Sonny Bhagowalia recently became the new permanent CIO at the Department of Homeland Security’s (DHS) Customs and Border Protection (CBP), but the title change was more of a formality. Bhagowalia became acting CIO last June, and with three years in top tech leadership at the agency, he already comes equipped with a clear strategic vision for the agency’s IT and cybersecurity.
Bhagowalia – also the assistant commissioner for the Office of Information and Technology at the agency – talked about CBP’s strategy for this year in an exclusive interview with MeriTalk. That includes how the agency is modernizing its technology, training for better cybersecurity, and how his deep tech leadership experience has come into play.
“Our strategy for the year ahead is to make sure we deliver secure and reliable IT services and capabilities at the speed of mission, that’s really important with a 24/7 global operation,” Bhagowalia said. “But the speed of mission is continuous, and needs to change dramatically.”
Within that overall strategy, CBP’s IT leader has six focus areas: mission applications, mission infrastructure, mission-critical partnerships, enterprise cybersecurity, enterprise IT governance, and agency vision on workforce development.
That sounds like a lot, but Bhagowalia – with previous CIO stints at the departments of Treasury and Interior along with the state of Hawaii – brings plenty of experience in top-level planning.
“We just looked at the landscape, and we believe this is the best way we can keep the excellence that CBP is expecting of us, and how IT is every day enabling the mission,” Bhagowalia said.
Putting TMF to Work
Part of ensuring agency tech capability is up to snuff for mission priorities relies on making sure the organization is modernizing to achieve mission goals. Along those lines, CBP was the first component of the Department of Homeland Security (DHS) to win funding from the Technology Modernization Fund (TMF) to undertake IT modernization.
Last year, CBP secured $15 million from the TMF to fund an update to its 30-year-old Automated Commercial Environment Collections module. With CBP being the second-largest collections agency, it was important for the agency to stop relying on a legacy system with antiquated code. CBP received the first $9.5 million of the funding last year and expects to receive the remainder in 2021.
With TMF receiving a $1 billion influx in funding from the recently signed American Rescue Plan, Bhagowalia is optimistic about the benefits that can flow from the vastly expanded funding source both to his organization, but also the rest of the government.
“This is the last part of legacy code to get off the mainframe, so this is why we received the $15 million and we’re on path to do that,” Bhagowalia said of CBP’s TMF award.
“We’re pleased to see what TMF can offer to agencies, and we look forward to applying and being successful for other mission areas that we have, not only in the age of COVID but also in the age of cybersecurity and everything else that we need for our mission,” he said.
“We think the TMF is a good thing, and I’m actively working with DHS CIO, Mr. [Eric] Hysen … and really seeing how we can look at sort of a combined DHS approach” to securing TMF money, he added.
Human-Focused Cyber Effort
When looking at where the agency still has room to grow from a cybersecurity aspect, Bhagowalia said CBP is focusing most on making cybersecurity everyone’s responsibility and looking to minimize human error whenever possible.
“Of course, we have a lot of protections in place, but it’s always good to make sure that you know human error is taken out of the equation,” he said. “We try a lot of proactive ways to do that … but human or user error can be a challenge, so we try to do everything we can to train people and collaborate with them,” he said.
“Our workforce is a key asset, but it also could be a vulnerability sometimes. So we continue to educate the workforce about how to identify messages as authentic,” he said. “We have to go through some checks – not that you’re suspicious – but I think it’s just that we have to just double-check everything because there’s also a supply chain. Anyone can be compromised,” Bhagowalia said.