1 / 29

Emerging Best Practice in IT Architecture & Acquisitions

Emerging Best Practice in IT Architecture & Acquisitions. Dr. T. Rudolph CTO, Electronic Systems Center Hanscom AFB, MA 12 November 2009. A Changing World. (Irregular W arfare , Stabilization, Homeland D efense , Emergency R esponse , Disaster R ecovery , H umanitarian Relief).

thad
Télécharger la présentation

Emerging Best Practice in IT Architecture & Acquisitions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Emerging Best Practice in IT Architecture & Acquisitions Dr. T. Rudolph CTO, Electronic Systems Center Hanscom AFB, MA 12 November 2009

  2. A Changing World (Irregular Warfare, Stabilization, Homeland Defense, Emergency Response, Disaster Recovery, Humanitarian Relief)

  3. …And It’s NOT Just Our Security Environment Financial Meltdown Healthcare Crisis

  4. Visibility and Discoverability Understandability and Interoperability Accessibility and Security V - D Governance and Policy U - I A - S G - P The “DNA” of Information

  5. Changing Operational Landscape SPACE AIRBORNE TERRESTRIAL CYBERSPACE

  6. Changing Technology Landscape • Net-Centricity • Information Transparency • SOA • Standardization • Semantic Technologies • Interoperability • Cloud Computing • Information Security • IPv6 Opportunities to use Commercial Innovation and Leverage Commodity IT

  7. What SOA isn’t A specific architecture A product An Enterprise Service Bus or many ESBs Not necessarily required A destination A way of life (at least an interesting way of life) A guarantee of success … alive? SOA is Dead; Long Live Services, Anne Thomas Manes, 1 Jan 09 Governance … but Enterprise Governance is required 7

  8. History ofInformation Transparency Volume of content Quality of content producers Disconnected content producers Disconnected content Volume of co-citations Volume of content producers 1985 2005 2010 1975 1995 Semantic Web Wiki usenet WWW Excite Yahoo! Google browsing producers social networking topical organization publishing, co-citation authoritative controlled vocabulary co-citation relevance language statistics salon, 1664 bibliography, c. 500 encyclopaedia, 77 concordance, 1250 patent, 1464 taxonomy, 340 BCE yellow pages, 1883 8

  9. Slash network monitoring costs Customer in-transit visibility Total account management Transform web search Transform music distribution New media model Business Transformation with SOA 1997 2000 2001 2002 2003 2004 2005 2006 2007 2008 Office SW on browser Deployment Readiness DIMHRS Risk Mitigation 9

  10. Changing Business Landscape • Content Generation • Data Strategy • Content Provisioning • Business Process Modeling • Enterprise Architecture • Securing the Network • Securing the Content Required for Enterprise Security and Governance

  11. Program B Program N Program A . . . . . . . . . Vision: Transformed Acquisition Process More agile/focused mission services • Evolution to more common IT framework • Hosting consolidation • Shared resources/services - right sized to meet ops tempo • Enterprise Security delivering capability agility Common IT Framework Vertically resourced Programs • Mission applications tightly coupled to infrastructures Changing acquisition to better leverage services, share infrastructure, and interoperate through federation 11

  12. Changing Acquisition Landscape Away from Systems Away from Point-to-Point Away from Brittle/ Fortress-type Security Away from Code reuse Away from revolutionary large-scale systems development Towards Capabilities Towards Data Sharing Towards End-to-End Enterprise Level Security Towards Shared Services and Infrastructure Towards iterative/rapid evolution of components More Granularity and Flexible Contract Vehicles

  13. Effective C&A • Establish ESC leadership/responsibility for local certification of PEO programs (including reference architecture, inheritance, type C&A constructs) supports a more timely and effective C&A • Current State: • C&A timelines are expressed in months or years after completion of development • Incentivizes users to circumvent controls, creating additional risk • Future state: • Establish ESC/EN to achieve networthiness (applications, products, services) • Enterprise Architecture-based • Mission assurance based on real risks and salient impacts • Inherited C&A with confidence with reciprocity to Joint & other services 13

  14. ESC Networthiness Assigned roles/authorities--single engineering process owner Deep functional area expertise--increase security engineering skills Defined and well-known standard process--ESC O-SEP and process standard Provide training/certification of others--core to engineering training Mobilize/surge when needed--focused IA teams at Gunter, WPAFB, and Hanscom Audit and report results of process 14

  15. More Capabilities to the Warfighter“Build in” Certification Transition Focus From Speed Of Acquisition To Speed Of Moving Capability To The Field • Current State: • C&A Timelines Are Expressed In Months After Completion Of Development • Incentivizes Users To Circumvent Controls, Creating Additional Risk • Future State: • Establish ESC/EN To Achieve Networthiness (Applications, Products, Services) • Enterprise Architecture-based • Mission Assurance Based On Real Risks And Salient Impacts • Inherited C&A With Confidence With Reciprocity To Joint & Other Services 15

  16. Services Lifecycle

  17. Strategic Investment Institute and Reinforce the Culture Shift • Invest now into Governance – Pay me now or pay me later • Strong Governance Strategies ensure tiered accountability • Ensures efforts do not work in a vacuum • Facilitates realization and separation between infrastructure and Core Capabilities • Continue consolidation efforts • Leverage lessons learned from others

  18. Governance Structures Level of Governance Implementation Capability Prioritization Senior Steering Group (CIO/CMO/SAE/PEO) Programs OverallIT Governance External to ESC ESC CCB / Engineering Sufficiency Reviews Compliance and Technical Rigor Policies & Regs Enterprise Analysis & CM Solutions Governance (Engineering Oversight) Internal to ESC User’s Guide, Templates, and Due Diligence CL (PO) Contract Mechanics and Program Execution Capability Engineering NETCENTS-2 Program Office 18

  19. Elements of the ESC Governance Model Strategic Strategic IT Direction SSG AF Enterprise Architecture CCB Operational TWG Engineering Baseline: Asset Inventory Engineering Baseline: Technical Guidance IT Governance PMO IT-LC Tactical Programs of Record (PoR)

  20. Solutions – Engineering Baseline ESC Engineering Baseline • Changes in: • Policy • Technology • Standards Change Guidance Technical Guidance Asset Inventory Update Inventory Qualifies Configuration Control Board Direction Info Gathering Change Request Re-use Inventory Update Programs of Record ASSETS ASSETS To the Field Produce ASSETS Organizing Enterprise Framework for Capability Delivery Engineering Baseline = Guidance + Knowledge Answers 4 questions: What am I acquiring? Should I use existing infrastructure? Am I building new products right? Am I building anything that could be used by others?

  21. Capability Delivery Development Guidance Knowledge Certification & Accreditation Rapid Capability Convergence support Agile Capability Delivery Engineering Baseline to provide guidance and share knowledge between programs Governance and Data Strategy supports interoperability and information sharing Certification & Accreditation refocused on Mission Assurance Capabilities to the warfighter, rapidly

  22. …because the adversary is here Questions? And we have only seconds to defeat him… Photo courtesy of Dr. Roger G. Miller, HAF/HO

  23. Back-ups

  24. NDAAs • NDAA 2008 Section 904 • requires appointment of DoD Chief Management Officer and Deputy, as well as Services Chief Management Officers. • CMO duties: • Ensure capability to carry out the strategic plan of the Department of Defense in support of national security objectives • Ensure the core business missions of the Department are optimally aligned to support the Department’s warfighting mission • Establish performance goals and measures for improving and evaluating overall economy, efficiency, and effectiveness and monitor and measure the progress • Develop and maintain a strategic plan for business reform • NDAA 2009 Section 908 • Sets minimum objectives for Services CMO’s • Mandates creation of an Director of Business Transformation (DBT) and Office of Business Transformation (OBT) reporting directly to CMO • Sets minimum scope for OBT – Budget, Finance, Accounting, Human resources – extensible by SECAF • Provides DBT with authority over all elements of the military department to carry out transformation initiative • NDAA 1999 • Review budget requests for all IT and NSS systems; ensure that IT and NSS are in compliance with standards of Government and DoD • Ensure that IT and NSS are interoperable with other relevant IT and NSS • Coordinate with the Joint Staff with respect of IT and NSS

  25. Elements of a Complete Governance Model • Governance Strategy, Scope and Goals • Governance Stakeholder Model • Governance Goals, Principles and Policies • Policy Enforcement and Provisioning Model • Governance Enforcement Mechanisms • Organizations and Boards • Governance Processes, Events and Triggers • Governance Enabling Technology and Tools • Exception, Waiver, Escalation and Appeals Process  • Governance Metrics and Behavioral Model • Governance Communications Model • Governance Feedback and Management Reviews • Governance Performance Management and Sustainment

  26. Processes & Policies People Tools & Technology Applied Governance • Integration Culture Shift • Stabilizing the patient through architecture and strong governance will help secure the network while developing a strategic path forward and reducing overall lifecycle costs EnterpriseGovernanceModels Roles, Skills &Assimilation Organization&Processes Metrics & Scorecards Behavior,Culture &Incentives • Governance required at difference levels • Not just a committee, but a new way of life • Governance is Policies, Processes, Organizations, Tools that lead to the desired behavior • Need to proceed smartly and learn from the lessons of the past Budgeting,Ownership & Funding Models

  27. Five Aspects to Air Force OTD • Open Architecture • Air Force Enterprise Architecture • Open Standards • ESC Engineering Baseline • Open Development Collaboration • Automated Metadata Population Service • Open Source • Forge.mil • Open Systems • Office of Naval Research Navy Reference Implementation http://nesipublic.spawar.navy.mil/nesix/View/P1307 (https://enweb.mitre.org/wiki/index.php/OTD) 27

  28. Three-Legged Stool of Capability Delivery Streamlining IT Enterprise Architecture Engineering Baseline Requirements AFNetOps Rapid Development Capability Process Vocabulary Service AFSO21 CMP PITP Lead Commands AFSPC SAF/AQ SAF/XC ESC 28

  29. Infrastructure ConvergenceVirtualization for Mission Effectiveness Repurpose Virtualization from Cost Efficiency to Mission Effectiveness • Retake the Asymmetric Advantage By Constantly Changing the Attack Surface • Choose from a million random variations • Distribute servers, apps, data across VMs • Add in out-of-band elements • Assume Attacks Will Succeed and • Limit the Value of Each Attack • Assume compromise; rebuild routinely • Decouple external and internal networks • Use Wisdom of the Crowds • Adaptive CONOPS to “Fight-Thru” Attacks • Instrument network for machine learning • Composable security • Collocate Ops, Development, R&D

More Related