While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Over the past two decades, Susan Swart has used technology in every kind of environment, from a distant Middle East outpost to a bustling downtown office in Washington, D.C.
Her years at the State Department have shaped a realization that guides her work today as its CIO: IT is a mechanism for helping an agency whose chief work product is amorphous and driven by individuals acquiring and using knowledge.
Swart talked with FedTech Managing Editor Vanessa Jo Roberts about how IT has evolved at State and how the department, like the rest of the federal government, is changing the way it works through the use of technology.
FedTech: Let’s start off with your mission at the State Department.
Swart: My role is general policy guidance across IT in the department, providing guidance on investments and the strategic direction for IT.
That being said, there is a large operational component that is overwhelmingly infrastructure. We provide the department’s IT infrastructure — networking, mainframes, data centers, radios, telephones, mobile computing — all of those services, both domestically and overseas.
Now we are seeing the CIO organization branch out into more Web 2.0 technologies and how this can be used to impact the department’s mission. That’s where our future lies.
The infrastructure platform needs to continue to be solid, and we need to look for efficiencies and cost savings, but the real value-add for IT is taking advantage of the new tools available to execute the mission of the department. That’s the direction we are moving, institutionalizing new technologies and tools.
FedTech: You have spent your IT career — 20 years — at State. Have you seen a major change in technology and infrastructure approaches here?
Swart: When you think about it on a day-to-day basis, it doesn’t seem like it’s been these huge leaps. When you look back 20 years, we had Teletypes and low-speed circuits that we relied on for communications. Now we do these and many other information-intensive activities instantly.
Became CIO in February 2008, following two years as chief knowledge officer and deputy CIO for business,
planning and customer service
Joined the Foreign Service in 1989
Held numerous posts abroad and in Washington, including time spent as the dean of the Foreign Service Institute's School of Applied IT
Served in IT positions overseas in Cairo, Egypt; Caracas, Venezuela; and Lima, Peru
Holds a bachelor's degree from Virginia Commonwealth University in Richmond, Va., and a master's from the National War College
We have huge pipes — things are instantaneous. We don’t have all the paper and the printouts that we had before. We have gone from the Wang VS era to thin clients. We have gone from not having automated systems supporting many of our management functions to systems supporting all of our management functions.
And look at mobile computing. Before, we were absolutely tied to the embassy while overseas. Diplomats would go out, do their work, come back to the embassy and report. Now, we have capabilities in the mobile environment — we don’t have to be tethered to our desktops. We continue to push mobile capabilities beyond where we are today.
There are other significant changes, particularly in the capabilities of the infrastructure, to reach places that were previously at the ends of the Earth, so to speak. In the past, for much of the world, an employee would have limited contact with headquarters. We overwhelmingly relied on telegrams — that’s the way we shared information. Now, we share information over the web, via applications and instant messaging, as well as e-mail. We can share information all the time; we are not limited to a single channel. I would say that’s probably the most significant change.
FedTech: How has State’s dispersed environment affected bandwidth management and network issues?
Swart: In general, we have done a good job keeping pace with the needs. We have to manage bandwidth and make sure that we provide needed communications capabilities worldwide. It’s been a constant struggle, particularly for those places in the developing world without local infrastructure to support our IT needs. We are often required to provide expensive satellite communications.
An area where we can improve is applications. An application — or a function supported by an application — shouldn’t necessarily work the same way in London as it does in an infrastructure-challenged location. In the private sector, bottom-line trade-offs are made, and it is accepted that things are going to work differently in different locations.
State has been slower to come around to this notion that we need to modify some applications to work over small pipes in some places. The expectations need to be different, and the way the systems are engineered needs to be different. With some applications, we are starting to do that.
FedTech: Does your own experience in the field affect how you view your job as a CIO?
Swart: Overseas for us is the pointy end of the spear — that’s where the State Department executes its mission. Yet it is so easy to get sucked up in the Washington bureaucracy.
One strong positive about having overseas experience is you gain an understanding of what it’s like. In the Foreign Service, we have periodic opportunities to rotate in and out of the field. A lot of what is happening in the field — across the spectrum — is reacting to certain events. It’s very real-time activity; it’s not an analysis function.
The issue is getting the right kind of information, to the right people, at the right time — not too much and not too little information. That’s something that we struggle with. We need the ability to be mobile and access information while mobile. We need more than just our e-mail — we need access to our applications; we need to maintain the right balance with security requirements in a mobile world.
FedTech: Let’s touch on that security issue. How have you addressed endpoint security and providing more mobility?
Swart: Like everybody else, we have to balance the risk with the advantages. One thing we had already done from a network perspective is collapse access points for the Internet — so we are already compliant with the Trusted Internet Connection mandate.
We centrally manage more and more security-type functions. We are also implementing a grading system for many security elements of our network, servers and desktops. We are using the system to encourage people to take action on vulnerabilities that are the greatest threat.
One advantage that we seem to have, oddly enough, is although we are spread across many locations overseas, they are fairly uniform from an IT perspective. We manage many IT activities centrally — procuring equipment, managing the network and pushing out patches, just to name a few.
FedTech: You mentioned thin clients.
Are you using them? What about virtualization? Both offer a layer of security.
Swart: We are deploying thin clients in the field for the classified system. Interestingly, in addition to the advantages of thin clients from a management perspective, we found a significant drop in security violations related to removable hard drives. On the unclassified side, we have a couple of thin-client pilots under way.
We are virtualizing servers on the overseas platform and domestically. When we move into new data centers, it’s a requirement: Whatever can be virtualized is virtualized. Like everybody else, our data centers are out of space and out of power. So as we move to two new locations, we are virtualizing servers to reduce environmental costs and impact, as well as reduce space requirements.
FedTech: Looking at the last couple of years, what technologies would you say have been most crucial at State?
Swart: Definitely mobile computing — the use of BlackBerrys and allowing remote access to our systems, applications and information. Then, I would say blogs, wikis and social media. Even though the use of social media is probably not developed to the extent that it could be, its use has caught on. We are at a tipping point, and this administration has really helped that. They are pushing the use of social media and had success using the tools during the election, so it’s natural for them. They are going to push the rest of us.
FedTech: When it comes to mobile computing, do you see changes in the platforms people are using?
Swart: We had quite a few laptops but have reduced their numbers because of the security risks and the encryption demands. At one point, we had a lot of laptops deployed because laptops were the remote logon solution. Now we can log on remotely using a token, with a reasonable response time. We have more than 13,500 users who have remote access via tokens, and we also have extensive BlackBerry use. Looking down the road, whatever the device may be, it will need the capability to access a broader range of applications. We can’t access everything we can from the desktop.
In theory, if we can access our mail remotely, we should be able to access whatever application we need remotely. We are working to enable more applications for remote access — whether by a handheld, from an Internet café or some other way — in a secure manner.
FedTech: To decide what services should be available where and to what degree, do you use cost-benefit analysis? For instance, maybe an application is not going to run as quickly here in this remote, technically challenged location, but at least it runs.
Swart: Right, you can run it with degraded performance or modify the application to run only basic functions. We haven’t done a great job across the department taking this approach. There is an expectation within our culture at State, not just within IT, that things are going to work well everywhere. Users expect that all systems will work the same way, regardless of location.
FedTech: And is that an educational or awareness role that your office has to take on to change perceptions?
Swart: We struggle with users who require services in one of these places that’s really infrastructure-challenged or where it’s extremely expensive to get comm in there. There is pressure to just get it done. We have to do a better job educating our colleagues on the expense of providing service. We aren’t yet to the point where people realize it may not always be a good business decision to provide equal capabilities everywhere. We also need to look at new ways of delivering the same services more effectively at a lower cost.
FedTech: And do users expect more and different kinds of services than they have?
Swart: I would say they expect, or desire, greater service. Demand is always going up. I don’t think that will change.
FedTech: How do you track IT spending?
Swart: The majority of our IT spending right now is in the management arena: accounting, human resources, logistics infrastructure and similar systems. There is also significant investment in consular systems. I think we have very good mechanisms for understanding what’s being spent in those areas.
But a small percentage, perhaps 10 percent of the overall IT budget, is spent on smaller systems across the department, supporting a wide variety of activities dispersed across the bureaus. We could have a better understanding of that spending.
Development for these business-focused systems is handled in the business units. Although there is a lot of coordination, it could be better. We don’t necessarily have as good a sense of what’s going on outside of the management areas, to the level of detail that we should.
We are addressing this through the capital planning process.
FedTech: Is it a cultural issue that the business units drive a lot of what is needed for IT and have some authority over what they want to do?
Swart: Yes, very much so. We are organized by bureaus, and they have the responsibility for activities in their portfolio, including applications that support their work.
FedTech: So that approach fits?
Swart: It fits. I don’t necessarily disagree with the approach. Where applications directly support the business, the tie between system developers and the business needs to be close. If we centralized application development, over time the fear is: How close to the business mission would IT remain? I don’t have an issue with application development and support being done in the business units, or bureaus. We just need to have better coordination and better understanding, so we can take advantage of good practices and share them across the department.
FedTech: When it comes to cloud computing, do you think those brave pack leaders are out there in government?
Swart: I do. But until a large agency moves to the cloud for a critical service, I think a lot of agencies will stand back. A lot of agencies are going to have to feel comfortable about the security and the privacy protection.
On the security and privacy side, we have concerns: Where will our data be stored? How will it be secured? What control will we have? These types of concerns need to be addressed in contract terms and service-level agreements.
FedTech:What about the issue of collaboration across agencies and how that’s changed for IT?
Swart: Obviously, since 9/11 in particular, there is a much greater emphasis on sharing information across agencies, and there are instances where that works really well. But it’s something we struggle with because we have different needs for different kinds of information, and we have different systems.
Success hinges on figuring out what is the best, quickest and most cost-effective way to share the right information in a timely manner. That is still going to be a struggle because our needs vary. However, there is positive movement.
FedTech:: Is the hurdle about just the data itself?
Swart: It seems agencies are sometimes more focused on the technology to get information out and not as focused on identifying the right information. In my opinion, we need greater focus on determining the right information, followed by specifying the technology that supports information sharing. Just because you now have access to tons of information doesn’t necessarily mean that you need all that information to make a better decision. That being said, it is not a simple task to identify the right information. What is the right information? How do you ensure it’s the right information? And how do you make sure it’s not too much information? We will continue to be challenged by these questions.
FedTech: Let’s talk about collaboration and the things you are doing with the CIO Council. How do you see that as a broader agenda for IT across government?
Swart: It’s an interesting time because we are switching from an administration with a focus on lines of business to the new administration’s five pillars. That is a significant change. The main initiatives getting council attention are data.gov, which gives visibility to certain components of agencies’ data; the IT Dashboard [ITdashboard.gov], which gives more visibility into IT investments across the agencies; and cloud computing.
On a more personal level, I am co-chairing an IT capital planning working group with John Tetter, deputy CIO at Health and Human Services. We are reviewing how IT investments should be reported and managed. The group is suggesting modifications to the information agencies track and report to OMB. The intent is to streamline the process, reduce duplicative reporting, and provide information that is meaningful to both the agency and OMB in determining the health of investments and projects. We are also attempting to identify those key elements of a project which indicate success or failure — for instance, what are the right indicators that a project is on track or not, and where and when should you intercede?
FedTech: And what’s the data to present so that people can understand it?
Swart: That is the conundrum: figuring out how can agencies articulate it in business terms and not necessarily in IT terms. These are measures around what’s being delivered by the systems, not actually the systems themselves.
FedTech: When you look at some of things that are happening, how will IT be able to take advantage of them as opposed to providing insights and information to the public? Do you have a feel about that?
Swart: Not yet. I think cloud computing, which is IT-focused, offers great potential. As soon as we are confident security and privacy issues are addressed, I believe we will take advantages of those services.
Some of the other initiatives, like data.gov and the other open-government initiatives, are not really about IT. IT facilitates them, and that’s a good message: It’s not about IT but what IT can enable. The CIO community facilitates this because IT is essential to the way we manage our knowledge. But basically it’s about the information, or data, and what business functions are supported. How can mash-ups be made that add greater value to the data owner or to the public, or both? I don’t think that’s really an IT question.
As to the IT Dashboard, from a personal perspective, I think, OK, let’s get it out there and see what kind of comments we get back and how we can use the data to drive better management and investment decision-making. Let’s use the dashboard to focus how we look at IT investments — it offers a fresh perspective.
FedTech: How do you deal with information overload?
Swart: I will give an example. We are getting ready to replace our legacy telegram system that’s been around since the ’60s in some way, shape or form. It’s a text-based system used for official communications.
In discussions on how the new system will work, and more specifically how messages will be distributed, we ran head on into the dilemma of information overload. The culture says the more info the better; we should push as much as possible. Users want as much information as they have now: “I got this much yesterday, so I should get that much today.” We are use to getting so much information, more and more each day. It is a struggle to feel comfortable getting less, even if the information is better — more targeted to our needs. There is a mindset that more is better.
How do we change this thinking? There is some information we need because we have to take action. Other information is informative and broadens our situational awareness, but we don’t need to have it instantly. It could be posted or pulled, thus reducing our information overload.
For IT, the question is, how do we use technology, and particularly web-based applications, to help users better manage their information? The technology is there, but it’s an issue of changing the way people think about information and how they access it.
FedTech: How do you get at that?
Swart: As I mentioned, we’re moving off of the old legacy messaging system. While there are similarities between the two, the new system has much more flexibility. Users have the ability to set up alerts when information on subjects of interest is created. They can search a departmentwide database of historical information. Hopefully, these new capabilities will build confidence that information does not have to be sent directly to users to be available. The system allows users to access information they couldn’t see before, but they don’t necessarily have to receive it in their mailbox.
Over the next few years, we’ll take a hard look at what needs to be shared as a message and what can be made available by other means. This means looking at the information itself, determining whether it should be sent, posted to a website or become part of an application. Changing the culture will be incremental.
FedTech: Do you see change from younger people coming into the department, having a different view of technology?
Swart: Many of the “digital natives” are much more comfortable with technology. They are on Facebook; they are using Twitter and other social media; and they understand the power of these new tools. (I have a Twitter account, but honestly I only use it for direct messaging.) The younger generation has been using technology and social media most of their lives.
They will be a force that will push a change in the way business is actually done. We have done a lot of good work in the department using new technologies such as wikis and blogs. Our Public Affairs Bureau is using Facebook and Twitter, for instance.
But in many cases, these tools augment traditional ways of doing business. In many cases, we are not substituting old ways of doing business for new ones. And some of that might just be because those technologies serve needs that weren’t being met before. But in other cases, I do think we could use newer technologies to replace some of the more traditional methods. I find many organizations are struggling with that: using new tools and finding they are valuable, but not necessarily sloughing off old ways of doing business.
FedTech: What about the record-keeping requirements in government?
Swart:The official record is extremely important. With some social media, you can get out so much information to so many people that the old rubric of record-keeping is hard to apply. It’s a huge shift. How do you maintain records when the ability to publish is literally in every user’s hands? What do you collect? How do you collect it? From whom do you collect it? Who can speak on behalf of the organization?
It is a whole different world. Collectively, we are struggling with new mechanisms to ensure that we are still maintaining the historical record. But challenge can’t thwart the ability of an agency to carry out its mission using these new tools. It’s no longer a slow-moving, paper-publishing world — that’s a reality.
FedTech: Then there’s the institutional knowledge of members of the Foreign Service, who spend years becoming expert on topics. How do you capture that?
Swart: We do realize we have valuable information resident with each individual.
We have created a number of communities of practices to better share knowledge and expertise across the department. Our new messaging system will also support better sharing. We are hoping technology will encourage nontraditional sharing of information.
For example, an expert on rule of law in China who moves to another area of the world, with a different portfolio, could still easily contribute his acquired expertise to rule of law efforts. We have expertise all over the world, and IT can facilitate tapping into an employee’s knowledge without regard to location. Of course, our culture has to change to allow our workforce to contribute beyond the confines of a person’s current job.
FedTech: That it’s common knowledge?
Swart: It is common knowledge. We have expertise on a variety of subjects dispersed across the globe. But we have to be a bit more flexible in how we use our expertise, and IT makes that easier to do.
FedTech: How do you find and cultivate innovation in a large federal agency?
Swart: Our commodity is really information. Yes, we do provide services to the public — consular services — and a few others, but what we really deal in is knowledge and information. Knowledge for executing diplomacy is not that tangible.
There’s no easy technological innovation for that, comparable to, say, a technology that assists a rocket launch or improves a missile’s trajectory. What we have had are new tools, particularly web tools. There have been many individuals and small organizations within State that have shown a real interest in understanding how these tools could impact their jobs. We in the CIO Office have supported that, and use has grown through grassroots efforts over the last five years.
What is interesting is the impact of the change of administration, with support from the top for new tools and methods. We have an innovation chief, Alec Ross, and there is interest at the top levels of the department in new ways of doing business using IT.
And there’s action, too. For example, the department created a blog, called the Sounding Board, where employees can offer ideas on management change to the secretary. When bottom-up and top-down efforts come together, I think that is when we will really see some changes, by sloughing off of old ways of doing work and moving to newer ways of doing business.