DHS Proposal

1
Institute For Information Sharing
A Public/Private Partnership for Cross Sector
Information Sharing
An architecture advisory and inclusive knowledge
exchange required to leverage implementation best
practices while mitigating risk
Linda Millis, Markle Foundation John Weiler,
ICHnet.org Info_at_ICHnet.org 703 768 0400
www.Markle.org www.ICHnet.org www.SecurE-Biz.net
June 15th, 2006 Stake Holders Meeting at Markle
Foundation
This document is confidential and is intended
solely for the use and information of the
membership to whom it is addressed.
2
IIS Vision
to advance collaborative
processes that assure successful implementation
of cross-sector information sharing solutions
aligned with business drivers
in a timely, inclusive, and conflict free
environment
3
Agenda

• Welcome - Linda Millis, Director National
  Security, Markle Foundation
• Background, Scope, Drivers of IS Partnership
  Linda Millis, John Weiler
• IS Policy Governance Steering Committee Tom
  Springer-Verizon
• IS Common Services (Use Cases) IPT Rahul
  Gupta-PRTM
• Information Exchange IPT - Michael Daconta
  Oberon, Robert Greeves-DOJ
• IS Immersion and Certification SAWG - Robert
  Steele-Symantec,
• Concept of Operations Bob Babiskin-ICH
• Conclusions Next Steps Linda Millis

4
Emerging IIS Stake Holders and Partners

• AF XC Deputy CIO, David Tillotson, Col Williamson
• CIFA, Brandon Williamson for Alan Golombek
• DHS NCSD, Director of Software Assurance Joe
  Jarzombek
• DHS Office of Intelligence, Grace Mastalli,
  Theresa Philips, Carter Morris
• DHS HSOC, Steve Wilson for Frank DiFalco,
• DHS Preparedness, Mike Nicholson for Charlie
  Church
• DHS USCG, MDA Guy Thomas for Dana Goward
• DISA Tom Ainsworth, Michael Artis, Dennis
  McGinness
• DNI Deputy CTO for Analysis, Andrew Shepard
• DNI OCIO, Chief of Staff Rich Russell, Tarrazzia
  Martin
• DoC Secretary of Technology Robert Cresanti
• DOJ/FBI Ken Ritchhart DCIO, Bob Greeves NIEM
• FBI Sentinel Program, Mio Lazarevich
• GSA Smart Buy PM, Tom Kireilis
• HUD CIO, Lisa Schlosser
• Joint Staff, J6 Col Brian Hamilton, Col Snead
• Navy Capt (Ret) Tim Traverso, Tim Johnson
• NIST Computer Security Division, Matt Scholl
  CISSP

• Council for Excel. In Govt, Lynn Jennings for
  Fred Thompson
• Markle Foundation, National Security Director,
  Linda Millis
• Former Executive Director, Homeland Security
  Institute, Randall Yim
• Information Systems Security Association, EVP
  Robert Daniels,
• Aerospace Industry Association, Asst. VP, Bruce
  Mahone
• Open Geospatial Consortia, Sam Bacharach
• Akamai, VP Public Sector, Betsy Appleby
• Input Strategies Group President, and AFCEA NCR
  Vice Chair, Alan Balutis
• Former Federal CIO Council Chair, Dan Matthews,
  Lockheed Martin
• Sun Federal, James Laurent, Barry Sheldon, Guy
• Oracle Federal, VP Emerging Technologies, Joe
  Bardwell, Tom Mayhew
• IBM Tivoli, Chief Scientist, Dr. Robert Blakley
• Microsoft Federal, Curt Kolcun, Carolyn Brubaker,
  Scott Suhy, Kim Nelson
• EDS, VP Intelligence Operations, Michael Finn
• HP Public Sector Bob Gatanis, Jeff Hall, Willie
  Coleman
• Oberon Associates, Michael C. Daconta
• HPTI Bill Vajda, Former NSA CIO
• PRTM Partner, Rahul Gupta
• Search for Common Ground, Professor Chip Hauss

5
Information Sharing Challenges being addressedto
overcome the common failure patterns that
undermine 80 of all major Government IT
programs.

• Our leadership seeks a collaborative approach to
  effectively transform and inform the solution
  engineering and acquisition processes
• Cross Sector Outreach and Collaboration cannot be
  contracted (State, Federal, Industry) Cross
  sector information sharing requires a trusted
  public/private partnership structure that cannot
  be compromised by inherent conflicts of
  interests.
• IS Stake Holders need standardized architecture
  views that represents stake holder needs in terms
  of IS policies, business processes, information
  exchanges and viable COTS solutions. (ref GAO
  Rpt on Information Sharing, DHS Strategic Plan,
  E-Gov Act, ISE Interim Plan, OMB A119, HSAC Aug
  10th report). These views much be actionable and
  free of vendor bias.
• Missing Performance Metrics and SLAs In context,
  actionable metrics (security, interoperability,
  business fit, latency) are absent from program
  planning, architecture and acquisition processes,
  making Performance Based Contracts very risky.
• COTS Capability Obfuscated by the SLDC process
  COTS research, assessment and certification take
  too long, cost too much, and often inhibits
  ability to leverage proven COTS solutions. Result
  is costly and brittle custom solutions that govt
  cannot afford to operate, and perpetuate
  contractor lock-in.
• Industry expertise and best practices not
  accessible Accessing required expertise to
  inform the planning and architecture. are
  required for actionable planning and architecture
  processes. Current contracting mechanisms and
  trade associations rarely reach outside their own
  organization or the defense industrial base.
• Leadership Education Any transformation effort
  requires training and education to overcome
  cultural impediments.

6
The path forward is now self evidentwith only
rice bowls and self interests standing in the way

• General Dale Meyerrose, DNI CIO, "The goal is not
  to protect the information or the network the
  goal is to use the information No single
  agency has all the answers or resources, nor can
  any one agency control all information sharing.
• General Charles Croom, Director, DISA and JTF-GNO
  The commercial world is rapidly implementing
  information technologies and services the
  government can use without any modification. I
  hope to establish a process that will rapidly
  evaluate commercial technologies and make them
  available to our customers.
• The HSAC August 10, 05 Report on Information
  Sharing recommends for DHS
• DHS and the Private Sector should work in
  collaboration to develop a formal, and
  objectively manageable, homeland security
  intelligence/information requirements process.
• This process should place a premium on, and
  leverage, superior Private Sector information
  resources, expertise in business continuity
  planning, and understanding of the operations of
  infrastructure sectors.
• DHS should partner with the Private Sector in
  developing an integrated architecture for
  information collection and sharing.
• DNIs Information Sharing Environment (ISE),
  Interim Implementation Plan
• State, local, and tribal governments and private
  sector entities must be full partners in this
  effort.
• Implement common standards and architectures to
  further facilitate timely and effective
  information sharing

Can We Share?
Out paced by fast paced IT market Overwhelmed by
IT offerings? Ill-equipped to evaluate? Best
Practices? Security?
7
Drivers, Scope for an IS Public/Private
Partnership

• Why a PPP Honest Broker is recommended by GAO,
  HSAC, E-Gov Act, DNI, DHS to advance Information
  Sharing across communities of interest. Stand up
  a collaborative research institute, that can
  speak for the combined interests of state,
  federal, local, tribal industry and other
  relevant stake holder. Summary of existing IS
  studies and recommendations (Homeland Security
  Advisory Council, Markle Foundation, Council for
  Excellence in Govt, EO 13388, 911 Commission
  Recommendation, E-Gov Act).
• Establish integrated product teams (IPT) and
  virtual centers of excellence (COE) that allows
  govt PMs to tap into the needed expertise to
  solve real world problems. Leverage existing
  ICHnet.org collaboratory, OMB/GAO/OSD recommended
  processes and Govt-wide FFP contract vehicles.
• Define set of operational scenarios with stake
  holders that guide focus IPT activities and
  development of cross sector architectures.
• Scope Assist agencies/industry in informing and
  vetting their respective IS Architecture Views
  that clearly define business needs, information
  exchanges and existing solutions. Define the gaps
  and mitigate risk.
• Outreach and Education. Expand existing Secure
  E-Biz Summit and Leadership Awards to promote
  work products and successes of members.
• Overview of Steering Committee and Solution
  Architecture Working Group (SAWGs)
  Structure/Outputs Purpose, White Papers,
  Standards of Practice, Agency IS Engagements,
  Hill Education/Outreach

8
Institute for Information Sharing Focus Areas
informing and assuring the IS planning
architecture process

• Information Sharing Policy and Governance Our
  congressional and agency leadership are seeking
  an objective view of how to optimize current IS
  policies and programs. Focus Leverage existing
  implementations, innovations, and successes.
  (see Recommendations out of HSAC, Markle, CEG,
  GAO, DHS IG)
• Cross Sector Collaboration (State, Federal,
  Industry) Establish an open and inclusive,
  trusted partnership structure and common
  architecture views that represents stake holder
  needs in terms of policies, business processes
  and viable solutions.
• Solution Architecture Roadmap Establish
  standards of practice for agency specific IS
  Roadmaps. Inform critical stages of the Solution
  Development Lifecycle so as to expose the realm
  of the possible and lessons learned.
  Collaborate in the definition of common IS
  business processes, Information Flows,
  Information Exchange Models, Performance Metrics
  and associated SLAs derived from implementation
  best practices.
• Information Exchange Establish innovative
  methods and meta data models that enable sharing
  of broadly distributed and unstructured and
  unclassified data (SBU). Target domains include
  Healthcare, Disaster Prevention, First
  Responders, Criminal Justice. Deferred
  Terrorist IS until ISE gets organized and ready
  to engage.
• Solution Assessment Current Technology
  Assessment Acquisition preprocesses take too
  long, cost too much, and often lead to
  analysis/paralysis. Establish a virtual Solution
  Architecture Immersion and Self Certification
  program that leverages existing labs and
  testing/implementation results. Support DNIs
  CA Revitalization program, DHS/OSD/NSAs
  Software Assurance Program.
• Leadership Education and Outreach Facilitate
  outreach for member organization to integrate
  multiple communities of interests, industry
  groups, and knowledge sources. Extend current
  Secure E-Biz CxO Summit and Leadership Awards
  program supported by Congressional Govt Reform
  Committee Chair (Davis).

9
IS Policy Governance Steering Committee Tom
Springer Verizon, Spanky Kirsch OSD NII, Tom
Mayhew-Oracle, Don Bryan-OSD HD, Linda
Millis-Markle, Fred Thompson-CEG, Richard
Russell-DNI

• Objectives Finalize Charter and Activities of
  PPP. Identify policies, cultural impediments, and
  authority. How organizations should work
  together focused on specific mission threads
  Multi-national Information Sharing, Disaster
  Preparedness, Justice.
• Assess Strengths and Gaps of existing policies
  and laws with regard to various information
  sharing mandates Multi-national, Disaster
  Preparedness/Response, Intelligence. Provide
  Outreach to congressional committees, other
  industry groups, and IS communities of interest.
• Desired Outcomes and Timelines Review and
  Finalize Charter. Why this important one pager.
  What is impact on operation. Concept of
  operations, Define Message.
• Stake Holders OSD NII, DHS OIA, DNI OCIO,
  DOJ/FBI, OMB/White House, L3-Com
• Other Participants Don Bryan-OSD HD, Fred
  Thompson-Council for Excel. In Govt., Col.
  Torrez-OSD NII, Tarrazzia Martin-DNI OCIO, Dick
  Burk-OMB, Linda Millis-Markle, Jim Ganthier-HP,
  Tom Springer-Verizon, Dan Schutzer-FSTC.org,
  Mitch Komaroff-OSD NII, Congressional Staff
  members, Tom Mayhew-Oracle, Kevin Keenan-PRTM,
  Grace Mastalli-DHS IA

10
IS Common Services Building Blocks (Use Case) IPT
Rahul Gupta-PRTM, Theresa Phillips-DHS OIA

• Objective Document (from existing studies and
  analysis) the IS key enablers/business drivers in
  terms of the OMBs Service Component Reference
  Model, a govt wide standard that was derived from
  industry best practices. Capture key enablers
  addressing Infrastructure, Application, Security,
  Content Mgt, Identity Mgt, Wired Wireless.
  Identify emerging standards, technologies,
  standards of practices and associated metrics
  that provide a common framework for communicating
  common IS services.
• Operational Scenario Use Cases Strong Angel,
  MDA,
• Desired Outcomes and Timelines Define 3-4 Common
  Scenarios that encompass most of the major IS
  problems, Service Component Specifications, a
  standardized ontology of services descriptions
  aligned with business needs. Enable better stake
  holder communications and agreements on required
  capabilities. A solution lexicon that can map
  common IS requirements with proven and available
  solution sets by problem domain.
• Stake Holders DNI ISE, DHS HSIN, DISA, Joint
  Forces Command, NavAir, USMC OCIO, AF XI, FBI
  OCIO, Adobe, Oracle, Microsoft, Oracle, IBM,
  ISSA.org, DHS USCG MDA
• Other Participants Fred Thompson-Council for
  Excel. In Govt., Tarrazzia Martin-DNI, Col
  Coleman-USMC, Joe Bardwell-Oracle, Carolyn
  Brubaker-Microsoft, Dr. Robert Blakely-IBM, Guy
  Thomas-USCG MDA, Al Mink- ICH, Chris Hauss-SFCG,

11
Information Exchange IPT, Michael Daconta
Oberon, Bob Greeves-DOJ NIEM, Theresa
Phillips-DHS IA

• Objective Establish innovative methods to
  analyze broadly distributed and unstructured and
  unclassified data. Establish standards of
  practices for data exchange, data classification,
  Information Discovery, data tagging. Identify
  and leverage existing work products (ie. NIEM,
  OMB Data Reference Model, etc) that can be
  adopted to better enable domain specific
  information exchange implementations. Capture
  common information flows by Use Case
  Preparedness, 1st Responders, Critical
  Infrastructure Protection, Pandemic, etc.
• Desired Outcomes and Timelines Common Use
  Cases, Information Exchange Reference Model,
  Information Sharing Use Cases, Best Practices
  Models. Leverage Global Justice Data Model and
  other valuable work products. Integrate health
  IT.
• Key Stake Holders DHS OIA, AF XI, NRO, DNI
  OCIO, Navy, DOJ/FBI, IBM Tivoli, Oberon,
• Other Participants George Romas-CACI, Willie
  Coleman -HP, Robert Greeves-DOJ NIEM, Karl
  Semmler-JFCOM, Jody Bell-HHS, John Loonst-HHS,
  Bob Gatanis-HP, Bob Babiskin-ICH

12
IS Immersion and Certification SAWG Robert
Steele-Symantec, Joe Jarzombek-DHS IA, Tom
Mayhew-Oracle

• Objective Developing an emerging technology
  immersion center to better guide federal needs
  and assessment determinations.
• Establish a common assessment framework and
  performance metrics for sharing
  testing/implementation best practices so as to
  speed up decision making process.
• Define common metrics and measures for assessing
  as-is or to-be IS systems. Augment current CA
  activities that can inform decision making and
  reduce risk. Identify industry resources that can
  be leveraged.
• Establish an Information Sharing Readiness
  Assessment process that builds on Architecture
  Assurance Method.
• Desired Outcomes and Timelines Solution
  Architecture Assessment Framework, Performance
  Metrics, Federated Certification Program. An
  assessment of the value/role of, emerging
  technology and techniques for analysis of
  unclassified, unstructured and widely distributed
  data sources.
• Key Stake Holders DISA, DNI OCIO, DHS IA, FBI
  Sentinel PMO, Financial Services Technology
  Consortium, Harvard School of E-Government, NIST,
  Georgia Tech Research Institute
• Other Participants Sheryl Nicely-DNI, Ron
  Ross-NIST, Jim Simon/David Waldrop/Joe
  Rosack-Microsoft,

13
Outreach and Education Committee Kim
Nelson-Microsoft, Alan Balutis-Input

• Objective Communication with multiple OCIs. Pull
  together existing capabilities.
• Desired Outcomes and Timelines Bring together
  Healthcare, Justice, HS, PM ISE,
• Key Stake Holders DHS OIA, AF XI, NRO, DNI
  OCIO, Navy, DOJ/FBI, IBM Tivoli, Oberon,
• Other Participants

14
Concept of Operations

• Funding Membership based
• Applications
• Government grants/contracts
• Solution Audits and Certification

15
Institute for Information Sharing Charter
Highlights

• Institute for Information Sharing a 501C6
  public/private partnership that builds on ICHs
  proven organizational structure processes to
  identify, model and leverage a wide range of
  industry expertise related to cross-sector
  information sharing, information protection and
  related public safety needs
• Identify, model and validate existing
  implementation best practices and lessons
  learned.
• Enable Sound Decision Making via Evidenced Based
  Research (architecture assurance method)
• Establish standard terms, standards of practices
  that enables common building blocks
• Capture IS Operational Scenarios Challenge of
  connecting with private industry in a structured
  way when dealing with CIP owners. Need
  information models for sharing sensitive but
  unclassified information. Looking for a phased
  approach by which stake holders migrate their
  respective systems.
• Integrated Product Teams Working Groups The
  IIS will periodically report on findings of its
  domain specific Sub-Committees and Solution
  Architecture Working Groups, and provide a formal
  process for identifying, modeling and vetting
  industry best practices and lessons learned
  associated with emerging technical issues.
• Education and Outreach Industry input will be
  compiled via focused surveys and working groups
  that are staffed by those with related/proven
  expertise (non-sales). Summary findings will be
  fully vetted and presented at various Domain
  Working Groups, SecurE-Biz Forums, and Town Hall
  meeting on an as needed basis.
• Knowledge Exchange In addition, the IIS through
  is Working Groups will publish issues papers and
  Best Practices studies on an ongoing basis and
  will partner with trade journals, homeland
  security journals and other forums to ensure the
  widest discussion and distribution of its
  findings and recommendations.
• Estimated Number and Frequency of Committee
  Meetings. The IIS meets bi-monthly, while its
  Integrated Product Teams, working groups and
  sub-committees meet more frequently to achieve
  timely outcomes

16
Concept of Operation for a true honest
brokerBuilding on 7 years of progressive IRD

• Organized as a public/private partnership,
  501C(6), recognizing the both govt and industry
  need to engage and share the burden of success.
  Jointly funded via membership fees, grants,
  contributions in kind and service fees to cover
  cost and reimbursements.
• Leverage proven business models Council for
  Excellence in Government, Financial Services
  Technology Consortia, Open Geospatial Consortia.
• Open and inclusive structure that will maximize
  re-use of existing best practices, testing and
  implementation experiences and experts from all
  market sectors, not just Govt.
• Funding sources would include subscription
  service structure based on organizational size/IT
  expense to accommodate all organization sizes.
  Tap into existing pool of knowledge, best
  practices, partner network, redlining of
  documents, mentoring. Contract mechanism for a
  PPP include grants, sole source, OTA (Other
  Transaction Authority), ICH GSA MOBI/GSA Schedule
  70
• Employ proven mechanisms for mitigating conflict
  of interests and/or bias. All data submitted
  must be 100 evidenced sourced. No subjective
  analysis. No recommendations. Evidence should
  speak for itself.
• Solution Domain Working Groups enable govt and
  industry to cooperate in developing standardized
  nomenclature and metrics for mapping common
  business needs with component services
  requirements based on implementation best
  practices.

17
IIS Building Blocks and Products reduces time,
cost, and risk of architecture and acquisition
processes

• Real-time COTS Self Assessment Framework, where
  Government, Industry, Academia and Solution
  Providers can define realm of the possible and
  help assure the requirements and architecture
  processes.
• Federated COTS Certification Coop that leverages
  the existing testing/integration labs within
  multiple information sharing domains finance,
  manufacturing, IT/Telcom solution providers, and
  government.
• Real World Performance Metrics and SLAs captured
  from practitioners who together capture
  interoperability, scalability, security and
  business fit requirements required for
  Performance Based Contract, at a fraction of the
  current cost and time.
• Actionable Solution Architectures that define
  Multi-vendor COTS Solution Sets. ICH evidenced
  based validation captures product specific
  heuristics from customer successes.
• Best Practices CxO Exchange expanded Secure
  E-Biz CxO Summit and Solution Architecture
  Working Group (SAWG) to bring together Chief
  Executive Officers (CxOs) from Govt, Industry and
  Academia.
• Risk Conflict Mitigation Methods for those who
  are seeking to inform the IT planning,
  architecture and acquisition processes. OMB A119
  encouraged.

18
Emerging Public/Private Partners accomplishing
together what none can alone

• Federal Agencies
• State/Local Agencies
• Non-profit Industry Groups
• Academia
• Solution Providers
• Commercial Leaders

Harvard Kennedy School Binghamton University
19
ICH provides a unique process and a collaborative
structureProviding our leaders access to the
collective expertise of many COIs
20
Leveraging ICH Funding Structureestimated 1st
year launch cost 1.5M

• ICH Engagement Options
• Government Membership 25-60k depending on
  annual IT Budget. On GSA
• Corporate Membership 25-60k depending on Group
  revenue, level of service sought.
• Small Business 10-25k depending on size.
• Affiliate Member (Non-Profits/Academia) 5k
• GSA Schedule 70 FFP Solution Architecture
  Engagements 100k, 150k, 250k, 500k.
  Economies of scale significantly reduce cost and
  time.
• Fee for Service Past Performance Certification,
  Solution Architecture Audit, Mentoring, Outreach.
  A force multiplier that taps into the collective
  expertise from many partners/members. (based on
  daily rate of 1,870./day GSA rate)
• SecurE-Biz Sponsorship Options 5-20k/event

21
Closing Remarks

• Confirmed Public/Private partners over 50
  govt/industry groups
• Industry Options Membership, Fee for Service,
  Contributions in kind
• Govt Options Membership, Fee for Service (GSA),
  Grants
• Standing up of Separate Working Groups Meeting
  schedule determined by IPT leads. Meeting hosting
  needed.
• Next General Meeting Late July, early August
  Govt host needed (DHS or JFCOM)
• Secure E-Biz Summit and Awards Program TBD