Life in the Pressure Cooker at DHS

It's safe to say that few CIOs operate in
the kind of pressure cooker that Steve
Cooper, CIO of the Department of
Homeland Security (DHS), calls his
home away from home. Though
Cooper's used to high-pressure jobs, it's
not every day that he gets to design and
install his agency's first enterprise network.
In a mere six weeks, he and his team of about
a dozen IT staffers installed an Internet
Protocol (IP) network, workstations and
servers; created an intranet; and mounted a
public Web site.

But Cooper says his biggest triumph
since his appointment as CIO in February
2003 was—in just four months—laying the
groundwork for the department's enterprise
area network, which will serve 190,000
users in the 22 agencies that constitute the
DHS. "Releasing the first version of our
enterprise architecture within four months
was a major accomplishment," he says.
"Some federal agencies work on theirs for a
couple of years."

But the toughest work—integrating the
systems of all DHS's component agencies—is still to come, he says.

Building out the agency's integrated
enterprise infrastructure is Cooper's front-burner project. This IP-based network,
which will have classified and unclassified
segments, has a completion target date of
December 2005.

That deadline makes for an aggressive—but, so far, realistic—timeframe, he says. The
agency has released a request for proposals
(RFP) for the classified portion of the
Homeland Secure Digital Network. An RFP
for the unclassified portion will go out in a
few months, he says.

Another high priority for Cooper's IT
team is testing different methods of digital
authentication and certification that would
ensure that entities and individuals actually
are who they say they are. At the agency's
Washington headquarters, about 400 users
are participating in a smart card pilot based
on public key infrastructure (PKI).

Smart cards will likely be used as one
authentication mechanism for both the
classified and unclassified networks.
According to Cooper, "the pilot is a way to
get some experience under our belt" before
rolling out cards to almost 200,000 DHS
employees during the next two years.

Tending to the most urgent IT issues of
homeland security has left Cooper with little
downtime to architect a long-term plan for
the future of DHS's IT department.

"We've been so busy reacting to emerging
requirements that we haven't had a chance to
step back and think in terms of what we
want to do when we grow up," Cooper says.

However, as 2004 advances, Cooper and
his staff will have a chance to refine their
strategy for the department's development.

Cooper recently spoke with Fed Tech
about his first year as DHS CIO and shared
some of his experiences in setting up the IT
department; implementing information
sharing among agencies and the private
sector while protecting data privacy now and
in the future; evaluating technologies to
combat terrorism; and responding to terror
alerts, information overload and the
prospect of a new administration.

Q: This is a time of
unprecedented data
sharing among federal
agencies and the
private sector. How does
it affect your role as CIO
of Homeland Security?

COOPER: Our challenge is to create an
environment using IT tools that let us be
responsive to whatever events occur in the
world. That means we need a 24 x 7 type of
operating paradigm. Most corporations and
IT-enabled infrastructures are not actually
geared to operate in real time all the time.

We are deploying Infonet, an Internet-based information exchange portal, to
rapidly share information [among all
agencies]—although it's not real-time—and a backbone, called DHS Interactive,
for sharing information external to the
department. There won't just be one
solution; we expect there will be more.

Q: How do you balance
information sharing
with security and
privacy issues?

COOPER: The department continues to
discuss how to properly protect personal
information in the work we do. We need to
fine-tune and continue to ensure the right
balance. We're serious about doing the
right things to secure the homeland.

Q: How do you deal
with data overload?

COOPER: We want to put analytical tools
into the hands of the subject matter experts
and analysts here whose jobs and
responsibilities deal with finding the
information needles in the haystacks or
connecting the dots. That's the aggregation
of intelligence information. We evaluate
[existing] and emerging information
technologies. The federal CIO community
tries to share information about those
technologies with each other. We pass this
along to the DOJ [Department of Justice] or
FBI [Federal Bureau of Investigation] or
some of the intelligence agencies and say, 'I
think this might be applicable, so why don't
you take it and run with it and evaluate it.'

On a personal level, I set filters on
Microsoft Outlook to help with the volume
of e-mail that comes into my office in IT.

Q: What occurs in IT
when DHS raises the
terror alert level?

COOPER: It adds an operational
component. As we move to higher levels of
alert, the department [implements] some
additional in-house capabilities and teams,
and we provide direct IT support to those
teams. We add additional IT folks on a shift
basis so that we can operate 24 x 7.

Q: What new systems
and applications are
you developing to help
the DHS, and what are
the key underlying
technologies?

COOPER: A significant number of
applications and activities in IT directly
support the counterterrorism mission of the
department. Secretary Tom Ridge also has
made it clear that in addition to the
counterterrorism function, we need to
enhance other activities or business
processes.

A good example is U.S. VISIT [U.S.
Visitor and Immigrant Status Indicator
Technology system], which we just deployed
at airports. With it, we take two fingerprints
of foreign nationals as they enter and leave
the United States. It's really dual-purpose: We
are also trying to enhance the ingress and
egress of people across the border. We want
to ensure that the bad guys don't get in, but
how about if we can get the good guys in
quicker?

We have other large initiatives under way,
such as Operation Safe Commerce to secure
cargo and commerce in the exchange of
goods and services. We [will use it] to speed
up and enhance commerce globally as well.

As for technologies, biometrics, including
facial recognition and fingerprinting, have
been a mainstay in government law
enforcement. We are also looking at retinal
and iris scans, voice recognition and other
biometric technologies.

Q: One uncertainty in
a presidential election
year is that federal IT
projects could be at risk
of being discontinued
under a new
administration. How
would a change in
administration affect the
work under way in IT?

COOPER: I've not lived through a change of
administration before, but drawing on what
I've been told, it could potentially affect quite a
bit. If there were a change of administration,
then you [could] have political leadership
with a different set of priorities or a different
approach on how they want to get things
done.

I think we have to keep pushing
through. We've got to communicate within
the department and across departments.

What it boils down to is that we will
establish IT metrics for all key activities.
Part of that is an appropriate review
process—peer review, steering committees
and advisory groups meeting on a regular
basis—which can continually monitor and
measure where we are and know if we're
on target.