United States Department of Defense United States Department of Defense

News Transcript

Press Operations Bookmark and Share

Transcript


DEPUTY SECRETARY OF DEFENSE HAMRE SPEECH FORTUNE 500 CIO FORUM, ASPEN, CO

Presenter: Deputy Secretary of Defense John J. Hamre
July 21, 1998

Secretary Hamre: Thank you, Peter (Petre, Executive Editor, Fortune Magazine) You're very kind. And I appreciate being invited to come out to be with all of you. More than anything it is great just to get out of Washington, to be blunt. (Laughter.)

Let me apologize at the outset. I did have a speech prepared to give you, but this morning, I had a very interesting experience on the way. I stopped at Cincinnati to talk with folks at General Electric who do engine work to learn about how they're doing six sigma. Frankly, that visit changed a lot of my thinking. On the flight here from Cincinnati I re-wrote my speech and so I'm afraid you're going to get a much rougher product. I'm going to try to bring together a number of different strands, talk both about our war fighting side as well as our business side and how we use information technology. In the process I hope to give you a sense of what we're facing.

First, by way of introduction, and as Peter said, I function as the chief operating officer for the Defense Department. Let me, if I may, give you a sense of the size and complexity of this organization. As Peter mentioned, it's a large organization. We have 1.4 million men and women who serve on active duty in the uniformed services. And about 800,000 civilians that work for the department. Every year, we recruit about 200,000 new people to join the armed forces. And we separate about 220,000 people. So about 30% of our organization is either coming or going every year. We are spread out all over the world, as you know. We have about 250 major installations. We operate 550 public utility systems, everything from gas, water, electricity, and natural gas distribution.

We support one of the largest school systems in the world. We have 126 high schools and elementary schools. We are the world's largest daycare provider. (Laughter.) Seriously, we have 300,000 kids that go to Department of Defense day schools--daycare centers-- because we've become a very different military over the last 25 years. Twenty-five years ago, we were a conscript military composed in large measure of bachelors. Today, it's very much a married military and lots of single parents. And you've got to reassure parents that somebody's going to be taking care of their kids if they get mobilized on short notice. So we spend substantial sums on daycare. We're the largest daycare provider in the world.

We have 28,000 separate computer systems that we're tracking for Year 2000. Twenty-eight hundred of them are mission critical. I used to be the comptroller, so I'm a little more familiar with some of this, but we cut 5 million paychecks a month. We cut about 400,000 bonds every month. We pay about 600,000 travel vouchers a month, 800,000 contract actions a month. Out at Columbus, Ohio, where we do our large contract management administration, we have about 390,000 contracts under administration. We disburse about $43 million an hour. (Laughter.)

We sustain operations in every time zone. There isn't a time zone on the planet that we don't have military personnel operating someplace. Today, there are about 115,000 military personnel who are deployed. And that's in addition to the 200,000 who are permanently stationed overseas. We operate over 400,000 vehicles-- everything from sedans and buses, to the street sweepers we use to clean runways, to combat vehicles to tanks to armored bulldozers.

As an organization, one of our real challenges is to manage about 70 years worth of technology at any one point in time. We operate, on a daily basis, aircraft that were designed back in the early '50s and we still have to maintain them, buy spare parts for them and keep them updated. At the same time, we are working on research and development programs for systems that won't be fielded until 2015-2020. Managing that spectrum of technology is a real challenge.

In information technology, we operate some of the most advanced computers. And yet, just last year, we moved a bunch of Burroughs punch card readers to a new mega center because we were still operating punch cards for some business applications. So, it's an astounding spectrum of technology that we try to manage. It is, I would argue, not only the largest, but probably most complex, organization in the world.

Now, this is an organization that has had its budget cut for 15 consecutive years. In part, this is understandable. The Cold War is over, and I don't think it's inappropriate that it is reduced. But our budget is about 46% smaller than it was in 1986. We've undergone significant reductions. This is, as I mentioned, an organization that is operating at 46% of its budget resources only 12 and 13 years ago, has a third of its personnel coming and going in any one year and is still able, within a month, to send 60,000 people to the Persian Gulf along with 400 combat aircraft and 500 cruise missiles and could carry out war tomorrow if we had to.

So, I say that to frame an observation and a dichotomy: I firmly believe that we are a world class organization in what it is we're supposed to do, which is to fight and win wars. There isn't anybody who is as good as we are. But I've also got to be honest and say we're a second sigma organization when it comes to business practices. And that's the curious dichotomy that I see and that I'd like to talk with you about today.

First, let me briefly discuss the war fighting side of the house. We have been engaged in an unprecedented change in the way we think about warfare. It's been going on for some time and it's ready to enter into a much more sophisticated dimension. It really took off in the late '70s and the early '80s when we were starting to bring microprocessors into weapons systems. That probably wasn't as revolutionary as was the revolution in training technology that we developed in the late '70s and into the early '80s. And that's been, I think, far more important, frankly. Most of the senior commanders in the Persian Gulf have said that we could have switched equipment during Desert Storm and still beaten the Iraqi's, just because of the people and the skills that we developed over that time. For us, training technology, growing our most important asset, people, is by far the most important thing we do, more important than the hardware that's sitting out on a ramp.

So for what we're supposed to do, we're a world class organization. And I've got to tell you, frankly, we're getting better. Dramatically better. We're already without peer. I know this sounds boastful. I don't mean it to be that way, but we're already without peer as a fighting force and ten years from now, we're going to be, I think, significantly stronger. Let me give you an example.

We are on the edge of breaking through in what we call network-centric warfare. I'm sorry, this is a little blunt, a little coarse, but we are in the business of destroying things. In warfare we try to do that in a very focused way without doing lots of damage to things that you don't want to destroy. We've done that before by largely putting very lethal and accurate capabilities in the hands of whoever was doing the shooting at the time. We're now moving into a much more interesting and highly leveraged dimension where the person that launches the missile doesn't have to see the target. We're going to be sharing information across a network and still be able to attack and destroy an opponent. This dramatically improves the survivability of our own forces, of course. It is going to be revolutionary. The situational awareness that will be on our side of the battlefield will be three or four orders of magnitude better than our opponents.

This really comes from the way we've brought information technology into the core of war fighting. For example, we are examining technology that is not with us today, but I don't think it's many years away. We will have a device about the size of a watch that will be worn by our average soldier that will monitor vital signs. When a squad is deployed at night, the sergeant doesn't have to wonder if a private has fallen asleep in a foxhole. He can see it on a monitor. If one of our soldiers got hit, you don't necessarily have to send out a couple of guys to try to get him and find out that he's already dead and then put more lives at risk when you're in a firefight. It's that kind of knowledge and that kind of skill-based control that we're going to bring to the fight that will be without peer in the world of warfare.

We're doing this with a very systematic application of information technology and warfare. It's really unbelievable the way it's happening. While just now a prototype, we're putting computers on-board airplanes along with pilots that serve as a copilot for all practical purposes, giving that pilot extra situational awareness, queuing and advice. We're going to be able to put inside a tank a monitor with a graphic picture of the entire battlefield for that tank commander. You can't imagine how limiting your perspective is when you're inside a tank, buttoned up, bouncing all over, maybe wearing chemical protective gear, trying to have some idea where the enemy is and where your own friendly forces are. Now the tank commander is going to be able to look at a computer screen and see the full battlefield. It's going to be absolutely revolutionary for what we can do.

In the past, the dilemma of warfare was always how to bring mass together for its effect over your opponent without giving your opponent lots of targets to shoot at. lt is the classic dilemma. One of the reasons there were so many casualties during the Civil War was because firepower technology had gone so much further than communications technology. We were still massing people close to each other, side by side so the soldiers could hear shouted orders. Firepower technology had advanced, however, so that cannon could mow people down. That's why there were so many casualties in the Civil War, because communications technology still relied on people standing close enough to hear an order. We're now going to be in a wholly different world where people don't have to see each other and yet, they can operate together as a combined arms team. It's dramatic what we're going to be able to do.

Now, I contrast that with where we are in our business operations. Our employees are working very hard trying to make the system work. But I'd have to be honest and say that we're a second sigma organization for most of our supporting structure. We are still largely dominated by stovepipe organizations. We automated our stovepipes and thereby reinforced their bureaucratic rigidity. Does this sound familiar? (Laughter.)

And of course, what happens? When you automate manual processes, you then have to invent interconnections to get them to work together, right? And of course, those are all basically failure points in a system. So, on the average, between a decision to buy something and getting a check out the door, it takes 105 paper transactions in the Department of Defense right now. We've glued together lots of different, old-fashioned, manual procedures that were designed during the '50s and '60s and '70s that have all been automated. We are an enormously paperbound organization.

When I was the comptroller, I was responsible for all the finance and accounting operations of the department, and that included our disbursing operations. I mentioned our finance center out at Columbus, Ohio. We have about 3, 000 people there cutting checks to all of our vendors. They are administering 390,000 contracts. It takes 15 linear miles of shelf space to hold the contracts. When we sign and issue a contract, we print on the average 17 copies of the contract. One of them goes to Columbus. So we've got miles and miles and miles of shelf space every place, administering what's in essence a paper-bound system.

The first time I went out to Columbus, there were great big sorting wheels just to sort the documents that were coming into the mailroom every day. This is 1930's office technology, but that's kind of where we were.

I find these two phenomena very curious. We are so advanced in some areas it just would dazzle you to see some of the things we can do. I can walk into the Pentagon, go down the hall and see real time video footage of a camera taking pictures over Bosnia. It's startling some of the things we can do. And yet, I go to places where we're still using 1930's sorting wheels for the documents.

These phenomena are related in a very important way. As I said, our budget's been cut now for 15 years. We happen to think we're absolutely at rock bottom. But I don't know that there's a lot of support for dramatically increasing our budget. So if we're going to be able to sustain the kind of war fighting modernization that we need for the future, and we're currently not buying enough things for the long term modernization of the department. We're going to have to create our own spending power. And we're going to have to do that by shaking loose dollars out of the support structure of this department. Too much of our scarce resourse is being consumed by old-fashioned business practices.

When Secretary Cohen came in a year ago, I was the comptroller, and he said, "We've got to do something about this." He put me in charge of an effort to try >to come up with ways to bring in modern business practices. There are four basic things that we're trying to do. The first is to streamline our headquarters operations. We cut out about a third of the direct office supporting the Secretary. There were actually 3,000 people who were involved in that, and we've cut out a thousand of them. We've cut back about 30,000 out of our defense agencies, our support agencies. We're trying to launch a wide set of changes in our business practices and I'll describe a few of those in just a moment.

Second, we're trying to compete government jobs against the private sector. We've done about 2,000 competitions. This is governed by a process called the A-76 process, a circular that OMB maintains. We know that when we compete jobs head to head, on the average, the government wins half of the time and the other half of the time the private sector wins. When the private sector wins, the savings are usually about 40% and when the government wins the savings are usually about 20%. So we know we can save substantial sums. We intend to compete 200,000 of our jobs over the next four years and try to shake dollars out of the system. We will generate, when we're finished, annual savings of over $2.5 billion.

Third, we need to close bases. We've gone through four rounds of base closures. We're still doing base closures from those 4 rounds. But we still have to go for another couple of rounds of base closures. This has not been gladly received by Congress. We did not get permission to proceed. I don't know what we're going to do exactly, but we have too much physical infrastructure that we're having to support. We're going to have to figure some way to streamline that physical infrastructure because it's taking dollars away from what we really need it for, which is modernization of programs in our war fighting.

Within our bases, we're trying everything we can to shrink infrastructure. We're going to, over the next four years, knock down 8,000 buildings that we consider obsolete. We will break even on the fifth year. We've got a lot of old structure, going back to World War II. The phenomena is if you've got a building and you've got heat going into it, people move into it. (Laughter.) So we are knocking down old buildings.

We would like to try to privatize all of our utility systems over the next five years. We have, as I said, about 550 utility systems. Now, some places, that's very plausible- San Diego, Norfolk. But you get into the middle of the desert, it's probably not very plausible that we're going to be able to do that. But again, we're on a detailed plan to try to privatize our utility system.

The fourth dimension of our plan involves new business practices I will cite only a few examples. For example, we're trying to move to what we call a paper free acquisition environment. I described to you a current system that is enormously paper-bound, 15 linear miles of shelf space devoted to contracts at our finance center. We found some very innovative ways to do that. We're essentially shifting over our acquisition system to an Internet-based system. We had some clever folks who said, "You know, before that contract ever turned into paper, it was electrons on it's way to a printer. If you can intercept those electrons and drop them in a server, you can access them with standard search tools and get enterprise-wide imaging, you know, on the cheap." You don't have to buy all those scanners if you can find a way just to borrow the electrons at the outset. One of the advantages, of course, is that you don't have to have everybody come on board the system to get an enterprise-wide solution. People can get on board it when they want to and when it's in their purposes. We'll break even just with file clerk costs alone in the first two years. We're making very good progress on this. We're probably posting thousands of contracts a month, never printing the contract.

We've been able to shift over to a paper free process for our technical drawings-about 65% of all of our technical drawings, and we have a lot of them. We have 5 million items in our active stock list that we're buying from industry. Many of them have to have technical specs behind them for competition. Now, 68% of them are only in electronic format and we only compete them in electronic format. So, we're trying very hard to shift over to this sort of a world.

I think some of the greatest promise lies in some of the new, but not exotic, technology. For example, electronic malls. We are now shifting over in a very dramatic way to using electronic malls. It's not just cheaper, but it's a revolutionary way of approaching acquisition. Electronic malls are "democratizing" the acquisition process. Rather than process low value contracts our acquisition professionals are developing the underlying contractual instrument for the acquisition. Then you turn it over to a first sergeant and let him buy his own batteries or his own spark plugs. We don't have to have an acquisition system that's buying it for him and then a finance system that's paying the bill later on. You know, we can integrate all that together into one instrument. For the first time we now have a department-wide electronic mall. Today they are limited. We have virtually all our food stuffs [on-line], and, when you feed 1.2 million people a day, there's an awful lot of food in the messing system. So it's having dramatic implications already.

Now, where are we with this agenda? I'm very gratified at the progress that we've made, but it is still slow. I think if I were to give us a grade, I'd give us a B+ on effort and a B- on progress. You know, we're doing better than, I think, the average but we have a long ways to go. I think there are a lot of promising, leveraging technologies that we are putting in place. We've got a lot of building blocks for dramatically improved performance. But we're still fighting organizations that know the old way of doing business and don't want to give it up. We're having to find ways to push them over the edge to adopt new practices.

Let me shift now to a new subject. I'm actually going to give you two speeches today. This is the end of the first one. I'll be honest, I'm campaigning here. And I want to talk to you about information security and infrastructure protection.

This country is wide open to attack electronically. A year ago, concerned for this, the department undertook the first systematic exercise to determine the nation's vulnerability and the department's vulnerability to cyber war. And it was startling, frankly. We got about 30, 35 folks who became the attackers, the red team. We gave them enough money to go down to CompUSA or where ever. They only could buy computers off the shelf. They were given no special software. The only software they were allowed to use was stuff they either develop themselves or they downloaded from hacker web sites. They spent three months getting ready. We didn't really let them take down the power system in the country, but we made them prove that they knew how to do it.

Now, why are we so vulnerable as a country? We're vulnerable because of the enormous productivity improvements that we've sought through information technology in the last 20 years. You're familiar with the SCADA system,

Supervisory Control And Data Acquisition Systems? These kinds of systems are used to control physical networks, for example remote switches on a power grid that will open additional switches or bring on new transformers or sensors, valves and pumping stations that are used to regulate the flow of oil through a pipeline. These systems are used for water irrigation systems in the west. America's infrastructure is being run now through these Supervisory Control And Data Acquisition Systems, SCADA systems. They're commercial systems.

Increasingly, American business, in order to save money and to shed itself of the cost of proprietary networks, is moving these systems onto an Internet-based communications network. So we're finding increasingly, America's business and utilities are controlling the infrastructure through a technology that was never designed with security in mind.

The Defense Department, is surprisingly vulnerable, too. The reason is that over the last 10 years, we have been dramatically shifting our infrastructure over to commercial structure rather than government-owned communications systems. I remember the first time I ever went out to Strategic Air Command 15 years ago. You'd go out there and there'd be five phones sitting on the desk-- a gold phone and a red phone and blue phone and all this kind of stuff. They were all government-owned phones and government switches and government-unique lines. We had our own system. Well, we don't do that anymore. Ninety-five percent of all of our communications now is over commercial systems and networks. And one of the things that surprised us during Eligible Receiver was the degree to which we had become vulnerable to penetration because we were riding on these networks.

Now, this brings me to my bottom line here. I understand this is a bit controversial, but ultimately you are no different from us. You are going to increasingly do your business over a media that was never designed with security in mind. It was designed as a research tool. We in DoD invented it. It was designed as a research tool. And the protocols are wide open. Everybody knows how to plug in. That's why it's so powerful now in business applications.

So how do you provide security in an environment and a media that inherently is insecure? Many things are required, one of the things that is essential is encryption. Now, I know this is a hot debate and part of the discussion I had with Peter while we were waiting was the issue of encryption. Peter's first question was, "Are you with law enforcement or are you with commerce?" This is the debate that's occurring in Washington. It isn't exactly analogous to Justice versus

Commerce. There are law enforcement concerns and Justice and the FBI are responsible for those. We want them responsible for those. Then there are economic response concerns and frankly, civil liberty concerns. Those are contending values of equal importance in our democracy, equal weight, in my mind. I do not believe that it's more important to protect ourselves against terrorists if it means it comes at the expense of civil liberties in the United States.

But I also don't believe that civil libertarians or cyber libertarians have a right to say we as a government have no responsibility to protect American society against criminals or terrorists.

We're going to have to strike a balance here. I personally believe that the debate of whether America's government is threatening our civil liberties is a fraudulent debate. We've never proposed anything that was any different than the mechanism we use every day to balance privacy versus law enforcement and security. Our police don't break into people's houses without a search warrant. We know how to protect America's privacy, and we know how to safeguard civil liberties. There's a very real reason we fought wars--for these values, these civil liberty values.

We know how to balance them in this country, and we know how we'd balance them as well in this area. And I think that, frankly, the debate that's emerged has been a fraudulent debate, I hope I don't offend people when I say this. We know how to protect the individual and society in America.

Now, you may say that that means I'm siding with law enforcement. I'm not. I think that it's impossible to find a technical solution to this problem. But I do think it's essential we find technical solution for protection if you're going to operate through the Internet.

Our position in the Department of Defense, and I frankly think it should be your position as well, is that if you're going to operate through these public, insecure modalities, you have to secure yourself And you have to do that through encryption. But I've also got to say the most dangerous thing in the world for us as a war fighter is to get an encrypted message that's a spoofed message. There's an impression of authenticity that comes with an encrypted message. You have to be able to determine the validity of the individual who is sending it to you.

Now, from a business standpoint, I can't imagine any of you as business people who would turn over to your employees the right to spend your dollars or cut checks or ship technical information and not require those employees to leave an electronic fingerprint on it when they do it. It's a basic premise of internal control.

So your interests and our interests are no different. What it leads me to say is that I'm not picking sides between the law enforcement community and the commerce community, as it were, in this debate. I'm saying we have to go right down through the middle. We have to protect ourselves in this environment and it's got to be with encryption and some form of security management, key recovery in our case. But we're going to make it voluntary. It's our choice and we're going to buy it. We're not going to ask that it be mandated through law on anybody. We're going to pay for it. And we've entered into contracts with a number of companies to help us develop a security infrastructure. We'll get the first one running this fall with Netscape, and hopefully, it'll be operational in October.

But I'm telling you, this is something that you've got to do for own companies and it's something we all have to do, frankly, for the country. It's in your narrow interests as company executives and it's in our broader national interest to do this. And I would ask you to step past this debate that we're having on cyber liberties versus law enforcement. We're going to have to get to a more sophisticated understanding of this problem, and we don't have a lot of time.

I'm going to stop there and I hope that I've stimulated enough interest that there might be some questions.

Additional Links

Stay Connected