Navy's NMCI network speeds warfighter's chance to get inside the adversary's OODA loop: An exclusive interview with HP's Bill Toti, Strategic VP and U.S. Navy Los Angeles class sub driver
Hewlet Packard’s Bill Toti, a former U.S. Navy submarine captain, talks to Editor Chris Ciufo about the most secure network in the DoD (NMCI) and about smartphones on the battlefield – and how their security risks weigh in when a commander’s decision must be made instantly.
More than any interview of recent memory, my time with HP’s Bill Toti went by all too quickly. That’s because this calm, unassuming man is chock-full of real-world experience. In war. In industry. And now, leading HP’s efforts to secure a multibillion-dollar contract for the Navy’s and Marines Corps’ next-generation private network to replace NMCI. In the text that follows, Bill brings us up-to-speed on how NMCI is the world’s second biggest network (behind the Internet), how it’s secured and hardened from predators, and how it forms an integral backbone to help defeat America’s adversaries. Bill is also a retired Navy captain who commanded nuclear submarines and “served time” at the Pentagon. Read on for a behind-the-scenes look at NMCI and its follow-on called “NGEN.” (Edited excerpts follow.) – Chris A. Ciufo, Editor
MIL EMBEDDED: A lot of people might be surprised to see Hewlett Packard at AFCEA. What does Hewlett Packard do for the U.S. Armed Forces?
TOTI: When I was in the Navy about 10 years ago, EDS won the contract to provide the Navy with its intranet called the Navy Marine Corps Intranet or NMCI. NMCI is a network that is connected to the Internet. HP ties in because it bought EDS, which was a $17 billion a year company. HP is a $135 billion a year company, so you know there’s the capacity to do this. [NMCI] is now the largest network on the planet, other than the Internet. I don’t think anybody would challenge the assertion that NMCI is the most secure, accessible network in the DoD. In fact, I’ve heard senior Navy leaders say exactly that recently.
MIL EMBEDDED: What makes NMCI the most secure?
TOTI: [HP has been] very aggressive in how we monitor for and defend against intrusions. The defense department standards for cyber security evolve over time. The Navy has a single network, rather than a whole bunch of uncoordinated, disassociated base-centric or regionally centered networks like the other Services do. So the Navy’s single network makes it easier for us to administer in ways that ensure compliance with DoD standards – and makes it easier to quickly deploy solutions as the threat changes.
The team not only made the network bigger by assimilating all the various elements of the early Navy networks into one large network, but the Navy HP team was also able to make it more secure. Usually when you make a network bigger, by definition you provide more points of entry – which makes it less secure. We did exactly the opposite. It is now more secure than ever. That’s a huge accomplishment.
MIL EMBEDDED: How does Hewlett Packard differentiate itself from other network IT companies who might be feeding into SPAWAR or Naval IT infrastructure?
TOTI: So first of all, Hewlett Packard is the biggest IT company on the planet – running the biggest network on the planet. It seems like a logical marriage to me, so that’s issue one.
Issue two: It’s Hewlett Packard Enterprise Services that runs the network, not the product side of HP. What that means is we take best of breed, and we are very honest in our assessment of components that ought to go into the network. When it makes sense to use a competitor’s components in a network, that’s what we do. We are nondenominational when it comes to selecting the solution, because we want to do the right thing for the customer, because we know that’s the only way we’ll get selected [to administer NMCI] the next time.
MIL EMBEDDED: Tell me more about HP’s NMCI contract and how it came about.
TOTI: The NMCI contract ran about 10 years – until just a couple months ago – and was very different from the contract we’re in right now. The contract we’re in now is called the Continuity of Services Contract, which is a follow-on to NMCI, which is transitioning into the next phase. It’s called Next Generation Enterprise Network or NGEN for short. So, as originally conceived in the ’90s when I was in the Pentagon, it was all the rage for the Services to say, “We ought to operate using the best business practices to the extent that we can.” And I remember conversations at the Pentagon where someone would ask, “What company owns its IT?” Companies don’t do that. They outsource IT.
Because IT was thought of as a business process application, the Department of the Navy treated it like a business decision. They said, “We could save money by having somebody else own the stuff.” So [HP] used to do everything [on NMCI]. We owned and operated it.
MIL EMBEDDED: So that was the beginning of NMCI? How did it end?
TOTI: A transition is beginning to take place under our current Continuity of Services Contract, and NGEN will be a new competition. It’s not recompete. In fact, they’re breaking up NMCI into four separate competitions. One is transport, which is kind of the cable – the fiber infrastructure upon which all the data is transported. Another is called enterprise services, which is the desktop environment that includes the end user for the large part, but also includes the servers and storage and things like that. And then the software and also hardware, and those are self-explanatory. This all falls under PEO EIS, which is a Naval Program Executive Office in northern Virginia. [Editor’s note: There’s also an unrelated Army PEO of the same name.]
MIL EMBEDDED: How many employees did HP have managing NMCI, and how big was the contract of record?
TOTI: It’s produced more than a billion dollars a year in revenue. There are thousands of employees who worked on the contract. You’d find contractor employees on every base.
MIL EMBEDDED: How many people in your own organization do you anticipate working on the NGEN capture team?
TOTI: We always have dozens. You’re talking about writing some fairly large proposals. We haven’t seen an RFP yet, so we don’t know what the requirements are going to be, but I’ve led multi-billion dollar pursuits in the past and we had 40 people writing. It takes a lot of money for a company to compete for something like this.
MIL EMBEDDED: Does NGEN have anything to do with the Naval open architecture concept of their embedded systems that talk on the network, such as CEC [Cooperative Engagement Capability]?
TOTI: The short answer is that “open architecture” is a concept the Navy adopted probably a decade ago or more. And certainly, the Navy wants open architecture and as much IP ownership as they can have. So, that’s all probably going to be part of the RFP engine going forward, but as I mentioned, I haven’t seen an RFP yet. There will be other standards besides that to be incorporated in the RFP – I have no doubt.
MIL EMBEDDED: Tell me about some of the open standards one expects to see.
TOTI: I know that TAA [Trade Agreements Act] is a big issue. Basically, it’s a security construct that makes sure your components were not manufactured in a way that allows them to have spyware in them and things like that. Some of the cool really “Gucci” technology people want to order would have a hard time meeting the TAA certification standard. That becomes an issue at times when people ask for things they can’t have, because our contract requires us to adhere to a standard the commercial world doesn’t have to adhere to. We have even built our laptops to a mil-spec that most commercial companies don’t have to worry about, to make them more tolerant to dust or heat.
MIL EMBEDDED: HP makes rugged laptops?
TOTI: We make rugged mil-spec standard laptops. We don’t make extremely ruggedized. The NMCI contract requires some ruggedization, but not to [Panasonic] Toughbook standards, as a matter of routine. But our rugged laptops are certainly more rugged than something you’d get at Best Buy.
MIL EMBEDDED: Speaking of consumer tech, what are your thoughts about adding iPhones or Blackberries for access to NGEN secure military networks?
TOTI: Companies like Apple really push the envelope of a concept called “design.” It goes beyond mere engineering: It’s the user interface and the form-fit-function. Throughout my industrial career, it’s been a big mantra of mine to first think about high-level design: What is the user experience supposed to be? … whether we’re talking about a FLIR pod that’s on a helicopter or a Predator, or an IT system.
I don’t see Apple’s innovations as a threat. I see them as forging a need for us to figure out how to think innovatively like they do. We can build something with the look, feel, form, fit, and function of an iPhone with the right level of security. We just need the requirement and the funding to do that. [Editor’s note: These comments are incredibly prescient, because Steve Jobs publicly announced Apple’s form-fit-function vision nearly two months after Bill’s assertion, at the launch of the iPad 2.]
MIL EMBEDDED: What about the risk tolerance factor?
TOTI: The issue is whether there’s a level of risk you’re willing to tolerate for the convenience and accessibility of having [instant] access to information … not data, but information. Absolutely: There’s a risk that someone is going to get into your information because you have a PDA. There’s also a risk that the commander is not going to make the right decision because it took too long to get the information, which is a greater risk.
In modern warfare, the speed of the decision cycle – called the Observe-Orient-Decide-Act loop or OODA loop – is spiraling at ever-tightening timelines. So it’s much more important that decision makers have information they need to make a timely decision than it is to worry about a manageable cyber threat. That’s because the perfect decision made one moment too late is a failure. A good enough decision made on time is a success. The enemy has an OODA loop, too. All you have to do is make sure your OODA loop is inside of theirs.
MIL EMBEDDED: Interesting, spoken like a warfighter. So considering networks, many new things will come online.
TOTI: That’s true. It’s an exciting opportunity, an exciting time.
HP Enterprise Services 1-800-566- 9337 www.hp.com