The problem with IT modernization is often a people problem.
“There’s a cultural challenge within the IT community,” said Department of Homeland Security Acting CIO Stephen Rice, at the AFCEA Homeland Security Conference on Sept. 13. “Changes aren’t just within the technology but also within the culture of those managing the technology.”
Rice said that in order to mitigate these challenges, the IT conversations include different levels of agency staff to explain how the technologies affect the mission. IT managers have had to learn to explain how the size of the agency’s networks, including the applications, data centers, and IT employees, affect the agency mission.
“The conversations have changed for IT-centric conversations to business-centered conversations,” Rice said.
He said that he has taken to bringing agency heads to the data centers to experience the size and architecture for themselves.
“It’s eye-opening when you see rows and rows of equipment and they stagger it by the manufacturer,” Rice said.
Rice said that he’s explained to the agency heads that often the architecture of the network is more important than the company supplying the equipment. Rice said that DHS has a large infrastructure where the funding to replace legacy systems is not available. The IT decisions should be made based on what the needs of the departments are, not about what type of equipment is needed.
Industry can often suggest more innovative solutions than what the agency has relied on in the past. When DHS had to buy new computers, the agency discussed whether all tasks need a government-issued device. Since DHS has more than 100,000 computers, decreasing that number could provide major decrease in costs. Rice said these conversations are dictated by the management and not the IT department.
Rice said that he wants an environment where industry can tell the government about advancements they’ve made and how those advancements can benefit agencies, and also the government can tell industry about the challenges that it has with the market. The agency CIO needs the credibility to make decisions and have these discussions.
Barry West, senior adviser and senior accountable official for risk management at DHS, said that the May Cyber Executive Order has helped bring agency leadership into IT discussions because it holds agency heads accountable for their cybersecurity posture.
“I will give the administration a lot of credit,” West said. “They did not exclude anybody from this mandate.”
The Cyber Executive Order affects DHS specifically because the National Protection and Programs Directorate at DHS is in charge of evaluating how the executive order goals will affect the entire government.
DHS completed its assigned risk management plan, which all agencies were directed to turn in by Aug. 9. A report with information from all of the risk management reports will be sent to President Donald Trump to review by Oct. 8.
West said that the challenges he observes with the Cyber Executive Order are where will agencies get the budget to improve their cybersecurity and how will the government incentivize employees who are doing well?
However, West is optimistic that cybersecurity is receiving this attention from the new administration, because cybersecurity used to be on the back of people’s minds.
“It was pretty much an afterthought,” West said. “Now there’s not a CIO shop you’ll walk into today that doesn’t have cyber as one of its key priorities.”