Blog: From Today's Challenges to Future Opportunities
CIOs from the top DHS three-lettered agencies described their challenges, priorities, the price of success, the key to success and the future at the opening panel session at AFCEA's Homeland Security Conference today. Jim Flyzik, who has worked on this conference since its inception in 2003, asked tough questions of four of the department's key organizations, and these professionals came back with insightful answers for industry. In response to a question about today's problems, Richard Spires, CIO of DHS, hit several of the top issues echoed by other panelists: low number and balance of personnel, stovepiped systems and processes, and a culture that has gotten into "a bit of a hole." Luke McCormack, CIO of ICE, expanded on the personnel challenge, saying that what is needed is more people with the right skill sets in the right positions. Flyzik also asked the panel about their priorities for solutions to these challenges. Spires said DHS must improve its management of programs. "We're weak in our disciplines around program and project management," he stated. Sandy Peavy, CIO of the Federal Law Enforcement Training Center, agreed that training is stuck in the past, saying many of the training programs were developed 30 years ago. This is improving with the use of simulation technologies, she added. One of Flyzik's odd questions was about the price of success. He wanted to know if effectively meeting demands means that customers pile on even more requirements. The CIOs agreed that the bigger challenge they will face is meeting more requirements with less resources, in other words money. The topic of cybersecurity also came up during this panel. According to Spires, DHS is "driving hard" in this area. "If you look at the threat analysis, the real vulnerability is the people," he said. Although policies are in place, few employees follow them and managers rarely check, the panelists agreed. Panelists took quick notes when Flyzik asked Spires to describe the characteristics of a successful program. The CIO enumerated three items: the right kind of partnership models between the IT and program departments; real requirements management; and a cadre of federal employees with the right skill sets. Members of the second panel of the morning discussed just the opposite side of the work force coin but the same topic issue: skill sets, cybersecurity and information sharing. Representatives from the telecomm industry, including AT&T, Qwest and Verizon described how the changing landscape of the Internet has vastly expanded the necessity yet difficulty of securing the 'net. One of the primary problems is their inability to share threat information with each other. This is a matter of law and not corporate policy. John Nagengast from AT&T also pointed out that the companies do not have integrated systems for real-time sharing of threat information even if they were permitted to do so. And a GAO report issued in November shows that government agencies aren't much better at sharing this info even though they are permitted to -- the report found that "most agencies have not implemented sufficient controls to prevent, limit or detect unauthorized access to computer networks, systems or information," panelist Shawn Carroll from Qwest shared. Panelist Marc Sachs from Verizon not only emphasized how wrong this situation is but also challenged government agencies to be the "gold standard" of cybersecurity that all organizations --even the private sector -- to which all organizations--even the private sector--should be held up. "Stop pontificating about the rules and be an example," he stated. Panel moderator Chris Dorobek of Fed Radio 1500 AM and former SIGNAL Magazine Incoming columnist asked the telecomm reps what would be their first actions if they were Howard Schmidt, the newly appointed U.S. cybersecurity czar. Carroll said he would mandate agencies to look at already available cybersecurity solutions and purchase them. Sachs stated he would call for a public national debate about the vulnerabilities and threats in cyberspace. Nagengast said he would call for a cyber national defense capability.