Brig. Gen. Brian Dravis heads up the Pentagon's Joint Service Provider office, the de facto IT department for the military in the National Capital Region. Once several separate entities, JSP now comprises departments such as the former Army IT Agency and the former Enterprise Information Technology Service Division.
As of July 2015, those agencies and related components, including elements and policies of the Office of the Secretary of Defense and Acquisition, Technology and Logistics, came together under JSP. The goal: to serve as the go-to IT service provider for the defense community inside and around the Capital Beltway.
Dravis recently spoke with C4ISRNET Editor Amber Corrin about JSP's mission, goals, challenges and growing pains — and what's next in Defense Department IT.
Brig. Gen. Brian Dravis is the director of the Joint Service Provider office.
Photo Credit: Courtesy of the Department of Defense
Having pulled together several separate organizations, JSP has a wide reach. What are the missions and functions and areas of responsibility?
Attempting to distill the JSP mission and the swath of responsibility is just really pretty exhaustive; I would attempt to do that by essentially distilling the roles and responsibilities of the JSP down to a couple of core elements. First, the delivery of integrated IT services for the Pentagon and other senior [Department of Defense] leadership. And secondarily or in parallel with that, defend the JSP enterprise inside the National Capital Region.
One of the directives was to look at the posture of the cyber defenses and also provide what was then known as CNDSP, now CSSP, functions to the headquarters. So we are the Cyber Security Service Provider, CSSP, for the headquarters of the Department of Defense at a couple of different tiers, what's known as tier two and tier three.
That was consolidated under the directive from [former Deputy Defense Secretary Bob Work]. The tier threes and a lot of the OSD components were in their own IT offices, their own IT services, their own cybersecurity.
So, to do that, how much are you coordinating with any of the Cyber Command elements or Joint Force Headquarters-DoD Information Networks?
Leaders are in close coordination and collaboration with the JFHQ-DoDIN and we do take our directives from a sub-unified command at Cyber Command. And we look at all of those items and issues on a daily basis. So one of the reforms we implemented when we created the organization was to have a daily standup where we actually review the cybersecurity posture and data on a daily basis.
What are some of the benefits that you're seeing from consolidating some of those agencies that you mentioned? And what are some benefits that you're looking to or expect to derive in the future?
From my perspective and in my view, the two cornerstones to consolidation are savings and security. [Those] are mutually supporting aspirations, not in conflict, but many see it differently. Because if you want a robust security, for example, most anticipate or expect — and history shows us — that comes at an extra cost.
It's really the effort that we then are taking to rebalance our existing resources to provide both of those priorities because we have some very definitive savings targets. And we have some very specific security requirements that we had to meet.
Second, really for me and my view, the creation of the JSP is absolute validation of joint cyber operations and joint cyber defenses. There's no reason in my view why what the JSP provides on a joint basis to the Department of Defense headquarters couldn't be expanded to other areas of the Department of Defense. I'll leave it to others to determine if that's something they should look at. But I think we've provided strong validation in the fact that integrated IT services and cyber defenses can in fact be delivered in a joint
organization on a joint basis.
How do you measure your success?
DRAVIS: I think it's important and reflective of the hard work of the people in the organization, what they've been able to accomplish in a relatively short time. In the savings category, we were provided a specific savings target, at that point, 16 weeks. We exceeded that by 210 percent. The staff here in the JSP were able to effect a consolidation of 60 percent of something on the order of 500 contracts at just 18 months.
And we undertook that, put the right-size number of IT infrastructural elements inside the National Capital Region, and within and out of the Pentagon we were able to increase that by 3.2 times its inherited value and capacity, while reducing that net cost by
$3 million per annum.
We established a JSP hardware accountability and asset management division that consolidated and inventoried all JSP equipment. As painful as this is for me to acknowledge it, we didn't always have a firm grasp here in the Pentagon on all IT assets and inventory.
So we've been able to consolidate that so that in effect, we're not wasting money. If we had a component or equipment on the shelf, we didn't have to go out and procure it.
It seems fundamental, but it was a pretty important part of our savings journey: the creation of the organization and establishing conduct of the organization going forward. Early on we conducted over 15 staff assist visits or SAVs to get a holistic security posture of the OSD components, who were all providing their own IT and their own cyber defenses.
We also conducted a Pentagon-wide, in-person cyber defense training session and [campaign] that trained over 16,000 DoD personnel in just 30 days. We stood up and deployed the first ever Pentagon [demilitarized zone] in compliance with all the outward facing websites.
Today we are aggressively working towards Pentagon transition to regional security stacks. You asked about the future benefits. Certainly, that cornerstone of the savings is key beyond the financial. I think net costs are roughly reduced by about one-third for DoD headquarters. Over the first five years, I see an aggressive orientation toward modernization on the technical infrastructural side. At the same time, I see a similar aggressive orientation toward standardization on the operational potential server sides. All of those are net dividends of benefits to the Department of Defense and the creation of the organization.
What have been some of the challenges that you've encountered in the transition from these different offices to the consolidated JSP, and to this new approach?
I frequently say, and I'm happy to share it here, that in my view the direction and creation of the JSP was absolutely the right one. But I also equally am happy to acknowledge that this was an epic change management cultural shift inside DoD headquarters and inside the building of the Pentagon.
A lot of people have a lot of different views on change. ... The challenge for us inside the JSP was really going about the work to actually effect the changes, to onboard. Meaning actually taking the Joint Staff, for example, and migrating the entirety of the Joint Staff's data, applications, unique requirements, senior general officers and the very important people on staff, to include the chairman of the Joint Chiefs of Staff. [Migrating] their legacy joint staffing environment into the JSP-supported one was an enormous amount of work. At the time when the organization was created, the Joint Staff was the largest organization and the heaviest lift force.
But at the same time, in parallel, we had to discover and assess another 43 OSD components, most of whom are now also included in the JSP enterprise. And nearly simultaneous to that, within a few months, we were directed to take operational control of the Headquarters Department of the Army networks.
So static control and roles and responsibilities were rapidly changed in a very short time. The history and state of the organization was extremely chaotic, difficult and challenging — trying to manage that static control, effect the change management, merge two legacy organizations into one singular organization.
At the same time, we had to sustain and deliver all of the same IT services and defenses that we were recently tasked to provide. Since that initial phase, it has really settled into what I would call an unprecedented, unified effort, an exemplar of joint capabilities that are available to the Pentagon.
So again, it was a tough start. But I think at this stage of the journey, it's a clear success story.
