Mike Gruss, Editor-in-chief at Sightline Media Group has eyes on news related to all things DOD. He and his reporters are asking the smart questions when it comes to government defense technology. IT savvy leadership, user experience, and gamification are just some of the topics Mike unpacks in this episode of Tech Transforms.
Episode Table of Contents
- [00:38] The Biggest Trending Topics in Government Technology
- [09:11] The Lethality of Government Technology
- [20:05] Predictions for Government Technology in 2022
- [31:22] How the Government Technology Is Put Together
Episode Links and Resources
The Biggest Trending Topics in Government Technology
Carolyn: Today we get to talk to Mike Gruss, editor-in-chief at Sightline Media Group. He’ll discuss some of the hottest topics in the IT industry. Sightline Media Group is the leading news organization covering military, defense, public sector, federal technology, C4ISR, and cyber defense. Today, Mike unpacks some of the biggest trending topics in government technology. We also get his perspective on the DoDs advancement in technology.
Mike, I love having you on the show because you have such a broad knowledge. You really have your finger on the pulse of what's happening in the government. So you're over a lot of publications. Can you tell our listeners briefly about your role as editor in chief of Sightline Media Group and the different publications you oversee?
Mike: Sightline oversees a number of brands, as you mentioned. I like to think of us as the largest national security newsroom in the country. We have two or three different buckets that our publications fall into. What we've really concentrated on the last year or so is working collaboratively across the newsroom. You may recognize specific brands, but I think our reporters are working across several brands or across the newsroom.
There's the military times brands, which are Military Times, Army Times, Air Force Times, Navy Times, and Marine Corps Times. Those are geared toward the troops and you'll see those publications, obviously online. They're available at commissaries, and then there's also our business to government groups.
What’s Happening With the Government Technology
Mike: Those are publications like defense news, which covers the defense industry and what's happening at the Pentagon and on Capitol Hill, the business and politics of defense acquisitions. And also C4ISR net, which focuses more on that network warfare aspect of the defense industry. The last publication we have is Federal Times. It focuses on the federal workforce and what they need and what's happening there on a day-to-day basis.
It's a lot, but we have a really passionate and skilled newsroom that thinks hard about these issues. They work really hard to get scoops up and to get enterprise news stories that will help people understand what's happening at their job and make better decisions every day at work.
Carolyn: I love the specialization. Obviously, you get a lot of stories that are going to be broad across. But when you take it and get specific to the mission of the different branches and the different missions, I really appreciate that.
Mike: I don't like to use the word expert because I think it's overused. But I'd say all of our reporters have a tremendous amount of knowledge in their field. They work really hard to ask smart questions, to be able to explain issues clearly and to know the nuances. I think that comes through in our reporting.
Carolyn: I definitely agree and I would absolutely use the word expert. Talk about your perspective on how the DoDs are making advancements in government technology. Do you think they're taking the right steps right now?
Mike: This is a difficult question and I think there's such a push-pull that we have to do here. I'm curious how you think of it too.
What DoD Has to Do With IT
Mike: On one hand, I think we have to recognize the complexity of what particularly DoD has to do when it comes to IT. They have to be the most secure, for example. If they are not secure, no one's going to give them a pass. No one's going to say, "Whoops, you missed that part. You didn't patch that, you didn't have that working. Oh, well."
That's not going to happen. We give them no leeway and that's how it should be. They have a tremendous budget to make sure they have no leeway. On the other hand, I get, I wouldn't say frustrated, but I think sometimes we're expected to celebrate advancements that industry made 10, 15 years ago.
Carolyn: Are you thinking of something specific?
Mike: I think cloud is the one that probably comes to mind first. But I think when you also talk about bringing your own device, you talk about even telework. These are things that many major corporations across the country figured these ideas out years and years ago. I think to say, "Well look at us. We did this." It's like, "Okay. You shouldn't get so much credit for doing it."
At the same time, I started with, there is that complexity of doing it at the size and scale they do it and with the level of security they do it. That's where I have this push and pull where I'm always careful of saying things like, "All right. This is a step forward for them, but are we judging them on the right scale?" I think that's where I sometimes have questions.
Mark: You bring up something really interesting. It brings to mind the executive order on user experience that's come out.
Mark: When I think of the DoD, I think of, "Okay. There's an element of the DoD that fights wars, protects the country. That's one element of it." But then there's the other element of luck. Making it easy for the people who work in the Department of Defense to actually live their lives, get healthcare, make sure that they're being paid. All these things seem to dovetail on that. I wanted to get your thoughts around that executive order. Are you guys tackling that at this juncture?
Mike: Yes, I think we're watching. I can't speak specifically to that executive order but I think those are the types of issues that we're constantly grappling with. And I wouldn't necessarily disagree with you that there's two separate schools of thought on IT in DoD. A couple of years ago, and you saw this, there was this, in the maddest era, everyone wanted to speak his language and use the same glossary of terms he did.
I very clearly remember being at a DISA event where someone said, "No. Sending an email promotes lethality." You're like, "Come on. Email is not lethal." Similarly, we have to draw the line. Yes, every little bit contributes to kinetic war operation, if you want to think about it that way. But I have a hard time pulling the thread that far where I'm like, "Okay. Email is lethality."
Mark: DoD looks at the world. You mentioned the commercial sector, which I've worked in both and I 100% agree with you. I think that the commercial world has adopted technologies much faster. They're ahead of the game. Of course, they also have employees, which the DoD has, which is their end-user.
The Lethality of Government Technology
Mark: Unless it's an enemy, then they're the end-user of lethality, so to speak. But in the commercial world, they do have customers that they have to cater to, which I think the DoD maybe has neglected.
Mike: Yes. Maybe to your point, it doesn't think of its employees as customers and that's probably one of the issues.
Carolyn: I've been learning recently about ATOs, Authority to Operate. In my brain, I thought an ATO got a stamp and they got to use the application. Like once they got the ATO, it's done. Not the case. I am baffled and the thought of what they have to go through on a regular basis to maintain that ATO, like thousands of hours per application is just unwieldy to me. It makes me sick to my stomach. I'm like, "That's about when I would quit," when I had to go through that ATO again. So they have that. I'd like to put you on the spot here a little bit. What has DoD excelled in that maybe the commercial world hasn't in technology?
Mike: That's a great question. I'm not sure. I'd be curious what you guys think of this too. There's part of me that thinks from a security standpoint that as much as that's an area where it slows them down and they're critiqued for, I think in many instances they seem to have gotten it right. So let's take, for example, Solar Winds. There was a vulnerability there and it seems from what we know, and obviously, I don't know everything. But from what I've read and what our reporters have said, other government agencies were hurt or were more vulnerable.
Who Have Been Hit With Vulnerability
Mike: DoD seems to have been done okay there. They knew there were attempts. But it seems like everything that's been said publicly, and the best that our reporters can tell is that because of the strength of their network, they were able to withstand this. I think there's part of me that is skeptical like, "Well wait a minute. What did you guys do differently than everyone else did?" But we also have to give them credit for that. We look at the companies across the world that were hit with that vulnerability.
Mark: I think that bar is so high. There's no alternative. It's table stakes. They had to do it right. Maybe they suffered in some ways, adaptability or agility, but they had to deliver on it. My gut feeling would tell me, and I don't know this. I'm speculating like most of us that the ability to wage war is an area where technology is something they do well. But that doesn't necessarily help a lot of the day-to-day IT workings of the Department of Defense.
Carolyn: But what I hear you saying is the mission of the DoD is to protect and defend and they excel at it. I like that.
Mike: To use Mark's word and I think he's absolutely right there, the agility. There is a trade-off, you can't have it both ways. You can't excel in this area and also there's zero room for error. There is a trade-off. I think maybe what the conversation that's happening now is that trade-off, are those trade-offs kind of balanced or aligned the way that they should be?
Zero Trust and Thunderdome
Mark: I'm a great straight man. So speaking of zero trust, can you give us your thoughts on zero trust and maybe even touch on the Thunderdome?
Mike: Yes. I think the Thunderdome Award is interesting from DISA, but I guess I have a couple of questions. We see these, and I'm coming off way more skeptical than I really am doing this podcast. I think that's the rolling plan. We see these cybersecurity philosophies come up every couple of years. I'm blanking on the name, but the risk framework we heard about a couple of years ago, I think all these ideas evolved. We're not too far away from where we were maybe five or 10 years ago, but this is just the most natural evolution of that.
I think, as a late person and so many of these ideas I relate back to my home or my own personal security. I'm like, "Oh, well this makes sense that this is how zero trust operates. I don't want someone else speaking to my bluetooth speaker that's on right now." And I don't want to say its name or I don't want someone else turning on the lights in my house or something. That all makes sense, someone accessing my bank account.
I guess the couple of questions I have right now are like, how will this work in the future? How will it work with legacy systems? As we have these legacy systems throughout DoD, I guess one, will they be able to be upgraded to work with the zero trust architecture? Two, how will they do that and, again, what's the trade-off there? How much are you going to pay?
How Much Work Is Going to Take To Build Government Technology
Mike: How much work is that going to take to make sure that every element of a new destroyer works with that zero trust architecture? I think that's difficult. The other question I have is we're obviously moving into this new world where everything's connected and the program is called JADC2.
But this sensor to shooter where you use any sensor in the world connected to any shooter in the world, how does zero trust architecture work with that? How does it work with international alliances? I feel like they're big ideas, but again, this is something where zero trust only works if it's working with everyone. So I feel like there's still a lot of room for explanation and improvement. It seems like it's the right path for now and getting everyone on board and making it kind of the universal approach.
It’s what we've seen the last what, 12, 18 months. Maybe there's been more concerted effort during that time to get everyone on the same page here. It feels like this is the way that it's going to go and this is the way it's going to work. Not just DoD, but also industry is kind of on board with this idea, which is what you need.
Mark: Feels that way to me too.
Mike: Maybe in the next two or three years, we'll see the next evolution of whatever this is and we'll be talking about something else.
Mark: It feels to me that cyber security generally is a weapon system that needs to be invested in like you would invest in warfare capabilities like the F35. It needs that type of investment.
Politics or Scare Tactics
Mark: Certainly, it seems like, and I don't know how much this is politics or scare tactics or what, but that our adversaries are looking at it that way. Using it as a means to disrupt what we do and take our eye off the ball, wherever that may be going. It just feels that way.
I also feel like zero trust is a current path that should change. This should all change every couple of years. Certainly, the landscape is changing so fast. It can't be something that we say, "This is what we're going to do for the next 15 years."
Carolyn: So Thunderdome, aside from being an awesome name, to be honest is a little perplexing to me. Maybe I've just been in this industry too long, but I feel like we've been talking about zero trust for a decade. It's been a big push for the DoD for at least five years. When I read about Thunderdome, the way I understand it is we're going to build out a prototype. I thought we already had that. So I'm a little confused. I would love to hear your thoughts on that.
Mike: I think the most recent word was more for specific prototypes involving specific technologies. I would say generally the idea has been out there. It's been adopted and we've seen it be a top priority for the IT leaders. I think maybe now some of the questions are, how do you implement that philosophy? What are the tools in place to make sure that everything is working as expected? That's how I'm reading some of these more recent contract announcements in this area.
Predictions for Government Technology in 2022
Carolyn: That actually helps me. I would love to get your predictions. So what are your predictions for government technology in 2022?
Mike: I thought a little bit about this and you can tell, some are more surprising than others. The first one is, I think we're going to see IT savvy leaders, and that doesn't necessarily mean just IT leaders. IT savvy leaders are going to have a bigger seat at the table or will be invited to the table where maybe they weren't in the past. I think that's something that's been happening the last couple of years, but that's going to continue to evolve at a faster and faster rate.
Carolyn: Are you thinking more of DoD specifically or is this across the government?
Mike: I think it's probably happening across the government. I spend most of my time on DoD issues. I'd say what's going to happen, but let me give you an example. I was at a breakfast in October and there was a general officer. Someone who's been around for a while and been promoted a number of times. He said, "Only in the last six months did I fully understand what data as ammunition means." I thought, "Wow. How could you have only heard or really grasped that in the last six months?"
I've covered national security for about 10 years. I feel like that's been an idea the entire time. That's why I say IT savvy leaders who have really adopted and embraced the data first mentality, I think they will get promoted more and have a seat at the table. Whereas maybe folks who are a little more, I don't know if the right word is data hesitant, not data curious, won't.
Government Technology Faces a Little Language Barrier
Carolyn: Do you think that it might be a semantic thing? We've got a little language barrier going on because our DoD leaders, like Intel, are king. I think that they would all agree with that, and data is Intel. Is it a language barrier?
Mark: Or is it culture?
Mike: It's probably a lot of both. I don't think the culture has been there. When people say data they're like, "Oh, I'm not an IT person or I'm not this person." I just think that's not the way the world works anymore. Like everyone's a data person.
Mark: Do you see any shift in that culture of late? A lot of the military shifts seem like every 18, 24 months and have new jobs. Maybe IT is not a place where that should be done. Do you see any of that?
Mike: I see it evolving the last couple of cycles to use the idea you're talking about. It feels, from where I sit, that there's been some more savvy folks, but not just in the IT departments or not the IT like the CIO's offices. I’d say it's across the board that we're seeing. My prediction is I expect that to continue to happen faster and faster. I think the other thing that's related to that I expect to see less of is, I just wrote down patience with IT.
So I expect that when there are problems, there's not going to be the folks who do so much of that now. I don't know if you guys followed this, but last week there was a letter from an air force officer that went viral. The hashtag was “fix our computers”.
Money, Time, and Red Tape in Government Technology
Mike: I hope I got that right. It’s all about how much money, time, and red tape is being wasted just because basic functions don't work. If you're seeing that type of very public outburst, I don't say that pejoratively, the complaints were merited. But if you're seeing that happen at the officer level from folks who are running tech incubators, imagine what's happening by folks who don't feel empowered to speak out. I think the patience there is very thin.
Senior leaders are going to say, "We just can't operate this way anymore." I don't want to put too much weight on it, but you saw the air force CIO. You saw other CIOs weigh in on LinkedIn and say, "You're absolutely right. We got to fix this. Here's some of the steps we're taking." If that conversation becomes public in that way, I think the patience may be worn out.
Mark: It's an interesting perspective. I didn't think of it that way.
Carolyn: They're demanding a user experience. I just saw a tweet from Nick Chaillan that said, "Would it be faster to list everything that is not broken?" No.
Mike: I think he was part of this. We've seen it with some of the Navy IT leaders...