Wednesday, May 30, 2012

The DoD Joint Information Enterprise

We have a new label for describing DoD directions. It is the Joint Information Enterprise (JIE).

The Principal Deputy OSD CIO described it as follows: (1)
1. The DoD will unify its information technology assets into one common, data-centric information environment by optimizing all DoD systems to improve operational effectiveness, cyberspace security, while concurrently realizing efficiencies in response to increasing security threats and decreasing fiscal resources.
2. Consolidate data centers; Consolidate operations and management of network infrastructure; Integrate and capitalize test and integration centers; Consolidate end‐user services (email, collaboration).
3. Migrate services to private or public clouds.
4. A common network framework and standardized architecture based on a single set of standards that guarantees secured data; A common enterprise approach to deliver information as well as data services; A single identity management, role, and attribute-based access control mechanism and data strategy; Common tools; Access to required data at the point of need regardless of location or platform.
5. Common Identity Management and Attribute-based Access Control for Authentication, Identity, Attributes, Authorization/Enforcement and Audit.
6. JIE Implementation Plan will identify the fundamental tasks that must be done in order to set the foundation for the JIE on or about 1 APR 12 when the Plan will also include JIE Architecture.

The DoD IT Enterprise Strategy and Roadmap does not define the organizational approach for JIE implementation except for assigning policy responsibilities to the OSD CIO.(2)  It specifies the roles of the Vice Chairman of the Joint Chiefs of Staff who directs a hierarchy of boards, including the Joint Capabilities Board (JCB) and Functional Capabilities Board (FCB), along with the processes delineated in Chairman of the Joint Chiefs of Staff Instruction (CJCSI). But none of this describes an actionable executive organization with a capacity for managing the implementation of JIE. What is missing so far is the description of the critical roles U.S Cyber Command in steering the directions of JIE.

Here are some of the tasks that will be needed for the successful execution of JIE:
1. Common, data-centric information environment: Will require full implementation of the MetaData Directory, including the imposition of shared data definitions and attributes for a DoD-wide application of the Director to over 10,000 applications. The MetaData Directory is currently managed by DISA and is far from getting completed so that all applications have data that is tagged for data-centric implementation. How this will be done and what changes in authority is required to assure full compliance of this fundamental means to proceed with data-centric systems?
2. Consolidation: With over 5,000 systems “silos” in place in DoD the task of consolidating servers will require the standardization of virtual applications into a hybrid cloud environment so that the computing capacity can be pooled for the uniform adoption of end-user services. Though such standardization is necessary for data center consolidation, its primary purpose is to allow integration of operations and management of the network infrastructure and for the establishment of end‐user services. DISA is now proceeding with the consolidation of Army e-mail services, but that is only a fraction of the potential scope of a DoD-wide consolidation effor. For instance, by what means will the Navy and the Marine Corps participate in JIE consolidations when they are already committed to a number of multi-billion stand-alone projects?
3. Cloud Migration: What organization will have the responsibility for guiding the conversion of ten thousands of applications to JIE operating as a collection of private and public clouds? Even though the management of such migrations will have to remain with Components, there will have to be an over-riding authority to assure that it can share cloud software that will assure that the DoD results are compatible. This will require shared funding of JIE projects and therefore will necessitate control over budgets. How can that be organized since the Joint Chiefs do not have the structure for controlling a large share of total DoD IT spending?
4. Common Architecture and Application Frameworks: There is an variation in available cloud technologies and services. To assure interoperability and portability of applications within public and private clouds, vendor selection as well as Application Program Interfaces will have to be defined and monitored for consistency. What organization can be assigned the responsibility do that? The OSD CIO has a relatively small policy-level staff. OSD, by legislation must serve the needs of civilian executives attached to the SECDEF. The OSD CIO does not have the charter that permits the supervision of local details that are required for the adoption of JIE tools and methods.
5. Common Network and Standard Architecture. To achieve uniformity would require oversight of the methods pursued by thousands of contractors involved both in the development of new applications as well as in upgrading legacy systems. Standard testing and development tools would have to be accepted throughout for assuring compliance with common JIE objectives. How can such a staffing arrangement be assigned within the existing structure, or will DoD require a major reorganization of the roles and missions of a shared information utility that will operate as a for-fee service?
6. Common Identity Management: This requirement is mandatory for delivering JIE security objectives. It calls for complete centralization of control of granting access privileges. It becomes one of the primary means for a secure JIE. One of the requirements will be tight integration with all of the manpower resources systems as the source of information about the authority that is defined by security roles of individuals. The organizational placement of control over access privileges would have to be shaped not by IT policy, but by national security and intelligence goals.
7. JIE Implementation Plan: The target of producing the foundation for the JIE is 1 APR 12, when it will also include JIE Architecture. That is ambitious. Although working committees have been appointed, JIE represents a major overhaul in the authorities and roles of every DoD component, which extends beyond the missions that have been always assigned to CIOs. Who will be the executive agent accountable for the delivery of such plans and for assuring that it can then evolve for rapid implementation by FT17?

The stated JIE missions represent ideas that have been gestating for at least 20 years. By coupling now the JIE Plan with military goals and the JCS, the possibility of achieving the stated goals looks promising.

So far, what seems to be missing is the governance that will guide execution. Following up on JIE progress will be our major focus in years to come.


No comments:

Post a Comment

For comments please e-mail