Modernizing Authentication — What It Takes to Transform Secure Access
Date: 12/14/2017 @ 1 p.m. ET
Q: What are your primary responsibilities within the office?
The first is to guide input to the national strategy for Homeland Security related to information and information technology, the second is what we have labeled a little bit for convenience -- horizontal information sharing. That simply means among the federal agencies. The information to be shared is essential information necessary to support Homeland Security but it really translates to combating terrorism. And then the third is, again for convenience, labeled vertical information sharing. Talking about sharing and the integration of information among federal, state and private sector entities.
Q: What are some of the emerging technologies you plan to utilize to share Homeland Security information with state and local governments and other relevant private sector entities?
What we're trying to do is broadly classify information technology into some big buckets and honestly, internally we're calling them big buckets. For example, the current working big buckets include knowledge management and within knowledge management you can toss in things like data mining, data harvesting, data visualization -- There are a handful of software tools we have done little bit of research around and continue to evaluate and explore and gain some insight.
The second bucket we label modeling and in that bucket are things like simulation modeling so there are products and tools that allow you to simulate various [events]. There are hazardous materials types of models, chemical and bio defense types of models and again, we want to take look and review a lot of products and capabilities in that space.
|Feds Seek Help Battling Cyber Security Threats Curbing Security Threats is Red Cross Exec's Priority Distributed Computing Joins Fight Against Terrorism Poll: Americans Fear Cyber Attacks Disaster Recovery: Lessons Learned From 9/11|
The fourth bucket, which honestly is a placeholder at the moment, is infrastructure. That would be where we'd begin to take a look at things like networking operating system software and look at various system console monitors -- just the stuff you never see unless you're an IT professional. We're not doing whole lot with that.
Another major bucket deals with applications. That has to be subdivided later. So for example, FEMA has a number of applications related to first responders that already exist. We want to inventory those and talk with the folks at FEMA and figure out how well those applications meet the program and mission requirements of FEMA.
Another example might be if we have an application related more to security or bio terrorism then we'd create a subcategory to do a little finer breakdown. Right now the point I'm trying to drive home is not what's in the buckets but that we're categorizing and grouping information technologies.
Q: Are there vendors in these various areas that you've worked with in the past that you're partial to?
Yes. But it's different from my previous responsibilities at Corning or Eli Lilly in the private sector, and I need to put that on hold. We need to drive this from a requirements perspective. Rather than jumping to any conclusion, we're flushing out and writing the national strategy now. We're taking the lead in writing the information chapter, which relates back to objective one. After we write that chapter and as we interact with state, local and federal agencies and the private sector to get input, expertise and knowledge from those arenas, we can have more fully set requirements and then be able to evaluate products and vendors.
The other key component is we're also constructing an enterprise architecture for Homeland Security. By enterprise architecture I mean documenting the business strategy and the business objectives in each of the functional areas of Homeland Security. Then we're documenting the processes that are needed to achieve the goals and objectives and identify the information that is produced by and consumed by the processes with those things in place and understood and then we can look at the enablement of those via information technology. Then we're getting into applications and the underlying information technology infrastructure. Together all of those component layers comprise an enterprise architecture. This is the same model being used across the federal government -- we're not doing anything different. We're building from the work that is already being done in the federal agencies to construct an enterprise architecture -- and aggregate it at a level higher because the processes of Homeland Security cut across any single agency. So we've got to integrate the component parts so you get the complete picture.
The executive order that created the office spells out the functional areas of Homeland Security...each of those functional areas is comprised of a set of processes to carry out that responsibility. So what we need to do in constructing these architectures is understand what are these processes and now we're right back to the processes that comprise the architecture. Then you can add the information component and you then can automate the whole thing.
Q: What in your background prepared you to work in information management?
Most of my professional career has been focused on the challenges of information sharing, information delivery and information integration. So does that mean I have all the answers? No. What it means is my experiences have positioned me to ask the right questions. If I can pose the right questions to the wealth of talent that exists in federal, local and state government and in the private sector, a whole bunch of people who are whole lot smarter than I am are going to come up with the answers. I'm drawing upon the work we're going to do as we build these architectures and take a current state inventory -- that will reveal what exists today.
One of the sets of questions I want to begin to ask when I look at these architectures and process maps we will build I will ask questions along the line of 'Why are we doing this process this way?' Of course armed with the process maps I can be pretty specific. Not that I really have the answer of a better way to do it, but by asking a question like [that] gives rise to answers that this is the objective we're trying to meet, or the requirements we have to maintain.
By asking why we're doing things a certain why enables a group of people to optimize or change the process for the better. It allows us to identify obstacles to achieving the desired statethere are two broad metrics we want to bring to bear in all this work: first is a faster cycle time. That means for example that if we are trying to pull together information to make a decision, ideally we want to reduce the time it takes to bring all the information together to make a decision to zero. That's a faster cycle time. Today we can measure how long it takes to do various processes or how long it takes to get the right information to the right people so we can creates baselines -- improvement can be demonstrated by reducing that amount of time. It's very important that we can measure whether we're getting better or worse.
The second important metric is quality. And quality can take different forms of measurement but if I talk to people who are recipients of information that is produced by some of these processes then I can ask them some very pointed questions like 'Did the information arrive in a timely manner?' If they say yes great. If they say no I want to explore that no further. Information is a product. People don't think of it that way but the same principles that hold true in supply chain management hold true in information management.
In Part 2 of CIN's interview with the Homeland Security CIO on Wednesday, Steven Cooper discusses technology strategies and best practices for cyber security and homeland defense.