Originally broadcast July 23, 2012
Arlington, VA
Host: Welcome to The Business of Government Hour, a conversation about management with a government executive who is changing the way government does business. The Business of Government Hour is produced by the IBM Center for The Business of Government, which was created in 1998 to encourage discussion and research into new approaches to improving government effectiveness. You can find out more about the Center by visiting us on the web at BusinessofGovernment.org. And now, The Business of Government Hour.
Michael Keegan: Welcome to The Business of Government Hour. I’m Michael Keegan, your host and Managing Editor of The Business of Government Magazine. The National Oceanic and Atmospheric Administration, NOAA, relies on information and technology to carry out its mission to understand and predict changes in climate, weather, oceans, and coasts. The Agency depends on the availability of and access to high quality, timely and reliable information, and the technology that makes it all possible, both are strategic assets to an agency that understands managing these resources efficiently and effectively is key to its being successful.
What is the information technology strategy for the National Oceanic and Atmospheric Administration? How is NOAA modernizing its technology infrastructure and ensuring its IT investments align with its overall mission? And how is NOAA providing a balanced stewardship between information and technology?
We will explore these questions and so much more with our very special guest, Joe Klimavicz, Chief Information Officer and Director of High Performance Computing and Communications at the National Oceanic and Atmospheric Administration.
Joe, welcome to the show. It’s great to have you.
Joe Klimavicz: Thanks, great to be here.
Michael Keegan: Also joining our conversation from IBM is Paul Kayatta.
Paul, welcome.
Paul Kayatta: Thanks very much.
Michael Keegan: Joe, before we delve into specific initiatives perhaps you could give us an overview of the history and continuing evolution of the mission of NOAA, when was it created and how has it evolved to date?
Joe Klimavicz: Sure, NOAA is fundamentally a science agency. It enriches life through science, and we like to think about our reach as going from the surface of the sun to the depths of the oceans as we work to keep citizens informed of the changing environment around them, and that can be anywhere from daily weather forecasts, severe storm warnings, climate monitoring, fisheries management, coastal restoration, and marine support. Our products and services are vital to economic interests of the United States. We’ve estimated that one-third of America’s gross domestic product depends on NOAA products.
So it’s an important mission, and we have dedicated scientists that use cutting edge research, and high tech instrumentation to provide citizens, planners, emergency responders, and other decision makers with reliable information when they need it. So we really think we touch
the lives of every American, and we’re proud of our role in protecting life and property.
So NOAA was formed in 1970 as an Executive Order. The agencies came together. At the time they were amongst some of the oldest agencies in the federal government. The United States Coast and Geodesic Survey was formed in 1807. The Weather Bureau was formed in 1870, and the Bureau of Commercial Fisheries was formed in 1871, so a lot of history there.
NOAA’s mission, science, we’d like to think of science service and stewardship. To understand but predict the changes in climate, weather, oceans, coast. Share that information with others and to conserve and manage coastal and marine ecosystems and resources. And our vision for the future is healthy ecosystems, communities, and economies that are resilient in the face of change. Fundamentally, we’re a science organization that is trying to understand our environment and get that information out to everybody as fast as we possibly can.
Michael Keegan: So it’s such an interesting mission. I’d like to get a sense of scale of operations that you support. Would you describe how NOAA is organized, the size of its budget, number of fulltime employees, and its geographical footprint?
Joe Klimavicz: Sure. Well, NOAA is a very diverse organization, made-up of six line offices and many different missions. The National Weather Service is probably the one that gets the most attention, but in addition to the National Weather Service we’ve got the National Ocean Service, National Marine Fishery Service, National Environmental Satellite Data and Information Service, Oceanic and Atmospheric Research Service, and then Program Planning and Integration.
Our budget in our FY ’13 request was $5.1 billion, that’s a pretty good number, given everything else. And so we have about 12,500 Federal employees including the NOAA Corp, which is one of seven U.S. uniform services. And then when you look at onsite contractors and associates, visiting scientists, we’re about 25,000 total onsite. And we have a presence in virtually every state and U.S. territory. I think the last count we had about 435 buildings across the country, 122 weather forecast offices around the country. We also fly 17 satellites, eight buoy networks or 1,000 stations are deployed. We have 19 ships and 14 aircraft. So that’s a very diverse set of assets.
In addition, we have three weather and climate research supercomputers and two operational supercomputers. We have 284 data centers all over the country. We have 46 IT investments and 71 mission systems according to our inventory and 47 infrastructure systems. We also are responsible for 13 marine sanctuaries and one national monument, and many other commercial fishery plans and fishery councils and so on. So you can go on and on, but it’s a very, very diverse and very important and exciting place to work.
Paul Kayatta: Now that you’ve given us such a great sense for the larger organization, perhaps you could tell us a little about your specific area, what are your responsibilities as the CIO and as the Director of High Performance Computing and Communications, how is the office organized, and how do you align back to the mission that you described?
Joe Klimavicz: Sure. Well, I like to think of our office as sitting right in the middle of those assets I just described. Our office is responsible for essentially all the information and information technology resources. NOAA spends about $1.3 billion annually on its IT portfolio, and that’s larger than all the four nondefense bureaus. And we’re bigger than a lot of department IT budgets, so it’s a pretty big portfolio.
We have the standard CIO responsibilities of planning, reporting, oversight for all those investments, cyber security, information quality, privacy responsibilities. My Deputy is the Chief Privacy Officer. These responsibilities originated in a lot of statutes, Clair Cohen, FISMA, the Federal Information Security Management Act, Information Quality Act, and the Privacy Act, IGA ACT, and so we had to implement all those and monitor all those statutes.
I’m supported by a CIO Council composed of line office CIOs. And then we provide a whole host of enterprise wide mission essential IT services, such as e-mail, web hosting, networking and security response and monitoring. And through our high points computing and communications program we’re striving to ensure that we’ve got the computing necessary to propel our science and our service missions enterprise wide, supercomputing, to support both sides of that activity
A little bit different is that I’m also responsible for NOAA’s homeland security program, ensuring preparedness and response and mission continuity in event of a terrorist attack, disaster, or other emergency.
And one of the areas that we really spend a lot of time focusing on is a program called NOAA Link and that’s a partnership with our Acquisition and Grants Office, but it’s innovative, strategic sourcing vehicle to provide economies of scale and enterprise wide acquisition for our IT infrastructure and services.
And then, lastly, is that I also serve as the Department of Commerce Senior Agency Official for geospatial information, and also the Senior Executive responsible for the Department’s use of the radio frequency spectrum. So all that keeps me pretty busy.
Michael Keegan: Well, with such an expansive portfolio, and that’s quite expansive, what are your top three challenges that you face in your position and how have you sought to address those challenges?
Joe Klimavicz: Well, every day we’re working on I think three areas that you could have lots of subordinate areas. And number one, and I think is number one for a lot of CIOs, is cyber security. Our ability to execute our mission is at risk every day. Just connecting to the internet is a very dangerous place to be. We had well over a thousand incidences we had to respond to. Not all of those were, obviously, penetrations or anything, but a lot of things we have to respond to.
This has been highlighted from the Department of Commerce and Inspector General as one of our top challenges across the entire department, every year from 2007 through 2013 now. It’s not unique to NOAA, but we’re not excluded from that, the same cyber threats, so it’s a big deal. It takes a lot of time and effort.
The next one I would say is cost reduction. And all CIOs are under incredible pressure to reduce their operating costs. We must respond to this. It makes it challenging that the growth of information is tremendous. It’s necessary to improve our forecasts, our services, so you’ve got requirements going up and you’ve got to improve your security posture, yet I’ve got to drive down the operating costs. And we’re also trying to get the right skill sets from the workforce, and if I could add a fourth I’d say it’s the critical skills in your workforce because that’s how you make all this happen.
But I think the other thing is, the other area is enhance portfolio management because if I’m going to really reduce cost I’ve got to get a better handle and drive convergence of those investments -- consolidation, standardization. So we really spend a lot of time on how do we consolidate our IT infrastructure and our services to produce and deliver the most efficient services to support our very important mission.
Paul Kayatta: So speaking of workforce skills, I understand you began your career over 25 years ago with the government at the Central Intelligence Agency. It sounds like a very interesting start to a very successful career. Can you tell our listeners how you began this career? And what brought you to your current leadership role?
Joe Klimavicz: Yes, I have a very different background than probably most CIOs. I came to NOAA in 2007, and before that I was in the Department of Defense as a Deputy CIO for a National Geospatial Intelligence Agency, and I also served as the Department of Defense Senior Agency Official for Geospatial Information, so I may be the only person that served the senior geospatial person for two different Cabinet level departments.
But I began my career in 1983 with the CIA as an imagery scientist. I was developing photometric math models for the National Photographic Interpretation Center, and did that for about seven years, and then moved into different line management positions, stayed within the intelligence community, but the opportunity to continue career advancement as I moved over from CI to DoD. All of these positions had been in the information technology operations and acquisition.
So before that, I received a Bachelor of Science Degree from Virginia Polytech Institute and State University, and then a Master’s Degree from Virginia Tech, as well. Major areas of study are geodesy, photogrammetry, and imagery systems. That’s how I got into the National Photographic Interpretation Center business. It’s a little different career, but the CIOs across the Government, if you look at their backgrounds there are many different paths and backgrounds that they have and they all work.
Michael Keegan: What is the information technology strategy for the National Oceanic and Atmospheric Administration? We will ask Joe Klimavicz, Chief Information Officer at NOAA, when our conversation continues on The Business of Government Hour.
(Intermission)
Welcome back to The Business of Government Hour. I’m Michael Keegan, your host, and our guest today is Joe Klimavicz, Chief Information Officer and Director of High Performance Computing and Communication at the National Oceanic and Atmospheric Administration. Also joining our conversation from IBM, is Paul Kayatta.
Joe, NOAA views information as a strategic asset that is both critical and pivotal to helping it accomplish its mission. Would you tell us more about your IT strategy and the overarching goals and pillars that support your mission? How have you sought to modernize and standardize the use of technology across your Agency?
Joe Klimavicz: Well, I had to refer back to our last IT strategic plan that we published in February 2010. I think that the goals in that plan are still relevant, even though a lot has changed from early 2010. But the first thing we had in there was cyber security, and that goes along with the challenge. But we need to protect our IT investments from security threats and ensure that our information and technology is always available.
I think the next one is more of a mission focus on the IT, getting IT to enable our mission and looking for innovative uses of IT to support our evolving and growing mission needs.
The third thing is high performance computing. We spend a lot of money through the American
Recovery Reinvestment Act. High performance computing is a key to our research mission, our science mission, and our operations. We want to make sure we expand those capabilities essentially through on demand computing and embrace future technologies, and we’ve also been able to expand high performance computing to non-typical users inside of NOAA to see how we can really advance science.
The fourth one is enterprise wide IT services, and looking for efficiencies and improving effectiveness through enterprise wide solutions.
And then the fifth goal that we have outlined in our plan is a skilled IT workforce because in the end all of this comes down to the people. Technology is essentially available for everyone. It’s the people that are able to take it, embrace it, and figure out innovative ways to enable the mission.
And I think there’s three components of the IT workforce, and that’s attracting, developing, and retaining the best IT workforce you can. I would also say that since 2010 a lot of effort has gone into shared services. I co-Chair the Federal Shared Services Subcommittee, and I did that because I think it’s important and it’s the right thing to do, but our strategy really mirrors the Federal strategy. There what we’re trying to do is kind of crawl, walk, run, where we’re consolidating commodity ITs first and using that as building blocks and then go into more complex shared services.
Ultimately, we want to go more into the mission space. So we’re working in that area. I would really like to get to the point of looking to use services that have already been developed, either in the cloud or within another agency first before we go and build our own.
Michael Keegan: Well, that’s an interesting segue because your Agency carries multiple and often complex missions and information technology requirements and portfolios reflect that complexity. How are you fostering an enterprise view of technology, breaking down silos? But, more importantly, what are you doing to position your office to be looked at not just as simply supporting mission, but actually enabling mission?
Joe Klimavicz: Well, given NOAA’s mission I really look at it as you’ve got a lot of information coming in, you’ve got brilliant scientists adding value to that information, and then we send out that information to either the public or other agencies.
And so information is key to NOAA’s overall mission and none of that can happen without information technology. So one of the things we’re trying to do is improve the visibility and decision making by leveraging IT resources across NOAA and trying to position my office, the CIO’s office, in budget formulation and acquisition planning and really evaluating programs upfront instead of responding to a crisis afterwards or some other issue, so upfront involvement in the budgeting and acquisition planning.
The second thing I’d say is we’re really trying to remove barriers to deliver a uniform, modern, agile, cost effective set of services. It goes without saying if we can reduce the complexity we can improve our security posture, that’s one of the key things. I’m convinced that as we build more enterprise wide services it’ll make it easier for us to secure our IT, as well.
And then, lastly, I guess looking at IT is to position IT as a mission enabler through the right services, common services, and an infrastructure that supports our diverse mission, and really with a strong focus on improving customer service. Yes, we want to reduce our operating cost, but we also want to improve our service. We want to empower our employees to more effectively be able to execute their mission critical activities with IT and information.
Paul Kayatta: NOAA has an inherent responsibility to be a good steward of public funds and invest its budget wisely. I’d like to explore the IT capital investment process within the Agency. What have you done to strengthen NOAA’s process? How do you ensure that the investment decisions are mission aligned and cost justified? Could you give us a sense for how the process works?
Joe Klimavicz: Sure. So I came to NOAA in 2007, so I can’t take credit for any of those, but in 2003 NOAA leadership established a business process, and it’s well documented, where it incorporates all the decision making into a unified structure. And inherent with that is a NOAA CIO Council, and I Chair the NOAA CIO Council, I’ve got 51% of the vote. And I also sit on virtually every other NOAA Executive Group, Panel, or Council. So I’ve got a voice in all of our corporate decision making.
The CIO Council is empowered to make corporate decisions involving IT policy, resources, acquisitions, and we’ve got specialized committees. I think the last count was like seven committees underneath the CIO Council that essentially act as advisors and subject matter experts to formulate recommendations on how we should be addressing and handling information and information technology. So they bring that to the CIO Council for decision making.
And my office also has to submit and prepare and submit monthly updates to the Department and to OMB on all of our major IT investments. These updates are used throughout our business process to ensure success. We’re tracking success of our initiatives, and we also track our non-major IT investments, even though they don’t necessarily show-up on the OMB dashboard.
So we’ve got a full, mature governance process in NOAA. IT is integrated into our overall decision making and governance, and through the portfolio management. I’ve got a team that is out there every day looking and managing and making sure that everything is updated and it’s current. And we’re taking action if there’s any issues or hiccups.
Paul Kayatta: So you’ve described the governance process pretty well. Could you elaborate a little bit about how that process allows you to optimize the researchers?
Joe Klimavicz: Well, we’re looking at every investment on a daily basis and then we, on a monthly basis we get rollups. We also have reviews of each of these investments. We have an IT Review Board. We’ve got other review boards that we support. And then the Department has review boards. And then we participate in OMB reviews.
But recently the Acting Secretary of Commerce, Dr. Blank, released an enhanced department IT portfolio policy to strengthen the ability of the CIOs to manage these IT investments. This enhanced portfolio policy empowers the CIO to essentially create a streamlined architecture with common services, so a real emphasis on common shared services.
The idea here is to enable me to, as a CIO, to eliminate unnecessary duplication of IT investments. Now this isn’t going to happen overnight, but whether they be duplication in IT or duplication in our facilities or if we can streamline our process and automate our processes to reposition our workforce, these are all things that I’ve now got basically carte blanche to make those changes and to effectively carry out the things that are in statute.
So the NOAA CIO through this policy is the single point of authority for all NOAA’s IT, and this includes budget formulation, approving acquisitions, all personnel actions now for IT positions need my approval, and then I lead and conduct reviews, but here the real emphasis is on terminating or restructuring programs that are not necessarily effectively supporting our mission. So I’ve got a lot of authority, and we’re out there every day trying to make sure that our investments are serving NOAA’s mission and the American people.
Michael Keegan: Joe, I’d like to switch gears and talk about green IT, which aims at reducing the environmental footprint of IT products throughout their lifecycle. What are you doing in the area of sustainable IT practices? Could you tell us more about your efforts to be good environmental stewards and move to green computing?
Joe Klimavicz: Well, as an environmental protection agency we really do spend a lot of time focusing on how we can be better stewards, ourselves, of the environment. So I’m committed to reducing our overall IT footprint on the environment, and we’re trying to do this in a couple different ways.
One is lowering our energy consumption, a lot of things that go into that. How we configure and arrange our servers, how we consolidate our data centers, obviously, enterprise wide, Energy Star purchasing is another requirement. Old chillers that are inefficient are being replaced with newer higher efficiency systems, and a big emphasis on cloud computing. We have moved many programs to the cloud, many services we’re buying as services from the cloud. Again, that should be the most efficient way to procure the services and, also, I think because of the very high utilization numbers and cloud services, reduce our footprint on the environment.
I think, though, from a strategic perspective you need to look at this in a couple different ways. Business practices, do we have the right policies and strategies in place? Are we looking to identify and seize the easy opportunities? Changing the culture, instituting the procurement practices, like Energy Star, that really drives efficiencies. Is energy efficiency a consideration in our acquisitions?
And then on the technology side, a lot of stuff is going to, work is going to PC power management. We’ve also reduced our printing quite a bit through workflow management tools or better utilization of the technology to reduce our printing demand. We’ve reduced our number of desktop printers by over half in the last probably six months to nine months, so we’ve taken away a lot of the desktop printers to reduce our paper consumption. We’ve also started deploying to leadership the iPads, so in addition to iPhones, that conversion, we’ve also deployed iPads.
The NOAA leadership doesn’t want to see anybody bringing stacks of paper to leadership meetings, so you’d better not print anything out. But we also track the paper consumption, as well. So that’s all led to efficiencies.
Virtualization, we’ve made a big effort to improve our virtualization numbers. And there’s even things that we’re looking at in terms of microchips that can be turned off. We can turn-off individual processors that are not being used.
And I guess lastly is facilities, you know, reducing our IT load, and I’m not in charge of our facilities per se, but there’s a lot of things that we are looking at in that area to reduce our power consumption.
Michael Keegan: How is NOAA managing its information and technology resources, balancing the stewardship between both assets, we will ask Joe Klimavicz, Chief Information officer at NOAA when our conversation continues on The Business of Government Hour.
(Intermission)
Welcome back to The Business of Government Hour. I’m Michael Keegan, your host, and our guest today is Joe Klimavicz, Chief Information Officer and Director of High Performance Computing and Communication at the National Oceanic and Atmospheric Administration. Also joining our conversation from IBM is Paul Kayatta.
Joe, NOAA is recognized as a world leader in understanding and predicting the earth’s environment through advanced modeling capabilities, climate research, and real-time weather products. To do this it requires high performing computing systems. Would you tell us more about NOAA’s high performance computing and communications program and its goals? How does it seek to accelerate the adoption of advanced computing communication and information technology throughout your Agency?
Joe Klimavicz: Well, let me kind of go back to when I arrived at NOAA was that I found in my office a strategic plan for high points computing and was flipping through it and it was pretty clear to me that we had accomplished everything. And a strategic plan that you have accomplished everything is not very strategic.
So we set about getting our readers or leading scientists in this area to help us put together a new strategic plan. And one of the things that we said we wanted to do is reach out and work with other agencies, other departments to utilize leadership class assets. We don’t necessarily have the money to buy the world’s biggest nor does that necessarily do we have to do that to support our mission, but in high performance computing you do have to continue to advance and use cutting edge technology otherwise you will be left behind.
And so by working with the Department of Energy, with National Science Foundation, NASA, we were able to utilize computers that were very much more advanced and larger than what we had. And that actually helped form our thinking for a strategic plan for high points computing that we put together in 2008, 2009.
As it so happened, that we explained to everybody why we needed this, these computer assets, and how they were going to help us improve our weather forecast, our ability to forecast hurricanes, and track an intensity, and look into the future for climate change. So we had these plans in place and we received $170 million of the ERA funding to replace our research and development supercomputers.
In the end, in March of 2012 we completed basically a modernization and recapitalization of all of our research and development supercomputers, and what we ended up with is seven times the computing that we had originally. So in essentially two years we ended up with a 7X improvement in our research and development computing.
We did this in cooperation and collaboration with the Department of Energy, so this computer sits down, you know, the biggest one for our research sits down in Oakridge, Tennessee, in the Department of Energy’s lab down there. And, again, going back to your question about green IT, here we didn’t have to build another data center, we’re taking advantage of space that’s already there, and it has a lot of advantages.
We also connected these computers, so we went from three computers to two computers that were much larger than what we had. So that’s an efficiency in and of itself. The locations of these computers were not collocated with the scientists or even with the information. So we had to connect them together.
What we did there is we spent a little bit of money connecting all of the nationwide research and education networks together into something we call N-Wave. So this is a 10 gig, 200 gig connection, taking Internet2, National Invareal (ph), all this research and development, education networks across the country, and trying essentially to glue them together at critical points, enabling very large data files to move from the computing to our data stores to the scientists. That’s a major accomplishment, and I think what we’re ready to do is to continue to expand on how we collaborate and share these computing assets across the federal government. They are key assets at the Federal level to spur innovation.
We’ve got test beds in place to work with the next generation of supercomputing chips, things called graphic processing units, or many integrated core technologies. The future computer processors are going to be very different than what we’re using today, and we need to be prepared from a software perspective because we have millions upon millions of lines of code that need to be able to run on the next generation of hardware. It takes years to prepare for something like that.
We’re also in the process of replacing all of our operation supercomputers. We’re doing that, and then it should go live within the next generation of operation computers October 2013. And that’ll be about a 4X improvement in our operational computing. Again, we’ll make sure that we’re capable of running high resolution models and complex models. This is what really drives our ability to forecast changes in the environment, so a lot going on in this area. It’s very, very important to NOAA.
Paul Kayatta: The complexity and diversity of NOAA’s programs require a range of analytical techniques and approaches to manage them effectively, therefore, increasing that use of analytics and enhancing those types of capabilities I’m sure are critical. Would you elaborate a little bit on those current efforts to strengthen your analytical capabilities to support these programs?
Joe Klimavicz: Well, this one may be a little challenging, but I look at this as kind of the big data problem, and NOAA is all about big data. Our data sets are growing so large and they’re so dynamic that our traditional tools and methodologies are becoming problematic.
So big data to me is not about the creation of content or even the consumption of content, but it’s about being able to use that data to predict and meld these inputs into intellectual understandings and the reasons why things are the way they are, that may not be easily detectable or observable.
We see that in a couple of different areas in NOAA. We’ve got new satellites being launched and an increase in the type of information coming down, but an incredible increase in data volumes. I mean we’re estimating that the data volumes are going to increase by 10X by 2020. And so this is actually good on one hand, that you need information to improve our services and our capabilities, but we also have to process the data to create better forecast models, et cetera.
And one high performance computing system acts as 30 petabytes of data; 12 petabytes of new data are added each year. In terms of a specific analytical technique or capability, what we’re really trying to do there is increase the capability of the computing system so more people can gain access to the supercomputers, and this goes back to the 7X improvement on our research and development side of things. Nontraditional users are actually able to gain access to the supercomputers and build models, super models that will allow them to gain insight from this information and improve their services.
So rather than going through a particular set of analytical techniques I would just answer this by saying we’ve got endless amounts of complexity we can add, additional information we can add to our models to gain better understanding, such as ocean biochemical or geochemical cycles, interactive chemistry, atmospheric chemistry. There’s a lot of chemicals we measure in the atmosphere and how those all interact. I mean, we’re constantly striving to get a better understanding of that. And those are going to be key going forward into understanding our change in environment.
So those are the things we’re really doing, so I think key to your question is really making sure that the right computing is available to not just the weather forecasting but to all of our scientists and all of our disciplines.
Paul Kayatta: I want to switch gears just a little bit and talk about IT security, particularly cyber threats, one of the challenges you mentioned earlier. Today rapidly evolving technology increases an organization’s vulnerabilities. The importance of cyber security standards and their application within NOAA, I’m sure are critical. Would you elaborate a little bit on the efforts to secure the IT infrastructure and to combat cyber security threats? What are you doing to implement safeguards to reduce these attacks and sustain the heightened user security awareness?
Joe Klimavicz: Well, we certainly have good experience in this area, coming from the intelligence community, but really faces the same threats that everyone else in the federal government and also in industry faces.
And I kind of look at this in terms of three sources of attacks. There’s the criminals that are out there trying to steal things for profit, and we see a lot of activity in this area. There’s the typical espionage information, sabotage, that kind of thing, living in your environment. But there’s also an area that’s growing pretty quickly, and that’s the co-hacktivism. Folks looking for publicity and to like deface a website or bring down a capability. And they’re not really trying to get rich or they’re not trying to steal your information, but they’re trying to make a point.
And so what we’re trying to do in these areas is really improve our ability to monitor and respond and commensurate with that we stood-up in early 2010 a security operation center that’s constantly monitoring all of our devices, our networks and trying to correlate very subtle events and trying to make sense of all of the activities because a lot of these attacks are really subtle. Looking at one computer you might not be able to pick-up anything, and then just providing the capability of responding.
A lot of the other things we’ve got in place have been in the news for quite some time. Homeland Security Presidential Directive 12, HSP12, everyone has HSP12 cards, but here we’re really trying to use the HSP12 cards for logical access. Now we’re not quite there for everybody, for every purpose, but we are using these cards. That we think really enhances our security posture.
We also, because of NOAA’s connection with uniform services, are using the same solution, technical solution that DoD is using, so we’re able to bonus off some of their implementations and technologies.
Trusted internet connections are making sure that as we go forward, we have secure connections to the internet. The Department of Homeland Security has approved us for four trusted internet connections, and we actually are managing, you know, building those out and managing them ourselves. It’s a little different, but we think that’s the most cost effective approach.
And we have a fairly robust FISMA compliance program, ensuring that the efforts that are underway in NIST, a sister agency of NOAA’s in the Department of Commerce, that we’re appropriately implementing and managing our FISMA compliance. And it does have value in terms of making sure we’ve got the right framework in place.
Continuous monitoring is a huge operation right now, and being able to track reports and assess end point security is something we’ve put a lot of time and effort into.
And the last one I’d say is looking from a critical infrastructure and the analytics and the analysis there, trying to understand and document what risk our systems are at and how they affect our mission. So if one particular type of box is compromised, where do we have that box in inventory, both looking upstream, downstream, and then what it means to the overall ability of us to carry out the mission.
So those are the main activities, and it’s expensive in this area. And you really need highly qualified individuals.
Michael Keegan: Well, Joe, I want to explore an aspect of NOAA’s mission, which you referenced earlier, and that’s the homeland security aspect. Would you elaborate on NOAA’s homeland security role and how your office supports it? And, more particularly, what are you doing within your Agency to preserve the continuity of IT operations?
Joe Klimavicz: We have a homeland security program office, and this goes a little bit beyond IT, but as I mentioned information and information technology, to me, are central to our mission. And the way I kind of look at this is we want to secure all of our applications. We want to secure all of our systems, but at the pinnacle or top of the pyramid is the mission, securing the mission and enabling the mission. And that’s what this Homeland Security Program Office is really focusing more at the top of the pyramid versus and the cyber security is down in the weeds of individual application sites, networks and systems. But they all fit together and it is a continuous set of activities.
The Homeland Security Program Office, they plan, they program, they write policies to essentially carry out our ability to respond to incidents, strengthen the Agency’s ability to prepare for and respond to and recover from anywhere from terrorist attacks, major disasters, and emergencies. When we had the earthquake in Virginia, I mean we immediately were able to test out our capabilities, and we go through regular participation in national level exercises.
It also serves as the focal point for NOAA leadership. The Department, White House’s Homeland Security Council, the Department of Homeland Security, and other interagency partners. So this is kind of a focal point for homeland security activities.
We maintain Econops (ph) for all hazard incident management within NOAA, that is in compliance with the national response framework. The staff at NOAA has in place and DHS’ Ops Center falls under this office, so obviously weather is a critical component of anything that the nation would do in terms of a response or preparation, so we have people that sit down there in DHS’ Ops Center and they come under this organization.
There’s a lot of planning that goes on in this organization. A lot of planning, a lot of exercising, and I would say, though, that we have a lot of things that go on, whether it be wildfires, tornadoes, hurricanes, floods, that this office is involved in. So we get more exercise in this area than some other departments and agencies do. And it’s good that we have opportunities to prepare because you never know when something like this is going to happen.
And then you asked about what we’re doing from an IT perspective, what we’re trying to do there is really make sure that we understand what we have, where it is, the interconnections, the ties into critical infrastructure across the country, but also making sure that our critical systems have robust backup capabilities and they’re tested on a regular basis.
Paul Kayatta: So given that the Agency’s critical mission, that you just described, requiring so many diverse competencies, how do you maintain a well-trained technical workforce to be able to meet these challenges?
Joe Klimavicz: Well, I think the first thing is to encourage your staff to maintain the proper certifications in their particular disciplines, but I think more and more this is more than just being Cisco, Microsoft certified. It’s project management certification because more and more we’re depending on contracts and actually buying services from either the cloud providers or other agencies.
And so we want to make sure that we’ve got a workforce that has skills in program management, project management, acquisition, things like communications, and how to write and manage requirements.
Another area that we’re really trying to focus on is getting everything to a process driven organization, well defined processes. And those are different skill sets than typically you’d find in more of the technical certifications.
I think cyber security is one area that we’ve really made sure that at different levels everybody has to be certified and complete annual training in the security area. So whether you’re an authorizing official or somebody, you know, lower level actually doing software development, make sure you have the right security certification.
Michael Keegan: What does the future hold for information technology within NOAA? We will ask its Chief Information Officer, Joe Klimavicz, when our conversation continues on The Business of Government Hour.
(Intermission)
Welcome back to The Business of Government Hour. I’m Michael Keegan, your host, and our guest today is Joe Klimavicz, Chief Information Officer and Director of High Performance Computing and Communication at the National Oceanic and Atmospheric Administration. Also joining our conversation from IBM is Paul Kayatta.
How are you folks leveraging partnerships to improve IT operations and outcomes?
Joe Klimavicz: Two examples come to mind. Let me, before I give those two examples, I believe that CIOs need to be out, connected to other CIOs. I mean the beauty of having the CIO title is that everybody has one and you just need to find who they are. You share, you talk, and I think we all face a lot of that same challenges. So I think that’s important.
I also think it’s important to connect and stay connected with industry. There are a lot of venues out there that I participate in with industry and government interaction, and you’ve got to constantly be learning. This is a very dynamic area and sometimes I learn more about what’s going on in other departments and agencies from industry. So it pays to be well connected and to maintain an understanding of what’s going on in other places. I typically don’t have enough money to be the first, but I don’t want to be the last in anything either, so I’m somewhat competitive in that area.
But I’d say one of the areas that jump out is high points computing. We have used significant amounts of the Department of Energy supercomputing, NASA, and National Science Foundation. And so we’ve been able to work different arrangements, agreements. And then we also open-up our supercomputers to -- I think we’ve got scientists from 29 different countries that actually use our supercomputers, so that actually adds to our -- some of our security challenges. So, but we need to share our assets. I think it’s great that we’ve been able to utilize other agencies and departments’ assets. That’s one that comes to mind, and that’s worked out very well.
The other areas, we moved everybody to Google Apps for Government, and we spend a lot of time with GSA and owe GSA a big thanks for this because they moved before us. We moved 25,000 mail boxes, and I think theirs was around 17,000, and we spent a lot of time talking to them about what worked, what didn’t, but they were actually able to share all of their training materials with us, and so a lot we could reuse.
So whenever you’re looking to move to another service, another technology, it’s important to understand who has gone before you and I would reach out and talk to those individuals, see what worked, what didn’t. Inevitably, there’s somebody out there.
Paul Kayatta: And fiscal constraint, it’s critical that agency leaders act with strategic intent and keep their workforce motivated to or aligned, focused on the mission. Reflecting on your leadership at NOAA could you tell us how you continue to keep those employees focused and motivated sometimes in a dramatic and painful environment? How have you sought to ensure that NOAA continues to fulfill this mission and deliver results in such an era?
Joe Klimavicz: Well, as I said earlier, the workforce is absolutely key to your ability to execute your mission and it’s a continuous process to recruit, retain, and improve the skills of your workforce. And I think one of the key aspects to retain and actually and recruit is to enable the people you have working for you to get to the next level, to get to the next job. And I’m a big believer in training. I think you need to spend a lot of money in training, especially when you can’t necessarily give somebody extra money right now with the climate.
But you should be trained for the job that you want next, not for the job you have. I assume that you already are qualified for the job you have, but I actually go around and talk to the individuals and say what job do you want next? And they look at me sometimes as are you trying to get rid of me? And, no, but I think it’s important that you prepare in the current job for the next job.
So I think when people want training, and I’m proud of our metrics that we have in this area, whether it be for moving to the executive ranks or in a different technical area or going from entry level to something, managing programs for someone, help the people get to the next level. But at the same time I’m honest with them and say I need two good years from you, you know, stay in this job for two years, give me everything you’ve got and I’ll help you prepare for the next level.
People also like to work in an area that they think is moving forward, it is dynamic. And if you’re not moving forward you’re moving backwards. And I think it’s important to have a very powerful vision and really push the organization to push the people.
I’ve made the comments that I think everybody ought to have the opportunity to fail. And you really don’t know what people are capable of doing until you push them. And you want to be able to manage that failure rate, but I think it’s important that everybody has the opportunity to demonstrate what they’re capable of doing.
So learning environment, challenging environment, constantly pushing, moving forward, implementing new technology, making sure that people have the opportunity to use cutting edge technologies to the maximum extent, that will allow you to go after good talent and keep good talent.
Paul Kayatta: Given the importance that information technology plays in the mission and program delivery, how has the role of the CIO evolved, especially when considering that of being part of it and of being a trusted advisor? What are the characteristics of a successful CIO in the future?
Joe Klimavicz: Well, I made the point to NOAA and department leadership that I really want to be a buyer of IT and IT services in the future. And I think I’ve seen more and more of that. It’s evolved from in the early days of you had to build the IT yourself, you had to operate it, and it was all a fairly closed system and it really was more about the IT. Now it’s less about the IT and more about the business, and I think that actually brings you closer to the mission to being a trusted advisor.
If I could reduce my job to taking our customers’ requirements and funding and provisioning the right services at the right time at the right price, I mean what they need, but I didn’t actually run any of those operations I’d be okay with that because I would think especially the business case is there. I think the future is buying from the cloud, buying from other agencies that have already implemented these services, and only then if you can’t find what you need at the right price is implementing yourself. But that, to me, is a last resort. And that’s how things are going to change
Michael Keegan: Well, if we can keep on the future, I’d like to get a sense of what you think some of the major opportunities and challenges your organization will face in the future, and how do you envision you will evolve to meet those challenges and seize those opportunities?
Joe Klimavicz: Well, go back to the workforce and the budget, I think budget pressures are going to only get worse or pervasive today and they’re only going to get worse. And so how do you get and keep this workforce that’s going to help you carry out this mission that’s so important?
And I also think the workforce that we have is kind of at crossroads. I mean a lot of folks are retirement eligible, kind of the baby boomer age, and a limited supply of specialized talent. When I look at cyber security and contract management there’s a lot of competition for these skill sets, and so how do you make it an attractive place to work, I think has a lot to do with the last question you asked, in that budgets are going down and how do you address the workforce issues? Those are the big challenges.
Having opportunities I think we really need to look at creative ways of leveraging services that have already been provisioned and this goes back to it might be a lot easier for me to find people who are good at program management, acquisition, and contracts than some of the extremely technical skills.
Michael Keegan: Well, as we close today, Joe, you’ve made a comment throughout our conversation. It was a thread about the workforce, the importance of the workforce, and executing your mission, your Office’s mission and your Agency’s mission. I’d like to get a sense of what advice would you give to someone who is considering a career in public service?
Joe Klimavicz: Well, first, I’d say that public service is a great career choice. You get to do some really cool things, and a combination of my CIA, DoD, and NOAA, I’ve gotten to do some really cool things, like flying in the cockpit of a category 3 hurricane, in a NOAA hurricane hunter, and that’s quite exciting. And so there’s some really cool opportunities, but more importantly you get to make important decisions every day that can benefit society, benefit all citizens, and so you’re kind of in the driver’s seat for making important decisions.
But I think the whole thing I would tell people is you can take the role of public servant very seriously, and you also need to understand that as a public servant you’re always in the spotlight, and that scrutiny on everything you do, everything you say is something that’s going to kind of become more intense as we have this pressure on budgets. But great career choice, you get to, like I said, do some really cool things and make important decisions. I would recommend it, but just understand you’re always in the spotlight.
Michael Keegan: Yes, well, I want to thank you for your time today, Joe, but more importantly Paul and I would like to thank you for your dedicated service to the country.
Joe Klimavicz: Well, thank you very much. I really appreciate having the opportunity, so thank you.
Michael Keegan: This has been The Business of Government Hour, featuring a conversation with Joe Klimavicz, Chief Information Officer and Director of High Performance Computing and Communications at the National Oceanic and Atmospheric Administration. My Co-Host from IBM has been Paul Kayatta.
Be sure to join us next week for another informative, insightful, and in-depth conversation on improving government effectiveness. For The Business of Government Hour I’m Michael Keegan, and thanks for joining us.
Host: This has been The Business of Government Hour. Be sure to visit us on the web at BusinessofGovernment.org. There you can learn more about our programs and get a transcript of today’s conversation. Until next week it’s BusinessofGovernment.org.
