Brian McGrath, the chief information officer of the Office of Justice Programs, said his agency cracked the cloud-cyber code in part by partnering with the department at-large.
“We’ve actually placed our websites that sit in the Amazon GovCloud behind the TIC so all the traffic traverses through the TIC services that are provided by the Department of Justice,” McGrath said during his interview on Ask the CIO. “Nothing is ever perfect, but I believe we’ve made some really great steps forward so we benefit from a multi-depth approach. We have the benefits of EINSTEIN that the Homeland Security Department is providing, the benefits from the department, the benefits of the security applications we have put in place as well as Amazon security.”
Agencies have struggled to bring together the TIC initiative, which is to protect internet gateways from letting in malicious traffic, with cloud computing services. In fact, the Office of Management and Budget removed TIC compliance as one of the cross-agency priority goals for cybersecurity in 2015, saying progress now is captured during the annual Federal Information Security Management Act reporting process. In the last data on Performance.gov from 2014, agencies reported 92-93 percent compliance with TIC and TIC 2.0. But integrating the TIC with cloud services hasn’t been as easy as many hoped.
But McGrath, who joined OJP in July 2015, said DoJ, the FBI and others came up with a technical approach that didn’t impact throughput or latency.
“We’ve learned some great lessons from our counterparts at the Executive Office for U.S. Attorneys, Bureau of Alcohol, Tobacco, Firearms and Explosives, Bureau of Prisons. We’ve all gotten together and had some technical exchange meetings where we’ve shared what we are doing and some challenges, and that was extremely helpful for us to refine our processes as well,” McGrath said. “Ultimately, what we are looking for is the department to provide that extensible layer from our internal network out to the cloud, through the TIC. We’ve certainly shared with [DoJ CIO] Joe [Klimavicz] what we’ve done so far.”
The TIC and cloud integration is becoming more important for OJP as it’s putting more and more public websites and information in the cloud. McGrath said the bureau currently has about 45 public websites in the cloud and more on the way. OJP also recently awarded a contract to buy infrastructure-as-a-service from both Amazon and Microsoft.
“We’ve established a common framework for how we can provision that infrastructure,” he said. “Rather than having to go through the normal procurement process which takes time and requires an outlay of capital, we can buy by the drink what we need from an infrastructure perspective. If we want to test a particular software or if we are building out a system, we have smart engineers who can just log on to the console and 30 minutes later the infrastructure is provisioned and we are ready to go.”
McGrath said OJP is collaborating with Justice headquarters on several cloud-based shared services, including a new grants management system and moving email and collaboration services to the cloud.
He said the new grants system will rely on common IT capabilities by taking advantage of existing, but enhanced, technologies to meet business operations.
“We will be looking at delivering an integrated program plan, which is the forecast of grant activities for the coming year in such a year that jurisdictions and organizations can do a unified search and see all the grant opportunities across the three agencies,” McGrath said. “Then, we are doing some integration reporting and data mining activities that will support all three organizations.”
McGrath said in the future he would like to look at moving the grants management system to a platform-as-a-service set up.
He said DoJ will not build systems from the ground up so they want to minimize the need to do custom development.
Along with the cloud, OJP plans to continue its expansion of mobility services.
McGrath said the bureau needs to do a better job supporting its highly mobile workforce. Along with a virtual desktop interface (VDI) to ease remote access, OJP is expanding to ensure employees can access their desktop from anywhere, at any time.
“Part of our long term strategy is we will move to a total VDI environment where we will deploy desktop services both internally and externally via VDI,” he said. “We have an 18-month plan in place where we are going to begin a series of upgrades to the infrastructure to support the increased demand as well as optimize the environment so our customers will have a common experience whether they are at home, on their personally owned equipment or whether they are sitting in the office. We think this will have a profound impact on the way people do business.”