The Department of Homeland Security “will no longer take the ‘big bang’ approach with IT modernization” as the department focuses on modernizing in place, improving data management and security, and pursuing new opportunities to integrate artificial intelligence, says the new Information Technology Strategic Plan 2024-2028.
“The DHS IT community plays a more critical role than at any time in our Department’s history to executing our mission,” Chief Information Officer Eric Hysen said at the outset of the strategic plan, stressing the plan’s priorities of investing in the department’s tech workforce, lead in the responsible use of artificial intelligence, strengthening data management, improving the customer experience, retiring legacy systems through agile development, and being a leader in zero trust adoption and IT supply chain security.
“Technology is constantly evolving, and any multi-year IT plan is out of date the second it is finalized. This strategic plan is no exception,” Hysen said. “So, while I look forward to working with my colleagues across the Department to implement this plan, I am even more excited to learn with them and continuously improve our approach in the years to come.”
About 5,000 IT professionals comprise the DHS information technology workforce. The first goal in the strategy is to build a diverse, equitable, and inclusive workplace; create department-wide training programs including establishing the DHS IT Academy; fully adopting the Cybersecurity Talent Management System (CTMS); and enhancing cohesion within the IT community including implementing regular IT Community Town Halls and strengthening IT councils “as forums for senior collaboration and decision-making.”
“Through these efforts, we will make DHS a place where IT professionals can do meaningful work, grow their careers, and bring their authentic selves to work every day,” the strategy states.
The second strategy goal of leading in the “responsible use of AI to secure the homeland and in defending against the malicious use of this transformational technology” includes adopting Generative AI, machine learning, Computer Vision, and other AI to “enhance the Department’s capabilities in core areas: threat detection, critical infrastructure security, and decision-making”; establishing “rigorous standards for testing AI systems, to include measuring for unintended algorithmic bias, evaluating quality, relevance, and usage rights of data on which AI models are trained, and ensuring algorithms are effective for their intended uses”; developing “common infrastructure to support rapid and effective AI implementations across different use cases” and updating the department’s AI policies; and hiring experts in emerging technologies along with ensuring that “all DHS employees build AI literacy.”
The strategy’s third goal focuses on leveraging data as a strategic asset “to improve our operations and better identify and respond to constantly evolving threats,” including data integration through mission-focused data sharing platforms, strengthening data inventory and discovery, ensuring adherence to records retention requirements, refining mission-aligned data governance, partnering to drive evidence-based policymaking, and publishing more usable open data and APIs.
“We will continue to improve governance practices to ensure the enterprise data management lifecycle promotes accurate, accessible, understandable, and secure data,” the strategy says. “We will ensure that statistical data governance and operational data governance are synchronized. We will implement governance mechanisms that prioritize and safeguard the decision-making processes essential for the success of our missions. In doing so, we will leverage experiences from successful domain-specific governance programs, such as the Immigration Data Integration Initiative, as examples for other areas.”
The fourth goal focuses on improving the experience for both external and internal users of DHS platforms.
“Each DHS Agency & Office will identify their most critical services, conduct user research to understand the lived experiences of their customers, and iteratively work towards concrete CX improvements in the near term while building towards longer term transformations,” the strategy states. “For services that share customers across Agencies & Offices, such as Trusted Traveler Programs, we will partner to develop shared transformation roadmaps that respect the full lifecycle of a customer’s interactions across DHS. Concurrently, we will establish relationships with internal and external communities that promote transparency, accountability, and collaboration.”
Reaching the goal includes using accountability and compliance processes to improve accessibility and usability, establishing “CX literacy and fluency across the Department through experiential training, coaching, and building modern tools” and promoting “human-centered methods, such as user research and usability testing,” and maturing and measuring CX organizations and practices.
The fifth goal of the strategy focuses on building “modern, effective software” by modernizing in place, ensure government accountability and ownership to oversee contract deliverables and ensure results, doing continuous R&D and testing, and using enterprise services “in network and security operations, cloud infrastructure, developer tools, common software platforms, identity, and other areas and adopt these services across IT systems.”
“We will no longer take the ‘big bang’ approach with IT modernization. This monolithic approach creates unnecessary risk and provides little value to our customers,” the strategy says. “Instead, we will adopt the practice of modernizing in place. We will build smaller, discrete system functions and deploy these new capabilities within existing environments. This enables us not only to deliver new capabilities to our customers faster, but design systems for interoperability.”
DHS will also reject ‘AgileFall’ — “when seemingly iterative methodologies are used on the surface, but a program still relies on a long-term, predefined schedule.”
“We will increase our use of trusted open source software and reusable government code and expand our contributions back to the open source community, including reuse of our own code across the Federal Government,” the strategy adds.
The sixth and final goal is to better secure systems and data by continuing to refine and incorporate the Unified Cybersecurity Maturity Model (UCMM), maturing cybersecurity supply chain risk management practices, implementing Zero Trust architecture, and partnering to increase cybersecurity resilience including through expansion of the Hack DHS bug bounty program.
“Cybersecurity is not an all-or-nothing approach: we must embed security into all parts of the IT organization, network architecture, and software development lifecycle,” the strategy says. “We are not so naïve as to think that we will prevent every breach, but instead must also look to limit the potential impact of breaches that do occur. DHS will bolster cybersecurity measures and minimize vulnerabilities through the stringent application of access controls and adaptive security protocols. By upholding the principles of least privilege and dynamic response, we will continue to reduce the attack surface and potential fallout from breaches and ensure that our security strategies remain agile and effective against emerging threats.”
DHS said it aims to “seamlessly infuse IT modernization priorities into existing DHS decision-making processes” by identifying modernization opportunities, prioritizing critical projects, funding projects through innovative means, and modernizing in place while starting small.
“To support risk-based decision-making, DHS is aligning future IT budget requests with the DHS UCMM framework,” the strategy states. “We will issue annual IT resource planning guidance and approve funding for projects that are in line with our modernization objectives. In cases where funding is necessary outside of the regular budget cycle, we will use the DHS Nonrecurring Expenses Fund and other innovative funding models, such as the Technology Modernization Fund.”
Hysen was announced as the Department of Homeland Security’s first Chief AI Officer last month as the department unveiled a pair of new policies crafted by the DHS Artificial Intelligence Task Force. Hysen will continue in his CIO role along with serving as chief AI officer. He was named co-chair of the task force upon its creation along with DHS Science and Technology Under Secretary Dimitri Kusnezov.
Hysen told senators at a Senate Homeland Security and Governmental Affairs Emerging Threats and Spending Oversight Subcommittee hearing in June that “AI presents a significant opportunity in modernizing our systems as well as better harnessing AI to advance our mission delivery.”
“But the risk of adversarial use of AI is real as is the risk of disparate bias or unintended disparate impact from our use of AI,” Hysen added.
Hysen agreed with senators that “modernizing our legacy IT systems is essential to improving the experience of those that rely on our department for critical services and of strengthening our ability to carry out our vital homeland security missions.”
“Modernization further offers opportunities to strengthen our cybersecurity posture and reduce spending,” he added.
Hysen, who spent time as a software engineer and program manager at Google prior to entering government, told lawmakers that he is “focused on strengthening our IT workforce to enable this both by bringing in talent from the private sector and creating new opportunities for our workforce to develop and gain new skills.”
DHS announced this summer that the department reached its target of eliminating 20 million of the 190 million hours of administrative burden placed on the public each year through modernizing IT systems and simplifying services.
