Homeland Security CIO Answers Tough Questions

The first CIO of the Department of Homeland Security, Steven Cooper was appointed by President Bush in February, 2003, and he immediately began the daunting task of knitting together the 22 agencies and 190,000 federal employees who now make up the DHS.

It’s a tough job, but a critical one.

Cooper believes the threat to the country’s information infrastructure has actually increased since the DHS was founded 19 months ago.

“First of all, there is a much more concerted effort on the part of people who want to kill us.” says Cooper.

“I don’t think most federal CIOs are as concerned about teenage hackers. What we’re much more concerned about are governments who are putting teams in place to attack the information assets of the U.S.”

With his background in both the private and public sectors, Cooper is well positioned to influence IT policy and programs at DHS and beyond—and it helps to keep him on top of the problems and pitfalls facing a large federal agency in its effort to win the war on terrorism.

Technology journalist Randy Barrett recently spoke with Cooper in Washington, D.C., about the department’s security and integration efforts, and about Cooper’s hopes for improvement in the private sector as well.

CIO Insight: Has the security of government networks changed significantly since Sept. 11?

Cooper: One thing that changed is that on Sept. 11 there was no Department of Homeland Security.

The effective date for the beginning of the department was March 1, 2003. That’s when the department became official; we transferred 180,000 people from 22 component organizations and set about the work of creating the DHS.

Steven Cooper
CIO, Department of Homeland Security
Before he was appointed CIO of the Department of Homeland Security, Steven Cooper was a special assistant to the President for homeland security and served as senior director for information integration at the White House Office of Homeland Security. Cooper also spent more than 20 years in the private sector in various CIO positions in the manufacturing and pharmaceutical industries.

There had been some kind of network security in place for most of our inherited organizational elements. However, a significant number of those components did not have their own networks or infrastructure.

They didn’t have any wide-area-network backbone that they were directly responsible for, so they didn’t have network security, information security, physical security or information assurance programs at all.

What we playfully call the Big Six—the U.S. Coast Guard, Secret Service, Federal Emergency Management Agency, Customs, Citizenship and Immigration Services, and the Transportation Security Administration—did have some security in place. They had large IT organizations and their own WAN networks, and that’s formed the core of our own network environment.

As of July 27, 2004, we have integrated DHS Net, our core wide-area backbone.

That doesn’t mean we have collapsed or consolidated all six into one. It means that, in addition to what we inherited, we have now moved forward and put in place a new emerging core WAN, and around that WAN we have put in place cybersecurity programs, including intrusion detection, network operations center—the types of things that mature organizations have and that we need in order to get to the single network, the one DHS infrastructure that we’ve set in motion.

Click here to read the latest security survey research from CIO Insight.

How fully integrated is the Homeland Security Operations Center at this point?

The HSOC is fully operational. It is manned by 24 people, operating in three shifts, 24-by-7.

It is staffed by folks from the DHS with a lot of different skills and backgrounds, as well as by people from sister agencies—the Federal Bureau of Investigation, the intelligence community, the Departments of State and Energy, the Coast Guard and the Secret Service. Those people are monitoring terminals that actually reach back to their home organizations. They are fully connected.

But the information sharing is not yet seamless. We don’t have all of the different applications represented in the HSOC integrated among and between themselves.

What is the goal?

First of all, within the Department of Homeland Security itself, the goal is to move as quickly and as appropriately as possible to seamlessly integrate the applications and data repositories the department owns.

While we’ve identified all the major applications, we’re still identifying more. We think we’re about 90 percent complete. We’re probably still at the beginning of the seamless integration that we’d like to move toward. But the important thing is that that does not preclude having all the information available for analysis and action.

I don’t want any reader to believe we are less secure because we don’t have seamless integration. We are not less secure. It requires a little more effort and energy on the part of our analysts because they have to turn from one terminal to another.

What we want to do is continue to improve the environment as a tool set that our analysts use so they can be more productive faster.

We’re probably still in the first third of the work we want to do. Over the next 18 to 24 months we’ll move pretty much toward 100 percent of what we’d like to do.

Next Page: Integrating with the Centers of Disease Control, grading gov’t security and software regulations.

CIO Insight Staff
CIO Insight Staff
CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need network monitoring technology and solutions to maintain regulatory compliance for their teams and organizations.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles