set of related programs that prevent outsiders from accessing data on a private network. Install and maintain firewalls between your internal network and the Internet. If employees work from home, ensure that their home systems are protected by firewalls. Install firewalls on all computers including laptops used in conducting your business.

4. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden. To hide your Wi-Fi network, set-up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). In addition, make sure to turn on the encryption so that passwords are required for access. Lastly, it is critical to change the administrative password that was on the device when it was first purchased.

5. Limit employee access to data and information, and limit authority to install software.  Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

6. Regularly change passwords: Passwords that stay the same, will, over time, be shared and become common knowledge to coworkers and can be easily hacked. Passwords should be changed at least every three months.