Interview With Homeland Security CIO, Part 2
In Part 2 of CIN's interview with the Homeland Security CIO, Steven Cooper discusses strategies and best practices for cyber security and homeland defense, as well as the importance of change management. (Click here to read Part 1.)
What we were talking about were some of the challenges in that space. I'm not the cyber security guru but I was explaining...[how they need to] think of the broad challenges for information and information technology in Homeland Security.
Let me represent it as a three-legged stool and the legs are people, processes and technology. I'll start with the people leg cause that's the toughest one. We're talking about a number of things like cultural mindsets because we're going to ask people to change both their mindset and how they do things. For example, you've worked within the organizational walls of the agency or entity you are part of and now someone comes along and asks you to share the information outside the walls of your organization. Helping people get to a new way of thinking about things is a challenge. It's not right or wrong. What we absolutely have to do is help people to understand and see very clearly why the new way is better for them as an individual than the old way. How people do work is another component.
The process leg -- that's an interesting one. We've talked about business processes but what also goes into the process leg are things like policies. We have laws on the books that impede the sharing of information. We're not going to do away with privacy or civil liberties, but we do need to evaluate are there any adjustments that need to be made. The CIA by law cannot collect information on U.S. citizens. Is that a good thing or is that something that may impede our ability to combat terrorism? I don't have the answer but I can ask the question and then we can have the dialogue that gets us to the right answer.
Lastly, the technology leg, believe it or not, is the easiest one of the three because those of us who really are information technology experts can figure out how to integrate existing databases, existing applications, can bring in future tools and technologies and we do that reasonably well. But it is the third leg of the stool.
|Feds Seek Help Battling Cyber Security Threats Curbing Security Threats is Red Cross Exec's Priority Distributed Computing Joins Fight Against Terrorism Poll: Americans Fear Cyber Attacks Disaster Recovery: Lessons Learned From 9/11|
So each leg of the stool has various challenges associated with it. We need to identify them and then overcome them. That's where you can get very detailed. But they are very real challenges. If I have 55 databases that all contain information about suspected terrorists how do I bring them together so an analyst can gain access to all 55 databases easily? What tools do I use to integrate those databases?
Q: Which governmental agencies do you personally work most closely with?
There are 33 I've identified that represent core agencies and are relevant to Homeland Security. Those 33 have missions that are directly relevant to Homeland Security. So I'm becoming good buddies with people in those 33 agencies. It's not an exclusive list. I've got an eight-page list...I don't know the number but there are about 300 to 400 federal agencies and at some point in time I've got to talk to all of them. Among the core: Justice, State, Transportation, Energy, FEMA, HHS, Agriculture, Customs, INS, Treasury, Coast Guard...all the DOD agencies. Pretty much every major agency you can think of.
Q: I understand you formed your own consulting organization, Strategic Information Concepts. What type of consulting does the organization do, and are you still actively involved with that?
No, I have to put that on hold while I'm doing this job. We were focused basically on the strategic use of information for competitive advantage. Most of my clients were commercial private sector but I actually did a lot of work for the federal agencies.
What we were really focused on honestly was the precursor to thinking of information as a product and bringing to bear the concepts of supply chain management. This was in the late '80s. So it was a lot of fun, very much focused on the early use of data administration, information engineering, and information resource management. Those were kind of the methods and techniques we were using and had gotten into.