He was the first federal CIO to host a public blog. Now Robert Carey’s embrace of social media within government has come to be viewed as a potential model for other agencies to follow. We had the opportunity to sit down with Carey and discuss his personal motto, the Navy’s Cyber Security Education Mission, what he learned from his mentors, and how he goes about balancing security and accessibility. Check out the below video to hear his advice to other agencies hoping to expand their Web 2.0 presence.ExecutiveGov: Your personal motto is, “Make a difference every day.†How have you found Web 2.0 helps you realize that motto?
Robert Carey: I found that Web 2.0 allows us to accelerate things. So I like to feel like at the end of every day that I have made a difference, however small at times, to the lives and the information management and technology associated with the warfighters. So I find that Web 2.0 becomes one of those vehicles to accelerate that because everyone can now be a user of the Internet and more of a content manager and content generator. So you can make a difference, you can communicate on a broad scale that you couldn’t do 3-5 years ago at all. So I find that these tools will only expand and make it easier for us to do our jobs.
ExecutiveGov: You were the first CIO to issue a policy enabling the Navy to use Web 2.0. Was there a moment of epiphany that led you to make that decision?
Robert Carey: There was no real epiphany or no “ah-ha†moment. But there was a hankering and sort of a thirst for guidance. The people of the Department [of the Navy] will do whatever they can to serve the warfighters. They see that there are a lot of tools out there that they can use. Some of them will lean forward and start to use them, and others are waiting for “where’s the policy, where’s the guidance, where’s the thing that says it’s okay?†And so we gather that feedback up and I turn the team loose to put something out there that says it’s okay. It doesn’t mean that there is anything new except for some official from the department level tells the workforce, “hey, this is okay, go find ways to accelerate your world using this toolbox.â€
ExecutiveGov: Back in January in 2008 you became the first CIO to host a public blog. What benefits have you seen come from this?
Robert Carey: First of all that fascinated me – that I was the first to get on that particular train. I found that I could put ideas out and I could solicit feedback; so there is a little bit of a one way. There really isn’t a dialogue – I’ll talk about that in a minute here. It allowed me to put out ideas to the Department of the Navy and of course I could literally get worldwide feedback if I wanted. There was no constraint to any email coming in. We have moderated blogs but there was no constraint to anyone saying, “hey, that’s a good idea and that’s not.â€Â Most of the comments were from people who either work in the department or are contractors associated with the department and provided feedback – mostly pretty good and some constructive such that we could feed it into what we were doing. I found that it was a good mechanism to get ideas from sources I never would have had in the past. What we have done to advance that message is we are going to stand up a blog site that is accessible only by common access card credentials, so we can now have a dialogue with the Department of Navy on things that our office is working on in support of policy and strategy and guidance. We can talk about cyber security and things that we are working on in cyber security and have a discussion with people about those specific attributes because they can log on using their common access card and post comments to this site. We can have dialogue there that isn’t open to the general public. We’re really excited about expanding the dialogue and harnessing the intellectual capabilities of the department to help my office help them.
ExecutiveGov: Can you tell us a little more about the Navy Cyber Security Education Mission?
Robert Carey: It’s really important to realize that when you sit down at the computer a condition of employment, if you will, is that in today’s age you are a cyber warrior. The minute you plug in your common access card and you log into the network, you are either an asset, strength or you are a vulnerability because you are not doing the things you should be doing. We’re really trying to approach this from two angles; education of every worker about certain minimal things they need to know, about phishing, about email security, about web browsing, certain things that they need to just be mindful of about privacy and things like that. The next layer is the guys that are in the IT workforce running the networks; the admins if you will – educating them on the higher levels of network management, of things they need to know so that the network information is retained as secure; when we access it we know that it has not been touched and things like that. We create the two layers – the users and the people that run the network to run in a homogeneous like manner to assure information arrives when it’s needed and when it’s needed in the right format.
ExecutiveGov: We’ve read that you’ve talked about cyber security tools with various social networking sites including Craigslist, Facebook, Google and MySpace. Has this dialogue strengthened the Navy’s own cyber security and what are the benefits?
Robert Carey: We’ve talked to a lot of the IT companies and some of the web 2.0 companies about how they do security and we’ve found that they’ve done some things that we haven’t done because their business model is a little different than ours. We’ve done some things that they haven’t done because again we are a little bit different from them. We are learning from one another. We actually have a good dialogue going and we are sharing.
ExecutiveGov: The Navy’s Web 2.0 policy has been widely seen as a potential model for other government agencies. Do you have any tips for other agencies looking to expand their web 2.0 presences? What works and what doesn’t?
Robert Carey: I would tell you that we work at the federal CIO level, this council that I work on, information security and identity management committee for the Federal CIO Council. Use your friends. No one has all of the answers but collectively you have the right set of minds to weigh the pros and the cons and the various strategies. The second thing is try to take smaller steps. If you try to bite off too much at once you get bogged down in mass change as opposed to small bite sized manageable things. The next thing is that we are working very hard on trying to structure this so that there is a way to invest money in an organized manner depending on who you are, depending on what agency you are, so that you understand where you are.
ExecutiveGov: You’ve called Dan Porter and Dave Wennergren, both former Navy CIO’s, personal mentors of yours. Is there a story that you can share about the impact they had on your life?
Robert Carey: Dan Porter and I go back twenty plus years and I’ve known Dave since I came to the IT space in the year 2000. Both of them I think trusted me. If I saw there was a problem they allowed me to come up with solutions to the problem and then go implement those solutions. The trust model is really important here and the ability to then go and seek out problems and solve them without them knowing about it – that helps them. That is sort of the model that I ascribe with the staff here; ‘your job is to find the problems that I never knew I had and then solve them’. They’ve allowed me to succeed. They’ve allowed me to stub my toe and fail and as long as I learned from it and don’t do the same error twice, both of them have helped me to flourish. You sort of get to understand what you are good at and what you aren’t good at. What you’re not good at, you go and find people who can help you with those weaknesses. The whole strategy of how to manage at this level has been heavily influenced by those two gentlemen.
ExecutiveGov: How do you go about balancing security and accessibility?
Robert Carey: You hit the nail on the head. As you manage it as a polarity that you have to have both. Generally we do one or the other, we actually buy off on the fact that increased security must mean some ding on accessibility or some ding on convenience. I think that sometimes is true but it doesn’t always have to be true. You have to actually weigh them both. At the end of the day, getting to a website, going through security layers to get to the website, signing emails – the extra steps are worthy. We are very convenience based so we like to have three clicks and we want to be on the web. We don’t want to do extra steps to do certain functions even though in reality it’s literally seconds of our day. The security layer has to be in place and the accessibility has to be in place. It forces us to look at security differently – maybe to the data element level shining light on things like identity management and those technologies far brighter than we had been in the past because that’s the key to the balance. Rob’s allowed to get to information that Rob’s allowed to, no more and no less – not Rob’s allowed to troll around in a sea of information and see what he comes up with.
ExecutiveGov: Those are all of the questions that I had. Is there anything that you would like to add?
Robert Carey: It’s an exciting time to be involved in IT. When I came here in the year 2000 I was way out of my comfort zone. I was doing undersea weapons and torpedoes – things like that. I was comfortable. I had done that my whole career. I must admit that this is one of the more dynamic and exciting places I’ve ever worked because information technology does touch everyone. It’s just been a wonderful ride and I look forward to the future under the President and the new Administration.
To watch Carey on his mentors click here.
To watch Carey on his personal motto click here.