While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The scenario: The CIO at the Federal Mega Agency learns that House and Senate conferees have finalized an appropriations bill that will require FMA to start selling some of its publications online. To do this, the FMA CIO knows she will have to build an e-commerce platform with an online shopping system that can match product numbers to prices and total orders in shopping carts for site visitors. To accomplish this task, she’ll have to decide whether to add middleware and tie the online shopping application to a legacy content database or install an entirely new underlying system.
This is the kind of scenario that replays itself in infinite variations across the government every day because agencies constantly receive new mandates — from lawmakers, from the administration and from their own senior management teams. After decades of investing in information technology, the government has literally thousands of systems and applications in use, and any policy or program change must take the existing systems and processes into account.
The challenge is that there’s no governmentwide manual to guide program managers tasked with performing major systems changes, says Randolph C. Hite, director of IT architecture and systems issues at the Government Accountability Office. “There’s no one entity that’s the keeper of all this; it’s spread out over the government; it would be great if there was,” Hite says. “Some agencies will study another agency’s methods and guidance for their systems,” but ultimately each agency bears the responsibility of figuring the cost benefits of maintaining legacy systems.
So, where does a program manager or a CIO start to sort through legacy systems and decide whether to keep one, upgrade it or get rid of it? IT chiefs and overseers say that there are essentially four areas to address:
• Sustainability: Is vendor support for hardware and software still available? If so, how long into the future will it likely be available?
• Viability: What are the security risks and maintenance costs? Are these costs flat, on the rise or spiraling out of control?
• Performance and scalability: Is the system meeting the agency’s needs? Can it handle additional processing loads?
• Functionality: Are upgrades available? Is it possible to create interfaces to other existing systems or new ones? Can new functions be added?
CIOs usually begin by determining what’s driving a change and creating a business case for it. In this, they don’t have much choice because OMB demands that agencies include Exhibit 300 justifications for all IT initiatives in their annual budget requests.
Since President Bush took office in 2001, the Office of Management and Budget has sought a better return on the $65 billion a year that agencies spend on IT by using the President’s Management Agenda to direct systems consolidations, both within agencies and across agencies through its Lines of Business initiatives.
“OMB looks for redundant, unnecessary or weak buying,” says Jonathan Breul, senior fellow at IBM’s Center for the Business of Government in Washington. “OMB will come in and stop [the work] and use the money elsewhere.”
The government’s goal, of course, is to serve taxpayers, and IT is a means to help reach that end, Breul says, but adds that “the focus ought to be on customer results and not on technology.”
If a system is fairly old, the Defense Department has found that its viability in the long run and ability to mesh well with other or new applications often is not too good, says John Nichols, program coordinator for the Global Information Grid in the Defense Information Systems Agency’s Enterprise Services Engineering Directorate.
“Technology changes rapidly,” Nichols says, “eroding the technical knowledge base necessary to keep a legacy system operational.”
Nichols is part of the team working on the Net-Centric Enterprise Services (NCES) program to create several suites of common applications for users across DOD. He says that in the net-centric environment especially, newer hardware and software can accomplish what legacy systems cannot. New software is much more likely to be compatible with current standards, both commercial and government-specific, Nichols adds.
Plus, when adding new layers of applications and database tasks, there’s additional load and stress that must be taken into account, he says.
But there are also costs to opting for new systems because they “are difficult to install, test and train staff on, and they frequently fail,” Breul says.
What this means is that an agency must do an economic analysis to determine the least expensive, yet effective route, Hite says. The analysis needs to look at hard costs, such as equipment and software, and soft costs such as what work development or code work can be done in-house with agency IT staff and what work requires the agency to get vendor help. Additionally, the agency must identify the costs of installation, the integration requirements and maintenance expenses.
“Part of the challenge agencies face is that some costs and benefits can’t be quantified,” Hite says. “Security is a hard thing to measure; it’s impossible to predict what your system will prevent from happening.”
Calculations for return on investment let an agency gauge the value of an outcome against what must be spent to achieve it, even though dollar figures aren’t always easy to determine for some objectives. And the ROI factor is “going to be different agency by agency,” Breul says. “For the Internal Revenue Service, it could be a decrease in the number of erroneous payments. For the Homeland Security Department, it’s about saving lives, preventing terrorism.”
Nichols says ROI “is not an easy proposition” for the military applications in NCES. “Metrics used in the commercial marketplace are often inappropriate or not applicable in the DOD,” he says. “We need to expand our understanding of ‘benefit.’ The real value from net-centric transformation will be reduced planning cycles, improved battlespace awareness, increased speed of command, greater precision of effects and improved mission effectiveness.”
The NCES strategy is to create a secure and interoperable data-sharing environment that can tie DOD users from the battlefield to the administrative offices.
A huge part of this effort will focus on identifying legacy systems and deciding which systems or portions of systems must be kept. In the process, DISA expects to eliminate thousands of redundant applications.
The agency, Nichols says, is looking into using computer modeling and battle simulations to quantify the nonmonetary benefits of some NCES apps. Otherwise, “how do you quantify the value of new information such as location of friendly forces on the ground to reduce fratricide, location of friendly aircraft to avoid collisions and imagery of the target to improve weapons effectiveness?” he asks.