Homeland Security CIO Outlines Priorities

With 9/11 commission hearings, lingering tension over this month's train bombings in Madrid, Spain, and threats of retaliation against Israel and its allies for the recent assassination of Hamas founder and leader Sheikh Ahmed Yassin serving as the backdrop, Department of Homeland Security CIO Steven Cooper highlighted several priorities for his organization over the next 12 months and addressed the challenges he faces in meeting those objectives. The most pressing of these priorities are information sharing, IT infrastructure integration, and data security.

"We are fighting a real war," Cooper said Wednesday at the Federal Office Systems Expo in Washington. "There are people who want us dead. Speed is important."

Cooper's road map comes as the Homeland Security Department's inspector general's office issued a report this month assessing the department's strengths and weaknesses. The federal government formed the department a year ago from 22 agencies and their nearly 180,000 employees. While the report notes that successful transformations of this magnitude could reasonably take as long as seven years, Cooper said he doesn't have nearly that long to integrate the department's IT operations and get them running smoothly and securely.

Information sharing within the federal government, as well as with states, local municipalities, Native American tribes, and academia is one of Cooper's top priorities. "This is a big deal," Cooper said, noting that the challenges lie not only in updating and automating systems and processes, but also in providing workers at various agencies on various levels with the initiative and training to contribute information into such shared systems.

Homeland Security at the federal level is looking for ways to integrate data from state and local law enforcement, public works, and fire departments. Security, Cooper said, comes not just from the top down but also from analyzing information and observations from the nation's 3,300 counties and 89,000 cities and municipalities.The key to successful information sharing is IT infrastructure integration, another of Cooper's priorities. By December, the department plans to consolidate its six WANs down to one network for both classified and unclassified information. To illustrate the condition of today's networking setup, Cooper pointed out that his department's E-mail system isn't configured so that Homeland Security employees can exchange classified E-mail messages, even though other federal intelligence agencies have this capability. The inspector general's report states that Cooper's goal is to unify the department's 100 disparate, redundant, and nonintegrated systems by the end of next year.

Another priority is information security, which requires biometric and smart-card technology rather than reliance on passwords alone, Cooper said. The inspector general's report stated that Homeland Security has made some progress in establishing a framework for an IT systems security program, including establishing IT security policies and procedures and creating an organizational unit headed by a chief information security officer to govern information security departmentwide.

But the report also pointed out that a number of key security areas need attention. While 42% of the department's systems have security plans, only 37% are certified and accredited and only 39% have been assessed for risk. In addition, just 21% of the department's system controls had been tested and evaluated, and only 11% of its systems have contingency plans. To address these and other security concerns, the department has developed a five-year plan to create a unified information security infrastructure.

Still another of Cooper's priorities is the development of a system of formal portfolio management before year's end to help the department get an inventory of its technology and decide where to invest its IT budget. "We're not trying to change the federal budgeting process," Cooper said, "but we can streamline our own internal process for investment of IT dollars."