Monumental mission

IN THE YEAR SINCE Sept. 11, the federal government has launched the mother of all IT projects: re-architecting hundreds of standalone systems with the goal of a unified architecture for domestic and defense agencies. At the same time, federal government CTOs across defense and intelligence have devoted a whirlwind year to shoring up critical infrastructure security and girding against cyberterrorism — while mulling the possibility of launching a pre-emptive cyberattack against powerful network or computer-susceptible threats.

These CTOs are marching into uncharted territory as they try to both break down historical barriers to interagency information-sharing and establish a more secure and streamlined IT infrastructure.

“I can tell you we’re having dialogues now that we never would have had if not for Sept. 11,” says Dawn Meyerriecks, a member of InfoWorld’s CTO Advisory Council and CTO of the Arlington, Va.-based Defense Information Systems Agency (DISA), a combat-support agency for defense and military departments. “[Homeland Security] is one of those things … we’re walking on the bridge as we build it.”

It’s a work in progress, comment many observers who say they can’t overstate the challenges inherent in reinventing the system to address poor communication and disconnected data environments.

According to a July report released by the U.S. General Accounting Office, U.S. cybersecurity policy efforts and the protection of critical infrastructure have been stalled due to ill-defined communication channels and relationships among a wide range of federal organizations.

As are many of her IT colleagues, Meyerriecks is now reaching across departments. She is actively engaging with Federal Emergency Management Agency (FEMA) and U.S. Department of Housing and Urban Development (HUD) to grasp the steps all agencies must undertake, such as bringing in state and local representatives if possible, to establish mutually beneficial new security policies and mechanisms.

“Things are changing in a favorable direction right now,” says Cyrus Staniec, a retired U.S. Army officer and current director for sector technology resources at Northrup Grumman, in Herndon, Va. “But the harder things to answer are going to be at the detail level.”

Tying it together

Norman Lorentz is swimming in details. As CTO of the Office of Management and Budget (OMB) since January, Lorentz is charged with the monumental task of unifying federal IT systems into a single enterprise architecture. This FEA (Federal Enterprise Architecture) is expected to speed government response to emergencies and possible terrorist threats, facilitate real-time data sharing, and boost overall efficiency, he says.

“The role for the CTO in this is extraordinary since we are basically the strategic technology leaders reporting in to the CEO, which in my case is the White House,” says Lorentz, who is also a member of InfoWorld’s CTO Advisory Council. “It’s really about strategic technology application to solve real business problems.”

His initiative centers around designing and implementing five private sector-based IT reference models across federal agencies’ lines of business and eventually bridging critical infrastructures of defense and state and local law enforcement under Homeland Security (see ” Re-architecting the Capital “).

In July, Lorentz’s team of 24 solutions architects wrapped up phase one of FEA, creating Business Reference Model 1.0, an exhaustive exercise in business process re-engineering of everything from payroll processing across 18 systems to how social services delivers funding to state agencies. The solutions architects act as OMB’s deputies and help agencies with technical redesigns and the promotion of component-based architecture and reuse, Lorentz says.

Next on Lorentz’s agenda is applying standard performance metrics to those business processes, and then designing a data reference model to standardize data definitions across agencies, something he describes as particularly “difficult and challenging.” Then, during the next year to 18 months comes an application reference model that takes a component-level view of the major reusable applications needed to support the lines of business. Finally, the technical reference model will tackle implementation by identifying what types of infrastructure will be needed to support the data, application, and process models. “We are establishing a common definition for lines of business, then mapping the major IT investments in those areas,” Lorentz says.

Ultimately, the CTO is interested in creating a services-oriented architecture of reusable application components. Using J2EE and .Net platforms, XML, directories, and eventually Web services, the solutions architects will select components to work consistently across agencies, Lorentz says. One goal is a universal e-authentication that assigns different levels of access control to individual users.

Breaking barriers

The “how to get there,” as dictated by OMB, isn’t necessarily embraced. One reported sore point stems from OMB’s putting the brakes on existing IT project spending across 22 different agencies, while FEA is being mapped out.

“It’s good business management, but for those strong and aggressive agency CIOs trying to put their projects into place, the [cease and desist order] is quite a stumbling block,” says Raymond Bjorklund, vice president of consulting services at Federal Sources, a firm in McLean, Va., that advises IT clients how to land government contracts.

Charles Bravo, CTO of the U.S. Postal Service, called the FEA plan a “good concept” but conceded a long road is ahead. “We need to connect better, but it’s going to have to be worked with different government agencies. That’s going to be the challenge,” says Bravo, whose post-Sept. 11 deployment of 300 RIM BlackBerry wireless devices to key managerial staff went forward uninterrupted.

Domestic defense

One of the stickier challenges facing federal CTOs is how best to marry domestic IT with that of the military, intelligence, and defense departments — and where Homeland Defense fits into this. Developing rules on these fronts invariably leads to questions, according to DISA’s Meyerriecks.

For instance, the CTO says, “all sorts of groups” are examining the impending relationship between U. S. Northern Command — a new combatant assigned to defend the United States and support military assistance to civil authorities — and the Homeland Security Department Office and the Department of Defense (DOD). Northern Command will stand up on Oct. 1.

“There are a lot of fundamental questions and secrets. Anything that looks even close to a Homeland Security, and vice versa Homeland Defense, has to be dissected at high levels before it gets on the plate,” Meyerriecks says.

The CTO says opening up DISA’s networks to a new cadre of end-users would incite the agency to rely less on network security and more on application security — a posture it has rarely practiced and not invested toward in the past, she admits.

Northrup Grumman’s Staniec says CTOs must figure out how to provide “on-the-fly, need-to-know” access to data in the event of a potential security threat, while not also giving away the whole database to civil workers without clearance. Data mining, business intelligence, and algorithm-based intelligent agent technologies must be used here, he says.

Convinced that some form of cyberterrorism will invariably take flight against U.S. computer systems, Meyerriecks says the government is not only prepared to defend itself but also launch a cyberattack of its own if warranted. “Part of the strategy is you don’t sit passively by and watch your network be taken out from under you,” says the CTO, adding that such an attack would require presidential approval, much like any other weapons systems.

Next week, President Bush’s “National Strategy to Secure CyberSpace” will be unveiled at Stanford University, in Palo Alto, Calif. On tap are proposals and discussions to define Americans’ responsibility of controlling computer security, defining the private sector’s involvement.

“We in the government lead, but we look to the private sector to create the operations and management of IT to support the federal government,” Lorentz says. “And the net-net is that we all need to continue to maintain a sense of urgency at all times.”

Source: www.infoworld.com