CIS rejecting outdated IT modernization playbook

Mark Schwartz, Chief Information Officer, Citizenship and Immigration Services

Bringing an agency’s legacy system into the 21st century is difficult enough, but using 20th century hardware and procedures to do it is an exercise in futility. That’s why Mark Schwartz, chief information officer of Citizenship and Immigration Services (CIS) in the Homeland Security Department, is focusing on modernizing not just the system, but the process itself.

His first goal is to consolidate all his data into a single system. That’s going to be difficult not only because CIS uses roughly a dozen different systems, but also because CIS still uses quite a bit of paper.

“I don’t know where this factoid comes from, but I was told that if you stack up all of the paper that we receive each day, the height of it would be 1.8 times the height of the Statue of Liberty,” Schwartz told Tom Temin on the Federal Drive during enterprise IT theme month program. “We, as an agency, are really good at managing paper… but of course, now is the time to think electronic.”

CIS is developing a single system to consolidate all its data. It’s called ELIS, an intentional reference to Ellis Island, the symbolic center of U.S. immigration. The acronym stands for “Electronic Immigration System.”  Schwartz said building the ELIS system was the only practical way to consolidate the data.

Advertisement

“Modernization projects are tricky, and it’s easy to go wrong on them,” Schwartz said. “It’s easy to turn them into high-risk efforts. And the way that we often do that in the IT world and the government world is that we think of modernization as ‘taking an old system and replacing it with a new system.’ The problem with that is that you can’t release the new system until you’ve matched the capabilities of the old system.”

Schwartz said that by the time this happens, usually three-to-four years in the government, the hardware already is outdated. He said there are two solutions to this problem: first, eliminate the hardware from the equation; second, update the system in small pieces, and make each iteration available immediately. An organization can implement both of these solutions going to the cloud.

By utilizing the cloud instead of hardware servers, software developers can build the infrastructure for the system on the fly, and agencies can skip the long process of hardware acquisition.

To update the system in pieces, Schwartz is using the strangler pattern of system updates. It’s a new way of updating legacy systems based on a very old philosophical thought experiment.

“There’s the old ‘ship of Theseus’ paradox from ancient Greece,” Schwartz said. “It’s the question of ‘is something the same if you change every piece of it over the course of time?’ And that’s exactly what I’m suggesting here.”

Instead of rebuilding the entire system from the ground up, he breaks off a piece at a time, moves it to the cloud, updates it, and makes it available. Eventually, the new pieces of the system become an entire system in their own right.

It also allows for a much quicker turnaround time when getting user feedback and fixing errors.

“We have everyday users giving feedback on the product as we go,” Schwartz said. “It saves a lot of money. It’s a known piece of economics of software development: if there’s a problem with your software, and you don’t catch it until late in the process, it’s much more expensive to fix it than if you catch it quickly in the process. So we always have short feedback loops.”

This, by necessity, changes the pattern of cybersecurity updates as well. Instead of going through a long cybersecurity testing process after finishing each feature, Schwartz said CIS builds in the security from the beginning. Then, they continually test the program in order to ensure it remains secure.

“We regression test it every day,” Schwartz said. “We’re starting with a hardened system, a secure system, and then constantly testing it to make sure it’s still hardened, still secure. That way we know when we deploy something new to production, it’s going to be safe. We can always rely on it.”

Moving forward, Schwartz said his next project is to explore shared services and open source code.

“One area I’m really interested in now, and we’re starting to do a little bit of experimenting around it, is the idea of sharing, reusing code across different government agencies,” he said. “Traditionally, projects are done in silos, and they don’t necessarily talk to each other or share code.”

CIS has begun experimenting on a small scale by creating a platform for developers to share their code and build on each other’s work. Eventually, Schwartz said he wants to expand this platform to all of DHS, and possibly the entire federal government.

“This is pie-in-the-sky,” Schwartz said. “We haven’t actually done it yet, but I think we have a good path to getting there, and we’re going to be trying over the next couple of years.”