TSA isn’t sweating the new Windows 10 mandate from DHS


The Homeland Security Department’s chief information officer is mandating every component move to Microsoft’s Windows 10 in 2018.

That shouldn’t be a problem for the Transportation Security Administration. And in fact, TSA is using the move to Windows 10 to further shore up its cybersecurity defenses.

Russell Roberts, the TSA chief information officer, said many of his priorities connect back to that Windows 10 requirement.

“From a security perspective it gives us a lot of the opportunities to give us some of the hunt tools that we need to have out there for Windows 10,” Roberts said on Ask the CIO. “It should be a significant enhancement for the security. We are addressing the multiple tools to detect, monitor and respond and that all ties into Windows 10. That will help us with the new computers and all the end points out there.”

Advertisement
Russell Roberts is the TSA chief information officer.

He said he expects to finish the transition by the end of 2018, and had started before DHS CIO Dr. John Zangardi’s memo. Zangardi came to DHS in October after spending most of his career at the Defense Department. While at DoD, Zangardi played a big role in writing and overseeing the policy to move DoD to Windows 10.

So it came as no surprise that Zangardi decided to get DHS moving in the same direction.

A DHS spokeswoman declined to share a copy of the Windows 10 policy.

The move to Windows 10 coincides with TSA’s laptop and desktop refresh that it completed in the last few months.

Roberts, who came to TSA in 2004 and has been the permanent CIO since January 2018, said the agency is changing some of the images on the machines to make sure it meets their cybersecurity requirements, but overall the move to Windows 10 is not a heavy lift.

“For us, this is mainly blocking and tackling. We aren’t having any major problems with that shift ourselves,” he said.

Roberts said the laptop and desktop refresh helped move some of the TSA offices off of older hardware, which increased the agency’s cyber risk.

“We looked at thin clients for this time, but weren’t quite ready to go that route. I think that’s something when we get ready to do our refresh in 3-4-5 years that is something that is holding a lot of promise for us,” he said. “At the time the decision was made, we wanted to keep the same form factor for that so we went with the laptops and desktops that we originally had.”

Over the last few years, TSA has upgraded and consolidated much of its IT infrastructure.

Roberts said TSA closed and consolidated six data centers, replaced its routers and upgraded its land-mobile radios.

All of these changes are helping with two main goals for Roberts: ensuring the TSA IT infrastructure remains stable and without outages at the 450 airports and 50 internal locations, and opening the pathway toward the cloud.

Roberts said he knows that moving to the cloud will be critical to deal with expected budget reductions.

“Our current efforts include moving to several clouds. I will not be in every cloud at the end of the day, we have to limit them but we will be in a number of clouds,” he said. “Our initiative to start refactoring mission applications is underway. I look at the roughly 100 main mission apps that we have, and some of them are large, old and clunky and they may be more of a platform-as-a-service. My goal is to be software-as-a-service in the future and allow the customers to have a catalog to go out and purchase the things they need that have been secured and in the right cloud.”

The first step is to figure out which mission apps, like air marshal scheduling, makes sense to refactor for the cloud and which ones need to be rebuilt in the cloud under a SaaS tool.

“My philosophy is to move the easy ones and move those into a SaaS tool,” he said. “Then we could build some new ones that would allow us to shut down six or seven others. That is a little more challenging than it would seem on the surface.”

Additionally, TSA is looking at moving to Microsoft Office 365, taking advantage of disaster recovery and records management all in the cloud.

“My main drive is to get performance and improvement to my customers quicker and SaaS is a beautiful model for that. A lot of the stuff we do isn’t so unique that we can’t use open source and leverage what others are doing throughout the department,” he said. “The task that I’m right in the middle of now is to figure out of all those mission apps which ones make sense to work now and are easiest to move.”

One way Roberts is prioritizing the mission apps is through the new office of requirements capabilities and analysis.

“I want to get development and test into the cloud and offer that right away so we can start to leverage and offer those catalogs,” he said.