Pinning hopes on ITP

'We are moving from many data centers to two. We are moving from many networks to one. We are moving from many help desks to fewer.' -CIO Scott Charbo

CIO Scott Charbo, who oversees the Homeland Security Department's technology alongside the other members of DHS' CIO Council, is emphasizing the Infrastructure Transformation Program the department launched this month. ITP, which is buoyed by two large contracts, will consolidate the agency's IT infrastructure, including moving to one e-mail system and two data centers.

Charbo joined DHS in June after working as CIO of the Agriculture Department since September 2002. Charbo's career at Agriculture was marked by his systems consolidation resulting in a $162 million reduction of the department's IT budget.

Charbo described his outlook on DHS technology to GCN senior writer Wilson P. Dizard III during an interview at the CIO's office in Washington.

GCN: How does the DHS CIO office plan to improve the use of IT to meet the department's goals of confronting terrorism and providing services?

Charbo: We're focused on projects. Keeping projects on track, understanding what the products are and then delivering those products of the projects. In my office, we are going to get focused on a few things.

One of those is our security posture. Making sure our systems are secure, understanding where we are and then moving those until we have all our systems secure and inventoried. Then we are in a cyclic manner after that, of getting systems refreshed over a three-year period, updating them, etc. That's one of the areas. That supports the department to do their job.

We are looking at utilizing infrastructure. We are looking at turning projects that were conceptual into operations. So we are moving from the concept phase to the operations phase.

GCN: How does the DHS IT leadership plan to proceed with the task of consolidating systems and assets, including networks and data centers?

Charbo: That's not unique to DHS. You could go to any agency in government and that's the same question they are all looking at right now. We are putting that under the Infrastructure Transformation Program, ITP.

If you look at that, we are moving from many data centers to two. We are moving from many networks to one. We are moving from many help desks to fewer. And we are looking at how we operate those within the department. We are not trying to bring all those into the CIO's office. We are looking for best of breed.

Supporting that will be these two contracts, Eagle and FirstSource. We are looking at services to support that infrastructure, and we are looking at commodities to support that infrastructure, under those two agreements.

GCN: What additional steps does the DHS CIO Office plan to [take to] strengthen information sharing with state, local and private-sector entities?

Charbo: We are looking at that product right now, but the infrastructure I just spoke of is key to that, particularly the data centers.

We can bring those applications into one environment, bring that information, those metadata sources, we'll push that data out to the states depending on what they need. And pull it back in.

GCN: What are your hopes and expectations of the CIO organization's geospatial office?

Charbo: We are going to start off with two things. One is getting our software orders in line. The second part of that is the data. We buy sources of data multiple times. We are going to be streamlining that, focusing on a data warehouse first.

We have a lot of geospatial activities. The short order is we are not going to be pulling that into one delivery, where it is one shop that services everybody. We are going to focus on software standards, the data standards and how we are able to deliver the like types of data. A good example is imagery. Instead of buying the same image 20 times, we'll buy it one time and then distribute that to the users who need it.

GCN: How will the DHS IT organization improve the department's system security?

Charbo: If you look at the Federal Information Security Management Act scorecard and where we are right now, I don't think we are as bad as the scorecard says we are. We have an inventory, finally. So we have a baseline. We have probably 40 percent of those [systems] certified and accredited right now.

We have another 30 percent to 40 percent that we are trying to determine where they are in the certification process, because there are two parts to that.

You can go through the documentation, because there's lots of documentation in the government around systems security. Then you test that. So there are two separate phases to certify that. When we look at that, ... somewhere around 80 percent of our systems are either certified or in the process of being certified.

I am going to focus on the next 20 percent, to get us to 100 percent certified and accredited.

We got about 90 percent of the employees through security training.
And of those systems that we have disaster recovery on, those 30 percent to 40 percent that are certified and accredited, they have disaster recovery [plans approved].

The ITP will provide that functionality as well, through our backup data center. That will provide the disaster recovery at the center. So when you take all that together, I don't think it's as bad or bleak of a story as seeing an 'F' when you see the scorecards come out.

GCN: When you were CIO at Agriculture, that largely decentralized department moved to consolidate its IT systems. What do you bring from that experience to this experience of consolidating decentralized systems?

Charbo: We are trying to put the functionality together. Call it consolidating or whatever. The focus is just trying to get systems running and operating more effectively. At Agriculture, we were able to get our systems certified and accredited and bring those up. We had a lot of data center resources. We were able to align those, to utilize two of our major data centers, one in Kansas City, NITC, and the [National Finance Center] in New Orleans. We got those interoperable, so they were operating in unison rather than competing against each other or operating separately.

These discussions about how do we effectively use the limited resources, how do we manage our data, how do we get systems security, they are happening in every agency in government right now. The objective is to move them forward. We did that at Agriculture; we can do it here. It's really familiar to me, hearing the same types of discussions. It's really, really familiar. For an agency that's only been around for a few years, it's pretty good. It's not as bad as you would think. I am trying to determine where is it, where do we want to be in the next year, and then get the department and the systems there.

GCN: What are your prospects for jump-starting two of the department's major IT projects that are now under review, or re-evaluation now, the Emerge2 financial system project and the America's Shield project that would help the Border Patrol do its job?

Charbo: There's lots going on with those two. America's Shield I would say, hold tight. That is going through a review.

The Emerge2 product, we are looking more at how we deploy it. There's one part, which is, will the products be interoperable, that we've been looking at. You can test that. But how you deploy that across lots of agencies ... you can deploy things all at once, you can deploy them in parts. That whole change process of how you begin to deploy it across the community is the piece that we are looking at very closely right now. And I think that is going to be the part that determines the success of that. So we are looking at that with the chief financial officer and [the Office of Management and Budget], making sure things are on track before we launch that.

GCN: Earlier this month, a federal judge invalidated the MaxHR personnel system rules. I know that's not your bailiwick. But you are responsible for the systems that are going to run MaxHR. Well, doesn't that kind of throw MaxHR into a tizzy?

Charbo: When they are ready to deploy it, we'll be ready.

GCN: What is your view of the Government Accountability Office's statement in a report last year that your office should receive more funds and that you should report directly to the deputy secretary rather than the undersecretary for management?

Charbo: In terms of the staffing of the CIO office, I'm not sure. I've only been here a few weeks. We have a healthy contractor support group. We have [full-time equivalent federal employees]. I am going through that right now, looking at our organization, what we want to get done. My expectations are that we are going to get what we need to get done with the staff that we have.

In terms of reporting directly to the secretary, or the deputy secretary, I've got the ability to work with the deputy secretary and get things to him at any time. Likewise, he gets to me when he needs to get to me.

I came from an organization where that reporting line [to the deputy secretary] was there, but I see a lot of value in having the CFO, the procurement, the asset chief, all at one table at all times. I think that speeds the process up.
So, there's certainly benefits of having the organization structure that we have here.

I am here to get some things done. Not to worry about how I report. ...

GCN: How will secretary Michael Chertoff's reorganization shift the way the department deploys its IT assets?

Charbo: Again, it's the ITP. However the organization is structured, we'll be able to deploy the products through that infrastructure to provide network support, sound data center support.

Now with these two contracts we're putting out, we'll be getting good pricing on services, and the commodities and the networks to support all of that.

So however the applications need to be structured, under any type of organization, we can most effectively get that done through ITP.

GCN: What do you believe are the main challenges the CIO office faces?

Charbo: Apart from media interviews?

GCN: This is softball. You ain't seen nothing yet.

Charbo: What are the challenges? It's people. If it were hardware and wires and software, that would be easy. It's understanding the expectations and then putting that together across lots of people from various backgrounds, coming from various missions, who kind of think things ought to be done this way or that way.

So, it's listening to all of that and then coming up with a product and a path forward that I think we can get done but also that meets the needs of somebody. That's the hardest part of this whole deal.

It's not DHS, either. It wasn't easy at Agriculture. It's dealing with a lot of different personalities and people. That's the hard part.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.