.jpg)
HSDF THE PODCAST
The Homeland Security and Defense Forum proudly presents HSDF THE PODCAST, an engaging series of policy discussions with senior government and industry experts on technology and innovation in government. HSDF THE PODCAST looks at how emerging technology - such Artificial Intelligence, cloud computing, 5G, and cybersecurity - is being used to support government missions and secure U.S. national interests.
HSDF THE PODCAST
Operationalizing Technology to Drive Mission Outcomes 2 of 2
Join us as we highlight the transformative power of AI in risk management and governance within FEMA and DHS, focusing on trust and explainability in AI adoption. Hear from industry and DHS leaders on how procurement innovation and communication are essential for successful industry-government collaboration.
Featuring:
- Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection
- Kristin Ruiz, Deputy Assistant Administrator and Deputy CIO, Office of Information Technology, Transportation Security Administration
- Kevin Cox, Deputy CIO, Federal Emergency Management Agency
- Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC
- Tony Orlando, Director of Customer Mission Specialty Sales, Google Public Sector
This discussion took place at the HSDF’s Technology Innovation in Government Symposium on September 26th, 2024.
Follow HSDF THE PODCAST and never miss latest insider talk on government technology, innovation, and security. Visit the HSDF YouTube channel to view hours of insightful policy discussion. For more information about the Homeland Security & Defense Forum (HSDF), visit hsdf.org.
Well, I would just say to answer your question lots of great points from the other panelists, but I would add that we're really focused on the fundamentals, right, looking at our current landscape how we can do better at cybersecurity, how we can embed zero trust, Training our information and assurance folks on AI so that they understand how to use these tools and how to benefit from those tools. Ai is not new for us. Generative AI is new for us, but we've been doing machine learning and biometric matching for a while at TSA. So you know we're really exploring what generative AI would mean for us and what wouldn't make sense for us, right? So, as we do that, it requires us to educate everyone on what the fundamentals of AI are, how to use these tools, the ones that are approved by DHS. We're giving folks access to those so that they do have the access to the tools that are approved, but we're really cautious about introducing new tools without further investigating and making sure that we can protect our information, because security is our middle name and we're really focused on that.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:Yeah, some good points. I agree on the fusion of cyber and AI, those two coming together, as well as certainly the training aspect is important. So, you know, definitely looking at that in terms of our federal staff and bringing them up to speed, but it also would not be a panel these days if we didn't talk about AI.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:So we've got that question covered.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:Is there a?
Audience:question back in the back. Hey, good afternoon. Appreciate you all being here today. Michael Scott with Oracle. Kevin, you mentioned FedRAMP and from where we sit, it seems like there is, still, remains, continues, a very onerous process there. When you talk about operationalizing technology, I'm curious from where you all sit, if you share those same feelings, thoughts about the whole FedRAMP process and, if so, what DHS can do is doing to improve that.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:I'll start. I can't speak for DHS headquarters role with FedRAMP process and I can't speak for GSA. So I just want to caveat that to start out. But in terms of our experience with FedRAMP, I know from when I was with CISA before, when I was with DOJ, that there have been it's not as fast a process and sometimes the thoroughness slows the process down, but that in many ways is to be expected because of the complexities and because we, the government, are looking to be able to share the ATOs, or at least the package, with other agencies. So it has to be done. Well, I know in our interactions with GSA and even with DHS headquarters, they have been undertaking changes to make the process more streamlined. So I think we need to give that some time, both with all the participants to see how those changes help the whole process. But from my perspective in the government, I feel that the concept of FedRAMP makes a lot of sense and it's the ability to do once and use many across the various agencies and I think we need to continue to look at how we can make it work, even where there are times where it has been slow or has not been fully effective. So I think that too.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:Each agency has the ability to develop their own ATO and then share it into the program and share it with other agencies, so we will continue to look at that. As you all know, that takes time, it takes resources, et cetera. So I think we look at what's already available. I know the queues can be long for the folks in industry submitting their products for FedRAMP usage and to the extent that in the past that we've been able to sponsor a particular product, we will do that. But I think it's a matter of looking at what is available, looking at the technologies that we're looking at now through our market research, and seeing where we can partner with the folks in industry, partner with GSA, to potentially get something through the queue as fast as possible and make it useful for us but also make it available for the other folks in the government community. I don't know if that fully answered your question, but I think that, in summary, I think some of the streamlining is helping, but time will tell if it really hits the mark for all the folks involved.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:Anybody else want to tackle that?
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:As a software solutions provider. Right, I share your frustration because I want to be able to use any new product or anything that comes out in the market quickly to be able to take advantage of it. But that's where the partnership with industry comes in. I echo what we talked about is it's industry being able to provide all the details that the government needs, and then us working with government hand in hand to be able to streamline this process. We are looking for ideas to how to make this process better, so it has to be a partnership between industry and the government.
Audience:Rich Smith Mantech. Good to see some friendly faces up at the panel here. So I have a question about saving costs. We know that O&M costs in the cloud are getting more and more expensive. We have finite budgets, obviously, that you guys got to work with every year, with the CR coming up and all those things that Tom so eloquently talked about. What kinds of things are you doing with the cloud and keeping cost avoidance type things Are you doing to keep costs low? I'm just curious of just the general ideas around that of how you're doing that.
Kristin Ruiz, Deputy Assistant Administrator and Deputy CIO, Office of Information Technology, Transportation Security Administration:I could go and just say you know, one thing that we're doing is, as we're looking at our multi cloud environment, we are restructuring and reshaping our data architecture because if we can streamline and simplify, that, that'll save us a lot of money, because we have lots of data at TSA and actually not all of the data is accessible to where it needs to be, and that's part of our journey to the multi-cloud is so that we can enable that better. But definitely starting with the data piece is a huge cost efficiency for us that we see.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:I was going to echo that. It starts with data. Right, we have a massive amount of data in CBP's withholdings, but the data is also enhanced for various purposes. For example, I can give you passenger data and cargo data is collected in its raw form at the primary systems, right. Then it's enhanced for our enforcement type actions, and all of these data are stored in multiple copies as we are in the process of migrating our applications over to the cloud and multi-cloud. What we're looking at is how do we streamline this data, how do we build the data lake and delta lake so we're not duplicating data across all of these systems and platforms? That's where the cost avoidance is going to come from, and if you manage our data well, I think that would be a big cost avoidance.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:But I do want to make sure that people understand that moving to cloud is not cheap. There is a false perception, primarily from our customer side, that believe that, hey, you've got all this on-premise infrastructure and once you get rid of it, you're going to see $20 million in savings or $30 million in savings, without understanding that you're still paying for those services in the cloud once you migrate them over, and especially when you're in a transitional state where you have some on-premise footprint and some cloud footprint. The biggest challenge is being able to explain to our trusted partners and being able to educate them on cloud. Moving to cloud doesn't mean that it's cheaper. You're just transferring the cost.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:What you're avoiding from a cost standpoint is also long term Like. If you buy a service for $10 million, for example, right, every 20 years you'd have to refresh that and that's some cost, right and you have to invest another $20, $30 million in buying those infrastructures. By migrating to the cloud, not only are you getting better services, you don't have to worry about that full tech refresh every 20 years, every 10 years and whatever it is. And that's the constant communication between us and the trusted partners and explaining to them how we're leveraging the cloud, how we're leveraging the benefits of the cloud, what are the costs associated with it and being transparent about it and being able to show them the value there is going to get us the buy-in from our trusted partners and industry. To be able to show what the cloud costs are actually like being transparent about it.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:And I like the start with the data strategy, but it's also the overall cloud strategy. I think every one that I've talked to in the government it's now a multi-cloud strategy, but you as a customer want to avoid multi-cloud sprawl where you have virtually every cloud provider out there. Think, for me, it comes down to understanding your strategy and then really looking at achieving transparency across the board, because I think when we're working with customers that have on-prem processing, we don't start the conversation anymore that if you go to cloud you're going to save money. I think you can. I think, as Jay, as Jay pointed out, kristen pointed out, it's understanding where you can achieve the efficiencies and that's where the transparency comes in.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:You really have to understand all of your costs. Before that you may not have understood what those costs were, to be able to do an apples-to-apples comparison as to what's happening in the cloud. So we have some customers that were moving to the cloud and when we were managing their processing on-prem, they did not realize all the costs that were associated with that. We at the headquarters level were assuming some of those costs. So now in the transparency, we're putting all of those costs on the table so that we can understand what the costs are for the whole organization, what the costs are out in the cloud, do an honest comparison as to what are the true costs here, where the efficiencies are, where we need to sit down with our cloud providers and have an honest conversation that this is costing a little more than we thought it should and be able to move forward from there.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:So and I'll just comment on the ICE side. For us it's really just some of the basics just using the tools that the cloud providers have to monitor our spend, looking to where we can spend things down when not in use, taking advantage of savings plans to buy in advance. So even just some of those basics has been helpful for us at ICE.
Speaker 8:I would add that we're constantly working to optimize our software, especially in the AI space, so that it consumes less, and models purpose-built models, you know, built specific to the task so that they aren't driving a lot of consumption and data consumption.
Speaker 8:When it comes to the data realm, there's a huge cost there and in architecture models, right, you've got ways to access that data just the data you need without having to move at all and incur that cost. So there are a lot of different ways to address cost and in a multi-cloud environment, we're working with many of our customers to help them with cloud cost management. Basically, that's a fancy way of saying data analytics on your cloud services so that you can understand the application, the data, the network and where are you exceeding what you had planned and what are are the root cause reasons for that. To help our customers control that multi-cloud cost Because, as was said, it's starting to prove in unstructured environments to be more costly than originally planned. But there are so many different ways to monitor and manage and control that cost. You just got to work with your partners to really challenge them to help you optimize, especially in the multi-cloud world.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:And I'll just add there. So we talked a lot about the data. The data is important. You have a lot of agencies and organizations that I've encountered where you're duplicating the data on multiple systems, multiple networks, multiple instances, and so you're double, triple, sometimes quadruple, paying for expensive storage. That's one thing you have to look at. Of course, there's AI tools to look at how you deduplicate and you deconflict against that data. The other thing that we found in building models models are training intensive, which means they're compute intensive, and compute intensive means you're going to rack up some costs with the cloud providers.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:What we have found is that just good cluster policy management and making sure that all of your compute clusters are extremely elastic makes a huge difference. So shut them down. At the end of the day, you don't necessarily need a warm pool, right? You can completely shut it down. Maybe it takes a little longer to start up. You don't need to reserve instances. Make sure that you're targeting the compute that you need for what you're using so you're not overgearing, right? You're not using GPUs to compute an Excel spreadsheet and make sure you're using what you need to be using. We found both on our side, as a company who develops AI, but also integrating in our customer spaces. We can reduce costs, sometimes more than 40%, which is good. Cluster policies.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:Question back there.
Tony Orlando, Director of Customer Mission Speciality Sales, Google Public Sector:If it's okay with you guys, I want to stay with the cost a little bit more. Venkat Kodamudi I'm with Unisant was sitting at some of your shoes 10 years ago. A little bit more. Venkat Kodamudi I'm with Unisant was sitting at some of your shoes 10 years ago as a senior leader at TSA, trying to start the cloud journey those days. But my question is following on Rich's angle, how do you? What are some of your strategies? On other strategies I know data analytics is one of them On trying to marry the concept of commodity cloud as a commodity and pay by the drink on one side and the one-year, two-year color of money on the other side. So it's kind of hard to plan right. So what are some of your strategies around?
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:that Great question and it's always hard, right In a budget-constrained environment that we currently are in and in an election cycle, it's always hard and it's always a mad scramble trying to find funding to fund contracts at the last minute right. And that goes back to the transparency aspect of the cloud cost that I spoke about earlier in making sure our customers understand what the actual cost of managing and maintaining and building those applications in the cloud are going to be, regardless of infrastructure right and providing the transparency. So what we've done in CBP is we've built our cloud dashboard that shows costs and also projects costs for a certain number of months, saying, like, the cost of running application A, b and C is going to be X amount of dollars and most of our cloud providers and our partners provide that transparency to us up front, depending on the amount of utilization, compute storage, et cetera. It's not something that's rocket science. We are able to plan for those costs up front and being able to transparently show that to our customers, saying that this is what we project your cost to be for this fiscal year up front and then being able to track that on a monthly basis. So what we do is we have monthly meetings with our customers, our trusted partners, whether it's Office of Trade, office of Field Operations, border Patrol. We have a meeting with them and the product owners and the program managers sit down together and go over their costs and bake in those cloud costs, those ONS costs, and be able to show them on a dashboard real time and actually give them access to this data up front at their fingertips.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:That's where the buy-in comes in. So now, even before we ask, go back to our trusted partners, say, hey, we need to execute our contract and it's coming up on September 1st and I know it's the end of the fiscal year and you're all budget constrained, but we need to find this contract. Before we even ask that, our trust partners are coming to us saying, hey, I think I need to pay you cloud money and I need to pay you infrastructure money. And oh, by the way, budget sweeps are coming up. It's very close to 930. So I know procurement staff are probably freaking out in the next three days when all of our finance folks want to balance the budget and close the books for the end of the fiscal year. This always comes up and having the transparency up front helps get the buy-in from our trusted partners to be able to plan for it, whether it's one-year money, two-year money and all of that. It's just semantics, right, and there is an option. There are ways to work around that by working closely with your procurement shops.
Kristin Ruiz, Deputy Assistant Administrator and Deputy CIO, Office of Information Technology, Transportation Security Administration:I would just add that we also work closely with our customers, right? What is the outcome that they're trying to achieve? We have a lot of tools in our toolbox, right? It could be leveraging an existing application with some minor tweaks. That could save them a lot of money that we might be able to do at very low cost right away, versus having to plan ahead for it could be sharing and packaging an application with one of our sister organizations to say we built this out and you don't have it. It's close to what you need and we'd be happy to share that, because we're looking for economies of scale, we're looking for how we can maximize the investments that we do have, and looking at you know how we can help those customers plan for the future. And that crawl, walk, run approach, right, we might have something small and scrappy we can get them started with, but help them understand what it's going to cost to get to the long-term solution.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:Yeah, I'll just add.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:I think it comes down in my mind to two things it's having a good strategy for how you want to use cloud in your organization, but number two, understanding how the government budget process works.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:So right now we're all in a budget-constrained environment. We're probably going to be there for a year or two longer at least. So right now one of the things we're working to do is to make sure that, based on our cloud strategy, that we have enough budget, that we're advocating for the budget in this upcoming fiscal year to cover down on the cloud that we're using operationally for mission purposes. But in terms of that strategy and not knowing where the models are going to be, where the new technologies are going to be three years from now, working to build into our budget projections some cost to cover the ability to at least pilot new technology and then just crossing our fingers, when this time of year rolls around, that we get a budget that allows us not only to cover down and sustain what we have in the cloud, but also to be able to go to that next level and really bring the technology to support the mission.
Audience:Hi everybody, Nice to see you. I have a question. I want to take it from the very exciting cloud stuff to something a little more mundane Governance and compliance. We all need to do it for FITARA. You all have to deal with the acquisition lifecycle framework, the SELC and any new law that comes out. Have you guys looked at any automation of the governance and compliance process to get folks away from writing these large documents, reading these large documents cover to cover and then even speaking about the FedRAMP and ATO, there's some vendors who have indicated that they save down to 30% of the time and 10% of the cost of an ATO. I have to see that to believe it, but there's some people working in that space, in the AI space. Has that been something you've looked at? Thank you.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:I'll start from a FEMA perspective, not specifically on the security compliance side, but from the risk management side. We're looking at bringing AI to work with communities as they're putting together their risk management plan for things like climate change and bringing AI to that problem set and being able to utilize specific data from local communities and using templates to help them develop their risk management plan for their locality and be able to have AI help with meshing all of that data so that they have a workable plan when the process is completed. Although we're not using AI in the way that the question that you asked was, but I know of cases where folks are applying AI to at least the security compliance perspective because, to your point, it's ripe for being able to bring in those technologies to really. That's where the efficiencies come in. When you take into account all of the costs associated with the manual processes in that whole set of processes, you can really achieve quite a in my mind at least great efficiencies.
Kristin Ruiz, Deputy Assistant Administrator and Deputy CIO, Office of Information Technology, Transportation Security Administration:And I know that they're looking at the common things like generating a statement of work or putting together reporting for HR. They're looking at those as a department, so that way we could benefit from that. So some of those concepts, those use cases, are things that our DHS CIO and Deputy CIO are leading through that working group as well, so that way we won't have to build seven of them or eight of them, right, we can try to build one and share it across the department.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:I echo that what Kristen said about being able to leverage what one agency within DHS has done and leveraging it across the board, and that's a great point with the chief governance officer and each of our components have now have a chief governance officer AI governance officer, and each of our components now have a chief governance officer, an AI governance officer, and we are looking at AI as a tool to across the board, not just technology solutions. How can we make our lives better? And that's the theme of how we want to leverage AI within our organization and ethical use of AI providing the proper governance structure and ethical use of AI providing the proper governance structure and being able to implement solutions.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:that helps us. One more thing, too, I'll add not necessarily AI-related, but certainly governance-related is we're looking at the concept of software factory and where we might revisit the overall acquisition process, particularly in terms of our level three acquisitions that are delegated within ICE. So partnering with our component acquisition executive on how we might revisit that, as well as with the department. I know they're doing some of it as well as well as with the department.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:I know they're doing some of it as well. Yeah, and I'll just add from an industry perspective generative AI is getting very good at things like summarization and building frameworks and pulling out salient points from 100-page or more documents. We've had a lot of success working with organizations leveraging and augmenting typical large language models with something called retrieval, augmented generation or RAG models. You may start hearing that out there now and we're finding that through the use of RAG models, which are then trained with very specific data for the organization that we're working with, as well as something called chain of thought prompting or chain of thought learning, we can get very close to exemplar documentation and exemplar information.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:Now there's a risk you know, a risk threshold level right that people are willing to accept or not accept, and I think a lot of this comes down to AI in general, but in this case too, it comes down to the human factor, right? Whether humans are going to adopt these technologies or not relies a lot on whether or not they trust them. So a lot of this needs to be more explainable and be more open for people to understand how these models are making decisions. So we are doing it today. The technology is getting better every day and I definitely think that over time, as the risk tolerance increases, right, or the trust increases, you're going to see that more and more.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:Well, I think we have to wrap it up. So I appreciate all the panelists, I appreciate your time and thank you everyone for coming.
Rear Admiral Christopher Bartz, Deputy CIO, Department of Homeland Security:Thank you. Really great forum today. So I think what we started out with was what does the vision look like from the top? You got to hear a little bit of my story and about where we're pointing and where we're moving to as we transition from the Biden administration to whatever the next one is. Then we get a great panel to talk about more of a strategic viewpoint and an enterprise viewpoint in DHS from a mixture of DHS strategy leaders and also one industry panelist. Next went from that strategic viewpoint to the procurement innovation viewpoint. So what are the boundaries that we have set, or what boundaries do we have to abide by to basically exercise that strategy? So how do we do the procurement? And then, finally, the last panel, which was hey, these are the boots on the ground folks, the CIOs at the tactical edge that are trying to push the technology out there to enable mission. So really great kind of a great sequencing of panels and really good meaty takeaways.
Rear Admiral Christopher Bartz, Deputy CIO, Department of Homeland Security:So I'd really like to thank all of the panelists. I thought they did a fantastic and excellent job and I'd also like to thank the audience. I'd LIKE TO THANK ALL OF THE PANELISTS. I THOUGHT THEY DID A FANTASTIC AND EXCELLENT JOB. I'd ALSO LIKE TO THANK THE AUDIENCE. I KNOW THE PANEL THAT I MODERATED ON. We DIDN'T. It WAS ALL OF YOUR QUESTIONS, and SO I REALLY APPRECIATE THE PARTICIPATION THAT YOU DID. You HAD, and THEN YOU HAD SOME REALLY GREAT QUESTIONS THAT MADE US MAYBE THINK A LITTLE B. You had some really great questions that made us maybe think a little bit about how we're interacting with industry.
Rear Admiral Christopher Bartz, Deputy CIO, Department of Homeland Security:I'd like to thank Megan and the HSDF Thank you so much for bringing us in here and involving us in this event. And then Luke McCormick, thank you so much. He's the master facilitator between DHS, cio and industry, and so we really appreciate Luke's interaction. And then, finally, I think one of the things that I had talked about in my talk was this idea of collaboration and industry as a force multiplier. I think we really got after that today.
Rear Admiral Christopher Bartz, Deputy CIO, Department of Homeland Security:I think there's some things that we can do a little bit better, you know, with the conversations that we're having today at this forum, at subsequent forums and at the social hour which is going to be immediately after this. But we've got work to do. We have a mission to accomplish, both industry and government, different motivations but we're talking matching government, mission-oriented organizations with finite budget and for-profit organizations that are trying to help us. So there's definitely a challenge there, and then we have the government regulations that we have to abide by. But I think with the collective mind power in this room that we will be able to overcome that and meet our mission goals and defend against our adversaries. So thank you again.