Q&A: Homeland Security CIO Outlines Key Challenges

Eight months into the job, CIO Richard Spires discusses plans for creating a 'center of excellence' for program management, department-wide services, and other steps.

J. Nicholas Hoover, Senior Editor, InformationWeek Government

March 3, 2010

9 Min Read
InformationWeek logo in a gray background | InformationWeek

Richard Spires was named CIO of the Department of Homeland Security in July 2009, joining an agency in the midst of an ongoing transformation from a group of independent agencies into an integrated department focused on national security. Homeland Security's so-called Unified DHS initiative includes consolidating facilities while constructing a new headquarters in Washington, D.C., and streamlining operations in other ways. The department's "component" organizations include Customs and Border Protection, the Federal Emergency Management Agency, Citizen and Immigration Services, Immigration and Customs Enforcement, the Coast Guard, and the Secret Service.

Spires was formerly CIO of the Internal Revenue Service and, before that, an executive with Mantas, a software vendor, and SRA International, a systems integrator. Now eight months into the job at Homeland Security, he is taking steps to consolidate and centralize the department's IT operations as part of that larger effort. In this interview with InformationWeek, Spires discusses how he's tackling that challenge through a center of excellence for program management, centralized services, and other steps.

InformationWeek: In a recent speech, you expressed concern at a lack of "institutionalization of process discipline, standards, and tools to run programs" at the DHS. What are you doing to fix that?

Spires: We have a department-wide systems development lifecycle, and it's got stages and gates and the like, but beyond that, we just don't have a lot of standard tools or methods to help programs. The components have things they try to institutionalize, but we haven't standardized it across the department. I saw significant improvements when we did that in my commercial experience and even more to the point at the IRS, where we really matured things.

There are some foundational things you need to do to run programs well. For example, you need to have good requirements management, from the initial elicitation of requirements all the way through the lifecycle management of those requirements. There's nothing that gets lifecycle management in trouble faster than not managing that well. One thing we did at the IRS and we're looking to do here is putting together an office that really drives that from an enterprise perspective. We can put out the procedures, the process, the toolset to help project teams do it right. We had a model at IRS where we could provide help to get started, and then if they need help throughout the program, they can get it.

I would like to do that and other things under the guise of a program management center of excellence where we provide these kinds of disciplines across the spectrum, everything from integrated schedule management to risk management, configuration management, requirements management, and test management.

InformationWeek: Homeland Security has fairly independent sub-agencies in ICE, CBP, and others, but Secretary Napolitano is pushing for "One DHS." How do you see that coming together from an IT perspective?

Spires: When I came on board, one of the things I noted was that this is a federated model, meaning that I have overall responsibility for IT in the department and I have the Office of the CIO here at headquarters, but we also have IT organizations throughout DHS, and they vary in size from very large, like CBP, to relatively modest, like S&T.

I noticed there wasn't a clear dividing line between what we were trying to do at an enterprise level versus what should be left to the components to do. In early December, we had a two-day offsite meeting where we brought my management team and my direct reports together with the component CIOs and their deputies. I talked about how important it was to get better clarity around where are we drawing the line between what we're going to do enterprise-wide and what we're going to leave to the components.

Some of that is pretty obvious--for example, to get to one physical wide area network infrastructure called OneNet. And the data center consolidation effort; we're trying to get down to two enterprise data centers, and they would be administered by us at an enterprise level.

But pretty quickly, you get into some gray areas. We're really still working through this, but I think we made some good decisions. Let me give you an example; right now we are operating 12 different e-mail systems. They're all Microsoft Exchange and Outlook, but there are actually 12 instances. We decided that we want to strive to provide e-mail as an enterprise service out of the two data centers. There's an example where right now each of these e-mail systems is owned by those components, but we're going to centralize that as a core enterprise service.

Some programs are mainly aligned by component, working to meet component missions, and I don't think in any near term we're going to change that model, although I point back to a center of excellence where we provide better help to these programs overall. I think we've got a better dividing line now, and it really comes down to that base infrastructure at the network and the data center level being enterprise, as well as some of these core enterprise services. InformationWeek: You mentioned major consolidation projects underway, with the two biggest being the data center and network consolidation. Where are you with those efforts?

Spires: We are driving to wrap up getting to the OneNet architecture and getting the components on board this calendar year. There may be some straggling issues. For instance, we're struggling a little bit with the international circuits and getting everything converted over to the Networx contract, but the vast conversion will be done in that time frame.

On the data center consolidation work, our goal was to go from 24 legacy data centers down to two. We have closed five of our data centers. We received significant funding, $200 million, in our fiscal year 2010 appropriation, and are aggressively working with our major components right now going system by system. You have to identify where these major systems are and migration paths to get them into these data centers.

Our goal, assuming we get the funding that we need, is that we will have this complete in the 2014 timeframe. That sounds like a long time and in some ways it is, but we have to be judicious in this. The issue is that many of these systems are mission critical systems that we can ill afford to have down, some of them even for seconds. If you're running systems that, for example, control the border, then those systems really have to be up all the time. And we have a lot of planning, and we need to be sure we do it right.

InformationWeek: I recently talked to one of your data center guys, and he talked about the consolidated data center, in his words, as a private cloud.

Spires: When you think about cloud computing, you don't care about what's in those data centers because you're buying it as a service. I point back to e-mail as a service, where we want to get to a situation where the components are not worried about server configuration, they're just buying mailboxes from us here at headquarters where we provide them as a service. Rather than us having this propagation of intranet portals, we're also going to stand up a SharePoint service and hopefully migrate a lot of these intranets onto this common infrastructure, virtualized so we get savings from a cost perspective and an administrative perspective. And we should be able to provide better service capability with full redundancy than components going alone.

We're also continuing to look at where it would make sense for DHS to use outside cloud computing capability. We are in active discussions with GSA as they move forward with their cloud. We will buy those services as they make sense. However, there are concerns with security issues, privacy issues, so we will need to do this the right way.

InformationWeek: When I hear "private cloud," I think shared services and virtualization, but also automatic provisioning, dynamic scaling, and managing pools of resources. How far along is DHS in those areas?

Spires: I can't say that we've fully formulated that. We view that as an evolutionary potential. We are doing this crawl, walk, run. We've got the data centers built. We're moving services in there aggressively. We're looking to stand up these next level services such as e-mail as a service, and we're piloting that now. I think you're right, though, that the next evolution of that private cloud would be dynamic provisioning. We're just not there yet. We've got to learn our lessons and get to those enterprise services capabilities and go from there.

InformationWeek: Another big thing for you right now is the program review underway. Where are you are with that?

Spires: When I walked in the door, I had done some homework. I read some IG reports, including from our own IG and from GAO. Some might say that you're seeing a slanted view of DHS from that perspective, and while there's arguably some truth to that, there's usually a lot of truth in these reports. I obviously do my own assessment, but from these reports and from talking with people who have worked for or supported DHS, I got a sense that there were some real issues around how we have run programs.

I was trying to figure out how to get my arms around this. I wanted to identify areas where we can help some of these programs. You can look at reports and dashboards all you want, but there's nothing like having a dialogue with a program manager to really understand what's going on in a program and help identify where the weaknesses are, what they're doing to address them, and whether they're effectively addressing them. It has helped me get up to speed and has added some value to some of these programs. We have made significant changes to some of these programs based on the reviews. It has also given me a chance to assess where we are weak systemically in program management. As of last week, we were at 46 [reviews] out of 79.

As we go through these programs on an individual basis, we're taking action, and we're using it as input as we plan to establish this program management center of excellence. We're using these reviews to look at systemic areas of weakness and where we want to focus first, how we want to roll this out in ways that are going to be beneficial to these programs.

Download the first issue of InformationWeek Government, with our cover story on government transparency. Get it here. (Registration required.)

About the Author

J. Nicholas Hoover

Senior Editor, InformationWeek Government

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights