TSA sets phased-in IT approach
- By Preeti Vasishtha
- Oct 15, 2002
Patrick Schambach, TSA's ground-floor techie
Henrik G. DeGyor
'Exhilarating and exhausting' is how Patrick R. Schambach describes working at the fledgling Transportation Security Administration, where he is an associate undersecretary and CIO.
Schambach was among the first 10 people to join the IT group at TSA, which was created to oversee the security of the nation's transportation systems in the wake of the Sept. 11, 2001, terrorist attacks.
Before coming to TSA, Schambach was CIO and assistant director of science and technology at the Bureau of Alcohol, Tobacco and Firearms.
He joined ATF in 1996 after working for more than 24 years for the Secret Service, where he headed the IRM Division.
Schambach has a bachelor's degree in finance from Fairfield University and a master's in business administration, with a specialization in information systems management, from George Washington University.
GCN staff writer Preeti Vasishtha interviewed Schambach by telephone.GCN: TSA is being established from scratch. As the CIO, what challenges do you face and how are you handling them?
SCHAMBACH: Someone said to me back in January, when I was the only person at TSA in the CIO shop and starting with a blank sheet of paper, 'The good news is that you don't have an existing infrastructure to worry about; and the bad news is, you don't have an existing infrastructure.'
My first challenge was to find basic provisions for what started as a trickle of new employees and quickly grew to a stream. Fortunately, the folks at the main Transportation Department CIO office jumped in to help, providing telephones, cell phones, pagers and networked PCs with basic e-mail and Internet access. That was a huge help.
Next, I had to find good people to come and help me as permanent TSA employees. As it turns out, 'good people' was an understatement. I have attracted what I consider to be some of the best talent in this business'people who wanted to come to a place surrounded with uncertainty and little structure, and are motivated beyond anything I've ever seen in my more than 30 years of government service.
Many are here to make a difference after 9-11. We see ourselves as America's biggest response to 9-11, after the war in Afghanistan. These are people who want to make a difference, want to move the ball forward and are excited about having the chance to create this agency from scratch. They responded, like I did, to our mission statement, to restore America's freedom of movement.
My latest challenge is to create the design and gather the resources to be the most technology-enabled organization we can be within the constraints of funding and timing that we face. We essentially have until the end of the year to get more than 400 airports secured with a federal work force and the basic technology they need to operate.
To do this, we have listened to the needs of those constituents who are here already. We've enlisted the help of some terrific loaned executives, and we've designed what I believe to be a unique approach to a performance-based, managed-services outsourcing arrangement. We have selected Unisys Corp. for what we call the Information Technology Managed Services program.GCN: Why did TSA adopt a statement of objectives rather than a statement of work for the ITMS contract?
SCHAMBACH: A major driver for our approach was the time frame in which we have to operate. With a deadline of the end of the calendar year, we realized that we did not have the necessary information to specify exactly what is needed by part number and quantity to accomplish our vision.
If I learned anything from my previous experience with seat management when I was CIO of the Bureau of Alcohol, Tobacco and Firearms, it's that industry works best when you don't tie their hands into doing things a certain way. I wanted to give maximum flexibility to our service provider and at the same time tie their success to the mission success of TSA.
The statement-of-objectives approach was the best way to accomplish both of those goals.GCN: TSA has taken what it calls a red, white and blue approach to setting up its IT shop. What does that mean?
SCHAMBACH: The red, white and blue approach came out of a realization that we can't really get to our vision of the fully technology-enabled airport of the future by the end of this calendar year. It will have to be done in phases.
The red phase is defined by the IT capabilities that we must have in place to at least take over security at a given airport. This phase is characterized by things like cell phones, pagers and dial-up network access.
The white phase begins as we add connectivity and functionality with things like LANs and IP telephony.
The blue phase will get us closer to the fully enabled airport vision.
The reason we identified these phases up front is so that we can ensure that our solution is scalable from red to white to blue, and we won't have to rip out and throw away the early parts of our investment as we move from phase to phase. We have to know what the ultimate structure will look like as we build the foundation.
As far as timing is concerned, most of the nation's medium and small airports will definitely start with the red package. Large airports will be pushing into the white package from the beginning'with all airports getting to white sometime in the first year or two. The blue phase will depend almost entirely on funding availability in future budgets.GCN: The Federal Aviation Administration is developing a smart-card program for Transportation. Do you plan to adopt it?
SCHAMBACH: At TSA we are developing plans for a Transportation Worker Identification Card, or TWIC. Currently, there are no appropriations for this program.
If such funding becomes available, our theory is that if we can issue a biometric smart card first to TSA employees, then to flight crews and other airline employees, we can begin to reallocate our limited security resources.
We hope to focus less on known persons in the airport environment and more on the unknown persons. A biometric smart card can positively identify and authenticate that a person is who they say they are and fits the role that they claim to be playing. We are defining our requirements, talking with stakeholders and developing a game plan.GCN: How will TSA be affected once it is a part of the proposed Homeland Security Department?
SCHAMBACH: Transportation secretary Norman Mineta has asked that we keep our eye on the ball at TSA and that we continue to put all of our efforts into the plans at hand. I am making every effort to keep my part of the organization focused on our initial charge'putting the right technology in place to enable the success of TSA.
I am part of the Homeland IT Investment Review Board recently established by the Office of Management and Budget to identify opportunities to leverage IT investments across the 22 or so agencies that could potentially be part of the new department.GCN: What do you see as the top three IT priorities for TSA?
SCHAMBACH: First is to complete the definition of our IT enterprise architecture, to give us the detailed roadmap for putting the right things in place for TSA.
We have some great help from solid contractors assisting our TSA folks to put a solid architecture in place consistent with the Federal Enterprise Architecture Framework.
My second priority will be met through the ITMS managed services project, providing us the hands and feet and brains to put a solid and secure infrastructure and end-user devices in place consistent with the enterprise architecture.
The third priority is a series of applications to sit on top of the infrastructure, providing employees with access to critical security information that they need to do their jobs.