James Hatch, BAE Systems: Computer Weekly Downtime Upload podcast

The tech industry seems to create silos. Originally, the role of the chief information officer (CIO) was to combine business and IT, but in some organisations it has morphed into a role that holds responsibility for IT infrastructure. In such organisations, the head of IT is a back-office function, to “keep the lights on”.

Another role, that of the chief information security officer (CISO), heads up the IT security part of the organisation, ensuring that data is kept secure and that security policies comply with industry regulations or government legislation.

The advent of big data analytics has seen the emergence of the chief data officer (CDO), who is now tasked with driving artificial intelligence (AI) adoption in the organisation. And with all the hype around digital transformation, the chief digital officer (also CDO) role is now de rigueur.

The latter is the role James Hatch has taken at BAE Systems, but one he sees as encompassing all aspects of technology and business required to take advantage of tech innovation. Such innovation is desperately needed in some high-trust organisations, which have to work within the constraints of a governance and regulatory compliance framework that can hamper the progress of digital innovation.

Hatch is the chief digital officer at BAE Systems Digital Intelligence, part of the aerospace group’s systems organisation, which was established at the start of 2022, bringing together 4,800 people across cyber security, data intelligence and space disciplines.

Over the past decade, Hatch has run cyber services within the systems organisation. Most recently, he has been exploring the topic of digital advantage within the context of digital transformation. “Digital technology is increasingly part of doing business rather than a back-office function that supports the business,” he says.

For Hatch, the job of a chief digital officer represents a kind of functional underpinning role in most modern organisations, responsible for the delivery of outcomes to customers, whether those are citizens, consumers or other organisations. Unlike job functions like CIO and CISO, the CDO is responsible for ensuring the business and the technology that underpins it are joined up. It is an area Hatch has been focusing on to set the agenda for the business in 2023.

“Digital technology is increasingly part of doing business rather than a back-office function that supports the business”

“I have been working through our plans for next year,” he says. “Tools and technology was one of the four categories of change that we need to look at. The other three are policy and process, people and skills, and culture and leadership.”

What this demonstrates is that even in his own strategy, the proportion focused on tech is only about 25%.

BAE Systems recently reviewed the current state of play within three high-trust sectors’ digital landscapes: government, aerospace and defence. As part of the study it commissioned research from Vanson Bourne, which found that of the 120 respondents from organisations in the UK who were involved in their organisation’s digital transformation, 84% said digital advantage was crucial or very important to their organisation.

The survey, conducted between May and June 2022, found that 97% of those polled faced barriers to achieving a digital advantage, and only 21% of respondents in high-trust sectors said they were digitally mature. In spite of the relatively low level of digital maturity, the survey reported that 83% of organisations agreed that while there were challenges to overcome to achieve digital maturity, the reward for doing so was worth it.

Hatch says the results show that there has been a challenge in high-trust sectors, in terms of achieving the full potential of digital technology and practices. The challenge is that digital transformation is constrained by the special requirements needed in high-trust organisations. Doing nothing or avoiding tackling this problem is not the answer.

“We are in a position where our adversaries, whether they are in crime organisations, or are nation states, or they are competitors, are going through a fairly rapid progression of digital transformation,” he says.

However, he says that due to the barriers in place within the high-trust sector, “it is fundamentally more difficult to do digital transformation than in a sector with less control and regulation”.

Within high-trust sectors, he says: “It’s kind of like a human and cultural tug-of-war. There are assumptions and mindsets that are built into people’s jobs and careers about what is the right way to do things. You have to find common ground before you can make significant progress.”

This is something he believes the high-trust sector can learn from engineering industries responsible for developing safety-critical systems. 

Hatch believes the best way to tackle this cultural tug-of-war is through innovation, improving productivity and delivery within high-trust organisations by maximising the use of digital technology and practices. He says that no matter what stage of maturity an organisation is on their digital maturity journey, “one of the most important things to do is to keep your systems up to date and patched, which means changing them regularly and making changes to them”.

“It is about having a continuous change process that keeps you up to date and keeps you competitive,” he says. This, says Hatch,  represents a fundamental shift from a programme to a pipeline mindset. “I think [this mindset shift] applies to both cyber security and to innovation and productivity.”

Securing software innovation

From a software development perspective, there have been a number of efforts to address open source security issues. Open source offers developers a way to build new applications quickly by taking advantage of freely available open source components. But questions are being asked about how to ensure these components in the software supply chain are kept fully patched.

“I think we’ve probably passed the kind of peak hype on open source,” says Hatch. “It’s going to change everything, and everything is going open source. But we also recognise that there’s value in enterprise software providers offering buyers confidence, insurance and a contractual [agreement].”

“It’s no good being safe if you’re not secure because security undermines safety, and it is no good being secure if you’re not productive and innovative and able to move quickly”

Along with open source, the idea of perimeter-based security no longer fits the needs of organisations that require the free flow of data to and from external business partners. Modern IT architectures use open application programming interfaces (APIs) and microservices, offering a deep level of integration between external partners and internal back-end systems.

Describing the challenge, Hatch says: “It’s no good being safe if you’re not secure because security undermines safety, and it is no good being secure if you’re not productive and innovative and able to move quickly.”

For Hatch, there is a role for digital industry partners to work with high-trust organisations, providing a gateway to help them deploy commercial technology, including open source technology, in high-trust environments. 

Within the high-trust sector, Hatch believes the role of the chief digital officer is able to operate in a way that allows the individual who has overall responsibility for the organisation's digital strategy to maximise the benefit technology brings. He sees a need to change from programme thinking, such as a digital transformation programme, to a pipeline approach, where security is in-built.

“You are defining an outcome, working towards it using pipeline thinking by continuously driving towards a distant objective, making progress all the time,” he says.