Departing DISA director plans for smooth transition

In more than three years at the helm of the Defense Information Systems Agency, Lt. Gen. Ronnie Hawkins has earned a reputation as a cost-cutter, an attribute prized by Pentagon leadership in a an era of relatively lean budgets. Acting Defense Department CIO Terry Halvorsen credits Hawkins with achieving a 10 percent reduction in DISA's contract spend in fiscal 2014, and Hawkins says his agency hopes to surpass that mark next fiscal year.

"It's about us looking at the cost of doing business and reducing and weaning out waste," Hawkins told FCW, adding that leveraging more efficient IT has been key to the spending reduction.

When Hawkins steps down as DISA director later this year, he hopes to avoid leaving his successor in the position of "having to create a capability that should have been done during my watch," he said. That means sustaining momentum on cloud security, the Joint Information Environment and mobility through the leadership transition. Hawkins said he has not set a date for his retirement, and DISA has not yet named his successor.

Hawkins' final year on the job has not begun quietly. In January, he unveiled a broad organizational overhaul of DISA in an effort to make the agency more attuned to industry demands. The agency is now broken down into branches for topics like business and development, and implementation of services and infrastructure.

Perhaps the most basic reason for shaking up DISA's structure was to tell defense industry executives whom at DISA to call with a question. Prior to the agency reorganization, Hawkins said, industry and DOD partners had voiced concerns that "DISA has been too slow to respond to the needs of our user community."

Hawkins said that, post-overhaul, his agency was already looking better organized, but added, "it's going to take a period of time for us to get where we need to go."

One of the more recent benchmarks for DISA's collaboration with industry was a security requirements guide the agency released in January for commercial and non-DOD cloud providers. The agency received some 800 comments on an SRG draft, which "helped us get a much sharper [final] document," Hawkins said.

Asked to elaborate, the DISA director said that, according to industry feedback, some of the initial SRG requirements were too vague. For example, one section of the draft document seemed to imply that cloud providers were required to report data breaches for any customer information rather than just for DOD information, DISA spokeswoman Cindy Your told FCW. DISA officials rewrote the document to clarify that only DOD information applied, she said.

Another project that will transcend Hawkins' tenure as DISA director is JIE, a DOD-wide initiative to standardize IT defense.

JIE is meant to make Pentagon networks less vulnerable to external and internal cyber threats. Hawkins in May called for the defense IT industry's help in preventing "insider threats" like the classified leaks of former NSA contractor Edward Snowden. When asked how that collaboration was progressing, Hawkins said it was an "ongoing effort," but declined to go into specifics.

JIE is a sound security architecture for dealing with insider threats, Hawkins said, because it offers "command and control" at various levels. But to make the most of big data analytics, he said, "we need industry's help in making that happen."