Changes Coming For Homeland Security IT - InformationWeek
Hardware & Infrastructure
12:55 PM
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

Changes Coming For Homeland Security IT

CIO Cooper unsure he'll stay, and recent report calls for more-centralized controls

The Department of Homeland Security, not yet two years old, has reached a crossroads, as Secretary Tom Ridge departs by month's end. Ridge's exit will ripple throughout the 180,000-employee Cabinet department, and raises questions about who will lead its technology strategy.

Steve Cooper is responsible for developing an IT infrastructure for 22 agencies.

Cooper is responsible for developing an IT infrastructure for 22 agencies.

Photo by William Smith
One uncertainty is whether Steve Cooper will remain CIO of the department, which operates under a decentralized IT structure that recently came under fire by the department's former inspector general. Cooper came to Washington in March 2002 as homeland-security IT adviser to President Bush, before he was named the department's first CIO. At the time, Cooper said he'd remain on the job at least through the presidential election, or as long as Ridge headed the department.

Cooper would like to meet with the new Homeland Security secretary when that person is nominated, he says in an exclusive interview with InformationWeek. However, Cooper adds that he hasn't decided if he wants to stay in the position, and notes that the new secretary may have someone else in mind for the job. Cooper is responsible for developing and implementing an IT infrastructure that merges 22 agencies, while helping build IT systems to protect the country.

"Do I have the same level of passion as I did on day one? Absolutely," he says. "My energy level is a little lower. I would love to figure out how to recharge my batteries."

While Cooper puts in 14 to 16 hours a day to keep up with a daunting number of tasks, a report issued last month by then-Inspector General Clark Kent Ervin concludes that Homeland's failure to give Cooper centralized IT control has hindered some programs. "The CIO is not a member of the senior management team with authority to strategically manage departmentwide technology assets and programs," wrote Ervin, who wasn't renominated for his job after his term expired last month. Unit CIOs directly report to their divisional chiefs, not Cooper, Ervin added, "which hinders departmentwide support for his central IT direction."

Cooper reports to the undersecretary for management, Janet Hale, three rungs below the secretary. Of the more than 5,000 IT professionals working at Homeland Security, only about 50 report directly to Cooper; the remainder work for individual units.

In his report, Ervin also said the department's decentralized IT structure led to its failure to receive passing grades for IT security from the White House Office of Management and Budget. Ervin praised Cooper and chief information security officer Bob West for developing a well-thought-out cybersecurity policy but contended that the CIO's lack of authority over information security managers was a significant reason Homeland's IT security isn't in compliance with federal rules.

Even if he had direct charge over unit CIOs and their information security managers, Cooper doubts that cybersecurity compliance would have been addressed any faster. Security competes with other IT demands for limited money and resources. "Sometimes information security gets bumped down in the queue," Cooper says.

The department, however, is close to winning its passing grade for IT security, Cooper says. A year ago, about a third of the department's systems received IT security accreditation; today nearly eight in 10 have it.

Cooper agrees that the Homeland CIO job should be elevated. Yet he contends he has significant influence as a member of the department's Investment Review Board, which determines how Homeland Security spends its money. And, in October, Ridge issued a directive that orders greater cooperation among officials within each of five vital management areas, including IT. Cooper sees that directive as giving him greater control over IT decision making.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll