500 Day Plan The NOAA IT Way Ahead

1
500 Day PlanThe NOAA IT Way Ahead

• CIO Council
• April 3, 2007

2
Purpose

• Update on progress since the NOAA IT Offsite
• Show connection between the OCIO Value
  Proposition and the 500 Day Plan
• Share a draft of the NOAA IT 500 Day Plan goals
  and objectives

3
Progress since the NOAA IT Offsite

• Agreement on the expected value of the OCIO
• The NOAA OCIO Value Proposition is directly
  linked to the 500 Day Plan
• Working towards Reducing Burden
• Data Calls--Rob Swisher established as focal
  point for all data calls
• Begging for more Funds--exploring creative
  ideas
• Administrative Systemsexploring partnership with
  DOC Acq, and at DOC CIO Offsite
• IT Security (a hallmark of the 500 Day Plan)
• Making progress everyday
• Built integrated CA schedule
• Completed OMB Watch List CAs
• Built FIPS 140-2 laptop encryption plans
• Goal 1 in 500 Day Plan
• Governance
• Formulating a selection process to endorse
  prioritized candidates for governance

4
NOAA OCIO Value Proposition

• Provide enterprise services
• Drive architecture and guide common
  infrastructure
• Maintain a skilled and competent workforce
• Provide secure infrastructure services
• Ensure IT Security across all of NOAA
• Make One NOAA a reality for corporate IT
• Provide IT policy and guidance
• Oversee IT governance processes
• Enforce SLAs
• Create economies of scale with common
• acquisition vehicles and enterprise licensing
• Maintain Executive Staff IT support
• Review and coordinate IT investments
• Provide NOAA IT Top Cover

500 Day Goals
Enhanced NOAA-wide Focus
Foundational Value To Be The Credible Champion
and Advocate of IT
5

• Disaster Resilience
• Reliable watch warnings
• Able to adjust IT services within minutes

IT Security
6
Goal 1 Protect and defend NOAAs IT systems
and information

• Establish an Information Assurance (IA) plan
• Promote IA efforts within the IT architecture
• Develop protection criteria for safeguarding
  information from internal and external threats
• Use biometrics and identification management
• Assess IT security threats by engaging with
  intelligence community

Build IT Security Strategy

• Quarterly report to the CIO Council from NCIRT
  and Security Committee
• Real Situational Awareness to NOAA Leadership (IA
  posture statement)
• Integrate IA posture with enterprise-wide
  decision making

7
Goal 2 Maintain continuous IT services and
information before, during, and after natural or
man-made disasters

• Upgrade and validate NOAA IT role in NOAA
  Continuity of Operations Plan93.1 of NOAA
  employees need IT
• Investigate automatic failover for mission
  essential IT infrastructure--NCIRT, MOC, NOC,
  WOC, ITC, etc
• Explore NOAA IT on wheels response plan for
  disaster situations

Forecast and mitigate effects of surge usage or
unplanned outages

• Determine/forecast possible surge scenarios for
  NOAA information products
• Run quarterly exercises (table-top or
  simulation) to demonstrate and evaluate ability
  to handle surge and/or disaster effects

• Fully identify mission essential functions
  supported by NOAA and required for Continuity of
  Operations and performance under the National
  Response Plan
• Inventory NOAAs critical infrastructure that
  supports mission essential functions, and catalog
  existing mirrored services, locations, and points
  of contact
• Establish plans for redundant or mirrored
  services where gaps occur

Fix single points of failure in IT critical
infrastructure
8
Goal 3 Develop the IT knowledge and skills
needed to support NOAAs mission

• Develop Workforce Investment Plan
• Establish critical competencies required for NOAA
  IT
• Identify workforce implications of FY10
  Modernization Plan
• Build Recognition Programs around IT values and
  goals and NOAA mission
• Apply for nationally recognized IT award honors
• Pay for Performance

Define a human capital strategy

• Focusing on building external and non-government
  partnerships to create feeder pools of IT talent
• Maintain a steady inflow of qualified IT
  applicants at all levels
• Leverage current NOAA Recruitment monetary
  incentives to attract the right talent with the
  right skills and knowledge
• Offer entry salaries according to critical IT job
  skills at competitive market rates
• Leverage other federal recruiting resources

Foster creative recruiting

• Establish baseline certifications across the NOAA
  enterprise
• Provide foundational IT education and training
• Train workforce to deliver critical competencies
• Select and support appropriate vendor/industry
  certifications for the NOAA IT workforce

Institute a disciplined IT skills development
program
9
Goal 4 Scale NOAAs IT infrastructure to keep
pace with observing capabilities

• Establish governance model clear business
  processes for archiving serving information to
  the public

Establish Archiving and Dissemination Standards

• Expand observing system architecture to encompass
  communications, processing, information
  management systems, archival
• Enable impact analyses by documenting the
  end-to-end value chain of applications that will
  receive, process or archive data from new
  observing platforms
• Synchronize architecture transition plans with
  the schedule of new observing capabilities

Extend Architecture

• Integrate architecture planning with PPBES
• Perform impact and gap analyses of Program
  Operating Plan (POP) alternatives against the
  baselined Enterprise Architecture

Ensure Programmatic Integration
Increase Computing Systems Capability
10
Goal 5 Maximize efficient and effective
enterprise-wide solutions across NOAA

• Build an enterprise architecture and develop a
  governance process that spans across all NOAA
  platforms and systems
• Establish and operate a NOAA IT Program
  Management Office
• Develop plan for NOAA-wide portfolio/project
  management capability

Develop an enterprise-wide strategy

• Develop IT Standards for mobile support of
  executive team
• Coordinate and manage IT administration and
  regulation
• Develop Service Level Agreements for
  enterprise-wide solutions

Develop standards for quality of service

• Develop plan and begin implementation of OneNOAA
  Web Presence (i.e., enterprise-level web
  management)
• Continue development and implementation of
  NOAAnet single enterprise network
• Provide Enterprise Network Operations Support
  Services
• Provide New Telephone System for NOAA Silver
  Spring Metro Center (SSMC) Campus
• Develop plans and begin consolidating NOAA IT
  Service Centers
• Implement a collaboration software solution
• Consolidate Commerce Business System (CBS)
• Implement Management Accounting Reporting System
  (MARS) and End-to-End Resource Management System
  (E2E)

Manage the infrastructure as an enterprise
11
Mapping of goals to functions
12
CIO and D/HPCC Executive Staff Budget and
Administration
High Performance Computing and Communications
Office
Homeland Security Program Office

• Risk Management and Incident Response

Information Assurance Office

• Lead NOAAs Principal IT Research
• Manage RD HPCC
• Explore Advanced Networking and Information
  Technology

• Cyber Security and Compliance Management

Operate
IT Operations and Support Office

• NOAA Executive and Staff Office Support
• Corporate Business Apps
• Network, Mail, Web and Phone Services

13
Next Steps

• Solicit feedback from CIO Council
• Continue to refine the objectives and initiatives
• Brief Jack Kelly (Apr 25)
• Brief NEP (Jun 28)

14
BACKUPS
15
NOAA OCIO Value Proposition(DRAFT)

• Establish and maintain credibility (foundational)
• Promote One NOAA
• Provider of secure infrastructure services
• Honest broker across programs (SLAs for example)
• Advocate in the PPBES process for NOAA IT
• Provide cross-LO and cross-goal coordination
• Provide architectural guidance to implementers
  regarding common infrastructure (including SOA
  guidance)
• Enforce SLAs
• Driving increased simplicity (architecture and
  operations)
• Create economies of scale (common acq vehicles,
  enterprise licensing)
• Champion for IT at the executive table and joint
  advocacy
• Advance the importance of Info mngt to advance
  the mission of NOAA
• NOAAs mission performance cannot be improved
  faster than you can improve IT
• Executive support taking care of the executive
  staff
• Policy and guidance
• Security across all of NOAA
• Investment review and coordination
• Enterprise services (admin, operations,
  messaging, e-mail)
• Maintain a skilled and competent workforce

16
500 Day OutlookRisks to NOAA Mission

• IT systems are continually attacked and the
  threat is rapidly increasing
• IT system operations and successful recovery are
  at risk in the event of natural or man-made
  disasters
• IT services will deteriorate without a highly
  skilled and qualified IT workforce
• Data volume will continue to grow exponentially
  due to next generation observing systems
• Fragmented IT systems cannot support cross-NOAA
  priorities (e.g., regionalization, IOOS)

NOAA IT Should Enable the NOAA Mission
17
Risk IT SecurityAttacks and Threats Continue

• March 05, 2007 A section of the NOAA Website
  was hacked and packed with several pages
  promoting a muscle relaxant. Source Dark
  Reading website

18
Risk Business ContinuitySingle Points of Failure
High
Pandemic Flu stay at home plan overtaxes NOAA
remote access capacity
Hurricane directly hits the DC metro area
NOAAs Silver Spring campus only internet
connection goes down
Applications
Silver Spring power outage with no generator
backup
Potential Impact on NOAA SSMC Ops
IT Infrastructure
Facilities
Low
Low
High
Likelihood
19
Risk IT Workforceis Aging
Federal IT Workforce
24 Younger than 40 years old
33 Over 50 years old
43 Between 40 and 50 years old
NOAA OCIO Workforce
14.4 Younger than 40 years old
59.3 Over 50 years old
26.3 Between 40 and 50 years old
Sources NOAA Human Resources Data
System Information Technology (IT) Workforce
Capability Assessment Survey (2004), CIO
Council Computer World 2006 Salary Survey
Source
20
Risk Data VolumeData growing exponentially

• Over the next 15 years, data that are archived
  will grow to more than 140 PetaBytes

Geospatial satellites will increase by 10,000
times the volume of data that needs to be
processed
21
Risk Fragmented IT systemsIndependent services
do not benefit One NOAA

• Independent services
• Webservers 129 (including web clusters)
• Phone systems 60 (SSMC)
• Storage 35 RAID arrays
• Email 19 different mail servers
• Help Desk 18 help desks (in DC)
• Networks 7 major backbones
• Collaboration tools 5 (no standard)
• Server Farms ____

22
NOAA IT Assessment and Accomplishments
100 Day Accomplishments
30 Day Assessment

• Built integrated CA schedule
• Completed OMB Watch List CAs
• Built FIPS 140-2 laptop encryption plans

IT security fragmented and lacks enterprise-wide
controls, standards and tools

• Co-defined the OCIO Value Proposition with the
  LO CIOs

OCIO role and authority not exercised in NOAA
Need to Validate
One NOAA IT progress limited

• Consensus among CIOs to replace phone systems
• Defined IT Facility Standards

NOAA IT has not evolved with industry best
practices

• Built a 500 day plan to address IT areas
  including instituting best practices and building
  IT talent

Lack of focus on attracting, retaining and
growing IT talent