U.S DHS should use enterprise solution for situational awareness

U.S DHS should use enterprise solution for situational awareness

SHARE

In 2003, the Department of Homeland Security (DHS) was established out of a need to integrate all organisations that dealt with securing the United States in order to better protect the country from future threats. Information sharing and coordinated actions between agencies were inadequate prior to and in response of the September 11, 2001 terrorist attacks. The creation of DHS forced the consolidation of 22 different federal departments and agencies into one organisation. This action brought with it several challenges, one of which was aligning information technology (IT) to create ‘One Network, One Infrastructure, One DHS’ (DHS OIG, 2012, pg.4). This alignment effort is mainly focused on improving information sharing across the DHS components and cost-effectiveness to provide public value.

A more specific area of potential IT alignment is in the way each component utilises data to promote situational awareness in some form of a common operating picture (COP). According to the previous DHS Chief Information Officer (CIO) Richard Spires, in 2012 there were more than 20 different COP investments within DHS, most of which were largely uncoordinated and standalone from each other and in total utilise over 1,000 different sets of data for the homeland security mission (Spires, 2012). As a result, each DHS component uses a different common operating picture for their mission with data that may not be standardised and therefore cannot be shared efficiently across DHS. These disparate investments are expensive and an unsustainable approach to information collection and sharing. It also goes counter to the purpose of creating DHS, which was to coordinate efforts to properly secure the country.

Information Sharing and Situational Awareness

Sharing information is a challenging but vital exchange that is proving to be more useful and accepted since the 9/11 terrorist attacks occurred. Situational awareness, as defined in the Homeland Security Act of 2002, is “information gathered from a variety of sources that, when communicated to emergency managers and decision makers, can form the basis for incident management decision-making” (6 U.S.C. § 321d(a)). The practice of ‘need-to-know’ and an emphasis on ‘over classification and excessive compartmentalisation of information among agencies’ served as a ‘disincentive’ to sharing information. In July 2004, the 9/11 Commission Report released several important recommendations to include a change in organisational culture to bolster information sharing. The report advocated for a replacement practice to be ‘need-to-share’ and to re-evaluate how information was classified (Relyea & Seifert, 2005, pg. 3).

DHS Common Operating Picture
A recently developed situational awareness tool called the DHS COP was created with the intention of improving the effectiveness of the DHS National Operations Center (NOC).The NOC is mandated by law to provide situational awareness and a common operating picture for the entire Federal Government, and for state, local, and tribal governments as appropriate, in the event of a natural disaster, act of terrorism, or other man-made disaster; and to ensure that critical terrorism and disaster-related information reaches government decision-makers (6 U.S.C. § 321d(b)).

The DHS Geospatial Information Infrastructure (GII) is the source of authoritative and trusted data for the DHS COP. The GII is the foundation on which the DHS COP acquires common geospatial data and services, a common visualisation framework using OneView as well as imagery and geo-coding from Bing Maps, Environmental Systems Research Institute(ESRI) and other sources (DHS COP Fact Sheet, 2012). Active data from sources such as weather and static data comparable to school and hospital locations can be enabled or disabled depending on the user’s preference. Another important aspect of the DHS COP is the use of the Homeland Security Information Network (HSIN) to provide user identity management. Since HSIN has a trusted vetting procedure for granting user access, authentication into the DHS COP is granted by a connection to the HSIN user database.

Recommendations for Implementation

Using research conducted during my graduate capstone project, I propose three courses of action (COA) that the DHS components could use to integrate with the IT alignment effort. The use of shared services combined with leadership from the Executive Steering Committee (ESC) is vital to making this effort a reality.

Shared Services
Maximum interoperability and cost savings is possible if each DHS component utilises enterprise shared services. The DHS Office of the Chief Information Officer (OCIO) has named this shared resource Situational Awareness as a Service (SAaaS) and is still not fully implemented. However, with more planning and collaboration from the rest of the department, it will be implemented in near future. According to the DHS Geospatial Management Office (GMO) Director David Alexander, making services available in different suites or a menu of capabilities for each component to choose from would be useful. “Unfortunately, due to the broadness of the mission space, there isn’t a once size fits all approach.”

Executive Steering Committee
In order for DHS components to leverage the enterprise solution architecture for situational awareness, a governing body must oversee and govern the transition and enlist cooperation. The COP Executive Steering Committee (ESC), which already exists, has the ability to prescribe the success of the solution architecture by providing strategy and program oversight. According to Alexander, there have been some positive steps already and he is optimistic.
“An important function of the ESC is to drive consolidation through consensus by developing transition plans that target investments identified in a 2010 analysis. Transparency is an important factor within the ESC because it provides an incentive similar to peer pressure that will drive performance. At the same time, mandates can’t be forced due to the legacy culture prior to the creation of DHS. The point is to establish trust among the members, promote collaboration, and work towards achieving goals”.

Courses of Action for Implementation
Using information gathered from conversations with the COP Program Manager and David Alexander, I have provided three COAs that the COP ESC should undergo to align the DHS components with the enterprise solution architecture for situational awareness. The examples used in these COAs are fictional.

  1. Opt in

Explanation: After OCIO moves the COP applications to virtual machines in the data centre, this COA allows an organisation to purchase an instance very similar to what the
DHS COP is currently using but could be tailored to fit their business processes.
Contextual Example (Fictional): The Bio-surveillance Common Operating Picture (BCOP), managed by the DHS Office of Health Affairs (OHA), is at the end of its lifecycle. The current contract supporting it has exhausted the option years and is up for re-competition. During the 2010 analysis of COP investments, the BCOP was identified to have many similarities and functionality in its business practices, which made it a good candidate for alignment. Instead of continuing to use disparate data services and technology, the ESC recommended and OHA agreed to utilise the enterprise solution architecture and purchase the full suite of shared services. The shared services were significantly less expensive due to additional groups within DHS utilising the services, therefore diluting the cost. OHA was also able to capitalise on technical expertise within the DHS Geospatial Management Office (GMO) to make minor modifications in reporting, workflow and roles. The end result was an effective tool enabling the BCOP to operate more efficiently and share information more effectively inside the DHS COP.

Pros:
Greatest cost savings and most effective interoperability and information sharing
Customer can share technical resources

Cons:
None

  1. Re-use

Explanation: This COA is for the customer whose needs can be 80% met by the capabilities that are being utilised for the DHS COP. However, a substantial amount of customization is required. The customer has the technical resources to use the DHS COP codebase to implement their own instance in-house and as a result some shared services can be used.
Contextual Example (Fictional): The USCG’s Search and Rescue Optimal Planning System (SAROPS) has reached its lifecycle and the contract is available for re-competition. As a result of the specialised nature of the system, major customisation of the already available COP service would be required to meet their business needs. The ESC agreed to give the USCG the DHS COP codebase so an “instance”, which is comprised of three servers, could be installed inside USCG Headquarters (HQ). The instance will require routine maintenance for optimal performance.

Pros:
Moderate cost savings by re-using codebase and modifying it during development
Enhanced information sharing with homeland security enterprise due to similar code base and use of shared services
No degradation in mission performance

Cons:
High cost of equipment purchase, development even with shared codebase, testing, and operation and maintenance (O&M)
High re-occurring costs due to System Administrator and Database Manager

  1. Integrate

Explanation: This final COA is for the customer with a significant financial investment in an existing COP technology currently being used. Re-alignment is not possible and/or would cause significant disruption to ongoing mission operations. A future integration plan is necessary to achieve eventual alignment. Possible contract modification could be done to utilise applicable shared service.
Contextual Example (Fictional): The Domestic Nuclear Detection Office’s (DNDO) Mission Critical Messaging (MCM) program is being discussed by the ESC for alignment with the enterprise solution architecture. The committee determines that a significant amount of money has already been spent on the system and the lifecycle doesn’t expire for a few years, therefore re-alignment is not possible. However, there is certain functionality that could be achieved by using shared services. A contract modification could be submitted to reduce the scope to allow for using shared services, which would be a moderate cost savings. The money saved from the contract modification would go toward the development by the GMO to accommodate the eventual alignment of the MCM with the enterprise solution architecture.

Pros:
No degradation in mission performance
Development has begun for future alignment with the architecture
Use of shared GII and Enterprise License Agreements (ELA) produce moderate cost savings and provide some data standardisation


Cons:
Interoperability to enhance information sharing is limited

Ideal Situation

In developing a strategic plan for the department, a vision of the ideal situation is needed. I asked David Alexander in a recent interview if he had all the money and personnel he needed, active participation from the DHS components, and no cultural boundaries inhibiting information sharing, how he would create an integrated system for situational awareness and information sharing that would accommodate all mission areas.
He answered my question by first explaining the ideal relationship between the user-defined operating pictures(UDOP) that reside within each of the components and how theyconnect to the DHS COP by a web and drew it out for me during the interview, which I have attempted to recreate below.

Recreated hand drawing by David Alexander (personal conversation, March 22, 2013)
Figure 1: Recreated hand drawing by David Alexander (personal conversation, March 22, 2013)

For example, FEMA, USCG, OHA, the Transportation Security Administration (TSA) and the Information and Analysis (I&A) components could use UDOPs to meet mission requirements. FEMA could use a UDOP to track data from Urban Search and Rescue (USAR), damage assessment (DA) and public assistance (PA) teams during the response and recovery phases after a disaster. The USCG could use a UDOP to track vessels (VT), blue forces (BF), and monitor counter drug (CD) operations. OHA uses the BCOP to monitor biological agent detection systems (BADS) deployed in the field. TSA could have the ability to track the status of airport security checkpoints (CP) as well as movements of Federal Air Marshals (FAMS). Finally, I&A, which is the main conduit between DHS and the state and major area fusion centres could leverage UDOPs inside the fusion centres to track Be on the Lookouts (BOLO), Suspicious Activity Reports (SAR) and create reports from Social Network Analysis (SNA) tools.
The ideal situation would be for the components to allocate financial resources toward the special applications needed and utilise the shared services, which provide common functionality among the UDOPs. In contrast, a special application, proprietary software and licenses for mapping, proprietary identity management and the use of infrastructure other than what is provided in the data centre would not only be a deterrent to information sharing and interoperability, it would cost significantly more and not provide increased public value. To re-iterate this point, the ESC’s role in this process is vital and must have cross-representation from all components to create a shared funding model and localise costs for specialised applications, which can’t be provided with the common functionality in the shared services.

Conclusion

Some of the challenges of aligning 22 different federal agencies and departments, which began 10 years ago, still exist today. Specifically in the area of information sharing, the main reason DHS was created, there remains much work to be done. Information sharing and interoperability have barriers that are technological and cultural, which are both difficult to overcome. Disparate systems that existed pre-DHS are managed by different contracting companies, using different data standards, and in some cases using non-efficient business practices. This is not only an improper use of taxpayer dollars but is not sustainable. Historical cultures regarding information sharing have fostered mistrust and used to leverage power must be overcome so real change can begin.
The proposed DHS enterprise architecture of Situational Awareness as a Service (SAaaS) is a practical model allowing components and fusion centres to select specific shared services, enabling success in their mission areas while simultaneously sharing information effectively and providing a cost savings. The COP Executive Steering Committee (ESC) is the best change effort thus far to overcome the technological and cultural boundaries keeping DHS from maximizing its potential in the homeland security enterprise. Using the ESC’s ability to leverage cross-representative collaboration, relationships will be built, trust will be created, and as a result the culture has the potential for positive change. This shift in culture will be a bi-product of working toward a technological solution that will improve information sharing and situational awareness for the betterment of the homeland security enterprise.

References

Department of Homeland Security Geospatial Management Office. 2012. DHS COP Fact Sheet.

Department of Homeland Security Office of the Inspector General. 2012. DHS Information Technology Management Has Improved But Challenges Remain. Retrieved from www.oig.dhs.gov/assets/Mgmt/2012/OIG_12-82_May12.pdf.

Homeland Security Act of 2002, 6 U.S.C § 321d. 2002.

National Operations Center, 6 U.S.C. § 321d(b). 2002.

Relyea, H. & Seifert, J. 2005. Information Sharing for Homeland Security: A Brief Overview. Congressional Research Service. Retrieved from www.fas.org/sgp/crs/RL32597.pdf.

Spires, R. 2012. DHS Example – Common Operating Picture Technologies Help in Incident Management and How to Reverse Duplicative IT Spending in Large Agencies. Written testimony for House Committee on Oversight and Government Reform. Retrieved fromhttp://fedscoop.com/gao-dod-doe-spent-at-least-1-2-billion-in-duplicative-it.