.jpg)
HSDF THE PODCAST
The Homeland Security and Defense Forum proudly presents HSDF THE PODCAST, an engaging series of policy discussions with senior government and industry experts on technology and innovation in government. HSDF THE PODCAST looks at how emerging technology - such Artificial Intelligence, cloud computing, 5G, and cybersecurity - is being used to support government missions and secure U.S. national interests.
HSDF THE PODCAST
Operationalizing Technology to Drive Mission Outcomes 1 of 2
Discover how top leaders from TSA, Google, SAIC, FEMA, and CBP master the art of balancing the unpredictable nature of IT acquisitions and operational leadership. This episode promises to guide you through the intricate roles of deputies who expertly juggle immediate tactical needs with long-term strategic objectives. Learn firsthand the importance of teamwork and strategic planning as these leaders reveal their innovative solutions for managing daily operations and security, all while keeping their organization's mission at the forefront.
Featuring:
- Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection
- Kristin Ruiz, Deputy Assistant Administrator and Deputy CIO, Office of Information Technology, Transportation Security Administration
- Kevin Cox, Deputy CIO, Federal Emergency Management Agency
- Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC
- Tony Orlando, Director of Customer Mission Specialty Sales, Google Public Sector
This discussion took place at the HSDF’s Technology Innovation in Government Symposium on September 26th, 2024.
Follow HSDF THE PODCAST and never miss latest insider talk on government technology, innovation, and security. Visit the HSDF YouTube channel to view hours of insightful policy discussion. For more information about the Homeland Security & Defense Forum (HSDF), visit hsdf.org.
Thanks, megan. This is a great group. I'm happy to be here and looking forward to this conversation. So, as Megan mentioned, I've been in your shoes recently and I know sometimes the day is filled with firefighting, but typically you as a deputy are responsible for the more operational aspects, but really sometimes where the rubber hits the road in terms of the day-to-day activities. So tell us a little bit about a day in the life as a deputy and what that looks like in your component. Anybody want wanna start? Kristen, you're up, all right, you volunteered.
Kristin Ruiz, Deputy Assistant Administrator and Deputy CIO, Office of Information Technology, Transportation Security Administration:Good afternoon everybody. Thanks so much for having me today. I would say TSA is a little unique. We are very mission driven folks, so I wouldn't say that my role is particularly traditional. I would say that we do a lot with a little bit and our executive management team is really a partnership and so we take the divide and conquer mentality. We're all involved in a lot of different things, so one minute I could be meeting with the administrator and then two hours later I might send the executive director for, you know, service delivery to meet with the administrator. We are a team and we work together and we divide and conquer the strategy. We work together on operization. I can't speak, I can't say it, but you know what I mean. It's tactical baby. I can't speak, I can't say it, but you know what I mean.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:It's practical.
Kristin Ruiz, Deputy Assistant Administrator and Deputy CIO, Office of Information Technology, Transportation Security Administration:I can't speak, but we're working through all of that together as a team. So that's what the most important thing is in my role is encouraging that team to be able to go out and feel empowered to do their job every day to meet the mission that we have at hand.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:We could do from the Google side too. Tony, tell us a day in your life.
Tony Orlando, Director of Customer Mission Speciality Sales, Google Public Sector:A day in my life. Supporting customers is very similar. It can be very tactical at times, mixed with long-term strategic application, and by that I mean advising, thinking about two and three-year plans and really partnering strategically on the long-term side. On the tactical side, it's very immediacy-driven right. We really do focus on mission and mission outcomes and, as a partner in the ecosystem, if a component of DHS needs our services, we're generally very responsive, with or without a contract in place Might just be advisory on how do we or what do you recommend or do you have, but we're always happy to be a partner to the different components and provide answers to questions and support as needed.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:Okay, hey everybody, thanks for having me. I would love to say that a day in my life is not just answering questions about chat, gpt, it's not. I would say. The key word that describes what my team does at SAIC is an operational bridge. So that is, how do we turn strategy into action and how do we take IT and technology and then place it to solve mission problems, and so a lot of what our day looks like is just like Tony advising, consulting, but really being that translator between the technical side and the mission side and I have the.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:I have the pleasure of working across, course, homeland Security, but also Department of Defense and the intelligence community, and so every day we're trying to solve these data challenges. We're trying to solve these mission challenges with unique and innovative solutions, and what I've found is it doesn't matter the agency, either within the Department of Homeland Security or really anywhere in the government, or the DOD or the intelligence community the good news is, a lot of the data problems are very similar that people are trying to solve, and a lot of the challenges they have with their data is very similar. So there's a lot of places that we can take lessons learned and apply to other organizations. So that's generally what a day in my life's like.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:Good afternoon everybody. For us, similar to what Kristen had indicated, it's really starting out with operations, both from a network standpoint but also a security standpoint making sure that all of the systems are up in the case of what we're seeing today in the news understanding what is happening in terms of deployment for the mission, making sure that we're out there to support the communities, preparing for, responding to and helping after disasters when they do strike. And then, in that operational mix, having an opportunity to continue to look at innovation and modernization and where we can take the systems to the next level so that we can utilize things like maybe not chat, gbt, but AI, generative AI, et cetera, to help with the grants process and the claims process throughout FEMA. And then dealing with the day-to-day contracts, budgetary issues, process-related issues, et cetera. And then a key to all of that is the partnership that we have with all of you, with all of our different SIs vendors that are helping us with the mission that we have day to day All right, it's easy to go last.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:I can just say ditto. Good afternoon everyone, Thanks for having me. Cbp is very similar. We have the same set of challenges. At the end of the day, we support the men and women in uniform, whether it's officer, field operations or border patrol, but we also have a trade community. In my current role as a deputy CIO, I oversee all the software applications and my phone never stops ringing. That means sorry, that means there's an outage somewhere, right, and I oversee all of our cargo applications, passenger applications, targeting applications and border patrol applications. And so it's 24 by 7, 365, right. When a fish broker cannot get their fish on a plane and there's a demand for sushi in New York and Los Angeles and five-star hotels, they'll call me 30 times a night, like whether it's 2 am in the morning or 3 am in the morning. So it's never a dull moment, right, and we understand that, and I think that's part of the overall mission and I echo the sentiments from all of my other fellow panelists. It's a very challenging mission, but that's what makes it interesting.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:Never a dull moment. I think we can probably all say that one, jay. So I will have plenty of time for questions. So think about what you want to ask, but I'll give the panel a chance to answer another question. You just heard from the acquisition offices and the DHS deputy CPO about where they're headed in terms of leaning in exploring new ways of approaching acquisitions. So I want to ask the team what kinds of things are you doing within your component to acquire IT in an accelerated fashion in support of the mission? So I'll maybe skip ahead to Kevin on that one sure, thank you.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:So we're working closely with.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:We have a number of different acquisitions upcoming, both on the operations side but also on the security side.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:So working closely with our procurement shop within FEMA when needed, working closely with the procurement shop at the headquarters level within DHS and then with our partners like at GSA, and one of the things we are really working to do is to make sure that we clearly define our requirements, as mentioned in the prior panel, doing all of our market research to understand where the technology is, who out in industry can help us meet our particular requirements.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:When appropriate, doing RFIs and then really tightening those requirements down, getting the message out to industry that we have these opportunities upcoming and then working with the right partners, whether that's in our headquarters or with GSA, to get the different requisitions out on the street. And if we do that following the process being fair and open and doing it the right way we're doing everything we can to avoid protest. Following the process being fair and open and do it in the right way, we're doing everything we can to avoid protest. It's virtually everything I've seen throughout my years with the government. That's just a way of life that we have to deal with, but to the extent that we can minimize protest, show industry that we are being fair and open and then successfully award the work, then working to do that as quickly as possible to hit the ground running.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:So that's our perspective. So, jay, I keep hearing about the OTAs that you're doing at CBP.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:So you want to tell us more about that? Yeah, absolutely, as I mentioned you do it.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:I beat him on the number of letters in my last name. I get to say ditto at the end. So no, that's a great question, heidi. So, as I mentioned, cvp is 24 by 7, 365. Our contract demands are also extensive and complex. The four organizations I manage. Our contract demands are also extensive and complex. The four organizations I manage. Together I have over 250 Agile teams and almost 400 federal staff and over 3,000 contractors that we depend on on a daily basis. And those are the large procurement efforts, the traditional procurement efforts.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:But our mission demands that we're able to come up with solutions that our officers and agents need on demand at the speed of mission. So, which means we have to look at unique contracting methods to be able to get those services out and seek industry's help to get those services out to our officers and agents. Just this last year we have awarded two such contracts. One is I'll start with anomaly detection algorithm contract. We work with, we partner with, invent, our CTO's organization, and we leverage DHS CSO Commercial Solutions Openings. It's a unique contract methodology and it's pretty streamlined and a simplified way of providing industry a specific use case and say give us the solutions for it, keeping it nimble, and we did that in two phases. In the first phase, we asked them to provide us a written proposal, a written solution, which gave us also an opportunity to meet with industry and have them either do an oral presentation or also do a tech demo. And then the second phase was the full proposal.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:What this did was allow several industry partners and commercial partners of technology that's out there to be able to come and provide the government with that specific service, especially in the AI space.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:And what this did the ADA contract I'll go a little into what ADA is is we are using AI to augment the officers and provide the officers with a toolkit that allows them to to process cargo and passengers in the POV in the land environment, as well as the truck environment, in the non-intrusive inspection space.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:It is just another tool that the officer will be able to leverage and I'm glad to say that we were able to award that contract with several vendors and we're about to even try the pilots out in several POVs by partnering with O4 and industry and getting those solutions out there and super excited about that, and I think we even have a briefing coming up with our commissioner tomorrow to give him a timeline on what that project is going to be like.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:That's one of them, and then there's another one that we did was with enterprise small business which was another game changer for us, because the first time ever we were able to do a multi-BPA specific to cater to small businesses to come in and show their capabilities to the government. And that's one of a kind in my experience at CBP where we had one contract vehicle but two different scopes, which covered both infrastructure as well as the software development side, and we were able to award that contract successfully and even get past all the protests that came with it. And that's a game changer for us because now we have a good group of small businesses that we can leverage to be able to get solutions faster to our customers.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:Kristen. Anything you want to add on the acquisition side.
Kristin Ruiz, Deputy Assistant Administrator and Deputy CIO, Office of Information Technology, Transportation Security Administration:Yeah, I would just add that I work closely with Ms Dina Thompson, who was up here earlier, and we strategize on opportunities specific when we did our fast contract re-competes. We look to leverage a lot of the same processes and practices that are in the PIL to be able to expedite our process as well. So that came to oral presentations down selecting, in some cases, advisory down select boards. So we're really looking to see how we can be more efficient with our documentation process and making sure that we give vendors an opportunity to come in and see if they have an opportunity to showcase their capabilities without making it a long, drawn-out process to get to the end.
Heidi Yost Myers, Acting CIO, Immigration and Customs Enforcement:Yeah, I would echo that. I was definitely trying to, you know, use some of the pill techniques, focus more on reducing documentation.
Tony Orlando, Director of Customer Mission Speciality Sales, Google Public Sector:Okay, Okay, thank you.
Audience:How's it going? Thomas Walker, palo Alto Networks. So my question is, I guess, start with Jay, but we'll work backwards. How are you guys approaching the threat of adversarial AI, right? So one of the things that I've come to kind of realize is that everyone's incorporating all these great products and things like that, but we're giving them information and then, frankly, most of you guys have data sets out there that are ripe for mining. So what tool, strategies or whatever are you guys using to kind of guarantee your enterprise now and in the future?
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:Starting with that, with JD, you want us to go, I can go. You could have stated the question with what keeps you up at night, and that would have answered that question. To be honest with you, that's a great question and it's something that I heard from our leadership and CBP, our Border Patrol leadership and our OFO leadership that our adversaries in the southern border are using drone technology and leveraging AI to look at Border Patrol agents' movements and placements in a given day to see how they can use that data in being able to leverage AI and use the data to say where they can bring their drugs into our country. It's a big challenge. It's a big challenge and how we try to get out of the game is to be able to invest in the same technology to be able to get ahead of our adversaries. It's constant awareness of what the adversaries are trying to do and how can we counter that?
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:The challenge there for us is the adversaries are spending a lot more money and effort into building these capabilities to scheme the system and they just have to be right once. We have to be right and we have to be able to prevent those deaths 100% of the time. That's the challenge that our officers and agents that are putting their life on the line day in and day out in these adverse conditions, and our job as IT professionals is to be able to give them the tools, whether it's systems, whether it's leveraging AI. It's just not AI in a vacuum, right. It's AI working hand-in-hand and integrating with our systems, our data, and it comes from how we manage those systems and how we leverage those AIs in a meaningful fashion to be able to counter that. It's easier said than done, right.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:One of the things that we need to do and I think everybody needs to do this is just understand how the data is being used, what you're connecting out to, et cetera.
Kevin Cox, Deputy CIO, Federal Emergency Management Agency:So it starts with the requirements and the design of how we would want to apply AI to any application within our mission space working with a vendor to understand where the data repositories are, to the extent that we can set up a sandbox and still benefit from the various features of AI, and really working closely with our partners to design that. And to the extent that we have, like FedRAMP, for example, fedramp environments where we have a good understanding of how the data is being used, making sure that any of our government agencies, that any of our data is going out to the wider internet without us knowing it or being able to really manage and control it. So all of that comes into the design process and then, once we have a good sense that the data is properly managed and is being managed in a responsible way, a secure way, we can then look at how we apply that to the various applications I would.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:I would say from from an industry perspective, it's our duty as an integrator and as a team that is going out and operationalizing AI for a mission, that we have to harden these systems and we have to protect them against adversarial machine learning. So that's a new and up-and-coming thing that everyone's going to start hearing more and more about, the more AI you put into the field, especially at the edge. So it's really applicable to CBP and to other DHS organizations, whether it's hardware-based or software-based, how your models are out there. Your models are ripe for attack. So what I think you're going to see is a fusion between the AI landscape and the cyber landscape, and you're going to need systems in place to protect these models. So we talk a lot about machine learning operations and we talk about how do we train models and how do we make sure we understand the data sets aren't biased and how do we verify those models and test them and then deploy them. But then it kind of stops there and nobody really thinks about what happens after deployment, other than do we have enough compute power to do that inference?
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:And the key and your point is a great one is the adversaries are attacking these models.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:There's over 50 different ways they can attack models right now, but the three most prolific and potentially some of the most dangerous are a data poisoning attack, where they can essentially drop new data off your sensors or your systems to force a shift in the model output.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:The second one's an inversion attack, where they can go in and they can reverse, engineer what logic is in the model to go ahead and figure out how to, you know, make a decision and then alter it. And the last one and you were alluding to this is an exfiltration attack, where they can work their way back to the training data and essentially break that and pull information out of the models. These are things that are happening today, as you said, at the border as well as all over the world, and so what you need is a continuous process, continuous monitoring, post-verification, looking for these types of things, and this is really that combination of AI and cyber, but you also need to start looking at techniques around counter-AI. How do you effectively defend against that if your model is being attacked? So it's about the awareness, it's about the monitoring and it's about how do we defend those models and make sure that we stop an attack as it's happening.
Tony Orlando, Director of Customer Mission Speciality Sales, Google Public Sector:Yes to all of that, agree completely, and I'm in a unique position that I am at the intersection. I run three businesses, but two of them data, ai and security. As Jay just said, they're coming together, they're fusing. What I think about with with your question, sir, is a couple of things off the top. Right, ai at Google, we're embedding AI into all of our products to help customers and partners really automate the rudimentary tasks. Right. And our adversaries, as noted, they are deep-pocketed. They've got the best of the best technology. They're innovating faster than public sector is right. So the defense side of it how do we defend against AI, for, you know, illicit use? You've got to automate as much of the detect and response that you possibly can so that your best people can really focus on the new threats or the anomalies that you're not even sure are true threats, but that's really where the human factor has got to continue to be focused. With that, though, comes constant training and education of professionals in DHS and all the components, as well as partners across industry, and we recognize this is a gap and a challenge. We've got a lot of free training out there on this topic, in this space, just so that our ecosystem to include public sector agencies and our partner ecosystem can stay up and current right. Last thing I'll say, because I could go on on this topic for days but shadow IT right. If we don't create the environments, we don't create the wherewithal for employees to leverage tech and have a choice in technology. Right, give them access to what is FedRAMP high. Right, give them access to what's accredited, give them access to what's ATO'd and let them choose. Choose, because if you don't do that, they're going to go out and they're going to find a way and in, as Jay was saying, with the access to the data out there.
Tony Orlando, Director of Customer Mission Speciality Sales, Google Public Sector:And I advocate for a secure API platform. Right, so that you've got governance, data lineage, you know who, what applications are talking to what and if you do have an incident, you're able to very quickly ascertain was that permitted or not permitted? Is this the needle in the haystack or not? Otherwise, you've got APIs being built that are accessing data in cloud and remote systems and they're running against AI models that may even be authorized, but that data may not be authorized. And they're running against AI models that may even be authorized, but that data may not be authorized. And that creates additional surface risk for you, but you can again think about the 360 view. It is best practices and policy, it is education and training, and then it's actually, in addition to that, providing the environments and the technology so that it can be not just prototype but operationalized in a structured way.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:Can I just just put stop one thing here? Sure For those in the audience and the government. That's a really important point about making technology accessible to your users, otherwise they're going to find a way. I won't name the government agency, but we're working with a government agency who has been hesitant to adopt even basic large language models and things like that for code developers. And they brought in a new CTO and he sort of looked at the landscape and he said I need to get ahead of this.
Jay Meil, Vice President of Artificial Intelligence, Chief Data Scientist, SAIC:I know my code developers are going off of their GFE computers onto their personal computers or other computers. They're going on to chat sites like BARD or GPT or any of these Semistral whatever it might be, and they're developing code and then they're bringing it back to government systems. And so he said I've got to get ahead of this. This is only going to get worse. I'm not going to be able to shut it down. We need an example now where we can go into a FedRAMP high environment and expose code or anything that we're trying to ask to these models in that GovCloud high environment so that they can get rid of that shadow IT problem. So it's really something to think about that just because we're saying no, because it's the way we've always done, it, doesn't mean that the folks coming in aren't going to find other ways to do it.
Jay Alalasundaram, Deputy Assistant Commissioner, Software Applications and Services, Office of Information and Technology, U.S. Customs and Border Protection:No, they just became my best friends when they said share Shadow IT. When you say no to Shadow IT, no, that's a great point.