Editor: Tom Temin
How do you get your arms around 79 IT projects, each of which is large enough to have its own Exhibit 300 justification?
For Richard Spires, the new CIO at the Homeland Security Department, you do it one project at a time. It matters, because DHS has something of a reputation for problematic IT deployment. "I am personally conducting reviews of all 79 programs," Spires said. The programs range from departmentwide, like consolidating the DHS infrastructure, to mission-specific, like the Secure Border Initiative tech-fence along the U.S. and Mexico border.
"Delivery has not been stellar," Spires said, referring to a string of Government Accountability Office reports. "So my top priority is to access and help where we can, and to understand when we have systemic weaknesses." That is, problems with execution that are common to several projects and that stem from project management deficiencies evident in more than one component of the department.
The departmental CIO, as a position, often has the disadvantage of having too little authority over budgets and activities of agencies and bureaus to be effective. But Spires says the setup at DHS gives him sufficient leverage over the big projects.
"To make [the reviews] operational, we have an acquisition review process to approve anything over $2.5 million," he said. Plus, a council of all the CIOs in the department is chaired by Spires. He described the council as a "well functioning, collaborative body" that is working to sort out which IT projects can remain strictly under the purview of the component agencies and which, regardless of where they originate, affect the department and therefore should be subject to the CIO office's scrutiny.
The major project reviews culimate in formal, two-hour meetings. These occur after Spires and his staff haved looked over the paperwork and reviewed earlier program reviews. The program managers prepare presentations, giving the background, status, risks and mitigation strategies. Integral as they are to the IT projects, contractors are not part of Spires' reviews, his rationale being that government staff can be more forthright and candid without the presence of contractor employees.
"I'm not out to kill progams, but to give them the best chance for success," Spires said. He said he hopes the patterns emerging from the reviews will help his office develop an internal center of excellence for project management by creating tools and guidance for dealing with the common problems.
Spires is no stranger to big systems and the challenges they entail. He was a long-time employee of SRA International, the systems integrator, rising to senior vice president for its commercial sector. And he worked a stint at the IRS as, successively, Deputy Commissioner for Operations Support, Associate Chief Information Officer for Business Systems Modernization, and Chief Information Officer.
Did anything surprise him upon entering DHS?
"I won't say 'surprised,'" Spires said. "When working at the IRS, I was surprised. But not this time." Pretty much throughout the 1990s, the IRS was enmeshed in struggles to get its epic modernization effort off the ground as the agency, at the behest of Congress, sought to reorganize the agency along the lines of the classes of taxpayers.
"IRS was a much more centralized model. Here, we're trying to figure out how to work effectively in a federated model," Spires said.
Besides reviewing the projects, Spires has other priorities. One is standing up two matching, physically separated data centers and migrating the department to a single network infrastructure served by the centers. He said the department is still operating 19 legacy data centers that are slated for eventual shuttering, their applications moved into the two centers. The two, Spires said, could be considered Homeland Secuity's own cloud computing facility.
"This is a top priority from a cost and security standpoint," he said. The timeline for the consolidation, though, "is not all in our hands," he added. For fiscal 2010, Spires got $150 million to help accelerate the migration, but that's not enough to get it all done in a year. So far five have closed, and Spires said the department has developed a methodology for migrating applications and closing data centers in a predictable manner. "There is an approach, it is working," he said. But now the money becomes the limiting factor.
Other priorities include beefing up DHS's cyber security capabilities, giving more resources to the security operation centers and implementing better intrusion detection capabilities. And, Spires wants to correct what he termed "an imalance between federal employees and contrators" working on DHS mission applications.
Not that the job can be done without contractors, "but I don't think we have the right balance." So he is planning to hire 200 CIO office employees over the next two years to provide better IT oversight.