While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
To Richard McKinney, the Transportation Department’s former CIO, the question seemed simple enough: Could his staff provide a visual representation of the agency’s networks?
At the time, in 2015, McKinney was considering moving the department’s messaging and email services to Office 365. But first, staff members needed assurances the agency’s network could handle the load, so McKinney wanted to know what exactly the network looked like and how its employees were putting it to use.
In short, “were we setting ourselves up for a bandwidth problem?” asked McKinney, a political appointee who served as CIO from 2013 to January 2017.
That question kicked off a chain of events which he says inadvertently led to a series of benefits: a better understanding of the organization’s networks and which devices were using those networks; and, ultimately, a plan for how the network should evolve for the future.
A turning point, he said, was the installation of Riverbed’s SteelCentral suite of products. Those performance monitoring and diagnostics tools discovered software on the network that needed patches and an “incredible” laundry list of items that needed to be corrected for security purposes.
When the department switched on the program’s autodetect function, Riverbed discovered roughly 1,000 devices communicating with the agency’s networks, about 200 more than administrators expected. Employees in field offices had “self-serviced” the networks out of necessity and convenience, often with commercial-grade — not enterprise-grade — technology.
McKinney spoke recently with FedTech Managing Editor Mike Gruss about what other federal agencies can learn from his experience.
MCKINNEY: From the moment I got there, I was very concerned about the fact that we didn’t have any as-is blueprints. I’d say to somebody, give me a visual rendering of our networks. No one could do this. Nobody understood the whole network — it was just a gut feeling I had. This transition was my opportunity to put this angst to bed for good.
MCKINNEY: This isn’t what we set out to do. We set out to measure bandwidth use, and it was just this happy accident. It was an unintended consequence that we ended up learning things about our network that we didn’t know. It was educational. It was motivational. It was inspirational, in a way. We realized we really can do a much better job with network management, and this tool has made it possible for us.
I had a chance to talk to the federal CIO council and former federal CIO Tony Scott about this, and my message was, don’t assume that you understand your network. If you don’t have tools like this in place that can automatically detect and manage your network, don’t assume that you understand the exact construct of your network. I don’t think we were isolated in this. If, somehow, I ended up being CIO of another federal department, I think it’s the first question I’d ask: Do you have a way to automatically detect and manage your network? Do you have an as-is blueprint of your network that you feel is complete?
MCKINNEY: There were parts of the network that were laboring, but we didn’t have any that were choking. This is important as we continue to move to the cloud away from the old data center model and we have more and more of our traffic moving across the network and across the internet.
We asked, “If the DOT were brand new, how would you design the network? Show us what the network would look like if it had been deliberately architected from the beginning.” This network transition plan, that’s what the team and I left behind. They’ve got their work cut out for them for several years. Some of this will take several budget cycles.
MCKINNEY: Your network is the foundation. Everything that you want to do from an application services standpoint relies on a secure robust network. All of this is setting the stage for the department to consolidate and move more to the cloud and be a little more deliberate than we’ve been able to be in the past. We’re trying to make the network cloud-ready.
MCKINNEY: There’s an inherent cost in being decentralized and federated. Those are two fancy words for needlessly complex and duplicative. Wherever you are needlessly complex, there’s cost and a security risk. I absolutely believe that a well-maintained network in the long run is cheaper to own and operate than one that takes a Rube Goldberg approach.