When Richard McKinney took over at the CIO of the Department of Transportation last May, the IT department was a mess.
In a keynote address Wednesday at the Federal Forum 2014, McKinney described the situation he inherited at the DoT as deeply siloed among the various agencies, weak on cybersecurity and unresponsive to mandates like the federal government's personal identity verification (PIV) card initiative.
Since May, DoT's tech team has "been trying to have a conversation where we can reimagine ourselves," McKinney says.
Through that process, he's been working to bring together his team of agency CIOs, overhauling an internal CIO council that he described as unstructured and ineffective. That panel, which now meets twice a month, includes committees focused on cybersecurity and shared services, as well as a variety of working groups tackling IT initiatives such as data center consolidation, networking and mobile computing.
Transportation Department Focusing on Shared Services, Cybersecurity
McKinney recalls the obstacles he encountered when talking with his DoT CIOs about shared services, which the DoT had been running under what it called the common operating environment. Agency CIOs complained that their shared services deployments, such as they were, delivered subpar performance at excessive cost.
So McKinney, in the course of retooling the CIO council, tried to reorient the panel around the DoT's business objectives, breaking down the walls between agencies so that shared services, when appropriate, could be implemented to further the mission of the department.
"To get you into a shared services environment, I don't want to do it at the point of gun," he says. "I want to do it because I can provide you compelling business value."
The government's push toward shared services is one of several areas in which federal CIOs have been tasked with improving IT efficiencies while operating under flat or contracting budgets. A major thrust of those efforts, and shared services in particular, has been to consolidate the government's sprawling technology operations and move away from a culture where sub-agencies and bureaus operate as fiefdoms and maintain their own systems and applications, even with commodity functions like email.
Another government-wide directive concerns cybersecurity, one of the areas where the administration has promulgated a set of cross-agency priorities (CAP). Those goals include trusted Internet connections, continuous security monitoring, and implementation of the PIV cards for employee authentication.
When McKinney stepped in as CIO, Transportation was dead last among federal agencies in its cybersecurity CAP goals, he says. McKinney, the former CIO of the city of Nashville, Tenn., admits that he was no expert in the field of transportation when he joined DoT, but the department's understaffed and neglected cybersecurity operations were an immediate red flag.
"I knew enough to know that if you're not doing well in cybersecurity, that's like the canary in the coal mine. It's indicative of other things. It's indicative of infrastructure. It's indicative of governance," he says. "I don't know anybody that's doing IT very well and screwing up in cyber."
McKinney set out to address the challenge on a variety of fronts. He enlisted the help of an outside consultancy, Mischel Kwon and Associates, to evaluate the department. This culminated in a "no-holds-barred" meeting with the secretary and his top deputies.
McKinney made security another chief priority of the CIO council, working with his lieutenants to achieve a more holistic view of the agencies' systems, and to tackle the PIV initiative. When he came on board, McKinney says, DoT had yet to even begin rolling out the PIV cards; today the department is nearing 100 percent issuance.
Progress Result of Collaborative Process
The latest CAP performance evaluation shows DoT having rising from the bottom of the ranks of measured agencies -- still far from the top, but a long way from where the department sat when McKinney took the reins.
McKinney emphasizes the CIO's role as a convener. DoT's work on shared services and cybersecurity -- along with issues such as consolidating data centers and rebalancing the workforce between federal employees and contractors -- has been a collaborative process, he explains.
The role of the federal CIO has been the subject of considerable debate in the past year. Some lawmakers and administration officials are pressing for legislation that would expand CIO authorities, clarify the department and agency reporting structure, and trim the number of positions with the CIO title -- effectively centralizing budgeting and personnel decisions at the top of the organization.
Asked about that issue, McKinney says only that it's a debate worth having, without endorsing any specific proposal.
More important, he argues, is that the CIO work under the existing authorities of the office to build broad-based support for the technology initiatives that can support the mission objectives of the agency. "IT is a team sport," he declares.
"You could give me all the authority," he says. "[But] If you don't use it well, if you don't have these conversations, if you don't treat your employees like partners with you, if you don't treat your customers collaboratively, if you don't have the right conversations with the executives to get the buy-in -- if you don't do all that stuff right, you can write [into law] all the things in the world and you won't be successful."