IT Master of the Senate

J. Greg Hanson, the U.S. Senate’s first CIO, has 100 bosses. Hanson, a former chief software engineer with the Air Force, and his 250-person staff support 100 senators, their staffs and a multitude of committees. He also must keep some 12,000 computers across the country functioning?even after unexpected incidents, such as the office evacuation prompted by the discovery of the poison ricin in a Senate mailroom in February. CIO Senior Editor Todd Datz interviewed Hanson at a recent technology conference for Senate staffers.

CIO: What are your top priorities?

J. Greg Hanson: To develop a strategic IT plan, and develop a two-year rolling plan with at least a one-year refresh. To do that correctly, I’m going to need to do a business process [and IT systems] review. Each senator has a little IT staff and an IT infrastructure, and the secretary of the Senate has an IT staff, and each committee has one. So a top priority for me is going to be, get consensus from all the stakeholders on the things we can agree upon and build a technology-strategic plan going forward.

Another top priority: Complete the work on developing robust communications systems and information systems to support security and continuity of government operations. What happens when they find ricin and have to evacuate all the Senate buildings? This is what happened [on Feb. 2]. One night I find out they’re closing all the Senate office buildings. We had to set up satellite offices in a variety of places for senators’ staffs and extend the IT infrastructure into those areas so they could function. During the ricin incident, the Senate stayed in session 100 percent of the time. Business didn’t stop; it was inconvenient, but it didn’t stop.

Also customer service. The first thing I did when I came onboard was a comprehensive customer satisfaction survey. The reason we’re having this emerging technology conference [is that] they rated us the very lowest on rolling out technologies fast enough. So I want to take what we’ve learned from the survey and act on it, to get better at communicating. I do a monthly newsletter now, it’s kind of a project report every month.

What are your biggest challenges?

This organization is so complex. It’s an enterprise of enterprises. You have to make Senator X happy and make him and his staff feel like you exist to serve him. You also have to make Senator Y happy. Sometimes these guys have differing agendas, differing ideas. At the bottom of all that, you have to provide a basic core set of services?infrastructure, telecom, networking. Take e-mail. I can provide the infrastructure and the servers, but their systems administrators run the servers. And their systems administrators shepherd over the data. I don’t look at that data. I don’t have access to it. I don’t even have passwords to their servers.

You get up to 8 million probes a week on your networks. Tell us more about security.

Hackers are a huge concern. We do information assurance and information security at all levels, starting from inside with each systems administrator responsible for his own little network. Throughout the Senate network switches and out to the firewalls and outside, we have intrusion-detection and sensory devices and things like that. I have an infosec shop that works for me, and I may like to beef that up.

I have almost 12,000 installed users all over the country. So when a virus propagates, there’s potential for real mischief. But here’s where the challenge comes in: I can send a patch to a systems administrator, but I can’t make him patch. He’s got to want to patch. It is a challenge. But fortunately most of them are very technically savvy, and more than that, they’re extremely dedicated. They care about nothing but the welfare of their senator and their office.

Every time there’s a big virus, it only takes about two hours before The Washington Post calls me, saying, “How many of your systems are down? How fast is it spreading?”