For the Transportation Security Administration, the 30-day cyber sprint was an awakening.
The governmentwide effort didn’t just refocus TSA on securing its data and networks, but gave the agency an opportunity to make up for budget shortfalls.
Stephen Rice, the TSA chief information officer, said the sprint helped the entire agency, not just his office, look at risk differently and long term.
Congress reduced TSA’s IT budget by about $65 million over the last three years. Rice said that forced him to cut around the edges and delay things such as certain IT refresh cycles and other upgrades.
“As we started looking at delays in recapitalization and what that meant from a cybersecurity perspective, and where there portions of the infrastructure that were no longer going to be supported by the manufacturer, that would no long allow us to patch or no longer be supported, and what was the risk perspective that would create for the organization?” he said. “We were very successful in working with the CFO and the department CFO in being able to do some reprogramming activities here at TSA that allowed us to acquire enough funding to really kickoff five new projects that were just awarded at the end of fiscal year 2015 and that will start executing on Jan. 1.”
Rice said TSA found about $62 million for a one-time infusion of funding to address many of those cyber and IT areas that had been neglected over the last few years.
The funding went for five projects:
Replacing TSA’s entire switching fabric, which is part of the communications and Internet backbone. Rice said the goal is to complete this upgrade by the end of 2016.
Updating TSA’s router infrastructure. The goal is to get it done by June 2016.
Buying new or updated land mobile radio equipment. Rice said TSA had an aging infrastructure for land mobile radio handsets and repeaters. He said the goal is to be done by the end of calendar year 2016.
Modernizing TSA’s desktops and laptops. Currently, he said TSA is running Windows 7 and he wants to run the latest version of the Microsoft operating system, Windows 10, to help improve cybersecurity at the desktop. Rice said he also wants to bring in tablet computers to replace some of laptops and desktops. He said that upgrade will start in January and should be done within a year.
Upgrade network printers across Washington, D.C. area. He said the goal is to have that done by the summer of 2016. “That opens up another line of business as well to look at what are your printing costs associated with each office, each user and are there methodologies to drive that cost down across that organization just to define efficiencies in the long term in that area as well. So it’s forcing us to look at an efficiency as well as a recapitalization simultaneously in that line of business,” Rice said.
Rice said TSA found the savings through unspent money in programs and contracts that came in under budget.
“That did not come with a tail. What that allows me to do is a one-time recapitalization expenditure to modernize but a lot of things have to align up again to fix that problem in the future,” he said. “The theme that we will be talking about with staff internal to the organization is that this is a very large environment. We own a very large amount of equipment, and that equipment gets old, you have to recapitalize and the money will not be there in the future. We were very successful this year and we will not be successful every year in that methodology.”
For this reason, Rice said TSA is migrating and consolidating seven data centers and moving to the cloud. He said half of the migrations should be completed by Dec. 31. Six of the seven data centers are going to the Homeland Security Department-run data center. The seventh is TSA’s financial management system that is moving to the Interior Business Center.
Starting in 2014, TSA began moving data centers, rebaselining versions of applications to ensure they are up-to-date.
“What that has allowed us to do is look at the cloud as an enabler. For us, it was first and foremost building a cloud strategy. What would the cloud mean for TSA? How could we leverage the cloud? And what would be an implementation strategy around that capability?” Rice said.
Rice said in addition to the need to modernize, TSA mission customers are asking for more technology capabilities to blend disparate data and access information in new ways.
A big driver of all of these efforts is the expiration of TSA’s managed service contract in June 2017.
Rice said TSA is looking at several factors as it develops the acquisition strategy for the follow-on contract.
“We are looking at what does the business look like from a cost perspective, from a requirements perspective from our customers as well as what is the art of the possible in being able to blend some of our data together,” he said. “We a large Microsoft environment and we have a large Oracle environment. We are looking to be able to shut those environments down so they are no longer owned and operated by the government, but we still have to make sure those applications are existing either operating in a format that is more effective than they are today or in an environment where they are able to be more efficient in the future. We’ve challenged our engineering team and our application development team to tell us how they will do it, start sequencing their applications and where will you go.”
Rice said the end goal is to have applications that can meet TSA’s needs no matter where they live—government cloud, commercial cloud or hybrid cloud.