[ISN] Interior's CIO fights fires

From: InfoSec News (isn@private)
Date: Mon Nov 22 2004 - 04:13:24 PST


http://www.fcw.com/fcw/articles/2004/1122/mgt-tipton-11-22-04.asp

By Sarita Chourey
Nov. 22, 2004

The Interior Department's chief information officer was beginning to
wonder if he had become the guy in charge of killing projects. Every
job that W. Hord Tipton has had, he said, seemed to come with an
ailing system and a plug in need of pulling.

In 1999, as a state director, he was given the task of putting to rest
the Bureau of Land Management's waning Automated Land and Mineral
Records System. But his work on the other part of the assignment — to
rebuild it - caught many people's attention and helped him climb to
the post of chief information officer two and a half years later.

Tipton, a qualified firefighter, karate black belt and certified land
surveyor, has the calm of a seasoned sheriff. Indeed, he was once a
law enforcement official. But Tipton's expertise reflects a work ethic
that is simple yet arduous: Practice what you preach.

In March, months before taking the job as Interior's CIO, Tipton, 60,
did something unusual for a federal agency CIO: He became a Certified
Information Systems Security Professional.

The certification matches the job at hand. Security is at the
forefront at Interior, an agency that has been beleaguered by hackers
and system vulnerabilities. The problems resulted in a court-ordered
shutdown of Internet access to parts of Interior's eight bureaus.

Since Tipton took the helm, Interior officials have spent about $100
million on systems and network security. Two years earlier, the agency
was spending about $4 million per year. By emphasizing business
systems security, he said, the level of security is many times
stronger than it was before.

Tipton, a father of two, is an engineer among lawyers: His wife,
daughter and son-in-law are attorneys. Tipton's wife, Nina Hatfield,
is a descendant of the family involved in the famous Hatfield-McCoy
feud.

Born in Kentucky, Tipton speaks with an unmistakable Southern twang.  
The folksiness of his speech is a product of his upbringing.

With a 13-year private-sector career in Tennessee, Tipton has a keen
understanding of information technology and the expansive nature of
Interior's mission.

The department, the fourth federal agency created, was started in
1849, a number that matches its address on C Street in Washington,
D.C. It has 53 business operations, eight bureaus, 77,000 employees
and 2,500 offices scattered from the Insular Islands to the remote
reaches of Alaska.

"Nothing we do is untouched by the flow of electrons," he said.

The individual bureaus receive direct appropriations from Congress
rather than funds from Interior's central budget. The arrangement is
good, Tipton said, because it requires a discussion by business people
and IT staff. Business drives IT, not the other way around, he said.

Most Interior employees have a mix of business and IT skills, so they
can devise their own ideas without relying on the agency's IT shop.

Certified project managers have become a mandatory component of
initiatives under Tipton's lead. But he said the agency has a way to
go, especially with regard to finding project managers with enough
experience to lead major cross-agency projects.

Randy Feuerstein, the Bureau of Reclamation's CIO, said Tipton is
dedicated, persistent and persuasive. "Hord does his best to keep us
all moving in the right direction and has accomplished a great deal in
a very short period of time," Feuerstein wrote in an e-mail.

Interior officials, like those at many agencies, are abuzz with the
notions of enterprise. The question to ask, Tipton said, is, "Why do
we need more systems or support or help desks?"

Taking law enforcement as an example, he said, "we 'architect' what we
want it to look like from a law enforcement [perspective] with the
departmental owner of that program. They lead that effort from a
business side, and we complement it from an IT side, and it comes
together."

Tipton said employees in his office are working on a business case
this year for a consolidated law enforcement system for all of
Interior. His goal is "shutting down four systems for the benefits of
operating one."

Agency officials are trying to consolidate 13 independent networks
with different service providers to a single one with a backup system.  
One of the 13 is the Enterprise Services Network, which "comes under
the overarching view of an enterprise, [including] approach,
standardization, economies of scale and service deliveries," Tipton
said.

The common strand running through all the networks is security. The
agency has been dogged by Government Accountability Office reports,
congressional criticism and legal battles involving the Indian Trust.  
Agency officials argue that the legal accusations greatly discount
Interior officials' ability to protect data.

In addition to his security professional certification, Tipton also is
certified as an Information Systems Security Engineering Professional.  
Therefore, he isn't likely to be swayed by employees who want to
automate a program if it isn't necessary. He can discern whether
something is crucial or simply nice to have.

IT employees must answer important questions about business practices
before a program is automated. Tipton demands vigorous analysis to
build a strong case. "We are not going to automate the cow path," he
said.

Chourey is a freelance writer based in Palo Alto, Calif



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Mon Nov 22 2004 - 09:36:07 PST