When the chief information officer of the Department of Transportation began to map out its network infrastructure, he found about 200 devices that he wasn’t aware of.
“This is not good. This is really not good,” said Richard McKinney, former CIO of DOT. “Out of the gate it was so troubling that I felt the need to notify the secretary and the deputy secretary of what we had discovered.”
McKinney’s journey began when he wanted to transition the agency’s mail services to the cloud, but received pushback from individuals who wanted to make sure that the cloud solution could handle the amount of traffic that the agency expected. McKinney hired Dexisive, an IT consulting firm, to answer that question.
“I was less confident–if you will–that we totally understood our network,” McKinney said.
Dexisive installed Riverbed on the network to probe for security concerns and take inventory of the devices that managed the network. McKinney gave Dexisive a list of more than 800 devices that he knew would show up on the inventory. Instead, the Riverbed software picked up more than 1,000.
DOT’s network grew out of necessity from the operating administrations, including the Federal Aviation Administration and the National Highway Traffic Safety Administration. As an afterthought, the networks began to merge to form the centralized DOT network. Because of this, small offices began to add new devices to the network as needed without thinking to inform the CIO’s office of the changes. McKinney had been wary of DOT’s decentralized approach to IT because of the vulnerabilities it could cause, but now he had proof of the problem.
McKinney notified Transportation Secretary Anthony Foxx and they immediately got started enforcing rules that would mandate that operating agencies tell headquarters whenever they added new devices to the system.
“The relationship that I had with Secretary Foxx was a very healthy relationship,” McKinney said. “He trusted me.”
McKinney reissued a formal change management process that gave DOT component agencies a guideline for how to notify him of new devices.
Dexisive noted that DOT has a flat network, meaning that individuals can easily access different parts of the network on different devices, whether or not they need to access that location. Many agencies are moving toward networks that allow employees to access only the sections they’re authorized to access.
“Give us a battle plan,” McKinney said to Dexisive. “Help us get from the current state to the desired future state.”
Dexisive gave the IT professionals at DOT a plan to reconstruct and update its network. Now that McKinney has left DOT, he knows that the agency will be successful as long as it follows the plan.
“The good news is that now we know,” McKinney said. “Now we have a definitive inventory.”