FY09 Program Plan for Program Support Sub-Goal

1
FY09 Program Plan for Program Support Sub-Goal

• IT Services Program (MS-ITS) Update Slides
• Dennis Morgan

To meet the Sub-Goal Team Leads deadline of COB,
10/26/06, this input has not been reviewed by the
NOAA CIO.
10/26/2006
2
Program Plan DetailsEnd State
Desired End State FY 09 FY 13
IT Security Enterprise-level hardware software in place Establishment of additional Computer Incident Response Teams underway Fully equipped to formulate and enforce IT security policy and respond to IT security incidents v
IT Modernization Initiative Infrastructure, web, electronic mail upgrades Continued network migration Hardened Silver Spring Metro Center (SSMC) backbone and NOAAnet Single Enterprise Network that produces a 99.99 uptime network v
NOAAnet Single Enterprise Network 24x7 Network Operations Center Major campuses established NWS NMFS wide area networks integrated Modern, flexible, and manageable network infrastructure that accommodates up-to-date security practices and dissemination tools v
NOAA Enterprise Management Information System (NEMIS) Analysis completed Databases, architecture, dashboard instruments developed Enhanced, fully-functional system for decision-making Operations, maintenance, and continued development v
OneNOAA Web Presence Design approved migration underway Improved access to NOAA products services Operations, maintenance, and continued development v
Ability to Achieve from FY09 to FY13
3
Centralized Certification Accreditation (CA)
ServicesAbove Core
PROGRAM ADJUSTMENT FUNDING

• GOAL Mission Support
• PROGRAM Information Technology Services
• CAPABILITY IT Security
• REQUIREMENT Centralized Certification
  Accreditation (CA) Services
• DESCRIPTION OF ADJUSTMENT Implement centralized
  CA team to ensure consistency in the review of
  CA packages, complete certification, and provide
  controls testing for each system prior to
  submission to Commerce
• PERFORMANCE MEASURES IT Security Incidents

BENEFITS AND RISKS

• If program adjustment is made
• Compliance with Federal Information Security
  Management Act (FISMA) and Commerce IT Security
  Policy
• Maintain 100 of NOAA IT systems that have a
  current CA
• If program adjustment is not made
• Out of compliance with July 12, 2006 OMB memo
  M-06-19 from Karen Evans (Ofc of E-Gov IT) that
  requires agencies to meet existing security
  requirements (e.g., correct security weaknesses
  in stead-state investments) before new funds are
  spent on system development, modernization, or
  enhancement
• Restrict public access to hazardous weather
  warnings and hurricane tracking information
  during peak demand periods when capability of
  enterprise security systems is exceeded
• Retain IT Security material weakness (DOC OIG)
• Delay implementation of IT Security Architecture
  by 2 to 3 years

ACTIVITIES, SCHEDULE MILESTONES

• Standardize CA process throughout NOAA Oct
  2007
• Capability of providing a suite of CA
  services Oct 2007
• Automate CA process Oct 2008
• Provide CA dashboard capability Mar 2009

4
Elimination of Single Points of Failure (SSMC
Network Infrastructure Public Web Services)
Above Core
PROGRAM ADJUSTMENT FUNDING

• GOAL Mission Support
• PROGRAM Information Technology Services
• CAPABILITY Enterprise Network Operations
• REQUIREMENT Elimination of Single Points of
  Failure in Silver Spring Metro Center (SSMC)
  Network Infrastructure and Public Web Services
  (PWS)
• DESCRIPTION OF ADJUSTMENT Implement
  fully-redundant SSMC network backbone with
  built-in failover, and mirrored web clusters at 7
  U.S. locations
• PERFORMANCE MEASURES Network and Application
  Services Availability

BENEFITS AND RISKS

• If program adjustment is not made
• NOAA data products (provided via SSMC and/or
  other locations) will become unavailable during a
  power failure or when construction/utility
  equipment (e.g., backhoe) severs the SSMC
  internet connection. For example, Hurricane Xs
  tracking data would not be available to the
  public during the time of need.
• Customers and the general public will become
  displeased with the data unavailability, which in
  turn becomes front-page, above-the-fold news in
  the Washington Post for weeks. Can NOAA afford
  the bad press and management of the resulting
  triage?
• Lack of or reduced Internet service will impact
  NOAAs ability to deliver its data products to
  all customers and the general public. This
  includes, but is not limited to, Life and
  Property data made available to the public via
  the Internet. Reduction of key services will
  impact NOAAs ability to deliver data products
  resulting in the inability for programs to meet
  their GPRA or corporate performance targets.
• IT security risks will increase on all NOAA
  systems, including networks.
• Dependency Public Web Services within the
  Weather Water Goal (via the Web Consolidation
  Initiative in NWS)

ACTIVITIES, SCHEDULE MILESTONES

• Complete implementation of a 10 Gigabit Ethernet
  SSMC backbone 10 Gigabit Ethernet Wash DC
  metropolitan area network (MAN) 2011
• Complete hardening of the SSMC backbone in order
  to produce a 99.99 uptime network 2013

5
Elimination of Single Points of
Failure(Electronic Mail Services) Above Core
PROGRAM ADJUSTMENT FUNDING

• GOAL Mission Support
• PROGRAM Information Technology Services
• CAPABILITY Enterprise Network Operations
• REQUIREMENT Elimination of Single Points of
  Failure in Electronic Mail Services (including
  migration to Commerce-wide common email system)
• DESCRIPTION OF ADJUSTMENT Implement common email
  infrastructure that includes redundancy with
  built-in failover
• PERFORMANCE MEASURES Network and Application
  Services Availability

BENEFITS AND RISKS

• If program adjustment is not made
• NOAA messaging operations (a primary
  communication mechanism throughout the
  enterprise) will become unavailable during a
  power failure or when construction/utility
  equipment (e.g., backhoe) disrupts the email
  service connection.
• Reduce the plans for email system redundancy and
  provide replication of email only for priority
  users.
• DOC will continue to lack a common electronic
  mail system across all its agencies/bureaus.
• Dependencies
• Migration planning has been underway since
  January 2006, when DOC alerted NOAA to begin
  projecting costs for the transition to a
  Commerce-wide common email system.
• DOC has not provided clear FY09 Budget guidance
  with respect to the migration to a Commerce-wide
  common email system.
• NOAA currently operates and maintains a
  distributed email system with multiple single
  points of failure, and utilizes the Thunderbird
  email application for more than 19,000 users, but
  will need funding to support Commerces move to a
  common platform without single points of failure.
  
• On 9/21/06, as part of its Electronic Mail Study,
  DOC initiated a mandatory data call on e-mail
  costs for all bureaus purpose to obtain costs
  of email at each Operating Unit use of data
  analysis to support the business case. NOAA
  submitted data on 9/26/06.

ACTIVITIES, SCHEDULE MILESTONES

• Complete phase 2 of the consolidated electronic
  mail system, including complete redundancy and
  replication of data for all users 2010

6
Transfer of LO CIO Operating Funds
PROGRAM ADJUSTMENT FUNDING

• GOAL Mission Support
• PROGRAM Information Technology Services
• CAPABILITIES IT Security, Enterprise Network
  Operations, Enterprise Architecture, IT Support
  for Administrative Systems, IT Administration and
  Regulation
• REQUIREMENT Transfer of Line Office (LO) CIO
  Operating Budgets from LO Headquarters Program to
  IT Services Program
• DESCRIPTION OF ADJUSTMENT Transfer of funding
  will allow the IT Services Program to improve
  performance through the IT Administration and
  Regulation, IT Security, Enterprise Network
  Operations, Enterprise Architecture, and IT
  Support for Administrative Systems capabilities.
• PERFORMANCE MEASURES IT Security Incidents
  Network and Application Services Availability,
  Capability Maturity Model Score

ACTIVITIES, SCHEDULE MILESTONES

• Provide CA dashboard capability 2009
• NEMIS data storage acquisition, product
  inventories, analysis, Suite 2 dashboard
  instruments 2009
• Complete phase 2 of the consolidated electronic
  mail system, including complete redundancy and
  replication of data for all users 2010
• Complete hardening of the SSMC backbone and
  NOAAnet in order to produce a 99.99 uptime
  network 2013

BENEFITS AND RISKS

• If program adjustment is made Provide
  centralized administration and management of IT
  Services across NOAA

7
Full Funding of MS-ITS Federal FTEAbove Core
PROGRAM ADJUSTMENT FUNDING

• GOAL Mission Support
• PROGRAM Information Technology Services
• CAPABILITIES IT Security, Enterprise Network
  Operations, Enterprise Architecture, IT Support
  for Administrative Systems, IT Administration and
  Regulation
• REQUIREMENT Full Funding of Federal FTE
• DESCRIPTION OF ADJUSTMENT Provide adequate
  funding to support salaries and benefits for 107
  federal FTE in the IT Services Program
• PERFORMANCE MEASURES IT Security Incidents,
  Network and Application Services Availability,
  Capability Maturity Model Score

ACTIVITIES, SCHEDULE MILESTONES

• 107 Fully-Funded Federal FTE Oct 2008 Sep 2013

BENEFITS AND RISKS

• If program adjustment is made IT Services
  Program will be better positioned to accomplish
  its mission, and provided adequate support to the
  NOAA Mission Goals
• If program adjustment is not made
• More overtime
• Slots will remain vacant as federal employees
  retire or move on to other career opportunities
• Extend timelines and scale back functional
  requirements for current projects

8
Technology Refresh Desktop ManagementAbove
Core
PROGRAM ADJUSTMENT FUNDING

• GOAL Mission Support
• PROGRAM Information Technology Services
• CAPABILITIES IT Security, Enterprise Network
  Operations, Enterprise Architecture, IT Support
  for Administrative Systems, IT Administration and
  Regulation
• REQUIREMENT Technology Refresh Desktop
  Management
• DESCRIPTION OF ADJUSTMENT Technology Refresh
  Desktop Management for NOAA Computer Incident
  Response Team, Information Technology Center,
  Network Operations Center, Web Operations Center,
  Messaging Operations Center, OS LAN / Systems
  Support, and OCIO
• PERFORMANCE MEASURES IT Security Incidents,
  Network and Application Services Availability,
  Capability Maturity Model Score

ACTIVITIES, SCHEDULE MILESTONES

• Technology Refresh Oct 2008 Sep 2013
• Desktop Management Oct 2008 Sep 2013

BENEFITS AND RISKS

• If program adjustment is made Meet recommended
  system lifecycle refresh requirements
• If program adjustment is not made
• Extend system lifecycle refresh period from 3
  years to 5 years
• Extend timelines and scale back functional
  requirements for current projects

9
OneNOAA Web PresenceAbove Core
PROGRAM ADJUSTMENT FUNDING

• GOAL Mission Support
• PROGRAM Information Technology Services
• CAPABILITY Enterprise Architecture
• REQUIREMENT OneNOAA Web Presence
• DESCRIPTION OF ADJUSTMENT Implement
  enterprise-level web management
• PERFORMANCE MEASURES Capability Maturity Model
  Score

BENEFITS AND RISKS
ACTIVITIES, SCHEDULE MILESTONES

• If program adjustment is made
• Improve access to NOAA products and services
• Meet stakeholder needs
• Achieve NOAA-level web management for internet
  and intranet
• Integrate web communications to NOAA business
  process
• Create functional content and technical web
  architectures with single-point access to NOAAs
  vast web offerings
• Secure funding for long-term support and
  maintenance of the NOAA Web presence
• If program adjustment is not made
• Recommendations from post-Isabel and post-Katrina
  service assessments will remain unaddressed
• Continuation of disjointed operation of NOAA web
  holdings
• Potentially conflicting information posted to web

• FY2009-13
• Implement Plan to Consolidate and Organize NOAAs
  Web Assets
• Evaluate NOAA-wide search capability
• Conduct ongoing information asset inventory and
  evaluate against baseline
• Reorganize NOAA Web offerings in thematic
  approach, independent of organizational structure
• Coordinate with other Federal agencies to ensure
  customer-centric coordination and presentation of
  information
• Begin migration to MyNOAA concept
• Create unified portal providing seamless access
  to NOAA internal and external information
• Create role-based security model to ensure
  integrity to sensitive information assets
• Provide localized and personalized information to
  Web customers
• Begin implementation of Web Server Consolidation

10
NOAAnet Single Enterprise Network Above Core
PROGRAM ADJUSTMENT FUNDING

• GOAL Mission Support
• PROGRAM Information Technology Services
• CAPABILITY Enterprise Network Operations
• REQUIREMENT NOAAnet Single Enterprise Network
• DESCRIPTION OF ADJUSTMENT Implement common NOAA
  communications Infrastructure and consolidate 9
  legacy networks
• PERFORMANCE MEASURES Network and Application
  Services Availability

BENEFITS AND RISKS

• If program adjustment is made
• 30M cost avoidance over first 7 years network
  transport only cost avoidance will be applied to
  enhancements
• Meets NOAAs requirements and supports NOAAs
  mission performance
• Centrally-managed NOAA network (24x7 operations
  center)
• Reuse and share common services (i.e., email,
  videoconferencing, administrative desktop
  applications, corporate programmatic
  operations, intranet)
• Common Security Infrastructure supports single
  CA and provides secure environments (i.e.,
  communities of interest) for user communities
• If program adjustment is not made
• Legacy networks approaching end-of-life more
  expensive to sustain
• Uncoordinated redundancy at shared locations
  increases costs
• Loss of connectivity at a hub location disables
  connectivity at dependent remote locations
• Complete COOP failover is difficult or impossible
  when backup sites rely on dedicated or separate
  networks
• Dependencies
• Implementation requires the redistribution of
  financial resources from other Goals/Programs
• Intrusion Detection System (IDS) to be provided
  by NOAA Computer Incident Response Team (N-CIRT)

ACTIVITIES, SCHEDULE MILESTONES

• Complete the transition of all NOAA Line Office
  Wide Area Networks (WANs) to the NOAAnet Single
  Enterprise Network 2009
• Provide multiple transparent external connections
  throughout the nation, by maintaining up to 4 ISP
  large scale connections 2011
• Complete the hardening of NOAAnet in order to
  produce a 99.99 uptime network 2013