Clock is running for DHS CIO

Richard Mangogna, the Homeland Security Department’s new chief information officer, has not hung many pictures on the walls of his office. Instead, large charts representing information flows and DHS’ network consolidation project dominate the room.The décor could be a functional choice or recognition of the short time that Mangogna, who took the helm as information technology chief in April, has to accomplish his goals. Or maybe it’s indicative of the professional focus that brought him success in the private sector. Mangogna came out of retirement to lead DHS’ IT team as the department braces for its first presidential administration transition. As CIO, he oversees $5.4 billion in IT programs.He’s no stranger to big projects and large responsibilities, having previously served as executive vice president and CIO at JPMorgan Chase, where he managed thousands of people at offices worldwide.  He knows DHS, too. He was a consultant for two of the department’s components — Immigration and Customs Enforcement and Citizenship and Immigration Services.DHS has more than 200,000 employees working at multiple agencies that use technology for a wide range of missions — securing the country’s borders, monitoring hurricanes and intercepting drug traffickers on the high seas, to name a few — which presents a unique set of challenges for the CIO.We recently sat down with Mangogna to talk about his goals and expectations for the coming months. It’s much more than I thought it would be from the standpoint of being involved in things that I didn’t think were in the scope of a normal CIO’s responsibility. I’m getting involved in anything that touches the network, which is appropriate, but we don’t see that much, certainly in the private sector.What has surprised me the most is the high quality of people I have working for me. What I got is a bunch of really bright people from good backgrounds and schools and experiences. I’m going to do my best when I get back into the private sector to help them and to bring more support to them.I wouldn’t have taken this job if [DHS Secretary Michael Chertoff] wasn’t realistic in terms of what could be accomplished in the time frame. What he’s asked me to do — and what I am doing — is looking at three high-priority projects: OneNet, the consolidation of the computer centers and cybersecurity.I’m really focusing on those and then making sure that we tie everything up so that a new administration can come in and their transition team can understand where we are in all our programs.I’d hate to see any new team come in here and have to start from scratch because a lot of work is being done, and to start from scratch is a waste of time, money and effort.It’s not as big of a challenge as I thought it was going to be. None of the [DHS component agency] CIOs push back on anything because [DHS headquarters] is not trying to push down their mission. What we are trying to push down is process, procedures, methodologies, architecture and security that can be implemented throughout the government regardless of what their mission is — without hurting their mission.[It’s] going to take some convincing because they’re used to focusing on operating their own i nfrastructure, [but] we can do it, and we’re setting up the vision to make that happen. We are going to start taking on more and more responsibilities for the infrastructure and put the proper emphasis on our components to deal with the applications development.I haven’t made any big changes. What I’ve done is reinforce the direction, reinforce cybersecurity as a high priority. I’m reinforcing the idea of having fewer data centers — not just to save money, [but] the fewer data centers we have, the better cybersecurity automatically gets, and it allows us to do information sharing better. The one thing I’ve done differently is make sure that data architecture is high on the list of things that we need to do. Data architecture is the way I got the banks to operate. It’s an overarching philosophy that we get to in terms of anything we do. We have a standard called the National Information Exchange Model that was developed by the Justice Department. We are taking it on, most of the government is using it, a lot of the private sector is using it. We are going to become the stewards for it in the government. Plus, I think [DHS’] role in the government for information sharing is so apparent. It’s directed not only by Congress and the president, but it’s so apparent in terms of what we need to do to protect the homeland. Architecture has to be there because we can’t get it any other way.I get my authority based on my understanding of what needs to get done and the values I get from the secretary, deputy secretary and the undersecretary for management. I don’t need any more direction than that, and I don’t think you have to manage this job by mandatory documents going down to all the CIOs and telling them to do this and that.Government 2.0, Web 2.0, I think, is one of the most important innovations to ever happen to us. We have to find a way to use that because collaboration is the way we should operate and we can operate. We have some privacy and security things to deal with, but it should be looked at as a new technology that we need to get to, and we are going to work toward that.We have sites that we filter out because of the evidence we have of malicious software, and there’s significant evidence in particular with one or two of those sites that almost 90 percent of the items in them have malicious software embedded.So we are doing it for security reasons, not because we don’t think social networks have a place in the world for collaboration. I think we are probably 100 percent through the analysis phase and in the execution phase of reducing portals.Obviously, there is a need for a number of our functions to have [portals], but not [for] duplicate functions. We like to have one message getting sent out, not the same message in 40 different ways.We’re getting valuable information from [the] Einstein [network intrusion-detection system] that we are [using]. We’re going with Einstein 2 very shortly, which is an increase in capability. [With the new version, we will be] able to see for the first time not only that somebody got in [to a network], but where they went, what they looked at and what they took out. Those are the kinds of things we never had the capability to do before.You can monitor when somebody comes through your front door and when somebody is leaving. It’s hard to monitor what goes on, and now we able to understand what’s going on. That’s why we are pushing Einstein 2, that’s why we’re pushing future Einstein releases as well as asking the private sector [for help].That’s in concert with some of our other activities, like reducing the number of interfaces with the Internet. Obviously, we’d like to keep that going fast so we don’t have to put a lot of money into Einstein sensors because the fewer places we have to protect the less expensive it’s going to be.The amount of data you get out of these kinds of things is incredible. It’s like drinking from the fire hose. Therefore, to analyze that data, you have to have these forensic folks around.[It’s] a tremendous opportunity to reduce cost by magnitudes. No. 2, it brings the same technologies to all of our switches and routers, as opposed to what we have now. Right now, everybody known to man that makes a switch or a router, we have it in our network. It means we have a problem, a vulnerability, we have to go to 15 different manufacturers and figure out how to fix that vulnerability in their switch or carriers.The big picture is a less complex environment. The less complexity we have, the better off we are. [It’s] a more efficient environment for the same kind of reason because the size of these databases we are dealing with is tremendous, and our need to have instantaneous response is growing. At the borders, at the airports, you need to have accurate information quickly. Our information flows from central computers all over the place. Unless those networks have big enough pipes and are redundant, you’re going to have a problem, and they all weren’t redundant and the pipes weren’t big enough. So OneNet brings all that into one place. We are going to have managed networks that cost less, that give us the capacity and capability, with the reliability [we need].The complexity of our environment and cybersecurity. Everybody is aware of it, but they have such tremendous mission challenges that sometimes it gets lost. So I go not as a salesperson but as a person to let them know how important it is to support their local CIOs. When something’s going on and they’re asking for money, and you have a choice between cybersecurity or another 10 miles of fence, please take this into consideration.