McCormack, Correa partner to turn DHS IT buying on its head

Read the transcript of Federal News Radio’s Ask the CIO online chat with DHS CIO Luke McCormack and CPO Soraya Correa.

The Homeland Security Department is turning its approach to buying and implementing technology on its head.

DHS says this next generation concept brings together agile development, open source software and other leading edge ideas.

Luke McCormack, the DHS chief information officer, said the focus initially is on business systems to test out these approaches.

DHS has begun five pilots with different components, and then will take those lessons learned and expand them across the rest of the department.

“In order to do that, we need to have ready access to a variety of technologies, cloud technologies, software development technologies, security technologies, and this is where the close partnership with the procurement organization comes into the fold,” McCormack said. “The ability to have real-time access to these emerging technologies is really important to us. The partnership and variety of techniques we are using to do that are really important.”

DHS CIO Luke McCormack.
DHS CIO Luke McCormack.

Over the last six months McCormack and Soraya Correa, the DHS chief procurement officer, have been collaborating on how to get the department moving in that direction.

Correa said her team has to be ready to respond to the requirements, the timing and how best to acquire these things.

One way Correa has been addressing the move into modern techniques is through the Acquisition Innovations in Motion (AIIM) initiative, which is a set of integrated priorities to be more innovative, agile and engaged with industry. DHS kicked off AIIM in early 2015.

Related to AIIM is the DHS Procurement Innovation Lab (PIL), which Correa’s office also runs.

The PIL gives DHS components a virtual safe place to bring ideas on how to streamline and improve the acquisition process. DHS launched the PIL also in 2015.

“We are the leaders of our respective organizations and our teams see us partnering together they start to better understand what we mean,” Correa said of her collaboration and coordination with McCormack. “We have to push it down through our organizations, but we have to be talking to each other constantly. Luke and I are leading several initiatives. We meet on a regular basis with our teams to discuss the acquisitions that we have in process and when we are strategizing what we think we want to buy or conceptually what we are thinking about, we are bringing in CIOs and CAOs to have these conversations.”

Correa and McCormack agreed this change will not happen overnight and that’s why these first five pilots are important.

McCormack said to gain a better understanding in how best to use these modern techniques requires real-world and real time understanding of how they would work.

The five pilots include:

  • U.S. Citizenship and Immigration Service’s verification system
  • The Federal Emergency Management Agency’s flood insurance program
  • FEMA’s grants management program
  • The Immigration and Custom Enforcement’s Student Exchange Visitor Information Systems (SEVIS)
  • The Transportation Security Administration’s Technology Infrastructure Modernization program

“They are in various stages and based on those stages there are various types of procurement activities that need to happen. So through those pilots, we learn how to implement. We learn how to acquire. We learn how to govern. We learn how to deliver,” McCormack said. “And this is all about focusing on the operator and delivering these services to our operating components.”

U.S. CIS, led by its CIO Mark Schwartz, has been ahead of most of the other components in trying out a different approach to system development. Schwartz said recently in an interview with Federal News Radio that he’s breaking the modernization effort into pieces, moving it to the cloud, making updates and then making that service available to the agency. He said eventually, the new pieces of the system become an entire system in their own right.

McCormack said USCIS’s efforts really are considered the alpha stage of where DHS as a whole is heading.

“This is about agile. This is about continuous delivery. This is about modular capability. These are the common best practices that are available, that we’ve all learned and are tried and true in the private sector and have had a lot of success in the public sector, and we are trying to take the best of all that and bring it together,” he said. “We want it to be a common practice, an institutional practice.”

He said there is a lot to think about from testing to security to governance to speed to oversight.

“We want the friction level to be very low for the components and that is where the leadership at the department comes into play on the oversight, on the ability to acquire these goods and services very quickly so they can focus on delivery to mission,” McCormack said.

DHS chief procurement officer Soraya Correa.
DHS chief procurement officer Soraya Correa.

Correa said to reduce that friction from the beginning of the process her staff, McCormack’s staff and the component’s technology, acquisition and mission staffs get together to “white board” what the component is trying to buy and how industry sells that product or service—basically starting with the end first and working backwards.

“When we talk about agile development, there are multiple ways that we can structure the contract and how we design that structure will be largely driven by the project itself, how that project wants to work, how they want to place their orders and how they want to deliver the ultimate product or service,” she said. “When we talk about building the procurement, instead of focusing on how we structure the contract to make the buy, we go into the next step which is how are you going to use the contract once it’s awarded? That is essential. If I understand the who, what, where, why and how you are going to want to order, then I can structure the contract right in the first place.”

Correa said then it’s a matter of laying out their vision and concept to industry to get feedback. By the time DHS goes out with a solicitation, it understands the best way to make the program work.

McCormack said real-time access, good competition, the ability to consume the technology by the drink or by the slice, and the ability to update technology when necessary are the hallmarks of the approach.

Beyond moving to an agile or iterative approach to projects, McCormack said he’s also focused on cybersecurity, including implementing the continuous diagnostics and mitigation (CDM) program.

He said DHS is piloting the first piece of CDM in the National Capital area.

“We will get through that sometime in early May and focus is to have that fully implemented across the department by the end of this fiscal year,” McCormack said. “It’s going very well, and as we learn and experience different things we give that feedback early to National Protection and Programs Directorate (NPPD) so they can use that and roll into the other agencies that are rolling that out.”

McCormack said DHS also recently restructured its data center contracts to buy the services based on usage or consumption.

“That’s the first step into this open source, open market capability where we will use our private cloud services when that makes sense and we will also get access to the public cloud services using FedRAMP, and we will have a hybrid configuration. We are trying to lay a framework down so when it makes sense to use our private cloud services they are available, economically viable and you have ready access to it. You also have same sort of capability in the public cloud when it makes sense to hybrid into that public cloud service that will be available.”