Appendix K
INFORMATION TECHNOLOGY MANAGEMENT GOALS
Subdivision E of the Clinger-Cohen Act of 1996 (formerly the Information Technology Management Reform Act (ITMRA) of 1996) establishes a new statutory scheme for information technology management and acquisition within the Executive branch. Section 5123 of ITMRA specifically requires each Executive agency to establish goals for improving the efficiency and effectiveness of agency operations through the use of information technology, and prepare an annual report, to be included in the agency’s budget submission to Congress, on the progress in achieving the goals.
This appendix is the first Section 5123 annual report of the Department of Defense. The report is organized in two parts. Part 1 is an overview of the four major information technology management (ITM) goals selected by the Department and the strategic planning process for pursuing the goals. Part 2 presents the progress DoD has made in achieving its ITM goals and key actions still required.
DOD INFORMATION TECHNOLOGY MANAGEMENT GOALS
Information has a central role in national defense. Joint Vision 2010 recognizes information superiority as the foundation for joint warfighting doctrine and concepts. Similarly, the Department’s corporate-level goals published in DoD’s Government Performance and Results Act Performance Plan for FY 1999 reveal a prominent strategic role for information. In view of the critical role information has in the successful accomplishment of the Department’s mission, DoD has established the goals described in Table K-1 to ensure the DoD information technology investments maintain a strategic business and mission focus. Detailed information on these goals and the strategies to achieve them is contained in the DoD ITM Strategic Plan.
|
Table K-1 DOD INFORMATION TECHNOLOGY GOALS |
|||||
|
Goal 1 - Become a mission partner: • Increase and promote information technology interaction with mission.• Serve mission information users as customers.• Facilitate process improvement.Goal 2 - Provide services that satisfy customer • Build architecture and performance infrastructure.• Modernize and integrate defense information infrastructure.• Upgrade technology base.• Improve information technology management tools. |
Goal 3 - Reform information technology management • Institutionalize ITMRA provisions.• Institute fundamental information technology management reform efforts.• Upgrade DoD information technology work force.Goal 4 - Ensure DoD’s vital information resources are • Build information assurance framework.• Build information assurance architecture and support services.• Improve acquisition processes and regulations.• Assess information assurance posture of DoD operational systems. |
||||
DOD INFORMATION TECHNOLOGY MANAGEMENT GOALS—ACCOMPLISHMENTS
The Department has made progress in achieving its ITM goals. As presented below, DoD has had significant success completing many of the objectives of Goals 1, 3, and 4. However, the Department has more to accomplish to attain Goal 2.
Goal 1
Goal 1 (Become a mission partner) grounds ITM in the national defense mission using the joint mission planning and analysis process as the basis for defining information service and performance requirements. Achievements in this area include:
•
DoD has designated a DoD Chief Information Officer (CIO) and identified CIOs for all of the DoD components, established a DoD CIO Council, published the first technology management strategic plan and supporting DoD component plans, and established ITMRA compliance requirements for information technology acquisition.•
The DoD CIO Council serves as an oversight body to promote cooperation across an entire executive department. DoD created its CIO Council to ensure department-wide efforts conformed to ITMRA and that they are conducted in a collaborative fashion.•
DoD has successfully completed the pilot ITM Strategic Planning cycle, which was initiated by the publication of the DoD ITM Strategic Plan in March 1997. DoD components have used the DoD ITM Strategic Plan and planning process to help structure their CIO organizations and roles. When the DoD ITM Strategic Planning Workshop convened in August 1997, 17 component ITM strategic plans had been approved or were in final coordination, representing key ITM activities across functional areas and organizations. Components’ ITM strategic plans reflected a strong link to mission and defined comprehensive strategic planning and information technology investment processes. Linkage to other implementation plans, joint projects and programs, and performance indicators require additional work. Components’ strategic plan proposals and concepts are now being used to update the DoD ITM Strategic Plan, making it a more effective tool for managing the Department’s information technology resources.•
On July 25, 1997, the acting DoD CIO approved the Information Technology Investment Management Insight Policy for Acquisition. This policy simplifies and streamlines the way that DoD components inform the DoD CIO about their major information technology acquisitions. It is an important step in the development of an integrated information technology investment review process for DoD that will allow the elimination of additional, separate acquisition reviews by Office of the Secretary of Defense. Insight is used to break the image of past centralized information technology oversight and to create an environment that fosters greater teamwork, open dialog and a sense of common purpose.•
The Department has a well-developed approach to correcting the Year 2000 problem for DoD weapon systems and mission critical automated information systems. DoD’s strategy of centralized policy and decentralized execution has five phases: Awareness, Assessment, Renovation, Validation, and Implementation. DoD components have assessed 93.1 percent of the Department’s mission critical systems and have renovated 44.3 percent of these systems. The size of DoD, variety of functions performed, and multiplicity of systems and interfaces result in a major technical and management challenge.•
DoD leaders at all levels are being challenged to reinvent their work processes, and the Department has undertaken over 250 Business Process Reengineering (BPR) projects. Examples of dramatic reengineering breakthroughs include the United States Atlantic Command’s Information Intranet, the Marine Corps Combat Development project, the United States Strategic Command’s Strategic Warfare Planning initiative, and the DoD Travel Reengineering project. These four projects alone have produced documented savings in the billions of dollars. DoD’s BPR support program provides training, methods, tools, hotline support, and on-line Internet knowledge bases.Goal 2
Goal 2 (Provide services that satisfy customer information needs) builds on Goal 1 requirements by using the customer/supplier model to meet mission requirements. In achieving the objectives of this goal, the Department has significantly improved its information technology architecture and made additional progress in implementing information technology performance measures.
•
Section 5125 of the ITMRA assigns the responsibility for developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture to the CIO. Office of Management and Budget (OMB) Memorandum M-97-16, Information Technology Architectures, further defines the specific intent of this responsibility. In particular the memorandum establishes the minimum criteria for agency information technology architecture (ITA) required by the ITMRA. The memorandum makes specific reference to two requirements:••
An agency-wide model that describes the ITA. The model must be based on OMB’s five component model and contain a Technical Reference Model and Standards Profile.••
An agency-wide ITA based on the above model.•
In accordance with the Act and OMB guidance, the Department structured its strategic approach in two documents: the DoD Information Technology Management Strategic Plan (March 1997) and the DoD CIO Business Plan (May 1997). Taken together, the two documents create a common expectation of an integrated ITA and provide a roadmap to capitalize on developments to realize an ITA that efficiently and effectively supports the DoD’s missions and goals. To date the following has been accomplished:••
DoD formed the Architecture Coordination Council to establish comprehensive architectural guidance and to determine how the Department should rationalize and synchronize all architecture work.••
DoD developed an integrated architecture framework for operational, systems, and technical architectures to provide the initial concept of a DoD-wide ITA model. The conceptual constructs of operational, systems, and technical architectures are in full compliance with the OMB five component model. The current framework, entitled the C4ISR Architecture Framework, focuses on a single functional area, but provides the conceptual constructs for expansion to all domains within the Department.••
In conformance with the constructs of the C4ISR Architecture Framework, department-wide architectures are under development. The Joint Technical Architecture specifies a set of performance-based, primarily commercial, information processing, transfer, content, format, and security standards. These standards specify the logical interfaces in command, control, communications, computers, and intelligence (C4I) systems and those systems that support them. Efforts are under way to evolve the Joint Technical Architecture to all domains within the Department. In addition, the DoD is developing an agency-wide Joint Operational Architecture that describes the tasks and activities, operational elements, and information flows required to accomplish or support the missions of the DoD.•
DoD’s ITM performance measures progress include the following:••
In February 1997, the Department issued a DoD guide on measuring information technology performance. It serves as an aid to implement information technology-related performance measures. The guide provides a flexible framework for integrating performance measures into management processes using a set of common parameters to characterize major drivers such as operational effectiveness, suitability, schedule, technical progress, and cost.••
The DoD ITM Strategic Plan (ITMSP) contains outcome performance indicators for each of ITM goals. Based on these indicators, the Department initiated the ITMSP Performance Measures Pilot in September 1997, to identify a set of performance measures and demonstrate their potential for implementation throughout the Department. This pilot effort focuses on Goals 1 and 2 of the ITMSP. It will evaluate and test specific performance measures to be implemented by volunteer organizations in the Department. An implementation plan will be prepared to describe the overall process for putting the proposed measures into practice so that their feasibility and practicality for institutionalizing them can be determined. The volunteer organizations will develop detailed implementation plans based on this higher level guidance. The results of the effort will be provided to the DoD CIO and the CIO Council for review and to obtain guidance and direction for further action. In parallel with this pilot, the Department is developing a performance measures framework to define performance measures in the context of the Department processes, with particular emphasis on tying information technology to the DoD mission. This framework will also articulate the relationship between the ITMSP pilot measures and the measures being piloted at the acquisition or investment level.••
DoD also recently launched the CIO Performance Measures Executive Pilot Project within the Department, in which the procedures and processes in the guide will be used. The ITMRA requires CIOs to design and implement a process to maximize the value and to assess and manage the risks of information technology investments. The Act also requires the application of performance measures for information technology investments, and the measurement of how well the information technology investments support the achievement of mission goals. The Department’s goal is to establish performance measures as an integral part of the information technology investment process within the framework of the Government Performance and Results Act, ITMRA, and other relevant management legislation. To accomplish this, the DoD CIO has entered into a partnership with the Defense Logistics Agency and the Assistant Secretary of Defense (Health Affairs) to conduct a pilot study of the select, management/control, and evaluation phases of the information technology investment process. The results of the pilot study will be used to influence policy and establish common processes and procedures regarding baselining of information technology investments throughout DoD. The ultimate outcome is to ensure that performance measures are prescribed for an information technology investment prior to execution of the investment, and that the performance measures indicate how well the information technology investment supports the Department’s mission goals and objectives.Goal 3
Goal 3 (Reform information technology management processes to increase efficiency and mission contribution) captures the essence of ITMRA, emphasizing the management process improvements that are needed to more effectively deliver information and services to DoD mission customers.
Regarding the key requirement for an integrated information technology Capital Planning and Investment Control Process, DoD’s approach is to use the Planning, Programming, and Budgeting System (PPBS) as one mechanism to institutionalize ITMRA. In addition to establishing the framework and processes for decision making on future programs, the PPBS process permits prior decisions to be examined and analyzed from the viewpoint of the current political, economic, technological, military, and funding environment. The ultimate purpose of the PPBS is to produce a plan, program, and finally, a budget that the Department forwards to Congress through the President. Execution and evaluation augment the PPBS throughout the year to provide a mechanism to help DoD determine whether projects are meeting the Department’s goals and objectives in support of its mission.
Section 5215(c)(3) of the ITMRA requires CIOs to ensure training programs and sources are made available to personnel to provide the required skills and knowledge to effectively develop, manage and use information technology resources. The Department has led training efforts government-wide by:
•
Developing Clinger-Cohen competencies that depict skill requirements and knowledge required by CIOs and information resource management personnel. The competencies have been adopted government-wide by the Federal CIO Council as desired skill requirements of senior managers.•
Designating the Information Resources Management College to be the Department’s flagship for training senior managers on information technology management. Two primary training programs, sponsored through the Information Resources Management College, were developed to teach the competency skills. They are the Advanced Management Program and the Chief Information Officer Certificate Program. These programs are open to personnel government-wide. Both programs provide personnel with the required skills and knowledge to effectively manage and utilize information technology resources to support the Department’s mission. They have also been certified and accepted as graduate-level education by the American Council of Education.•
Sponsoring CIO Executive training sessions for CIOs, Deputy CIOs, and senior managers with CIO responsibilities. Six sessions were held in 1997. Four sessions have been planned for 1998.Goal 4
Goal 4 (Ensure DoD’s vital information resources are secure and protected) reflects the pervasive impact of information assurance on DoD. The Quadrennial Defense Review concluded that DoD’s Information Assurance "current capabilities are adequate to defend against existing information operations threats," but that "the increasing availability and decreasing costs of sophisticated technology to potential adversaries demand a robust commitment to improve" information assurance.
Information assurance protects the Defense Information Infrastructure and user systems against exploitation, degradation, and denial-of-service while providing the means to reestablish vital capabilities. To provide identification and authentication functions, DoD developed policies for a public key infrastructure using digital signatures. This will facilitate secure electronic commerce and allow controlled external access to DoD information. DoD has proposed an initiative which allows information to flow between secret and sensitive-but-unclassified networks. This Secret and Below Interoperability initiative maintains network integrity and minimizes the risk of classified information disclosure.
Information systems security is the critical enabling technology for information assurance against intelligence exploitation or attack on automated information systems. As DoD’s information systems security program manager, the National Security Agency/Central Security Service increased its capability to provide customers with evaluation and analytic capabilities for characterizing the robustness and readiness posture of their systems and networks. The Defense Information Systems Agency installed firewalls and hardened system components to both ensure network availability and defeat denial-of-service attacks. While DoD standardizes computer systems certification and accreditation processes, vulnerability analysis and assistance program teams provide customers with an assessment of their operational security posture and assist them in closing security holes before an incident occurs.
In 1997, Secretary Cohen established an enterprise-wide information assurance framework to review component program requirements and assess future component execution. It addresses:
•
Protection of systems and networks.•
Intrusion detection and monitoring.•
Reaction and recovery.•
Readiness assessments and red teaming.•
Education, training, and awareness.CONCLUSION
While the Department accomplished much in 1997, there are several actions the Department must take to ensure DoD continues to make progress in the management of its information technology resources. DoD will continue:
•
Orienting information technology investments toward a strategic business and mission focus, by establishing new ways of doing business and making information technology decisions. This will come about through the DoD CIO Council.•
Identifying and then implementing performance measures and a tracking capability to provide the needed mechanisms to mandate performance measures for all information technology.•
Institutionalizing the responsibilities of the CIOs across DoD and implementing CIO training as crosscutting measures that will strengthen DoD’s ability to implement each of the imperatives.•
Influencing implementation government-wide, in areas such as Federal Acquisition Regulations and training and council infrastructure and by participating in the Federal CIO Council and interagency CIO forums. This will give DoD an opportunity to share and capitalize on improving the way it uses performance and results to manage information technology investments.The ITMRA and other related legislation require DoD to approach managing the Department’s business in a whole new way. The federal government’s new sense of performance and results-based management is now applied to information technology management. The Department must now benchmark DoD process performance with similar processes in the public and private sector. In addition, DoD must be willing to revisit its mission-related processes prior to investing in information technology.