Homeland Security’s CIO Outlines Their Top IT Priorities

With $6.8 billion in its fiscal year 2018 and 2019 IT budgets the Department of Homeland Security is one of federal government’s largest buyer of information technology (IT) goods and services. Combine this with numerous IT directives from the White House focused on IT modernization and cybersecurity and an expected $100 million in appropriations under the Modernizing Government Technology (MGT) Act to be up for grabs later this year, and it is no surprise that many expect DHS to pursue spending more on IT modernization.

A recent DHS Industry Day sponsored by Washington Technology was opened by free-flowing remarks from John Zangardi, DHS Chief Information Officer. Zangardi discussed DHS’s current IT priorities and efforts that are underway. Among the major topics he covered were cloud computing, cybersecurity and OneNet.

Cloud

• DHS is pursuing a hybrid cloud strategy and he is not looking at having a single winner. They are currently working on an enterprise cloud strategy, policy and approach. 
• A cloud steering committee has been created to set plans and stretch goals. DHS has 29 applications currently in the cloud, with another 70 in the process of transitioning.
• He expects the first cloud steering committee meeting to occur in the 2nd or 3rd week of June.
• Regarding stretch goals, he wants to make it OK to fail in striving to reach them, but if and when they do fail they need to learn from it – why they failed and what is the way forward. Is the technology, acquisitions, the ATO process, or something else the cause?

Security Operations Centers (SOCs)

• There are currently 16 SOCs within DHS. Not all are 24x7 operations nor are all within the capital region.
• DHS needs to develop an enterprise strategy for SOCs, which may include a cyber fusion center.
• Consolidation of SOCs must be about capabilities, not just cost savings.
• They are currently looking at 72 locations across the US to identify what locations make sense. One consideration is the existence of universities in the area and maybe military bases in the region – both that can churn out a skilled workforce from which DHS may draw. The cost of living in the locations is also a factor. The new DHS CISO Paul Beckman is looking at what skills and workforce elements they really need.
• Identifying the right cybersecurity tools, training, and contract vehicles are also in the mix in plotting the way forward.
• He envisions eventually having two SOC sites, one primary site and one hot backup.

OneNet – DHS’s transport backbone in LAN A and Land B, unclassified and classified.

• He wants to go to a managed service for OneNet and is looking at what other agencies have done to determine the best approach for DHS.
• He envisions a 10-year contract, a 5-year base contract with five 1-year options. He also sees it being a Best Value competition, not LPTA.
• Determining the requirements are key, especially writing requirements for “unknowns.”
• Including a Helpdesk element is obvious, but he wants to make sure the eventual winning vendor has some room to maneuver to meet evolving needs.
• There will be forthcoming industry days for the competition, with dates TBA.
• He recognizes the challenge of keeping industry interested when they’re looking for one vendor to do it all. He expects to provide some additional information on the DHS network, etc. to stimulate interest.
• One issue he is exploring is that of bringing in the DHS components and whether this would result in one network or a group of networks. This is TBD.

WIN10

• They are moving to WIN10 by the end of 2018, with some exceptions for “special use IT”, e.g. embedded IT.
• DHS has also moved forward with Office 365 deployment.
• He recognizes that each of the DHS components do different things and so he wants to allow for the differences.

Modernization and Transformation

Zangardi noted that getting to OneNet and the cloud with consolidated SOCs and will transform DHS’s IT. He also noted that the elements he described are aligned with the MGT Act. “We were there before it was finalized and passed.”

In answering questions from the audience Zangardi said that he expects to take a multi-vendor approach to the cloud to allow for the different needs at the components. “I don’t want a hundred, but I do want multiple vendors.” Zangardi also would like to use OneNet to create a path to unified communications at DHS. They’re also in transition with mobility management now and are thinking through derived credentials and software defined networking (SDN) to improve security.

As far as IT cost management is concerned, Zangardi said that DHS needs to improve cost visibility. Also, he wants to use COTS solutions, not custom developed GOTS, whenever possible and would consider open source wherever it makes sense to do so.