Stephen Rice, the chief information officer for the Transportation Security Administration has a saying: TSA data, anytime, anywhere. It encapsulates what he hopes to achieve at the agency via a mobile and cloud strategy, but admittedly minimizes the complexity of the endeavor. Contributing Editor Steve Watkins spoke with Rice about the challenges and opportunities that come with transforming the TSA's IT enterprise.
Can you explain what the mobile strategy at TSA?
We operate over 440 airports today. We are a global enterprise. The challenges that creates is how do we get the right information into the right decision maker's hands when they need it. It is forcing us to look at our business a little bit differently. Traditionally, government information is provided on a government issued device, but it [is] also used on a desktop or a laptop. We are trying to expand that to a mobile. Then how do they have a say in what that mobile application might require so they get the proper information. The challenges that is putting on us as an IT organization is understanding the infrastructure, understanding our customer needs, and then also understanding the value of the different data sets that we have available to us so we can comingle that information to make a more informed decision.
Where do you stand in terms of the implementation?
The largest challenge is really stabilizing what our mobile strategy will look like. We have taken some budget reductions over the last several years that are forcing us to look at our enterprise a little bit differently. We are shutting off any systems that are duplicative. Two, [we want to] ensure that we have a consistent user experience across the enterprise. We focused on Apple iOS that is easy to support. We understand the direction of mobile within the Apple ecosystem. Three, do we want to have a single [mobile device management solution], or multiple MDMs? Do we want to tie into the department MDMs? In our case, we standardized on Good Technologies. Good Technologies has been present in TSA for several years. We had a knowledge base.
You have said that TSA is currently working on a cloud strategy. What are the key questions that still have to be resolved?
Our current operating model is that we own the infrastructure. We outsource the operation of that service through integrated contracts. We are not in a position [to] sustain that operation in the future. We are not in a position where when these systems become end of life from a hardware perspective that we are going to have the money to recapitalize. The challenge [we're] presenting to the IT communities is, if I shut these platforms off, how are you going to operate those applications as well, if not better, in a cloud infrastructure? It is really forcing people to look at the problem a little bit differently. And what are the capabilities the cloud will provide us that we had not anticipated? Does it allow us to develop additional development environments, test environments, additional production environments that we do not enjoy today, [while] staying within our current cost constraints?
The IT office at TSA has suffered $65 million in budget cuts in the last three years. Obviously, that implies the need for some new approaches.
The constraints that we have with the budget reduction are forcing us to look at our business differently. We are not going to be turning off services that we are presenting to our customers and are being enjoyed today. If they were not necessary, we would not be delivering them in the first place. Where you would take those cuts is really from recapitalization. It is delaying the inevitable. We could have complained about the budget reductions or we can come up with new solutions. If we know that the applications are being delivered today are potentially able to be delivered in a less costly manner, how can we get into contract vehicles that allows us to operate in that environment rapidly. We have an expiring management service contract with CSC. The contract expires in June 2017. There is a risk associated with that, but the risk is something that we are embracing. It is forcing us to make some very hard decisions. If we know the contract expires June 2017, we can tell our team we are going to turn those platforms off. In our next set of requirements, we are going to the cloud. Now you have 24 months in this case to operate those applications differently as well, if not better, than how you operate them today.
Everyone is mindful of the recent OPM hacks. What lessons did you take away from that experience?
[The OPM hack was] a forcing factor for TSA – forcing an open dialogue with the system owners, with the chief information security officer, with the program owners as to the value of the information, the loss of credibility to an organization if that information is compromised or exfiltrated. We had this opening up of dialogue that is changing culturally the appreciation to the value of the information that we have. It is really increasing the visibility of security operations, certification accreditation of your platforms, the necessary tools for scanning, the necessary tools for visibility, the risk.
Can you discuss the status of TSA's data center consolidation effort?
TSA presently has seven data center migrations going on simultaneously. TSA is [also] moving headquarter facilities by March 2018. We have TSA IT operations throughout the metropolitan Washington area where we are going to sunset some leases. We have to move those IT systems in preparation. We are also looking to migrate out financial system ourselves…moving to the Department of Interior's integrated financial system in Denver, Colorado. In addition, our human capital contracts with Lockheed Martin are expiring at the end of calendar year 2016. We are in the process of migrating those data system platforms into the DHS data centers.
The challenge that presents is how do you keep abreast of seven data center migrations simultaneously? In my experience, data center schedules move left and right. If I have a day to day or week, I know what is going to get done. [But] when you move a financial system, it is a year for year split. We never want to get ourselves into situation where we are doing dual entry of our financial accounting. In our case, we are focusing primarily to make sure that that data center migration is seamless. Finally, I have some very hard dates with headquarter migrations that I am going to have to meet. TSA is great at hitting dates. It is part of the culture since we set the organization up. I have tremendous confidence…it will be seamless to the user. They will not even know that they moved.