Where Nato’s sprawling set of agencies intersects with the military alliance’s 30 members, deep digital silos inevitably endure; some by design, others by accident; Nato Assistant Secretary-General Camille Grand, who leads the alliance’s defence investment strategy, dubs them “islands”.
As chairman of the alliance’s Consultation, Command and Control (C3) board – where decisions are taken on information sharing, interoperability, and joint intelligence – his job includes making sure that the islands of the Nato archipelago become more digitally joined up. Another key part of his brief: ensuring that leaders take a more “enterprise” approach to IT procurement
The need is pressing; so are adversaries.
The alliance – which in 2016 recognised cyberspace as a domain of operations in which Nato must “defend itself as effectively as it does in the air, on land and at sea” – is under a steady drumbeat of attacks from the explicitly ill-intentioned. Operating in a fragmented digital manner is no longer an option.
There are more prosaic concerns too: Nato’s staff, like those elsewhere, want flexibility in their work environment. How can such a heterogeneous organisation ensure this is possible in a secure manner agreed on by members; one that facilitates rather than stymies rapid decision making and collaboration across the alliance?
The C3 board – which comprises 30 Chief Information Officers (CIOs) from Nato’s nation states – agrees that change is needed. And in recent years these military digital leaders have come to a unanimous conclusion: if they want to build enduring information technology cohesion across the world’s most powerful military alliance, Nato needs its own, forceful CIO to drive the change.
Nato’s decision to make this landmark hire was signed off at the secretary-general level this year. It resulted in an eye-catching job advert for the Nato CIO vacancy (“proven experience in consensus building essential”, noted the ad) posted in August, that attracted what Tech Monitor can confirm was 108 applicants.
As the alliance begins reviewing an eclectic (if arguably smaller than hoped) array of resumes, Nato’s Camille Grand – a father-of-three whose previous roles include leading France’s premier defence think tank Fondation pour la recherche stratégique (FRS) – joined Tech Monitor’s editor, Edward Targett, to talk about the decision to hire a CIO, the role, and what’s in store for the successful applicant.
Why hire a CIO?
Camille Grand: We thought that Nato’s ICT challenge requires approaching information and communication technology as an enterprise.
Then, of course, it became very clear that in order to foster that enterprise approach and really bring the coherence that we wanted, it would be worthwhile to have an individual that would embody that role as the Nato CIO.
This is very much part of our overall modernisation process that we are pursuing in multiple domains, but particularly in ICT. And we really want to make sure that ICT follows our requirement in a very challenging environment, both from a security perspective and also from a business perspective.[We want to] have someone who is very involved in the organisation, reporting directly to the secretary-general; someone who will be the the leader for driving our ICT strategy or innovation in the domain across the enterprise.
What will their first tasks be?
There are several elements here. First of all the CIO has to help us and support the secretary-general oversee large investment programmes. Nato invests close to €1bn ($1.17bn) in ICT every year. We want to inject that enterprise approach into this procurement across Nato.
The second focus is not so much about technology, but about change management. We have to bring that enterprise culture to every element of the enterprise and to have all the Nato entities being brought into this.
This has to do with how a large and complex organisation goes through organisational transformation. It’s about people, process and culture. That something that the CIO will really have to pay a lot of attention to.
From that perspective, the challenges are very similar to [those faced by] a lot of organisations the same size; whether they are public or private. What we want to do it to optimise our digital business model and to make the best use of important resources that nations allocate to Nato. There is an issue of aligning the practice of those 41 entities; aligning the culture across the enterprise, and of course adapting and adopting new technologies, which is something we have to do – and the pandemic clearly stressed that we could continue to improve our approach.
How restrictive were you in your hiring criteria? It sounds like a meaty challenge and that you will need someone quite special for the role…
We are being very open on this hire. The one restriction is that they need to be from a Nato country and they will need to gain security clearance.
“I think it is going to be very interesting is as we move forward in the recruitment process to be in a position to compare very different individuals with different backgrounds; and to try to see what is indeed the best possible fit for what is a very demanding place – but also a very interesting post at the very juncture of IT, policy, consensus building within an organisation.
“Yes, the skills it requires will be rare – or the combination of them will be rare – but that’s why it is a senior post in our environment.”
You mentioned it’s a substantial ICT budget that they will be overseeing. What’s the current investment focus for Nato in this domain?
If I look at where we invest in the IT domain, we primarily invest in two domains. One is our command and control structure. The way I would describe it in layman’s terms, is that Nato is the glue that brings the allies and the Nato common structure together in this. This is really, really important. Then a second group of IT investment has to do with our communications network. We need to bring all these Nato entities or missions and operations in the field together in a secure environment; obviously, we are modernising our IT constantly.
If I look at it in terms of technical challenges I would stress two out of many: the first one is by the nature of the organisation, we are extremely security aware. I trust the CIO will be an important advisor to the secretary-general, to insist on that security culture being really part of the culture of the Nato enterprise.
The second challenge would be making sure that we bring together – and here again, we come back to this notion of integration of multiple entities which are located across and beyond the alliance – the digital work environment.
One example is really to oversee the way we do video conferencing, which is something that is a massive part of our day-to-day operation with Covid, but which was already extremely present beforehand. Obviously in a Nato environment, you want to do that in a safe and secure fashion and to make sure that it is not an impediment to decision making and to secure exchanges between various bodies.
Given this heightened security consciousness, how hard will it be to start putting together a more integrated digital work environment once the Nato CIO vacancy is filled?
This is obviously demanding, because we want our staff to be able to telework as much as possible. But what does that mean? It means not only saying, no, ‘you can’t do this’ but ‘this is how you can do it; and this is the right hardware, the right network, the right software to do so in a secure environment up to whatever level we see appropriate’.
What struck me when I took my responsibility as the assistant secretary general for defence investment was that this organisation is security aware, it has a very strong security culture. The issue – and this is where the CIO can help – is to combine the security culture with a digital culture to make sure that we have the best of both worlds.
What’s the CIO’s relationship going to be like with other C-suite roles at Nato?
We have a vision for the CIO that the nations and defence ministers have approved. It’s really tailored to Nato. But I would expect the CIO to refine it as he/she is in the job.
The first year or so in the job, will also be about ‘how do we play this? I would argue, without going into the nitty-gritty of the policies that have been agreed so far, that I expect the CIO to be coming back to the secretary-general and to the nations after a few months in the job and saying, ‘OK, these function I should take right away; this function should grow into my office at some point; this function can stay with military colleagues because that’s where it belongs, as I should not dive into day-to-day operations’.
We’ll allow the post holder to have flexibility in refining the post and portfolio. Part of the job in the first few months will also be to grow a team as he or she sees fit.
There is an initial team of about ten people who will be there, others on my staff and others’ staff will support the CIO in initial steps as they see fit.
Under that change management label, part if their job is to prepare that growth of the office and that good definition of responsibilities.
How much does cyber having become part of Nato’s operational domain impact the decision to make this hire?
I would stress that Nato cannot treat cyber as something that is elsewhere.
We really moved from a cyber policy which was very much focused on preserving Nato’s cyber and digital infrastructure, to also working with our nations on how we collectively operate in the cyber domain.
In some instances, this means that nations will deliver cyber and Nato is not doing that; in some instances it’s Nato really taking the lead in promoting cyber security and defence across the alliance and recognising that there are different levels of awareness, of technological understanding of the digital environment [across the alliance] because we are fully aware that this is the weakest link for potential attackers.
The second thing that we know is that in the cyber domain we are under constant – the word attack is too big – but there are constant events in the cyber realm that potentially can affect Nato. We really need to be on top of that game as well and [can’t be] waiting for the first bullet to be shot; so there has been a big shift in the alliance over the past few years [away from] a focus [solely] on traditional military hardware.
That was a transformation that started more than ten years ago, but it is ongoing in many different ways. This is not only among the biggest allies. A number of countries have fantastic teams; we have an incredible centre of excellence in Estonia, which is doing a tremendous job on this. This CIO position at Nato, it’s a fantastic challenge and I’ve had great conversations about it with my colleagues on C3 board; the CIOs of the Pentagon, the British MOD, their counterparts in France, in Norway; very widely.
We are competing with high-profile jobs in industry, but we believe it is a unique environment: very challenging but extraordinarily interesting and it’s quite a unique experience in change management that we offering (laughs) to someone who will have to be talented, for sure…”
Nato expects to announce its decision at the end of 2020.