EA, Act 2

EA, Act 2<@VM>Red light, green light

FEMA's chief architect Bobby Jones, left, and CIO Barry West say EA development kicked into high gear late last year.

Henrik G. de Gyor

After a quick start, directorates prepare for the nitty gritty of IT consolidation and integration

Many agencies that implement an enterprise architecture don't see the benefits of it for many years. But the Homeland Security Department doesn't have the luxury of waiting.

By merging 22 agencies that brought together more than 8,000 applications and more than 300 major systems, DHS officials were expected to become a cohesive unit almost overnight and to defend the country against terrorism. That meant integrating systems to share information, developing new applications to track visitors and cargo, and performing the day-to-day administrative tasks of supporting 180,000 employees.

After only nine months of having a modernization blueprint in place, evidence of a 'one DHS' is emerging, DHS officials and private-sector experts said.

The department is still having trouble integrating some of its systems and databases under its EA, but overall its directorates are reaping the benefits of the architecture. These include better IT decision-making, easier consolidation and integration of systems, and an improved ability to meet their mission goals, CIOs of agencies within the department have said.

'When I got here in November, there was not a lot of interaction between DHS' overall EA and our EA,' said Barry West, CIO of the Emergency Preparedness and Response Directorate, formerly the Federal Emergency Management Agency. 'But by January, things really kicked into high gear.'

During that period, DHS CIO Steve Cooper instructed agencies to assign subject matter experts in six business areas: alerts and warnings, identification and credentialing, intelligence information, infrastructure protection, collaboration, and threat identification and management.

Teams identified goals that the directorates shared and the systems that supported those goals. West said the creation of these groups helped the EA 'take off.'

'This is not an IT initiative, but a business initiative, where the CIO is supporting and participating in it,' Cooper said. 'Almost all of these areas have more than 13 applications that could be consolidated and integrated.'

Cooper's office formed an enterprise architecture review board made up of directorate CIOs, and an EA Center of Excellence made up of enterprise architects from the directorates. Both boards make sure investments meet the standards established in the agencywide enterprise architecture, said Bobby Jones, FEMA's chief architect.

'All investments going through the fiscal 2006 budget process will have to demonstrate that [they are] achieving the goals of our transition strategy and that it is aligned to the technology standards identified in the EA,' Cooper said recently before the House Select Homeland Security Subcommittee on Cybersecurity, Science, and Research and Development.

Blueprint

DHS released EA Version 1.0 last September after only four months of work. Experts and DHS officials agreed that it was a high-level blueprint laying out the target IT infrastructure. Cooper said Version 2.0 is expected this fall and will provide more details and a transition strategy from the current state to the target architecture.

'They are using the EA as a part of their strategy to make technology decisions that support their mission,' said Scott Bittler, vice president in the enterprise planning and architecture department of the Meta Group Inc. of Stamford, Conn., an IT consulting firm. 'Many public- and private-sector companies are not using it that way. [DHS] should be commended because they have made good progress in one year.'

The review board's impact is evident in the short six months since it was created, DHS officials said.

FEMA, for instance, used the EA board and Center of Excellence to review its flood map modernization project. The initiative updates the flood maps and processes of storing, searching and creating the maps electronically, West said.

Before sending the business case to the board, FEMA officials conducted an in-house review in which officials answered questions about their projects to make sure their business goals and IT matched the EA.

Jones said FEMA IT workers had to make sure the components matched the Service Component Reference Model of the DHS architecture and that the system generated no superfluous data.
West said all of FEMA's IT business cases will go through this process, starting this summer for the 2006 budget submission.

'The board is moving the EA from just a plan to a usable blueprint,' said Amy Wheelock, director for DHS' EA program. 'The board is overseeing how the directorates are spending money and helping with our progress in consolidation and integration.'

Charlie Armstrong, CIO for Customs and Border Protection, said his office has used DHS EA as a guide for several project decisions.

'It has helped us understand across the department who is using what, what technologies they are using and what information is available,' he said.

Customs officials used the EA to determine that using middleware would let them share law enforcement information with the Information Analysis and Infrastructure Protection Directorate more easily. IT officials purchased MQSeries software from IBM Corp. to ease communications between the agencies' systems, said Luke McCormack, Customs' director of infrastructure service.

Customs also used the EA to determine that it should use Microsoft Outlook for e-mail. The bureau has stopped an implementation of Lotus Notes and will switch to Outlook, Armstrong said.
'All our e-mail systems are interconnected, but to consolidate and optimize for efficiency purposes, we need to go to one mail system,' McCormack said. 'It is a matter of aligning with the technical reference model.'

Bigger project

There have been other successes using the EA as well. Wheelock said information the EA provided led officials to develop a common law enforcement environment instead of using many individual systems.

'The EA board forced the bigger project to come through,' she said. 'We need to develop a procurement strategy, but we made the decision to go with one common environment.'

But the EA has not produced only successes. For instance, DHS still is struggling to merge terrorist watch lists. Rep. Jim Turner (D-Texas), ranking member of the House Select Committee on Homeland Security, said earlier this year that fewer than 20 percent of terrorist records'from only a few of the government's 12 watch lists'have been integrated into the FBI's Terrorist Screening Center's test system. FBI director Robert Mueller III recently said the watch lists would be merged by the end of summer.

DHS also has had trouble integrating databases to share information more easily. The General Accounting Office reported last September that information about threats, methods and techniques of terrorists is not routinely shared; and the information that is shared is not timely, accurate or relevant.

Bob Dix, staff director for the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, said DHS has made some technical miscalculations along the way, but these mistakes are expected in such an enormous undertaking.

'There are gaps and there will continue to be gaps, but subcommittee chairman Rep. Adam Putnam [R-Fla.] believes this is a meaningful process,' Dix said. 'The fact that Version 1.0 of the EA came out in roughly 120 days was a remarkable achievement, and it provided them with a blueprint in order to come up with an investment strategy.'

Dix said DHS is making progress, albeit slowly, and seems to have the technical and business process teams in place to make decisions.

'They are progressing in a more collaborative manner than some agencies with less of a challenge,' Dix said. The subcommittee is awaiting the latest GAO report on DHS' architecture and may hold a hearing later this summer or in early fall. 'There is a significant commitment there to get this done right,' he said.

Dix is not alone in praising the progress DHS has made in such a short time.

GAO examiners rated the architecture to be in Stage 3 of its maturity framework. Of the 93 agencies GAO evaluated for its November 2003 report, 76 were in Stage 1.

By Stage 3, agencies are developing architecture products based on the plans created in Stage 2, tracking and measuring progress against plans, and addressing issues that come up.

'They have escaped some of the challenges that other agencies have and have done many of the right things, such as creating a governance structure so the architecture is used by the business people,' said John Weiler, executive director and chief technology officer for the nonprofit Interoperability Clearinghouse of Alexandria, Va.

Weiler said DHS must make sure the next versions of the EA are not so complex that business units can't use them.

Another factor in DHS' success with Version 1.0 has been the quality of the legacy agency EAs, agency officials and experts said.

Even though the architectures of the merged agencies did not use the same definitions for data objects and had other inconsistencies, they did provide a basis to start from, Wheelock said.

Karl Kropp, director of Science Applications International Corp.'s Center for Enterprise Architecture, the lead contractor on the development of the EA, said architects mined the blueprints of each agency to develop the departmentwide plan.

'Each legacy EA contributed greatly to Version 1.0, specifically in terms of the business activities performed, data managed, applications used or being developed, and technology used,' Kropp said. 'Each of these areas were integrated into overarching models aligned with the Homeland Security mission.'

Legacies

GAO rated the legacy Customs EA in Stage 5, FEMA and Coast Guard in Stage 2 and Immigration and Naturalization Service in Stage 1.

Wheelock said the legacy EAs were helpful in identifying de facto standards for 30 technology components, such as desktop publishing, e-mail or security firewalls.

'We also went deeper into the EAs and pulled out the technical reference models and standard profiles,' she said.

Wheelock said Version 2.0, which is more than half done, should make an even bigger difference in how DHS directorates make IT and business decisions.

Cooper said Version 2.0 will augment information about transitional projects, reusable business components and technology patterns. The EA team also is working with some of the larger DHS projects, such as Customs' Automated Commercial Environment and the U.S. Visitor and Immigrant Status Indicator Technology system, to make sure they meet the EA standards.

Wheelock said her goal for Version 2.0 is to be comprehensive enough to use for the next five to seven years.

Amy Wheelock says the EA board has used this process for the Common Law Enforcement line of business and smaller projects.

Henrik G. de Gyor

DHS sets up process to evaluate IT projects

Under Version 1.0 of the Homeland Security Department enterprise architecture, officials divided about 300 systems into 15 categories such as those needed to prepare for, respond to and recover from incidents or to manage technology.

Officials plan to review the programs in each category to figure out which ones have overlapping functions in order to consolidate or discard duplicative or unnecessary systems. And under Version 2.0 of the EA, due out in the fall, officials will define service components, technology patterns, new products and standards.

Amy Wheelock, director of the department's architecture program, said the EA Board will go through a six-step process to consolidate systems along a line of business.

Step 1Gather data on all systems and their functions.

Step 2 Assess how applications align to the department or a directorate's business functions and how technologically up-to-date the application is.

Step 3Decide whether the system is aligned with the 'to be' architecture and the future capabilities the agency needs. If it is not aligned, or is built on older technology, the application will become a candidate for termination.

Step 4 Ensure the business functionality of a system slated for termination is picked up by a new application or by a system that is not being shut down, to avoid creating a gap in mission support.

Step 5Create and review a transition plan with business owners and technology experts.

Step 6Oversee the transition plan.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above