Beth Cappello, acting CIO at the Department of the Homeland Security (DHS), explained agency IT progress on a range of fronts on Feb. 10 at a virtual conference organized by FCW, including ongoing modernization efforts, implementing “SecDevOps,” and enabling implementation of zero trust security concepts.
Reviewing the IT landscape at DHS over the past year, Cappello said the agency was able to both pivot to a pandemic footing at headquarters and across its far-flung component organizations, and continue to pursue IT modernization goals along the way. Modernizing the portfolio while supporting employees during the pandemic has been “incredibly important,” she said.
“At DHS, we have to make sure that our mission capability is available” to every part of the agency, and she said the key to that is generating continual IT improvements.
Broader themes in the IT modernization efforts focus on “improvements to the foundations” to support data analytics and cybersecurity, among others, and migrating systems to take advantage of cloud services, which she called a “key part of our modernization strategy.”
Cappello also talked about DHS’ take on DevSecOps as it pursues IT modernization – labelled SecDevOps, she said, “because at DHS security is first and foremost.”
Facets of that campaign – which Cappello said is not just a technical effort but also one to change agency culture – include developing forward-looking target architectures for agency headquarters and components, and breaking enterprise architecture into segments that create “a common baseline” for the CIO’s office “to evaluate for common IT needs.”
She emphasized that DHS is a very large organization with disparate mission sets. As a result, “what we want to ensure is that when an improvement is made anywhere in the department, we can quickly roll those improvements out to the components,” she said.
One result of the overall effort that has paid dividends, she said, is that DHS components have been able to customize the zero trust reference architecture and deploy the security concept. Zero trust, she said, “continues to be a key OCIO investment” to create environments that provide the greatest amount of enterprise security.
Cappello said the CIO office is providing architecture to support zero trust implementation, along with policy template and guidance, and seven separate use cases. “We want this to be as tailorable and reusable across the enterprise as possible,” she said.
One factor helping the effort is the work of a Zero Trust Action Group made up of subject-matter experts at DHS and from the private sector, who meet to share knowledge and practices across the agency.
Cappello also said DHS expects to name a chief data officer (CDO) “in the very near future.” Goals of the CDO office include taking a mission-first approach, understanding data flows among the agency and its missions, scaling and automating data management, fostering department-wide collaboration, and doing all of that in a trusted and secure environment.
“We fully expect that once we have a permanent CDO in place, we will be able to deliver on these,” she said.