The Department of Homeland Security, not yet two years old, has reached a crossroads, as Secretary Tom Ridge departs by month's end. Ridge's exit will ripple throughout the 180,000-employee Cabinet department, and raises questions about who will lead its technology strategy.
One uncertainty is whether Steve Cooper will remain CIO of the department, which operates under a decentralized IT structure that recently came under fire by the department's former inspector general. Cooper came to Washington in March 2002 as homeland-security IT adviser to President Bush, before he was named the department's first CIO. At the time, Cooper said he'd remain on the job at least through the presidential election, or as long as Ridge headed the department.
Cooper would like to meet with the new Homeland Security secretary when that person is nominated, he says in an exclusive interview with InformationWeek. However, Cooper adds that he hasn't decided if he wants to stay in the position, and notes that the new secretary may have someone else in mind for the job. Cooper is responsible for developing and implementing an IT infrastructure that merges 22 agencies, while helping build IT systems to protect the country.
"Do I have the same level of passion as I did on day one? Absolutely," he says. "My energy level is a little lower. I would love to figure out how to recharge my batteries."
While Cooper puts in 14 to 16 hours a day to keep up with a daunting number of tasks, a report issued last month by then-Inspector General Clark Kent Ervin concludes that Homeland's failure to give Cooper centralized IT control has hindered some programs. "The CIO is not a member of the senior management team with authority to strategically manage departmentwide technology assets and programs," wrote Ervin, who wasn't renominated for his job after his term expired last month. Unit CIOs directly report to their divisional chiefs, not Cooper, Ervin added, "which hinders departmentwide support for his central IT direction."
Cooper reports to the undersecretary for management, Janet Hale, three rungs below the secretary. Of the more than 5,000 IT professionals working at Homeland Security, only about 50 report directly to Cooper; the remainder work for individual units.
In his report, Ervin also said the department's decentralized IT structure led to its failure to receive passing grades for IT security from the White House Office of Management and Budget. Ervin praised Cooper and chief information security officer Bob West for developing a well-thought-out cybersecurity policy but contended that the CIO's lack of authority over information security managers was a significant reason Homeland's IT security isn't in compliance with federal rules.
Even if he had direct charge over unit CIOs and their information security managers, Cooper doubts that cybersecurity compliance would have been addressed any faster. Security competes with other IT demands for limited money and resources. "Sometimes information security gets bumped down in the queue," Cooper says.
The department, however, is close to winning its passing grade for IT security, Cooper says. A year ago, about a third of the department's systems received IT security accreditation; today nearly eight in 10 have it.
Cooper agrees that the Homeland CIO job should be elevated. Yet he contends he has significant influence as a member of the department's Investment Review Board, which determines how Homeland Security spends its money. And, in October, Ridge issued a directive that orders greater cooperation among officials within each of five vital management areas, including IT. Cooper sees that directive as giving him greater control over IT decision making.