Title: DHS Proposal
1Institute For Information Sharing
A Public/Private Partnership for Cross Sector
Information Sharing
An architecture advisory and inclusive knowledge
exchange required to leverage implementation best
practices while mitigating risk
Linda Millis, Markle Foundation John Weiler,
ICHnet.org Info_at_ICHnet.org 703 768 0400
www.Markle.org www.ICHnet.org www.SecurE-Biz.net
June 15th, 2006 Stake Holders Meeting at Markle
Foundation
This document is confidential and is intended
solely for the use and information of the
membership to whom it is addressed.
2IIS Vision
to advance collaborative
processes that assure successful implementation
of cross-sector information sharing solutions
aligned with business drivers
in a timely, inclusive, and conflict free
environment
3Agenda
- Welcome - Linda Millis, Director National
Security, Markle Foundation - Background, Scope, Drivers of IS Partnership
Linda Millis, John Weiler - IS Policy Governance Steering Committee Tom
Springer-Verizon - IS Common Services (Use Cases) IPT Rahul
Gupta-PRTM - Information Exchange IPT - Michael Daconta
Oberon, Robert Greeves-DOJ - IS Immersion and Certification SAWG - Robert
Steele-Symantec, - Concept of Operations Bob Babiskin-ICH
- Conclusions Next Steps Linda Millis
4Emerging IIS Stake Holders and Partners
- AF XC Deputy CIO, David Tillotson, Col Williamson
- CIFA, Brandon Williamson for Alan Golombek
- DHS NCSD, Director of Software Assurance Joe
Jarzombek - DHS Office of Intelligence, Grace Mastalli,
Theresa Philips, Carter Morris - DHS HSOC, Steve Wilson for Frank DiFalco,
- DHS Preparedness, Mike Nicholson for Charlie
Church - DHS USCG, MDA Guy Thomas for Dana Goward
- DISA Tom Ainsworth, Michael Artis, Dennis
McGinness - DNI Deputy CTO for Analysis, Andrew Shepard
- DNI OCIO, Chief of Staff Rich Russell, Tarrazzia
Martin - DoC Secretary of Technology Robert Cresanti
- DOJ/FBI Ken Ritchhart DCIO, Bob Greeves NIEM
- FBI Sentinel Program, Mio Lazarevich
- GSA Smart Buy PM, Tom Kireilis
- HUD CIO, Lisa Schlosser
- Joint Staff, J6 Col Brian Hamilton, Col Snead
- Navy Capt (Ret) Tim Traverso, Tim Johnson
- NIST Computer Security Division, Matt Scholl
CISSP
- Council for Excel. In Govt, Lynn Jennings for
Fred Thompson - Markle Foundation, National Security Director,
Linda Millis - Former Executive Director, Homeland Security
Institute, Randall Yim - Information Systems Security Association, EVP
Robert Daniels, - Aerospace Industry Association, Asst. VP, Bruce
Mahone - Open Geospatial Consortia, Sam Bacharach
- Akamai, VP Public Sector, Betsy Appleby
- Input Strategies Group President, and AFCEA NCR
Vice Chair, Alan Balutis - Former Federal CIO Council Chair, Dan Matthews,
Lockheed Martin - Sun Federal, James Laurent, Barry Sheldon, Guy
- Oracle Federal, VP Emerging Technologies, Joe
Bardwell, Tom Mayhew - IBM Tivoli, Chief Scientist, Dr. Robert Blakley
- Microsoft Federal, Curt Kolcun, Carolyn Brubaker,
Scott Suhy, Kim Nelson - EDS, VP Intelligence Operations, Michael Finn
- HP Public Sector Bob Gatanis, Jeff Hall, Willie
Coleman - Oberon Associates, Michael C. Daconta
- HPTI Bill Vajda, Former NSA CIO
- PRTM Partner, Rahul Gupta
- Search for Common Ground, Professor Chip Hauss
5Information Sharing Challenges being addressedto
overcome the common failure patterns that
undermine 80 of all major Government IT
programs.
- Our leadership seeks a collaborative approach to
effectively transform and inform the solution
engineering and acquisition processes - Cross Sector Outreach and Collaboration cannot be
contracted (State, Federal, Industry) Cross
sector information sharing requires a trusted
public/private partnership structure that cannot
be compromised by inherent conflicts of
interests. - IS Stake Holders need standardized architecture
views that represents stake holder needs in terms
of IS policies, business processes, information
exchanges and viable COTS solutions. (ref GAO
Rpt on Information Sharing, DHS Strategic Plan,
E-Gov Act, ISE Interim Plan, OMB A119, HSAC Aug
10th report). These views much be actionable and
free of vendor bias. - Missing Performance Metrics and SLAs In context,
actionable metrics (security, interoperability,
business fit, latency) are absent from program
planning, architecture and acquisition processes,
making Performance Based Contracts very risky. - COTS Capability Obfuscated by the SLDC process
COTS research, assessment and certification take
too long, cost too much, and often inhibits
ability to leverage proven COTS solutions. Result
is costly and brittle custom solutions that govt
cannot afford to operate, and perpetuate
contractor lock-in. - Industry expertise and best practices not
accessible Accessing required expertise to
inform the planning and architecture. are
required for actionable planning and architecture
processes. Current contracting mechanisms and
trade associations rarely reach outside their own
organization or the defense industrial base. - Leadership Education Any transformation effort
requires training and education to overcome
cultural impediments.
6The path forward is now self evidentwith only
rice bowls and self interests standing in the way
- General Dale Meyerrose, DNI CIO, "The goal is not
to protect the information or the network the
goal is to use the information No single
agency has all the answers or resources, nor can
any one agency control all information sharing. - General Charles Croom, Director, DISA and JTF-GNO
The commercial world is rapidly implementing
information technologies and services the
government can use without any modification. I
hope to establish a process that will rapidly
evaluate commercial technologies and make them
available to our customers. - The HSAC August 10, 05 Report on Information
Sharing recommends for DHS - DHS and the Private Sector should work in
collaboration to develop a formal, and
objectively manageable, homeland security
intelligence/information requirements process. - This process should place a premium on, and
leverage, superior Private Sector information
resources, expertise in business continuity
planning, and understanding of the operations of
infrastructure sectors. - DHS should partner with the Private Sector in
developing an integrated architecture for
information collection and sharing. - DNIs Information Sharing Environment (ISE),
Interim Implementation Plan - State, local, and tribal governments and private
sector entities must be full partners in this
effort. - Implement common standards and architectures to
further facilitate timely and effective
information sharing
Can We Share?
Out paced by fast paced IT market Overwhelmed by
IT offerings? Ill-equipped to evaluate? Best
Practices? Security?
7Drivers, Scope for an IS Public/Private
Partnership
- Why a PPP Honest Broker is recommended by GAO,
HSAC, E-Gov Act, DNI, DHS to advance Information
Sharing across communities of interest. Stand up
a collaborative research institute, that can
speak for the combined interests of state,
federal, local, tribal industry and other
relevant stake holder. Summary of existing IS
studies and recommendations (Homeland Security
Advisory Council, Markle Foundation, Council for
Excellence in Govt, EO 13388, 911 Commission
Recommendation, E-Gov Act). - Establish integrated product teams (IPT) and
virtual centers of excellence (COE) that allows
govt PMs to tap into the needed expertise to
solve real world problems. Leverage existing
ICHnet.org collaboratory, OMB/GAO/OSD recommended
processes and Govt-wide FFP contract vehicles. - Define set of operational scenarios with stake
holders that guide focus IPT activities and
development of cross sector architectures. - Scope Assist agencies/industry in informing and
vetting their respective IS Architecture Views
that clearly define business needs, information
exchanges and existing solutions. Define the gaps
and mitigate risk. - Outreach and Education. Expand existing Secure
E-Biz Summit and Leadership Awards to promote
work products and successes of members. - Overview of Steering Committee and Solution
Architecture Working Group (SAWGs)
Structure/Outputs Purpose, White Papers,
Standards of Practice, Agency IS Engagements,
Hill Education/Outreach
8Institute for Information Sharing Focus Areas
informing and assuring the IS planning
architecture process
- Information Sharing Policy and Governance Our
congressional and agency leadership are seeking
an objective view of how to optimize current IS
policies and programs. Focus Leverage existing
implementations, innovations, and successes.
(see Recommendations out of HSAC, Markle, CEG,
GAO, DHS IG) - Cross Sector Collaboration (State, Federal,
Industry) Establish an open and inclusive,
trusted partnership structure and common
architecture views that represents stake holder
needs in terms of policies, business processes
and viable solutions. - Solution Architecture Roadmap Establish
standards of practice for agency specific IS
Roadmaps. Inform critical stages of the Solution
Development Lifecycle so as to expose the realm
of the possible and lessons learned.
Collaborate in the definition of common IS
business processes, Information Flows,
Information Exchange Models, Performance Metrics
and associated SLAs derived from implementation
best practices. - Information Exchange Establish innovative
methods and meta data models that enable sharing
of broadly distributed and unstructured and
unclassified data (SBU). Target domains include
Healthcare, Disaster Prevention, First
Responders, Criminal Justice. Deferred
Terrorist IS until ISE gets organized and ready
to engage. - Solution Assessment Current Technology
Assessment Acquisition preprocesses take too
long, cost too much, and often lead to
analysis/paralysis. Establish a virtual Solution
Architecture Immersion and Self Certification
program that leverages existing labs and
testing/implementation results. Support DNIs
CA Revitalization program, DHS/OSD/NSAs
Software Assurance Program. - Leadership Education and Outreach Facilitate
outreach for member organization to integrate
multiple communities of interests, industry
groups, and knowledge sources. Extend current
Secure E-Biz CxO Summit and Leadership Awards
program supported by Congressional Govt Reform
Committee Chair (Davis).
9IS Policy Governance Steering Committee Tom
Springer Verizon, Spanky Kirsch OSD NII, Tom
Mayhew-Oracle, Don Bryan-OSD HD, Linda
Millis-Markle, Fred Thompson-CEG, Richard
Russell-DNI
- Objectives Finalize Charter and Activities of
PPP. Identify policies, cultural impediments, and
authority. How organizations should work
together focused on specific mission threads
Multi-national Information Sharing, Disaster
Preparedness, Justice. - Assess Strengths and Gaps of existing policies
and laws with regard to various information
sharing mandates Multi-national, Disaster
Preparedness/Response, Intelligence. Provide
Outreach to congressional committees, other
industry groups, and IS communities of interest. - Desired Outcomes and Timelines Review and
Finalize Charter. Why this important one pager.
What is impact on operation. Concept of
operations, Define Message. - Stake Holders OSD NII, DHS OIA, DNI OCIO,
DOJ/FBI, OMB/White House, L3-Com - Other Participants Don Bryan-OSD HD, Fred
Thompson-Council for Excel. In Govt., Col.
Torrez-OSD NII, Tarrazzia Martin-DNI OCIO, Dick
Burk-OMB, Linda Millis-Markle, Jim Ganthier-HP,
Tom Springer-Verizon, Dan Schutzer-FSTC.org,
Mitch Komaroff-OSD NII, Congressional Staff
members, Tom Mayhew-Oracle, Kevin Keenan-PRTM,
Grace Mastalli-DHS IA
10IS Common Services Building Blocks (Use Case) IPT
Rahul Gupta-PRTM, Theresa Phillips-DHS OIA
- Objective Document (from existing studies and
analysis) the IS key enablers/business drivers in
terms of the OMBs Service Component Reference
Model, a govt wide standard that was derived from
industry best practices. Capture key enablers
addressing Infrastructure, Application, Security,
Content Mgt, Identity Mgt, Wired Wireless.
Identify emerging standards, technologies,
standards of practices and associated metrics
that provide a common framework for communicating
common IS services. - Operational Scenario Use Cases Strong Angel,
MDA, - Desired Outcomes and Timelines Define 3-4 Common
Scenarios that encompass most of the major IS
problems, Service Component Specifications, a
standardized ontology of services descriptions
aligned with business needs. Enable better stake
holder communications and agreements on required
capabilities. A solution lexicon that can map
common IS requirements with proven and available
solution sets by problem domain. - Stake Holders DNI ISE, DHS HSIN, DISA, Joint
Forces Command, NavAir, USMC OCIO, AF XI, FBI
OCIO, Adobe, Oracle, Microsoft, Oracle, IBM,
ISSA.org, DHS USCG MDA - Other Participants Fred Thompson-Council for
Excel. In Govt., Tarrazzia Martin-DNI, Col
Coleman-USMC, Joe Bardwell-Oracle, Carolyn
Brubaker-Microsoft, Dr. Robert Blakely-IBM, Guy
Thomas-USCG MDA, Al Mink- ICH, Chris Hauss-SFCG,
11Information Exchange IPT, Michael Daconta
Oberon, Bob Greeves-DOJ NIEM, Theresa
Phillips-DHS IA
- Objective Establish innovative methods to
analyze broadly distributed and unstructured and
unclassified data. Establish standards of
practices for data exchange, data classification,
Information Discovery, data tagging. Identify
and leverage existing work products (ie. NIEM,
OMB Data Reference Model, etc) that can be
adopted to better enable domain specific
information exchange implementations. Capture
common information flows by Use Case
Preparedness, 1st Responders, Critical
Infrastructure Protection, Pandemic, etc. - Desired Outcomes and Timelines Common Use
Cases, Information Exchange Reference Model,
Information Sharing Use Cases, Best Practices
Models. Leverage Global Justice Data Model and
other valuable work products. Integrate health
IT. - Key Stake Holders DHS OIA, AF XI, NRO, DNI
OCIO, Navy, DOJ/FBI, IBM Tivoli, Oberon, - Other Participants George Romas-CACI, Willie
Coleman -HP, Robert Greeves-DOJ NIEM, Karl
Semmler-JFCOM, Jody Bell-HHS, John Loonst-HHS,
Bob Gatanis-HP, Bob Babiskin-ICH
12IS Immersion and Certification SAWG Robert
Steele-Symantec, Joe Jarzombek-DHS IA, Tom
Mayhew-Oracle
- Objective Developing an emerging technology
immersion center to better guide federal needs
and assessment determinations. - Establish a common assessment framework and
performance metrics for sharing
testing/implementation best practices so as to
speed up decision making process. - Define common metrics and measures for assessing
as-is or to-be IS systems. Augment current CA
activities that can inform decision making and
reduce risk. Identify industry resources that can
be leveraged. - Establish an Information Sharing Readiness
Assessment process that builds on Architecture
Assurance Method. - Desired Outcomes and Timelines Solution
Architecture Assessment Framework, Performance
Metrics, Federated Certification Program. An
assessment of the value/role of, emerging
technology and techniques for analysis of
unclassified, unstructured and widely distributed
data sources. - Key Stake Holders DISA, DNI OCIO, DHS IA, FBI
Sentinel PMO, Financial Services Technology
Consortium, Harvard School of E-Government, NIST,
Georgia Tech Research Institute - Other Participants Sheryl Nicely-DNI, Ron
Ross-NIST, Jim Simon/David Waldrop/Joe
Rosack-Microsoft,
13Outreach and Education Committee Kim
Nelson-Microsoft, Alan Balutis-Input
- Objective Communication with multiple OCIs. Pull
together existing capabilities. - Desired Outcomes and Timelines Bring together
Healthcare, Justice, HS, PM ISE, - Key Stake Holders DHS OIA, AF XI, NRO, DNI
OCIO, Navy, DOJ/FBI, IBM Tivoli, Oberon, - Other Participants
14Concept of Operations
- Funding Membership based
- Applications
- Government grants/contracts
- Solution Audits and Certification
15Institute for Information Sharing Charter
Highlights
- Institute for Information Sharing a 501C6
public/private partnership that builds on ICHs
proven organizational structure processes to
identify, model and leverage a wide range of
industry expertise related to cross-sector
information sharing, information protection and
related public safety needs - Identify, model and validate existing
implementation best practices and lessons
learned. - Enable Sound Decision Making via Evidenced Based
Research (architecture assurance method) - Establish standard terms, standards of practices
that enables common building blocks - Capture IS Operational Scenarios Challenge of
connecting with private industry in a structured
way when dealing with CIP owners. Need
information models for sharing sensitive but
unclassified information. Looking for a phased
approach by which stake holders migrate their
respective systems. - Integrated Product Teams Working Groups The
IIS will periodically report on findings of its
domain specific Sub-Committees and Solution
Architecture Working Groups, and provide a formal
process for identifying, modeling and vetting
industry best practices and lessons learned
associated with emerging technical issues. - Education and Outreach Industry input will be
compiled via focused surveys and working groups
that are staffed by those with related/proven
expertise (non-sales). Summary findings will be
fully vetted and presented at various Domain
Working Groups, SecurE-Biz Forums, and Town Hall
meeting on an as needed basis. - Knowledge Exchange In addition, the IIS through
is Working Groups will publish issues papers and
Best Practices studies on an ongoing basis and
will partner with trade journals, homeland
security journals and other forums to ensure the
widest discussion and distribution of its
findings and recommendations. - Estimated Number and Frequency of Committee
Meetings. The IIS meets bi-monthly, while its
Integrated Product Teams, working groups and
sub-committees meet more frequently to achieve
timely outcomes
16Concept of Operation for a true honest
brokerBuilding on 7 years of progressive IRD
- Organized as a public/private partnership,
501C(6), recognizing the both govt and industry
need to engage and share the burden of success.
Jointly funded via membership fees, grants,
contributions in kind and service fees to cover
cost and reimbursements. - Leverage proven business models Council for
Excellence in Government, Financial Services
Technology Consortia, Open Geospatial Consortia. - Open and inclusive structure that will maximize
re-use of existing best practices, testing and
implementation experiences and experts from all
market sectors, not just Govt. - Funding sources would include subscription
service structure based on organizational size/IT
expense to accommodate all organization sizes.
Tap into existing pool of knowledge, best
practices, partner network, redlining of
documents, mentoring. Contract mechanism for a
PPP include grants, sole source, OTA (Other
Transaction Authority), ICH GSA MOBI/GSA Schedule
70 - Employ proven mechanisms for mitigating conflict
of interests and/or bias. All data submitted
must be 100 evidenced sourced. No subjective
analysis. No recommendations. Evidence should
speak for itself. - Solution Domain Working Groups enable govt and
industry to cooperate in developing standardized
nomenclature and metrics for mapping common
business needs with component services
requirements based on implementation best
practices.
17IIS Building Blocks and Products reduces time,
cost, and risk of architecture and acquisition
processes
- Real-time COTS Self Assessment Framework, where
Government, Industry, Academia and Solution
Providers can define realm of the possible and
help assure the requirements and architecture
processes. - Federated COTS Certification Coop that leverages
the existing testing/integration labs within
multiple information sharing domains finance,
manufacturing, IT/Telcom solution providers, and
government. - Real World Performance Metrics and SLAs captured
from practitioners who together capture
interoperability, scalability, security and
business fit requirements required for
Performance Based Contract, at a fraction of the
current cost and time. - Actionable Solution Architectures that define
Multi-vendor COTS Solution Sets. ICH evidenced
based validation captures product specific
heuristics from customer successes. - Best Practices CxO Exchange expanded Secure
E-Biz CxO Summit and Solution Architecture
Working Group (SAWG) to bring together Chief
Executive Officers (CxOs) from Govt, Industry and
Academia. - Risk Conflict Mitigation Methods for those who
are seeking to inform the IT planning,
architecture and acquisition processes. OMB A119
encouraged.
18Emerging Public/Private Partners accomplishing
together what none can alone
- Federal Agencies
- State/Local Agencies
- Non-profit Industry Groups
- Academia
- Solution Providers
- Commercial Leaders
Harvard Kennedy School Binghamton University
19ICH provides a unique process and a collaborative
structureProviding our leaders access to the
collective expertise of many COIs
20Leveraging ICH Funding Structureestimated 1st
year launch cost 1.5M
- ICH Engagement Options
- Government Membership 25-60k depending on
annual IT Budget. On GSA - Corporate Membership 25-60k depending on Group
revenue, level of service sought. - Small Business 10-25k depending on size.
- Affiliate Member (Non-Profits/Academia) 5k
- GSA Schedule 70 FFP Solution Architecture
Engagements 100k, 150k, 250k, 500k.
Economies of scale significantly reduce cost and
time. - Fee for Service Past Performance Certification,
Solution Architecture Audit, Mentoring, Outreach.
A force multiplier that taps into the collective
expertise from many partners/members. (based on
daily rate of 1,870./day GSA rate) - SecurE-Biz Sponsorship Options 5-20k/event
21Closing Remarks
- Confirmed Public/Private partners over 50
govt/industry groups - Industry Options Membership, Fee for Service,
Contributions in kind - Govt Options Membership, Fee for Service (GSA),
Grants - Standing up of Separate Working Groups Meeting
schedule determined by IPT leads. Meeting hosting
needed. - Next General Meeting Late July, early August
Govt host needed (DHS or JFCOM) - Secure E-Biz Summit and Awards Program TBD