DHS playbook strives for consistency of mobile apps

The Homeland Security Department has a new playbook for developing mobile applications and it’s willing to share to ease the burden and ensure consistency across the government.

This how-to guide is for everyone from the technology experts to the business owners to the app developers.

Rob Palmer, the DHS deputy chief technology officer in the Enterprise System Development Office, said the playbook is to help stem the tide of inconsistent mobile app development. He said this led to an increased workload for the chief information officer’s office to test, field and approve.

Palmer said he wants to make the playbook available to other agencies to help them address similar challenges around mobile app development and deployment.

“We took the opportunity to consolidate our thoughts around how we develop apps and engage with the testing and development platforms,” Palmer said in an April 6 interview with Federal News Radio after he spoke at the ATARC Federal Mobile Summit in Washington. “Our goal with sharing this document is really it’s our view of how we do it in DHS, but we realize there is a lot of commonality across the departments and agencies, so if an agency can pick this up and it gets them 60 percent of the way, that’s great. If through the feedback we get we see something we can improve upon or we missed altogether, then we incorporate it back into it. The general concept here is let’s share the information and get it out there, and if we can enhance this and develop it together, it’s just good work.”

Rob Palmer is the Homeland Security Department's deputy chief technology officer in the Enterprise System Development Office.
Rob Palmer is the Homeland Security Department’s deputy chief technology officer in the Enterprise System Development Office.

DHS has not yet made the mobile app playbook publicly available, but Palmer said he’s willing to share with other agencies and is trying to figure out the best approach to making it easily accessible for others.

Palmer said DHS took a similar approach to the playbook for digital services that the Office of Management and Budget developed.

“From a CIO perspective, these are the things you need to pay attention to at a very high level, what are the investments going to look like and the stakeholders you need to engage. It includes things you need to think about from a business owner’s perspective. There are some checklist-like items,” he said. “Then for the developers, it’s really about how do they think about all the things that needs to be done. There are a lot of equities associated with fielding a mobile app, security, privacy, the business owner and are we meeting the mission need. All of those things the developer needs to be aware of and have resources to do that.”

Palmer said the playbook also is the one place for all of DHS to find resources and information about developing mobile apps. He said it’s intended to be a living document that is regularly updated as appropriate.

“We’ve done quite a few apps in DHS, built and tested. So our goal was to capture that,” he said. “People say they will develop an app and want to know how we did ours. Rather than each time somebody comes to us and we sit down with them for a couple of hours and walk them all through it, and it may be the same conversation we had with others, we said let’s just consolidate that, put it in one place and get them the resources.”

Palmer said it’s important to note that the playbook is a resource, not a mandate or policy.

But DHS recently created a “forcing function” of sorts. Chief Privacy Officer Karen Neuman signed off on a new policy March 30 to require components to vet mobile apps through DHS’ car wash process. The car wash process provides continuous integration build, testing, source code management and issue tracking for building applications. In addition, it has matured over the last few years into a governmentwide shared service.

Palmer said since all DHS apps have to go through the car wash, the playbook provides components the necessary approaches and resources to make them successful.

“We do have quite a lot of interest, both inside DHS and external,” Palmer said about the car wash process. “What we struggle with the most is the business model with the external engagements with the agencies. Right now, we manage the workload and it’s heavily subsidized by CIO, but that’s less than sustainable. We have a challenge in front of us to come up with a business model if it’s going to be offered federalwide. That’s the key item we have to work on.”

He said many other agencies have used aspects of the car wash and incorporated it into their existing processes.

The State Department, for example, is one of those agencies.

Haar Sandhu, State’s division chief of the mobile computing program, said the same conference that the agency is developing a single process for mobile app approval with a goal of cutting down the time it takes to a couple of weeks from six months.

“We have made tremendous progress over last year-and-a-half. We have laid a strong foundation globally in terms of supporting different mobile devices and also managing them securely domestically. One of the things we were able to do was consolidate within State rather than having individual bureaus or components having their own devices and services. It’s cost effective and able to provide services much faster.”

Sandhu said State users are not allowed to use all commercial apps and all apps must go through a specific process to ensure security.

“We have been working for a year and came up with a process that it will take them two weeks to get applications approved once they are done,” he said. “We are creating a service for the department and they will use this service because it’s in their best interest to get their app approved quickly.”

Palmer said one of the big challenges across all of government is reciprocity of vetted mobile apps.
He said the federal Chief Information Officer’s Council’s Mobile Technology Tiger Team is exploring how this could work.

“If DHS tests an app and we wrap the information associated with the use case around it, and that’s a similar use case that happens in DoD, why would DoD have to re-vet that app and spend the cycles on that?” he said. “The question is how do we share that information? Right now, we are looking at a very non-automated way of sharing that, but we want to eventually have it in a much more automated fashion.”