The budget’s not all that changing in the United States these days. As a result of less funding, computing, acquisition and cybersecurity approaches are transforming as well, according to experts speaking at the AFCEA International Homeland Security Conference. Some of the adjustments are minor tweaks, while others reflect a major change in the way the government does business.
Rather than viewing reduced revenue as a lost cause for running government programs, most experts see it as a way toward long-needed improvements in effectiveness and efficiencies. Taking advantage of the latest in technology—without necessarily investing more funds—U.S. Department of Homeland Security (DHS) leaders will be reaching out more to industry for best practices ideas and asking for input sooner in the requirements cycle. This is good news for industry.
Paul A. Schneider, former deputy secretary, DHS, offered several recommendations about how government agencies should conduct business with fewer dollars. “The reality is that the budget won’t change, so the approach in science and technology has to change. The government must work with industry to identify threats, and must work in the certification, accreditation and testing arenas to get reliable security devices out there,” Schneider said.
Paul A. Schneider, former deputy security, DHS, offers his recommendations for changes in IT management, acquisition and use.
With the DHS reaching its ninth anniversary, the department should now follow the U.S. Defense Department’s lead by putting teams of technologists within its ranks to be able to field new capabilities rapidly a la the rapid equipping forces model, he added.
Schneider has often been asked if an act similar to Goldwaters-Nichols is appropriate for the DHS. While he had fought this idea in the past, he said the time has come. “It is time to consolidate all IT funding under the DHS CIO,” he stated. “Today, we have independent operating units throughout the country. Now we need to have unified command and control for DHS. The integration of assets is totally necessary.”
Schneider was not the only speaker at the event calling for sweeping changes in the way DHS does business. The introduction of innovative capabilities will help DHS’ agencies consolidate its resources by enabling them to share data storage, computing and monitoring, panelists discussing the cloud computing agreed. Bajinder N. Paul, deputy associate administrator, Office of Citizen Services and Innovative Technologies, GSA, pointed out that instead of managing assets, cloud computing enables agencies to manage services. Considering that a large amount of the $80 billion DHS spends on IT is consumed by infrastructure management, moving to the cloud could result in large savings.
Several of the experts at the conference talked about the Federal Risk and Authorization Management Program (FedRAMP), which was established in December 2011. The governmentwide program standardizes the approach to security assessment, authorization and continuous monitoring of cloud products and services. Paul noted that FedRAMP means that chief information officers throughout the government will have to develop strategies for moving to cloud computing, which not only will save them money but also enable them to spend those savings on modernizations efforts they would not have been able to afford.
Keith Trippie, executive director of enterprise system development, DHS, noted that government agencies will be lured toward using cloud computing because it offers them “a buffet table that is fully stocked and all the options can be deployed quickly.” At the end of the day, it comes down to funding, meeting customers’ needs and security, and the cloud offers “as a service” capabilities that singular systems do not, he added.
Cloud computing security continued to be a topic of discussion throughout the day. Most of the experts agreed that for about half the technology in use, cloud computing offers better security but security for the other half is better left alone. Sean Donelan, program manager, network and infrastructure security, DHS, pointed out that despite FISMA rules, most agencies still don’t know how many systems they have. “But when they go to the cloud, they’ll know exactly how many systems they have because they will receive a bill for the services monthly,” Donelan said.
Although cloud computing is relatively new, most DHS representatives believe that the metrics are already revealing its benefits not only in cost savings but also in productivity. Donelan said that while budget cuts steal headlines, the real news is that using cloud computing enables agencies to do more than they could before and that they are leveraging this benefit.
Whether in the cloud or on land, information requires security, and security requires trained personnel. Representatives from a number of the military services explained how they are training cyberwarriors to address the ever-increasing threats by hackers, nation-states and organizations’ employees.
One challenge the United States is facing in this regard is training and retaining people with a natural knack to hack. While the U.S. Air Force, primarily in charge of cybersecurity for the Defense Department, has a cyberwarriors training program that rivals the one it has for pilots, the other services not only do not have a primo training approach but also do not offer their service members a career track in the field that leads to promotions. Even though the Air Force’s training program is open to members of all services—as well as government employees and even contractors working in information security—many talented individuals are leaving the military to lucrative jobs in the private sector that allow them to do what they love, members of the Keys to Fighting and Winning a Cyber War panel agreed.
The call for government-industry cooperation was heard throughout the day’s events. Government personnel want to work with the commercial sector on the nuances of cloud computing, getting requirements right, service-level agreement best practices, cybersecurity approaches, risk reduction and evaluation of the trade-offs when business models change.
Nick Nayak, chief procurement officer, DHS, said that he has an open-door policy and wants continuous communication between him and the commercial sector. He contends that although the dollars will be fewer this year and in the foreseeable future, the opportunities for industry will not. In addition to building better relationships with businesses, work force development, contract savings and program oversight improvements are his priorities.