While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Scott Charbo likes his job. “There isn’t an area in information technology — supporting missions and business — that is more at the forefront and exciting than what we are doing.” At the Homeland Security Department, the CIO’s work runs the gamut, from consolidating thousands of network nodes to using iris scans to thwart terrorists. But because of the pervasive nature of IT use within DHS, Charbo sees his chief role as operational: getting infrastructure systems projects done. FedTech Editor in Chief Lee Copeland and Managing Editor Vanessa Jo Roberts spoke with him about how far along the department has come in creating an integrated systems environment and how the CIO team drives that effort.
FedTech: When you started at Homeland Security, your predecessor, Steve Cooper, had gotten some of the integration effort started, but it wasn’t a complete job. How far along are you on consolidation and integration? Will it ever be done?
Charbo: I won’t finish it, I’m sure. But everything has a life cycle, and information technology life cycles are fairly short. Systems live their lives, and then you’ve got to migrate stuff. That’s why I think CIOs get picked on a lot — because we are not around very long. But that’s because our jobs typically are defined by the life cycle of projects: finish one and then move on.
That’s why I try to pick the projects that we want to achieve and that the administration, Congress and the secretary want to get done. The ones that we have picked from an infrastructure side are our data center project, our e-mail project and our network project.
We have collapsed numerous networks and have seven wide-area networks. Each of our WANs has hundreds and, in some cases, thousands of circuits. We have been doing the migration of those for our OneNet project, which will get us to one managed wide area network. The plan then is to migrate those seven over to the new Networx governmentwide telecommunications vehicle [which the General Services Administration recently awarded to AT&T, Qwest Communications and Verizon Communications]. Once that’s done, we will have OneNet finished.
That’s huge; that’s the backbone on which we will do all information sharing, data porting and situational awareness and on which we can start running our interoperable common operating pictures. I will be very pleased because that’s a big deal.
We also have 17-plus data centers — 17 major data centers and a lot of wiring closets. Our focus is to get those down to two. We are doing that migration now. We had a requirement from Congress to build one center; the second center I set up as a service center. We have our government-furnished equipment in one, and we have a service component in the other. That gives us a lot of flexibility. We already know what systems and what centers we are going to migrate and collapse into the centers this year.
We will probably be done with our e-mail project by the end of the year.
We are picking out our next targets around businesses and applications that we want to tackle during the next year or two — after we finish the infrastructure things.
FedTech: Let’s talk about data sharing. How have you approached it, and how are you getting security up to par to protect data?
Charbo: It goes hand-in-hand with the network. Because we are dealing with a wide-area network, I can put security policies into that network, and I know that they are built in across the department. The other side is policy driven. Our network does not go down to the desktop across the department, so essentially the local-area network environments are managed by each of the components. Previously, many of those LAN policies weren’t all that strong. We have put in a tremendous amount of work to enforce some of these policies — access by remote users, network access, removing data from drives, notebook configurations and so forth.
Even the inspector general recognized that, and that’s a feat when they recognize something that you have done. The IG says a bit more needs to be done, and we don’t disagree with that. But it’s a policy issue. We have got to put the policy out to the components of what we expect. Then, we have to go back and enforce it. How do we enforce it? We do that through performance evaluations; we do that by withholding funding; and the Office of Management and Budget does that by withholding funding. Basically, if they’re not going to protect their networks, we shouldn’t invest in them.
FedTech: OMB says it’s going to get tougher on that in the coming budget cycle.
Charbo: Exactly. We are pretty proud of what we have done in the past couple of years identifying what we have, base-lining that and correcting systems to the point where we can certify them. That process also provided a whole list of things that we know we need to correct now. When I got here, fewer than 20 percent of the systems were certified, and no one had really base-lined anything. So, there wasn’t a set list that said, “Here are our systems, and this is what we are going to certify.”
We closed out last year with about 95 percent of our systems identified. We’re continuing to work on those that weren’t certified. Some were in bad shape; for some others, we’re continuing to identify problems. A lot of those are systems that had no policies in place down at the local level.
If there is a policy, you can push technology over the network. Sometimes it’s training that you have to enforce. We also have to validate that the work gets done. I have a staff here that does that. We also use the IG, and we use the General Accountability Office to do that. But security’s another area where I don’t think you are ever going to be done. I think that will always be evolving. It’s kind of like spam software. As you get better, so do the folks who push spam.
FedTech: When was the last time that you attended a technology briefing by someone in DHS and you were just wowed by technology and what it was?
Charbo: I would have to kill you. [chuckling]
FedTech: It was that good?
Charbo: Actually, it was classified. Honestly, in the CIO office, there are enough things operationally that we need to get going and that’s what we focus on. We have shut down a few projects just because we didn’t have the bandwidth and the dollars to try to keep them going.
We moved some projects to the Science and Technology Directorate to allow them to incubate, and we’re doing a better job of interfacing with the S&T group so that they understand the things we need in identity management and information sharing and are looking out for us on a three- to five-year horizon. If there’s something that’s kind of cool and we really need to do it, I have S&T work on that development rather than my shop because I am trying to keep an operational perspective to get projects done.
FedTech: Do you still have goals at DHS that you want to achieve?
Charbo: I’m not going anywhere. If they feel that they want me here, then the least I can do is stay. I know that the secretary still thinks there’s a lot to be accomplished. We are trying to keep the projects moving forward. There are always challenges — lots of challenges. You have to work through them, but I want to be here as long as they need me.
FedTech: You didn’t start your career as a technologist. Do you think that helps you in your job — that it’s useful to come at things from a different perspective than from CIOs or managers who do come up through IT?
Charbo: By education, I am a science major. I think there is an affinity there — to study different types of systems and how they work. I think that fits well when you are looking at all the different IT systems that we have at DHS.
After being a state and county employee, I went into industry. I cut my teeth on business and delivering results, but it was still kind of managing and reorganizing systems. It was a trucking system or a warehousing system or some type of logistics system. It’s funny, I’ve met other people who are biochemists or microbiologists or something like that, and they’ve done well in IT. So, I think there is something there in terms of an affinity toward the study of systems.
FedTech: From your past experience at the Agriculture Department, you have a reputation around government as a fixer, someone who gets big jobs done and likes a challenge, and certainly the systems integration efforts at the Homeland Security Department offer one of government’s biggest challenges. How do you think it’s going?
Charbo: From an IT and missions perspective, Agriculture and DHS are pretty similar. They are both large organizations with multiple directorates, bureaus or components. At Ag, each of them was related, but they are pretty distinct unto themselves. We had a wide mission at Ag, and we have that here. We have the Coast Guard; we have the Border Patrol; we have immigration and an R&D group. We are diverse.
I am trying to study that “system” and look for the common pieces and approach the change from that perspective. If you look at our big projects: We have attacked the network; we have attacked the data center; and we have attacked how we try to communicate, of which e-mail plays a large part. I’ve learned that you try to influence what you can. It’s a big ship, and you can’t expect to turn things in a day.
Actually, a mentor of mine told me that when I took the job at Agriculture. He said, “It’s an opportunity of a lifetime, and you ought to do it. But if you can’t accept the fact that you’re probably going to influence only a little bit of it, then you shouldn’t do it because you’ll get frustrated, and it’s not going to go well for you.”
As a result, I try to define each project against that standard: What’s the project? Can I put a timeline on it? Do I have support for it? If I do, can I drive that project and can get that project done? At DHS, we have had that support on the core common projects from the CIO perspective.
FedTech: How do you balance infrastructure projects against looking at new ways to use technology to meet the Homeland Security mission?
Charbo: That’s a common problem. If you talk to a lot of federal CIOs or any large company CIO, they would probably say that they have similar challenges.
But the chief challenge is the budget because you’re always working on three at once. And typically the budget you put forward isn’t the one you end up with — it goes through a lot of changes. Even in the private sector, you ask for the world, you get what they want to give you, and you drive against that. You get some of that here, but then it goes to the Hill and gets massaged again. So, you don’t always get back what you were expecting. Sometimes there are big curves, sometimes there aren’t, and you have to try to balance that.
The technology probably isn’t that difficult. The challenge then is, “How do we keep something going and change in the process, if I am not given the budget to standup and do infrastructure work?” You get creative, and you look for new solutions or new ways of trying to keep things going.
You also try to be consistent in how you approach things. I have always tried to say, “Why are we doing multiple developments around the same problem?” If it’s an area of opportunity, then let’s get a common way forward so we can drive our investments toward the same goal. That has seemed to work pretty well, and that’s really what we are doing around some of the consolidation projects in these joint areas. In some cases, if we find that a system has lived its life, then we decide to just shut it down.
FedTech: When it comes to the Lines of Business migrations, you’ve said that the first agencies in are penalized by having to pay for custom interfaces and additions that later adopters then get for free. How do you think things should work?
Charbo: This is a capital investment issue that needs to be solved federally, so that one component or the early adopter doesn’t get stuck paying the full cost. Is there a way I can put money into a capital fund where I can see some recoup of those dollars?
FedTech: Is that something the Office of Management and Budget or the CIO Council is trying to figure out?
Charbo: I know OMB is trying to work on it because we are working with them.
FedTech: I’ve heard you say, “DHS has more nets than Jacques Cousteau.” What do you mean by that?
Charbo: That means we have networks that a lot of our applications people call “net,” and it’s really nothing. For example, it might be an Internet Protocol application used to give people logins and IDs, and they call it “net.” We have a lot of those types of things — it’s a collaboration area; it’s a Web site; or it’s a Web form. In some cases, it really is a network. We do have a lot of “nets” in the department and, in fact, more than we really need. That’s part of the architectural work that we are doing.
FedTech: When talking to CIOs in different organizations, especially in institutions of higher education, one of the things that they always find are rogue networks and servers. During your certification process, do you find these in DHS?
Charbo: Sure. At DHS, we do not have a single network, and even when we get to OneNet, it will only be the wide-area network. We will be able to identify traffic; we will be able to look at different behavioral things, and we can stop things on the WAN before they elevate. Or, if there is something happening on the network; we can send out alerts; we can identify it; we can block it — we can do lots of things.
But down at the desktop, even at the server, we have to have policies in place. Within the network that I maintain, we have locked that down. When a server is brought on board that is a rogue server, we should know about it. If we don’t know about it that means one of our components authenticated the server, and then we might have an employee issue that we have to handle. So, we monitor that on the WAN. As far as the other components though, they have to monitor it, and we push policies of how we want it to be monitored.
FedTech: Something you have talked about a lot is that there’s not enough up- front involvement during the contract phase defining accountability and your expectations of vendors. How are you dealing with that at DHS?
Charbo: We review all purchases of more than $2 million. And for Project Eagle, which has a list of prime contractors and a list of small business contractors, I am meeting with those companies on a quarterly basis. Each initial meeting is just to kind of set the tone about what we are asking them to help us manage and our architecture. As they propose solutions or implement work, we ask each of them to help us conform to an architecture and that we will continue to evolve. This way, they know our priorities and can help us meet those priorities. I met with some today, so this takes place on a regular basis.
FedTech: What are you doing with IT at DHS that you would like others to know more about?
Charbo: What better mission is there than here at DHS? It’s all about all of the stuff that’s happening right now. If you are interested in data, Customs and Border Protection has some of the largest transactional databases in the world — the second largest transactional collection in terms of revenue, second to the Internal Revenue Service. In biometrics, there is nobody doing the work that we are doing in terms of research and development. It’s not just R&D, but getting technologies integrated and applying them.
FedTech: Something that you are actually taking out in the field and trying to use?
Charbo: Yes. There isn’t an area in IT — supporting missions and business — that is more at the forefront and exciting than what we are doing. The communications work is going to revolutionize things. When you work here, you know that you are playing a part in that. Yes, as a department, we have taken our lumps in the past. But it’s still a young department, and good people can help influence it; and we are always looking for them.
FedTech: How much are you looking at different kinds of use of remote communications because you have the issue of the border where you have trouble technically making the data leaps?
Charbo: The Secure Border Initiative is exactly that. It will provide some portable common operating pictures that we can link in to our OneNet, and there’s also some satellite communications we’re doing. We have got several projects that are ongoing. We are basically making everything IP because we can then move that data anywhere.
FedTech: And that’s the next big leap — IP everywhere?
Charbo: It’s a big leap; it’s very, very big. You know there are some other challenges on the border; there is no cell signal there.
We have got to either invest and put some of that infrastructure in place, go to satellite, which has some challenges, or go to some portable type of a network that we put in place. Ideally though, this is where we try to say, “Hey, are there any other federal groups that need connectivity in that space?” We find out who they are and then jointly go at it, integrating our projects.
FedTech: The tenure for Cabinet-level CIOs is not very long. What do you think needs to be done for these folks to stay longer and see projects through?
Charbo: I really think that every administration and every leader — and every CEO — ought to be able to have the people who are going to make their mission successful. That’s my belief on that one.
FedTech: Do you consider it part of your job to build a staff of long-term civil servants who work below you?
FedTech: They provide the crossover from administration to administration.
Charbo: That is our job, our responsibility, to provide that continuity. I’ve got a great deputy CIO [Charles Armstrong] who knows the mission here at DHS extremely well. That was part of the strategy of having him come over [from the department’s Border and Transportation Security Directorate].
I am not the only noncareer person in my organization, so it is my job to make sure that we have got good continuity. To help, we also have a great human capital officer and a great undersecretary for management, who both have this focus, as well. And they get really creative about how we can bring the right people on board when we need them.
Charbo: Absolutely, and that’s key. Because at certain job levels in IT, there is pretty high turnover — probably less turnover in government than in the private sector. But even so, it’s a competitive market, and we don't exactly have some of the best pay rates, particularly in the Washington, D.C., region.
We are at a disadvantage of paying a certain rate for an IT individual compared with pay in the private sector. But at DHS, we are identifying ways that we can do direct hiring. We are doing job fairs; we are doing announcements in the newspaper. These are things that you would probably think are taken for granted, but that’s not necessarily so in the government.
FedTech: Do you think that there is enough technical experience in the government?
Charbo: I am impressed with the technical professionals working in government. If you look at some of the big software and hardware things, they were done in the government and then introduced into the private sector.
We do need improvement in the government in terms of program and project management. We have a deficit there. From a technical aspect, we have got some outstanding technical folks, but the problem is that’s where they usually want to stay. They move from one technical research or R&D thing to the next, to the next, to the next, to the next. I am not in that business. I want to get those out of R&D and get them implemented and manage them cost-effectively and integrate them.
But really good program and project management folks get swallowed up by the private sector. You see that in acquisition; you see that in every area of federal program or project management. Finding people at certain certification levels is hard. They are at a premium. We are really looking for those folks.
FedTech: How do you actually manage your job? It sounds as if you are pretty extended?
Charbo: I drink a lot of hot tea.
FedTech: You have given up sleep. Is that what you are saying?
Charbo: Well, maybe it’s my farming background — you get up early; you get home late. But also I have good people. We have good contractors and a good staff. It’s getting better all the time. We do push them pretty hard, so you must reward them when they get it right. And I want to make sure that I am showing them I am working just as hard as they do, so it is long hours. We all put in some really long hours, but that’s part of the deal when you sign on.