2007 InfoWorld CTO 25: Robert Gourley

CTO, U.S. Defense Intelligence Agency

Imagine merging 11 companies’ IT departments, creating a standard communications platform that can withstand battlefield conditions, and launching an SOA effort all at the same time. And having it in operation just two years later. That was the challenge Robert Gourley faced as CTO of the Defense Intelligence Agency (DIA), which gathers, analyzes, coordinates, and distributes intelligence data for the U.S. armed forces and in partnership with various civilian spy agencies.

When he joined the DIA, it served as a coordinating agency, with IT for each branch of the armed forces and other intelligence organizations managed locally. “Decision makers were spending too much time around their systems and IT, and not enough on their actual job,” Gourley recalls.

An incompatible collection of overlapping systems was a major reason for this problem: Secure phones weren’t compatible, restricting who could call whom. Analysts needed a separate computer for each security level they had access to, so information could not cross the lines among top secret, secret, and nonsecret — making management a nightmare. Worse, access and communications directories were scattered, so communications were often blocked because directories didn’t recognize all parties.

It was no secret that this collection of IT silos was not supporting the post-9/11 mission, so in 2003 the idea arose of combining them all into one centrally managed system with a joint CIO. The plan was approved in April 2005. As CTO, Gourley faced the task of merging all of the IT operations into one group, under the CIO, and defining the technical architecture, standards, and toolset.

But the staff wasn’t transferred until October 2006, so his efforts were largely limited to planning and proselytizing. That turned out to be very useful because it gave Gourley time to hammer home the priorities and how the changes support them. “By staying on those priorities, it helped us all sing from the same sheet of music,” Gourley says.

When the staff finally arrived, Gourley got rolling. Where possible, he reused existing equipment and technology, such as the VoIP handsets. But he forced everyone to use the same VoIP network. “That switch was painful for a while,” he recalls, because it worked differently than people were used to. On the other hand, everyone could now talk to everyone else, “whether from the President’s desk in the White House to a tent in the desert,” Gourley says.

Gourley was also unafraid to embrace new technology. For example, he adopted desktop virtualization so that each agent could have a separate virtual desktop for top secret, secret, and nonsecret data — but just one actual computer, a Sun Ray thin client. Eliminating the need for multiple computers resulted in savings of $6 million a year in energy costs alone. Also on the cutting edge: The DIA now uses wikis and portals to share information, as well as AJAX (Asynchronous JavaScript and XML) to create mashup applications to more easily combine analysis systems’ results.

The use of new technology also forced a change in testing, which had been unnecessarily laborious in some cases. Gourley altered the development process to include an upfront risk assessment, so low-risk projects could be deployed quickly and get tested in the field. That runs counter to defense culture, but because everything travels over highly secure core systems and networks, it was a risk the DIA could responsibly take. And Gourley ensured the proper governance was in place so that people wouldn’t get sloppy. Projects that don’t go through the upfront risk assessment, for example, can’t be tested or fielded, period.

Because Gourley and his team had to figure out a standard, common technology architecture to achieve the integration goals — as well as the governance for their deployment and the interaction of their components — they could also adopt an SOA approach and design the infrastructure to support services, both newly developed ones and wrappers around existing technology.

The SOA effort is hardly complete, but the architecture is in place to ensure that technology adopted in the future will remain compatible and be more easily deployed. Plus, it’s given other agencies, such as the National Geospatial Agency that does mapping in support of intelligence activities, a platform to which to align their efforts, helping encourage IT collaboration beyond the DIA itself.