CIO: Proactive approach to risk is essential

Dale Meyerrose of the Office of the Director of National Intelligence said the law that created his office was intended to disrupt the status quo.

Related Links

“Intercepts”

Dale Meyerrose sees his role and office as cage-rattlers for the federal information technology community.

“The law that created our office was intended to disrupt the status quo,” said Meyerrose, associate director of national intelligence and chief information officer at the Office of the Director of National Intelligence (ODNI). The goal is to improve the best intelligence system in the world, he said.

Meyerrose spoke today at a meeting sponsored by FedSources and FCW Media Group.

Meyerrose is the first person to hold his position, which was created in December 2005 through the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004.

He said he got his job in ways that bypassed two principal reasons for CIO failure: a lack of authority and an inability to align CIO activities with the organization’s business mission. Meyerrose was a political appointee, and the IRTPA spelled out specific responsibilities for him.

“This is an elevation and [it] put a spotlight on an area that needs a lot of work,” he said.

A proactive approach to risk management is essential to serve people who need intelligence and to protect the information itself, Meyerrose said.

“By the time something is patently obvious, it’s too late,” Meyerrose said. “By then, the situation is out of hand. By then, an adversary has the means to exploit you. By then, you don’t support someone.”

To avoid IT procurement failures, federal agencies must recognize that most IT acquisitions are procurements made by thousands of different people across an enterprise, Meyerrose said.

“We have to think big, start small, fast,” he said. Product cycles should be spirals that take 16 weeks at most, not months or years, he said. In each spiral, the CIO should see what works and what doesn’t.

Federal agencies that strive to improve information sharing must balance both privacy and security, Meyerrose said. “You can’t have information sharing without the others, and if you don’t have the others, there’s no point in information sharing,” he said.

As they advance information-sharing initiatives, federal agencies should move away from standardizing on some products or making too many standards, Meyerrose said. Instead, they should focus on creating simpler, universal standards, he said.

“We play the world’s greatest music on four strings of a violin, 88 keys on a piano,” he said.