DHS Proposal

1
CxO Advisory Council Stake Holders Meeting A
Public/Private Partnership for leveraging IT
innovation and best practices
September 2005
Assuring the business value of technology
John Weiler. Founder JP Morganthal, Chief
Architect Ron Parsons, EVP Programs Infor_at_ICHnet.
org 703 768 0400 www.ICHnet.org www.SecurE-Biz.ne
t
This document is confidential and is intended
solely for the use and information of the client
to whom it is addressed.
2
Stake Holders Meeting Agenda 0800-1200

• 0800-0815 Overview of CxO Advisory Council
  Charter Ron Parsons, John Weiler, JP Morgenthal
• Collaborate CxO Advisory Council Public/Private
  Partnership
• 0815-0900 How CxO Advisory Council dove tails
  with existing programs
• Educate SecurE-Biz CxO Summit, promoting
  solutions
• Validate Solution Architecture Integration Lab,
  a solution engineering resource center
• 0830-0900 QA Charter acceptance,
  clarifications, refinement. Bob Dix, EVP Citadel
  Security
• 0900-1000 Serving the needs of our most dedicated
  Federal Leaders
• John Garing, CIO, Director Strategic Planning and
  Information, DISA
• David Tillotson, Director Policy, Plans,
  Resources, US AF XC
• Karen Marsh, Citizen-Corp, Dept of Homeland
  Security
• 1000-1030 QA with Government Leaders
• 1030-1130 How CxO Advisory Council leverages many
  communities of interests
• Alan Balutis, President Govt Research, Input
• Randall Yim, Director, Homeland Security
  Institute
• Red Thompson, VP Council for Excellence in
  Government
• Rod Nydam, George Mason, Critical Information
  Infrastructure Program
• 1130-1230 Open Dialog, Next Steps Ron Parsons,
  EVP Programs, ICHnet.org

3
CAC mission
to advance collaborative mechanismsthat
assure the successful adoption of secure
technical solutions aligned with business drivers
in an inclusive, and conflict
free, market place
4
Current Situation

• 72 of all major IT programs are failing (54 in
  industry) IDG, Gartner GAO
• Govt Planning and Acquisition process do not
  leverage best practices (GAO, Congress)
• Small innovative businesses are underutilized and
  hard to track
• Real world best practices and lessons learned
  inaccessible or hard to replicate
• Business value of technology investments hard to
  prove or predict
• Performance Metrics and measurable outcomes are
  difficult to establish
• Missing link between technology and business
  requirements
• Complexity and fast pace of IT market undermines
  timely decision making

5
Desired Outcomes (building on 7 years of applied
RD)

• For Government PMs, CxOs
• Reduce research costs and evaluation
• Identification and remediation of risks in the
  lifecycle process
• Access to wide-range of industry expertise
• Mitigation of OCI issues when engaging industry
• Improve efficiency and effectiveness of the
  acquisition process
• Industry Members
• Validation of unique market capabilities for
  small and large alike
• Ability to participate in the CPIC process
  without OCI concerns
• Reduce bid costs
• Ability to participate in funded research/pilot
  projects
• Lower-cost means of demonstrating and validating
  market capabilities

6
CxO Advisory Council Goals and Objectives

• Goal To Provide CxOs (CIO, CISO, CSO, CTO, CEO,
  CFO, PMs) a conflict free structure for sharing
  best practices and lessons learned for
  Cyber-security, Secure Information Sharing, and
  Secure Network Infrastructure.
• Provide a collaborative, conflict free forum
  where key federal, state, local, tribal and
  industry stake holders can collaborate in
  developing strategies, plans and architectures
• Document issues and barriers inhibiting
  implementation success
• Enhance the awareness of government and industry
  leaders on mechanisms required to comply with
  emerging homeland security legislation FISMA,
  HSPD12, Sarbanes-Oxley, 911 Commission
  Recommendations
• Supporting Capabilities
• Identify, model and validate proven business
  processes, architectures and technical solutions
  for assuring implementation success (SAIL)
• Educate National U.S. leadership and key stake
  holders in applied technical solutions and their
  associated implementation best practices
  (SecurE-Biz Forums)
• Recognize and promote those patriotic and
  dedicated leaders who have demonstrated
  leadership and success in helping secure our
  homeland (SecurE-Biz Leadership Awards)

7
Action Items Please volunteer

• Validate Charter with various stake holder
  groups Agencies, Hill, Solution Providers, Small
  Businesses, Non-profits, Academia
• Develop membership structure that is self
  sustaining yet leverages existing industry
  association capabilities (leverage not compete)
• Organize domain working groups and committees
• Review current organizational structure to
  support Public/private Partnership
• Review SAIL conflict of interest mitigation
  process with acquisition community
• Modify/adopt SAIL lexicon that improves the
  precision of the communication of business
  requirements and technical capabilities
• Establish 06 SecurE-Biz Education Committee

8
Domain Working GroupsWhere collaboration and
information sharing are optimized

• Secure Information Sharing (Identity Management,
  Multi-level security, Portals)
• Horizontal Integration (Web Services, Solution
  Oriented Architectures)
• Net-Centric Computing (Secure Information
  Infrastructure, NCES, IA)
• Infrastructure Protection (Cyber-Security,
  Resilience Planning)
• Case Management (Record Management, CRM)
• Mission Assurance (Actionable Architectures,
  Portfolio Mgt, BPR)

9
Prospective Public/Private Partners

• Federal Agencies US AF XC, Defense Information
  Systems Agency, Director for National
  Intelligence, National Reconnaissance Office,
  National Geospatial-Intelligence Agency, Office
  of the Secretary of Defense (OSD NII OSD HD),
  Federal Aviation Administration, Department of
  Homeland Security, US Army PEO/EIS, Navy SPAWAR,
  DIA, FBI
• Hill House Homeland Security Committee, Senate
  Homeland Security Committee, Govt Reform
  Committee, House Select Committee on Intelligence
  
• Non-profit AFFIRM, American Bankers Association,
  Center for Internet Security, CCIA, Council for
  Excellence in Government, Financial Services
  Technology Consortium, NVTC, NBSP, Information
  Systems Security Association, Object Management
  Group (OMG), Open GIS Consortia, Professional
  Services Council, Society for Information
  Management, Homeland Security Institute, Rosettex
• Academia Harvard University Kennedy School,
  George Washington University, George Mason
  University, University of MD, National Defense
  University
• Solution Providers Anteon, ATT, Alcatel, BEA
  Systems, BAE Systems, BMC, CSC, BearingPoint
  Inc., Booz Allen Hamilton, Computer Associates,
  Citrix, EDS, Entrust Technologies, Fortify,
  Google, Harris Corp, IBM Federal, Intel, KPMG,
  Lockheed Martin, Lucent, NetApps, Nortel/PEC,
  Northrop Grumman, Oracle, PWC Consulting, SAIC,
  SRA, Sun Microsystems, Titan/L3, VeriSign,
  Verity, Verizon, and too many small businesses to
  name.
• Commercial Leaders General Motors, E-Bay,
  Citigroup,..

10
Emerging CxO Advisory Council OfferingsAlready
on ICH GSA Schedule 70 and MOBIS

• A Formal IT Solution Assessment Framework
  Developed and evolved under a government
  sanctioned, 501C6 non-profit that helps
  government and industry transform IT acquisition
  process
• Knowledge Exchange that facilitates value chain
  members in modeling, validating and leveraging
  implementation best practices and lessons learned
  to assure solution architecture process.
• Solution Architecture Integration Lab A virtual
  IT solution assessment lab that leveraging
  existing research and implementation experiences
  without conflicts of interest Do more with less
  
• Educational Programs Created by and for the
  Federal IT Leadership to be a catalyst for
  transformation SecurE-Biz CxO Forum (co-hosted
  by DHS, DoD and Intel community)
• A COTS Interoperability Clearinghouse Where
  government and industry work together to
  identify, model and validate common solution
  frameworks in terms of business fits,
  interoperability and securability based on real
  world implementation experiences.
• Cost of the ICH ounce of prevention PRICELESS
  (23k to 500k per program, now on GSA Schedule,
  MOBIS, USDA BPA, DHS BPA and GPO)

11
Guidance for IT Reform and Business
Transformation We understand the problem, and can
no longer afford business as usual

• Clinger/Cohen Act requires (IT Leadership)
  shall develop, .., a process for analyzing,
  tracking, and evaluating the risks and results of
  all major capital investments made by an
  executive agency for information systems. and
  shall include explicit criteria for analyzing the
  projected and actual costs, benefits, and risks
  associated with the investments
• AF Scientific Advisory Board Report on Challenges
  of Integrating Commercial Items into missions
  systems Most (PMs) are struggling with the
  complexity and a few have failed miserably. The
  complexities are numerous and less than obvious.
  . Requirements must flow into an architecture
  that can truly exploit the advantages of COTS.
  Contractors must shift from a design and build
  unique product to buy and integrate standards
  products.(Everyone) freely admits that have
  made every mistake imaginable along the way.
  Unfortunately, others cant image the mistake
  that are about to make.
• OMB FEA-PMO requires Select, recommend, plan,
  guide, and assist initiative teams in the
  deployment of technologies that are proven,
  stable, interoperable, portable, secure, and
  scalable. Facilitate the migration and transition
  of E-Government initiatives from legacy and
  "inward-driven" architectures, to architectures
  that embrace component-driven methodologies and
  technology reuse.
• IAC EA SIG Recommendations to OMB and the CIO
  Council (2003) A neutral party should facilitate
  reaching consensus on the many areas necessary
  for adoption of Component-based Architectures.
  Rather than attempting to achieve global
  consensus (ie standards), it should be developed
  among a few motivated agencies and the results
  provided to other agencies to adopt as they are
  able.
• ECCWG report to the DEPSECDEF Current
  architectural initiatives (C4ISR, JTA) dont
  quite fit the E-Business problem space. Rate of
  Technology Change Exacerbates the Problem the
  lack of an easily understood process modeling
  technique is a root cause for the lack of
  participation of the general user in the
  definition of business processes.

12
Demonstrated Progress in meeting these
needs Together we stand to overcome the
challenges

• Office of the Secretary of Defense, DCIO "Since
  the value of the ICH to our programs increases
  rapidly through results sharing, we encourage the
  defense community and IT industry to participate
  directly in the public service initiative in
  terms of sponsorship and lessons learned"
• Assessment by DoDs Leading FFRDC... the concept
  of the Interoperability Clearinghouse is sound
  and vital. Its developing role as an honest
  broker of all interoperability technologies, no
  matter what the source, is especially needed.
  Such efforts should be supported by any
  organization that wants to stop putting all of
  its money into maintaining archaic software and
  obtuse data formats, and instead start focusing
  on bottom-line issues of productivity and
  cost-effective use of information technology.
• OMB/GAO Recommendations Establish a set of
  normalized, re-usable solution frameworks to
  accelerate the requirements, development, and
  implementation of Cross-Agency e-Gov initiatives.
  Enable transforming of common e-business
  requirements into interoperable COTS solution
  suites that provide immediate ROI. Provide a
  formal process to enable Component-Based Systems
  Engineering. Eliminate redundancy and reduce cost
  by providing agencies with a common, cross agency
  solution requirements and research lab. Provide
  a joint government/industry clearinghouse of
  re-usable and normalized requirements
  blueprints in a common form
• DARPA Commendation on ICH RD Project The
  unique work youve done to frame issues about
  Interoperability effects on IA of systems is
  particularly encouraging. I believe it can
  contribute to ongoing work in the field of IA
  metrics and composition ongoing at DARPA and
  other agencies. I was pleasantly surprised at
  the effective and efficient use of funding I was
  able to invest in this effort as well as your
  ability to leverage other funding sources. You
  guys came through!  
• Howard Schmidt, Former White House Cyber Security
  Advisor and Chair of President's critical
  infrastructure protection board, The SecurE-Biz
  CxO Security Summit continues to provide a level
  of depth and breadth that many executives seek
  from an executive training program.  SecurE-Biz
  is a must attend for those business and IT
  executives who are seeking to leveraging the
  combined experiences of the worlds leading
  security experts.

13
Key Milestones leading to the CxO Advisory
Council formation
ICH Awarded GPO PMO Contract
ICH Awarded DHS SAIL BPA
2005
ICH Wins Commerce EA Contract w/ CSC
ICH wins USDA BPA w/ SRA
ICH wins GSA FSS Contract w/ LMI
OSD HA Awards ICH EA Contract
2004
ICH wins GSA FMS Contract w/ JACER
GSA MOBIS contract Awarded to ICH
ICH Develops DEAs EA Strategic Plan
2003
ICH wins GTN21 Contract with Harris
ICH Establishes Value Chain approach completing
FEA process
ICH awarded first ever GSA Schedule for
Architecture IVV
2002
ICH establishes XML COTS Solution Templates
ICH Membership Create e-Solutions Registry
ICH Membership establishes Architecture Assurance
Method
2001
DARPA awards ICH grant to establish Architecture
Assessment method/tool
9-11-00 ICH incorporates as 501C6 Research
Consortia
2000
DEPSECDEF adopts ICH ECCWG Recommendations
OSD ECCWG Forges Partnership w/ ICH, IAC,
NDIA/AFEI, AFCEA
ICH given seat at Federal CIO Council
1999
Office of the Secretary of Defense validates
endorses ICH
ICH launches SecurE-Biz.net Executive Summit
Healthcare, Defense, Aerospace, Media, Commerce
industries apply ICH method
1998
Interop WG establishes COTS Validation
Methodology.
Interoperability Clearinghouse initiative
established as medium for Government and Industry
collaboration. DoD, IBM, Microsoft, Sun, Oracle,
Lockheed, KPMG pledge support when established
Filename/RPS Number
12