Upload
michael-carroll
View
43
Download
0
Embed Size (px)
Citation preview
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap
1
Department of Defense (DoD) Information Technology (IT) Consolidation Strategy and Roadmap
Version 0.91 Draft 25 JAN 11
January 2011
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap
Approved By: 2 3
4
5
6
7
Teri M. Takai Date 8
DoD Chief Information Officer 9
10
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap iii
Foreword 11
12
The number of networks the Department of Defense uses to execute its missions has grown 13
exponentially over the last 30 years. Initially purposed to reduce complexity and streamline 14
decision making, the bolt on approach to information technology development has resulted in 15 layers of stove-piped systems that are difficult to integrate and not as effective as needed. The 16
unnecessary complexity of our networks and information technology reduces our ability to 17
secure our information systems, hampers our ability to share information, and needlessly 18
consumes the finite resources available to the Department. This untenable situation requires that 19
we make dramatic changes in how we develop, sustain, and implement information technology 20
across the Department. Together, we modify existing processes to reduce complexity and 21
optimize our networks for the joint environment. Our goals are to dramatically increase our 22
cyber security posture, increase our effectiveness across joint and coalition lines, and reduce the 23
resources our networks consume. 24
25
This document is our strategy and initial roadmap to achieve these goals through consolidation of 26
information technology infrastructure across the Department in order to deliver a streamlined, 27
rationalized, and simpler network. Through this plan, we are committing to a task that requires 28
changes to policies, cultural norms, and organizational processes in order to provide lasting 29
results. We will focus initially on obtaining tangible results in 2011 and 2012 and plan for 30
aggressive consolidation through 2015. By aggressively consolidating now we will be better 31
positioned to embrace emerging technology and provide cutting-edge service to our warfighters. 32
This aggressive consolidation cannot, however, come at the price of degraded capabilities for the 33
warfighter or inflexible commitment to a given technological solution. Accordingly, this 34
strategy and roadmap is intended to provide the Department with sufficient flexibility to respond 35
to and incorporate emerging technology and to identify and take appropriate actions for those 36
efforts that are not producing. 37
38
Our focus remains, as it always has been and always will be, to enhance our ability to execute 39
our primary mission: provide the military forces needed to deter war and to protect the security 40
of our country. This effort will be a collaborative undertaking in which I will work side-by-side 41
with the Departments Component CIOs or equivalent information technology leads to plan and 42 execute this roadmap and to strengthen the partnerships between the DoD CIOs office and the 43 offices of Under Secretary of Defense for Acquisition, Technology & Logistics (USD(AT&L)), 44
Director for Cost Assessment and Program Evaluation (D, CAPE), Under Secretary of Defense 45
Comptroller (USD(C)) and Deputy Chief Management Officer (DCMO) to affect long term 46
change. I look forward to leading the Department through this consolidation effort and delivering 47
a better DoD Enterprise in the immediate future. 48
49
//signed// 50
Teri M. Takai 51
DoD Chief Information Officer 52
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap iv
Executive Summary 53
Historically, DoDs information technology (IT) investments have been built to meet the needs 54 of individual projects, programs, organizations and facilities. This decentralized approach has 55
resulted in large cumulative costs and a patchwork of capabilities that create cyber vulnerabilities 56
and limit our ability to capitalize on the promise of information technology. 57
In August 2010, the Secretary of Defense 58
directed the consolidation of IT 59
infrastructure to achieve savings in 60
acquisition, sustainment, and manpower 61
costs and to improve DoDs ability to 62 execute its missions while defending its 63
networks against growing cyber threats. 64
Specific direction was received to 65
consolidate IT infrastructure to optimize for 66
the Joint environment and to pursue 67
consolidation in a way that does not preclude 68
future consolidation of IT infrastructure at 69
the DoD enterprise level. 70
During 1st quarter FY11, over 240 71
representatives from Office of the Secretary 72
of Defense (OSD), the Military Departments, 73
Defense Information Systems Agency 74
(DISA), National Security Agency (NSA) 75
and United States Cyber Command 76
(USCYBERCOM) analyzed opportunities to 77
consolidate DoD IT infrastructure through 78
specific initiatives in five functional areas -- 79
Network Services, Computing Services, 80
Application & Data Services, End-User 81
Services, and IT Business Processes. 82
Detailed descriptions, initial implementation 83
timelines, and rough order of magnitude 84
(ROM) estimates of required investments 85
and potential savings were developed for 86
twenty-six initiatives. Each initiative contributes to one or more of the IT Consolidation goals 87 increase mission effectiveness, improve cyber security, and deliver efficiencies. 88
Preliminary estimates are that this initial set of initiatives will deliver efficiencies of $1.2B - 89
$2.2B annually by FY15 and $3.2B - $5.2B over the Future Years Defense Plan (FYDP). This 90
effort has already resulted in a direct budget reduction of $1.7B across the FYDP in the FY12 91
DoD submission to the Presidents Budget through specific IT consolidation actions by the Air 92 Force ($1.2B) and the Army ($500M). 93
The DoD CIO Executive Board (CIO EB) is the Department's senior functional oversight body 94
for IT infrastructure and will be the focal point for IT consolidation governance. Component 95
progress against their IT consolidation performance measures will be reported through the CIO 96
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap v
EB to the Deputys Advisory Working Group (DAWG) and the Defense Business Systems 97 Management Committee (DBSMC) (as appropriate). 98
Specific changes to the Departments three core processes (Joint Capabilities Integration 99 Development System (JCIDS), Planning, Programming, Budgeting and Execution (PPBE), and 100
Defense Acquisition System (DAS)) are required to address the systemic conditions resulting in 101
DoDs stove-piped IT infrastructure. The DoD CIO will work with the core process owners to 102 implement the required changes. These efforts will be synchronized with the parallel DoD 103
activities underway to reform DoD IT acquisition. 104
Effective communication is critical to building DoD-wide commitment required to optimize 105
DoD IT infrastructure for the joint environment. This document is the initial communication of 106
the Secretarys intent and will be followed by communications that detailing associated policy, 107 performance measures, architectures and standards. 108
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap vi
Table of Contents 109
1 Introduction ................................................................................................................... 1-1 110
2 Background ................................................................................................................... 2-1 111
3 IT Consolidation Strategy ............................................................................................ 3-3 112
3.1 IT Consolidation Goals ........................................................................................... 3-3 113
3.1.1 Improve Mission Effectiveness ......................................................................... 3-4 114
3.1.2 Improve Cyber Security .................................................................................... 3-5 115
3.1.3 Deliver Efficiencies ........................................................................................... 3-5 116
3.2 Governance .............................................................................................................. 3-6 117
3.3 Management Approach ........................................................................................... 3-7 118
3.4 Performance Metrics ............................................................................................... 3-7 119
3.5 Communication Plan ............................................................................................... 3-8 120
4 IT Consolidation Roadmap .......................................................................................... 4-9 121
4.1 IT Consolidation Initiatives ................................................................................... 4-11 122
4.1.1 Network Services (NS) .................................................................................... 4-12 123
4.1.2 Computing Services (CS) ................................................................................ 4-13 124
4.1.3 End-User Services (EUS) ................................................................................ 4-14 125
4.1.4 Application and Data Services (ADS) ............................................................. 4-16 126
4.1.5 IT Business Processes (BP) ............................................................................. 4-18 127
5 Estimated Efficiencies ................................................................................................. 5-18 128
6 Sustaining Processes ................................................................................................... 6-19 129
6.1 IT Governance ....................................................................................................... 6-20 130
6.2 Certification and Accreditation ............................................................................. 6-20 131
6.3 Joint Capabilities Integration Development System (JCIDS) ............................... 6-20 132
6.4 Planning, Programming, Budgeting and Execution (PPBE) ................................. 6-21 133
6.5 Defense Acquisition System (DAS) ...................................................................... 6-23 134
Appendix A Network Services Initiatives ......................................................................... A-1 135
NS1 Consolidate Security Infrastructure ...................................................................... A-1 136
NS2 Consolidate NetOps Centers ................................................................................. A-1 137
NS3 Implement Cross Domain Solution as an Enterprise Service ............................... A-1 138
NS4 Implement Standard Certification and Accreditation Process .............................. A-1 139
NS5 Extend Joint Networks Over SATCOM ............................................................... A-1 140
NS6 Implement Video over IP as an Enterprise Service .............................................. A-2 141
NS7 Implement Voice over IP as an Enterprise Service .............................................. A-2 142
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap vii
NS8 Transport - Joint Enterprise Network (JEN) ......................................................... A-2 143
NS9 Enterprise Network Infrastructure Reliability ...................................................... A-2 144
NS10 Defense Red Switch Network (DRSN) Rationalization ..................................... A-3 145
Appendix B Computing Services Initiatives .................................................................... B-4 146
CS1 Data Center and Server Consolidation .................................................................. B-4 147
CS2 Computing Infrastructure and Services Optimization .......................................... B-4 148
CS3 Cloud Computing .................................................................................................. B-4 149
CS4 Service Desk Consolidation and Optimization ..................................................... B-4 150
Appendix C Application and Data Services Initiatives ................................................... C-6 151
ADS1 Enterprise Messaging & Collaboration Services (including Email) .................. C-6 152
ADS2 Identity and Access Management Services........................................................ C-6 153
ADS3 Enterprise Services............................................................................................. C-6 154
ADS4 Records Management ......................................................................................... C-6 155
Appendix D End User Computing Services Initiatives ................................................... D-8 156
EUS1 Next Generation End-User Devices ................................................................... D-8 157
EUS2 Multi-Level Security Domain Thin-Client Solutions ......................................... D-8 158
EUS3 Interoperability Within DoD and Between Mission Partners ............................ D-8 159
Appendix E IT Business Process Initiatives ..................................................................... E-9 160
BP1 Consolidate Software Purchasing ......................................................................... E-9 161
BP2 Consolidate Hardware Purchasing ........................................................................ E-9 162
BP3 Optimize IT Services Purchasing .......................................................................... E-9 163
BP4 Common Business Process Foundation ................................................................ E-9 164
BP5 Promote and Adopt Green IT .......................................................................... E-10 165
Appendix F Acronym List ................................................................................................. F-2 166
167
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap viii
List of Figures 168
Figure 2-1 DoD IT Infrastructure Characteristics ....................................................................... 2-2 169
Figure 3-1 IT Infrastructure Consolidation Goals ...................................................................... 3-3 170 Figure 3-2 DoD IT Consolidation Governance Framework ....................................................... 3-7 171 Figure 3-3 Building Commitment ............................................................................................... 3-8 172 Figure 4-1 IT Consolidation Initiatives..................................................................................... 4-10 173 Figure 4-2 IT Consolidation Initiatives..................................................................................... 4-11 174
Figure 4-3 DoD Data Center Consolidation Approach............................................................. 4-14 175 Figure 4-4 Notional Multi-Level Secure Desktop Environment .............................................. 4-16 176 Figure 5-1 IT Consolidation Efficiencies ................................................................................. 5-19 177
178
179
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap ix
This page intentionally left blank. 180
181
182
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 2-1
1 Introduction 183 In August 2010, the Secretary of Defense (SecDef) announced a Department-wide Efficiencies 184
Initiative to move Americas defense institutions towards a more efficient, effective, and cost-185 conscious way of doing business.1 DoD Components were directed to conduct a zero-based 186 review of how they carry out their missions and priorities and to rebalance resources to better 187 align with DoDs most critical challenges and priorities. As part of the announcement, the 188 SecDef directed the consolidation of IT infrastructure assets to achieve savings in acquisition, 189
sustainment, and manpower costs and to improve DoDs ability to execute its missions while 190 defending its networks against growing cyber threats. 191
In response, the DoD established an IT Consolidation Task Force to analyze alternative courses 192
of action (COAs) and recommend specific IT infrastructure consolidation initiatives. Three 193
COAs were developed: 194
COA 1 Consolidate IT infrastructure at the DoD Component level; 195 COA 2 Consolidate IT infrastructure to optimize the Joint environment; and, 196 COA 3 Consolidate IT infrastructure at the DoD enterprise level. 197
A November 2010 in-process review resulted in SecDef direction to consolidate IT assets to 198
optimize the Joint environment (COA 2) and to pursue the consolidation in a way that does not 199
preclude future consolidation at the DoD enterprise level (COA 3). To optimize for the joint 200 environment is to create a seamless DoD Enterprise Information Environment (EIE), which will 201 support cross-organizational, geographically dispersed users through the delivery of IT 202
infrastructure capabilities. The EIE is composed of Global Information Grid (GIG) assets that 203
operate as, provide transport for, or assure networks at all levels. The EIE Mission Area 204
(EIEMA) is the DoD IT portfolio that manages investments in the information sharing, 205
computing, and communications environment of the GIG. The EIE includes computing 206
infrastructures and common enterprise services that provide users with the ability to access and 207
use information on the GIG. The consolidation of IT infrastructure described in this plan will 208
replace Service and installation-specific IT infrastructure capabilities and processes with the 209
intention of optimizing the DoDs IT infrastructure, increasing mission effectiveness, and 210 improving cyber security, and reducing cost in accordance with SecDef direction. 211
212
2 Background 213 The DoD is an immense and complex organization. It has more than 1.4 million men and 214
women serving on active duty, employs 750,000 civilian personnel, and counts another 215
approximately 1.1 million in the National Guard and Reserve, making it the nations largest 216 employer. Additionally, more than 5.5 million family members and military retirees receive 217
benefits as a result of their past service or their relation to a service member. Supporting the 218
diverse IT needs of this population is a tremendous challenge that involves over 15,000 classified 219
and unclassified networks, more than seven million computers and IT devices, and a 170,000-220
person information technology workforce. 221
222
1 Gates, Robert M., (2010). Statement on Department Efficiencies Initiative. Accessed from:
http://www.defense.gov/speeches/speech.aspx?speechid=1496
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 2-2
223 Figure 2-1 DoD IT Infrastructure Characteristics 224
225
The DoD depends on timely, accurate and focused information at every echelon: the full range of 226
military operations (ROMO), Joint Operations Concepts (JOpsC), Joint Integrating Concepts 227
(JICs) and Joint Functional Concepts (JFCs).2 Achieving and maintaining the information 228
advantage as a critical element of national power requires the concentrated effort of the entire 229
DoD to provide an information environment optimized for the warfighter and effective for all 230
echelons from the tactical edge to the strategic core. Unfortunately, the way our networks are 231
developed, funded, and implemented fosters unnecessary complexity and redundancy. As a 232
result of this decentralized approach and lack of governance and oversight, the Department's IT 233
infrastructure delivers a patchwork of capabilities that create cyber vulnerabilities, impede Joint 234
operations, result in large cumulative costs, and limit our ability to capitalize on the promise of 235
information technology. 236
In addition to enhancing our defense networks in order to better support the information needs of 237
the Department, this strategy and roadmap also focuses on better support for and interoperability 238
with our mission partners. The global reach of the United States and its position of prominence 239
in global affairs dictate that the Department does not operate in a vacuum. As a result, we ensure 240
success by operating in conjunction with domestic agencies and federal departments, armed 241
forces and governments of foreign countries, and international non-governmental agencies. 242
Regardless of the spectrum in which the DoD is operating, from disaster relief to full kinetic 243
warfare, the information environment must support collaboration and information sharing in 244
order to be effective. 245
246
2 Joint Staff J7. (2010). J7 Joint Force Development and Integration Division (JFDID). Accessed from:
http://www.dtic.mil/futurejointwarfare/index.html
Area of Support
IT Systems
$ 37 billion
$10 billion in Infrastructure
1.4 million active duty
750,000 civilian personnel
1.1 million National Guard and Reserve
5.5+ million family members
and military retirees
10,000+ Operational systems (20% mission critical)
772+ Data Centers 67,246 Servers 7+ million computers and IT
devices
146 + countries 6,000 + locations 600,000 + buildings and
structures
DoD IT User Base
Total IT Budget
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 3-3
3 IT Consolidation Strategy 247 An effective military strategy can be expressed as Strategy = Ends + Ways + Means 3 where 248 Ends refers to the end state objectives or goals; Ways are the actions required to get to the 249 end state; and, Means" are the resources needed to execute the actions. The "ends" of the DoD's 250 IT Consolidation Strategy are detailed in Section 3.1. Sections 3.2 through 3.5 describe the 251
ways and means that are necessary to achieve the goals. 252
3.1 IT Consolidation Goals 253
The DoD IT Consolidation Goals are focused on improving network security, operational 254
effectiveness, and fiscal efficiency. Figure 3-1 depicts the key benefits and relationships of these 255
goals and illustrates the realm in which the IT Consolidation Strategy seeks to coordinate the 256
execution of DoD IT in order to obtain the best results for the warfighter and the Department as a 257
whole. 258
259
260 Figure 3-1 IT Infrastructure Consolidation Goals 261
262
The result of these consolidation initiatives will be a DoD Information Environment which is 263
able to provide the warfighter with the required information and services in a seamless manner. 264
This standardized network infrastructure will eliminate the organizational barriers to information 265
sharing and, as a result of this standardization, eliminate seams which attackers can exploit to 266
3 Arthur F. Lykke Jr., ed., (1998). Military Strategy: Theory and Application. Carlisle, Pa: U.S. Army War College,
Efficiency
Reduce duplication
in the DoD IT
Inf rastructure, and
deliver signif icant
ef f iciencies across
the Department
Effectiveness
Improve mission
ef fectiveness and
combat power
throughout the
Department
Key Benefits
Unity of command Consistent and
improved user
experience Rapidly deliver new
business and mission
capabilities
Increase interoperability with in-place systems
Global access to needed information
Improve availability and reliability
Cyber
Security
Improve the
security of DoD
networks and
information f rom all
threats
Key Benefits
Unity of effort Do more with less Reduce acquisition,
procurement and sustainment cost
Improve IT cost awareness
Eliminate redundant effort and cost
Key Benefits
Unify command and control of critical networks
Detect and eliminate malicious activity
Validate access to information based on enterprise identity
and user attributes
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 3-4
gain access to vital information or systems. The consolidation and standardization outlined in 267
this document will also improve the flexibility of defense networks by minimizing the 268
organizational and technological changes needed in order to incorporate or respond to changes in 269
emerging technology. 270
3.1.1 Improve Mission Effectiveness 271
The National Defense Strategy of June 2008 highlights the importance of information sharing to 272
national security.4 The strategy notes that providing secure, assured, and reliable information 273
requires not only technological changes, but also changes that break down the cultural barriers 274
impeding progress. Nowhere is this cultural challenge more evident that in our current approach 275
to IT infrastructure provisioning. 276
In todays environment, the Combatant Commands (COCOMs) are provided with Service-277 centric IT networks and IT services focused on Military Service-unique domains that are not 278
integrated into a single information environment. This Service-centric approach extends beyond 279
networks to identity and access management approaches, data centers, mission and business 280
applications, commercial off-the-shelf (COTS) hardware and software, and IT procurement 281
practices. The result is an IT infrastructure that does not effectively support the Joint warfighting 282
environment. 283
The shortcomings of the Department's IT infrastructure in supporting the joint warfighter are 284
well documented. In June 2009, the Joint Requirements Oversight Council (JROC) approved the 285
Global Information Grid 2.0 (GIG 2.0) Initial Capabilities Document (ICD). 5 The GIG 2.0 286
ICDs accompanying GIG 2.0 Concept of Operations (CONOPS) outlines a future of "a single 287 information environment with common standards and centralized governance providing the 288
information advantage to our warfighting commanders."6 The GIG 2.0 concept transforms the 289
current understanding of the GIG from a coalition of departments and agencies with their own 290
set of systems, processes, governance and controls to a more seamless, unified and integrated 291
net-centric environment. 292
An initial assessment by the Joint Staff indicates that the IT consolidation initiatives described in 293
this document address twenty-four of the sixty-six GIG 2.0 ICD capability gaps with an 294
emphasis on joint infrastructure and enterprise services. Many of the remaining GIG 2.0 295
capability gaps are currently being addressed by non-material (i.e. policy and doctrine) activities. 296
These documents and studies serve as the foundation upon which the Department can develop 297
the capabilities to: 298
Provide timely, secure, and required information from a seamless information 299 environment with a focus from the warfighter at the edge back to the core IT 300
infrastructure 301
Provide a unified network environment that simplifies the synchronization and 302 integration of intelligence collection, processing, exploitation, analysis, and 303
dissemination to meet the information requirements of military decision-makers 304
Optimize network capabilities for the joint force that scale from tactical to strategic levels 305
4 Department of Defense. (2008). National Defense Strategy. Accessed from
http://www.defense.gov/news/2008%20national%20defense%20strategy.pdf 5 Joint Staff J6. (2009). Global Information Grid 2.0 Initial Capabilities Document, JROCM 095-09
6 Joint Staff J6. (2009). The Global Information Grid 2.0 Concept of Operations Version 1.1
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 3-5
Improve communication and understanding through information sharing with mission 306 partners 307
Improve situational awareness and force protection by providing reliable and timely 308 access to required information 309
DoDs IT infrastructure must be simplified as an integrated and interoperable resource that 310 quickly delivers the right information at the right time to the right place anywhere in the world. 311
3.1.2 Improve Cyber Security 312
Another key focus of the DoD IT Consolidation initiative is to enhance DoDs ability to counter 313 cyber security threats. DoD networks are under constant attack from cyber security threats 314
launched from the Internet or from malicious software that makes its way inside our networks 315
through email attachments, removable media, or embedded in the hardware we procure. Every 316
device connected to our networks is susceptible to cyber vulnerabilities. In addition to these 317
threats, we must also be prepared for malicious actors operating from inside our organization. 318
At the root of DoDs cyber security challenge is the size and complexity (configuration variance) 319 of our legacy network infrastructure and software systems. As information needs grew, new 320
systems many with their own dedicated networks were added to support DoD missions. 321 Virtual networks were layered on top of physical networks and independent access control 322
approaches were developed as organizations worked to protect their systems and networks. This 323
has led to a DoD information environment where systems, networks, and standards are deployed 324
in a patchwork manner and the security of the entire enterprise is susceptible to exploitation of 325
the weakest are of protection. 326
Specific IT Consolidation initiatives will be undertaken to: 327
Improve cyber security situational awareness and command and control 328
Establish processes for granting accesses to networks and systems access using 329 validated cryptographic identity credentials 330
Detect anomalous behavior inside our networks (e.g., malicious software, 331 unauthorized data movement) 332
Manage configurations and automate compliance monitoring and enforcement 333
Reduce or eliminate the need to manually download information onto removable 334 media to move it to another security domain 335
Streamline certification and accreditation 336
3.1.3 Deliver Efficiencies 337
The DoD spends more on IT annually than any other department or agency, accounting for 338
almost half of the $78 billion government-wide IT budget in Fiscal Year (FY) 10. The FY 10 IT 339
DoD budget was over $37 billion and included over 5800 separate funding lines.7 More than $10 340
billion annually is spent developing and sustaining IT infrastructure capabilities (e.g., data 341
centers, networks, software applications, desktops and mobile devices). 342
The DoD has an obligation to ensure that IT services are delivered in the most cost effective and 343
efficient manner possible. Private sector and state governments have demonstrated that 344
7 Department of Defense. (2009). National Defense Budget Estimates for FY 2010. Accessed from:
http://comptroller.defense.gov/defbudget/fy2010/Green_Book_Final.pdf
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 3-6
leveraging shared services and consolidating IT and telecommunications equipment, resources 345
and investments can achieve greater efficiency, cost-effectiveness, and environmental 346
sustainability in IT and telecommunications operations. DoDs IT Consolidation activities will 347 optimize DoD investments in IT infrastructure while also increasing mission effectiveness and 348
improving cyber security. Specific initiatives will: 349
Reduce duplication and eliminate redundancy through deployment of a coherent 350 architecture to integrate / reduce networks, applications, data centers 351
Lower procurement and sustainment costs 352
Leverage economies of scale to increase buying power 353
Reduce energy use 354
3.2 Governance 355
An effective DoD CIO governance structure begins with strong CIO-driven leadership to 356
establish direction and hold the Departments IT organizations accountable. In today's complex 357 DoD IT environment, leadership must provide effective governance to manage technology in 358
support of business needs and mission effectiveness. This governance includes the structures 359
and processes for setting direction, establishing standards, and prioritizing IT investments. 360
Through proper governance, the DoD is able to leverage a framework for accountability in 361
enforcing compliance with decisions about technology use and procurement. 362
The DoD CIO has primary responsibility for the development and enforcement of the 363
Departments overall IT policy, architecture and standards; Component CIOs are accountable for 364 implementing and complying with DoD CIO direction. The DoD CIO will leverage the DoD 365
CIO Executive Board and its reporting relationship to the DAWG (and the Defense Business 366
Systems Management Committee (DBSMC) as appropriate) as the focal point for DoD IT 367
Consolidation. This board will serve as the Department's single, senior governance forum in 368
which IT Consolidation matters are reviewed and approved or disapproved. Components will 369
submit their aligned IT Consolidation implementation plans to this forum and progress will be 370
tracked, consolidated, and briefed to the DAWG through this forum. The necessary subordinate 371
groups needed to produce policy, standards, architecture, and guidance will be formed under the 372
direction of this board. 373
374
Figure 3-2 shows the tiered structure that IT Consolidation governance will follow. 375
376
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 3-7
377
378
Figure 3-2 DoD IT Consolidation Governance Framework 379
3.3 Management Approach 380
The DoD will employ a tiered accountability/ modest federation approach to IT Consolidation. 381 Under this approach, responsibility and accountability for implementing IT Consolidation 382
initiatives are assigned to different levels in the organization. For example, the DoD CIO is 383
responsible for developing the enterprise IT policy and architectures (i.e., DoD-wide policies, 384
capabilities, standards, reference architectures and rules) and the associated enterprise IT 385
Consolidation Strategy and Roadmap. Each component is responsible for producing a 386
component-level architecture and IT Consolidation plan associated with its own tiers of 387
responsibility in a manner that is aligned with (i.e., does not violate) the enterprise IT policies 388
and architecture. Similarly, program managers are responsible for developing program-level 389
architectures and consolidation plans and for ensuring alignment with the architectures and plans 390
above them. This structure will allow for flexibility while also ensuring linkages and alignment 391
from the program level through the component level to the enterprise level. 392
3.4 Performance Metrics 393
Component progress against IT Consolidation objectives will be measured against the key 394
drivers that impact mission effectiveness, cyber security, and efficiency. Initial measures will 395
focus on: 396
The number of data centers and servers 397
The number of physical and logical networks 398
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 3-8
Number of duplicative applications 399
The percent of mission critical applications using the enterprise attribute-based access 400 control capability 401
The dollar value flowing through designated DoD-wide COTS hardware (HW)/ software 402 (SW) procurement mechanisms 403
Focusing metrics on the key drivers will illuminate lower-level implementation issues without 404
placing undue reporting burdens on the Components. 405
406
3.5 Communication Plan 407
An effective communication plan is critical to building DoD-wide commitment to the IT 408
Consolidation Initiative. With that aim in mind, the communications strategy is targeted at 409
moving staff along the commitment curve depicted in Figure 3-3 below.8 410
411
Figure 3-3 Building Commitment 412
413
In addition to the framework provided by the commitment curve, the communications strategy 414
will be constructed using the following guiding principles: 415
8 Adapted from the Commonwealth of Massachusetts IT Consolidation Communications Plan. See
http://go.usa.gov/Yat
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 4-9
1. Recruit leaders (e.g., COCOM Commanders, Military Department CIOs, Agency CIOs) 416 and utilize existing working groups (e.g., DAWG, DBSMC, CIO Executive Board) to 417
serve as communications champions 418
2. Distribute communications in a tiered fashion i.e. a message is created centrally and 419 passed down in a consistent manner through each level of leadership to build message 420 consistency and allow for delivery from the appropriate leader for each stakeholder group 421
3. Provide timely updates that are appropriately scoped for each stakeholder group 422 throughout the entire consolidation process 423
4. Incorporate a two-way communication process, providing stakeholders with mechanisms 424 to ask questions, offer feedback, and raise issues 425
5. Establish a procedure for addressing raised issues and communicating results with 426 stakeholders in a timely fashion 427
6. Target messages at stakeholder needs and concerns 428 7. Conduct the planning, budgeting, and governance in a transparent way that ensures a 429
balanced and non-duplicative set of IT capabilities are provided by a set of Component 430
implementation plans 431
The expected benefits of the strategy include consistent messaging throughout the process, well- 432
informed stakeholders, and coordinated efforts across the Department. 433
434
4 IT Consolidation Roadmap 435 In accordance with the SecDefs direction to consolidate DoD IT infrastructure, the DoD CIO 436 established working groups to identify specific initiatives that align to the IT Consolidation goals 437
of increasing mission effectiveness, improving cyber security, and delivering efficiencies. Over 438
240 representatives from Office of the Secretary of Defense (OSD), the Military Departments, 439
DISA, NSA, and USCYBERCOM identified a set of initiatives that map to the IT Consolidation 440
goals as shown in Figure 4-1. The initiatives are grouped in the following functional areas: 441
Network Services (NS): The services (including hardware, software and labor) that provide the 442
telecommunications (i.e. voice, video, and data transport), including inter-installation (long haul) 443
networks, installation campus area networks, network management and information assurance 444
services 445
Computing Services (CS): The services that provide the ability to process, store and access 446
information, including data centers and the server, storage and other hardware inside of them 447
Application and Data Services (ADS): The common shared applications, services, and 448
processes. 449
End-User Services (EUS): The specific subset of computing services which enable end-users to 450
access information applications and services locally and via the network 451
IT Business Processes (BP): The business processes used to procure the hardware, software and 452
services needed to operate and maintain DoD IT 453
Detailed descriptions, initial implementation timelines, and rough order of magnitude (ROM) 454
estimates of required investments and potential savings have been developed for each initiative. 455
Technical and cultural risks were assessed on a scale of high, medium, and low. 456
The following sections describe the technical approach to consolidation for each functional area. 457
Brief descriptions of each initiative are provided in Appendix A through Appendix E. 458
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 4-10
459
Figure 4-1 IT Consolidation Initiatives 460
461
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 4-11
4.1 IT Consolidation Initiatives 462
The implementation timeline for the IT Consolidation Roadmap is represented in Figure 4-2. 463
The timeline represents each of the five functional areas and the key initiatives that the 464
Department will focus its efforts on over the next two-year period. A key concept which carries 465
throughout the timeline is the establishment of the enterprise approach followed by the 466
submission of Component plans detailing their transition to alignment with the enterprise 467
approach. The timeline follows this model for each initiative by establishing working groups, 468
reporting to the DoD CIO Executive Board, which are comprised of the appropriate Component 469
representatives. These representatives will be empowered to make decisions and bring the 470
expertise needed to implement solutions. 471
472
Figure 4-2 IT Consolidation Initiatives 473
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 4-12
For each initiative we will first complete the Business Case Analysis reports necessary for the 474
further development of the enterprise architecture and standards. Upon finalization of the 475
enterprise architecture and standards, Components will develop implementation plans that align 476
to these enterprise architectures. Once the Component plans have been coordinated and 477
approved, all stakeholders will move out quickly to implement solutions in each area. As an 478
example, the Computing Services Consolidating Data Centers and Servers initiative will first 479 need to complete a Business Case Analysis study for the use of Enterprise, Area, Regional and 480
Installation data centers. The data and findings of the Business Case Analysis will be used to 481
establish the data center standards and criteria needed by the Components to determine which 482
location and type of facility they should incorporate into their planning. The DoD CIO 483
Executive Board will review, coordinate, and approve each Component implementation plan and 484
then track progress over the implementation period. 485
4.1.1 Network Services (NS) 486
Today, thousands of individual programs, including formal programs of records and informal 487
projects, maintain private network enclaves. Each of these individual networks has separate 488 support staff including network operators, administrators, and information assurance personnel. 489
In addition, each of these individual networks maintains a security stack which is often unique 490 to that program. Some of these individual networks operate connections to other DoD, federal, 491
state, or local networks and, sometimes, even to the public Internet. 492
The direct and indirect cost of all the hardware, software, and labor required to operate and 493
maintain these individual program, organization and installation networks is substantial. These 494
individual networks significantly detract from or completely negate our ability to securely share 495
information across the enterprise and/or execute effective command and control of DoD 496
networks. As a result, the effectiveness, agility, and security of geographic COCOM and CJTF 497
commanders' networks are significantly degraded. 498
The three military departments (MilDeps) have already begun taking actions to consolidate their 499
networks, but these efforts need to be both accelerated and synchronized to ensure maximum 500
effectiveness, cyber security, and efficiency are achieved at the enterprise level. 501
The DoD approach to eliminating unnecessary costs and improving the capabilities of our 502
networks as noted above is to: 503
1. Consolidate all network services on each DOD installation so that there is a single 504 installation campus area network per installation maintained by a single, installation 505
network service provider 506
2. Accelerate consolidation of internal networks by eliminating individual networks 507 currently maintained by programs, organizations and local facility managers 508
3. Replace program, organization, and installation level security services and infrastructure 509 with a suite of enterprise level security services operated jointly by the MilDeps, DISA 510
and USCYBERCOM, including separate PKI-enabled, attribute-based access control 511
services for both devices and people 512
4. Strictly enforce compliance with all DoD enterprise level guidance for information 513 assurance and network security 514
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 4-13
4.1.2 Computing Services (CS) 515
Recent advances in computing technologies and the Internet have sparked a revolution in the 516
provisioning of computing resources through the ready access of computing as an on-demand 517
service. This enables shared and distributed computing approaches that can accelerate DoDs 518 efforts to achieve net-centric operations by ensuring that warfighters receive the right 519
information and applications from trusted and accurate sources, when and where they are 520
needed. DoD recognizes that leveraging these advances will result in an enhancement of 521
command and control and combat support capabilities for warfighters and decision makers, 522
thereby increasing operational effectiveness. DoDs future computing environment will securely 523 leverage and share the full-range of available physical and virtual computing resources in a rapid 524
and demand-based manner across the complete spectrum of strategic, operational, and tactical 525
missions. 526
Unfortunately, the current state of IT procurements, coupled with the relatively low cost of IT 527
hardware allows a multitude of entities within the DoD to purchase and operate their own 528
computing infrastructure. As a result, the DoD information environment is susceptible to the 529
exploitation of these myriad of devices, systems, and standards by malicious actors intent on 530
causing harm to our national interests. Accordingly, the Department will pursue consolidation of 531
computing services with four major efforts during the next 24 months: 532
1. Merge and Eliminate Fourth Estate IT Infrastructures and Service Providers taking 533 advantage of the economies of scale that can be obtained by either aggregating multiple 534
fourth estate organizations or having them use computing services provided by one of the 535
military departments 536
2. Centrally manage and restrict the diversity of server (development and operational) 537 platforms used throughout the Department, and, require all purchases of commodity 538 hardware such as servers, server operating systems and storage area networks to be done 539
through a limited number of consolidated contracts that leverage economies of scale to 540
lower total costs to the enterprise 541
3. Consolidate DOD Data Centers in accordance with the DOD Data Center Consolidation 542 Plan submitted to OMB, the IT Optimization Reference Architecture and Theater level 543
Synchronization Plans, specifically eliminating program, organization and installation 544
level data centers (More detail about data centers is provided below) 545
4. Aggregate computing services and consolidate infrastructure requirements to gain the 546 economic efficiencies of scale whenever practical, such as consolidating regional LMR 547
infrastructure or contracts for office printer maintenance and ink cartridges 548
549
DoD will also move aggressively to decrease its total number of data centers consistent with the 550
DoD Data Center Consolidation Plan, IT Infrastructure Optimization Reference Architecture, 551
and Theater Synchronization Plans. This consolidation will result in a hierarchy of DoD data 552
centers based on functionality, purpose, and efficiency. Current DoD plans will result in: 553
32% reduction in data centers 554 30% reduction in racks 555 25% reduction in servers 556
DoD plans to further reduce data centers to 442 by FY15 (42% reduction from FY10) as directed 557
in the FY12 Office of Management and Budget (OMB) Budget Passback . 558
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 4-14
The objective is to consolidate computing services into one of three computing center facilities: 559
(1) Enterprise Computing Centers (ECC); (2) Area/Regional Processing Centers (A/RPC); or, (3) 560
Installation Processing Centers (IPC) as shown in Figure 4-3. 561
Enterprise Data Center (EDC): EDCs are designated by the DoD CIO and may be owned and 562
operated by either the Defense Information Systems Agency (DISA) or a Service. EDCs comply 563
with enterprise level standards and host applications from any DoD component based on agreed 564
upon service level agreements. EDCs are the preferred and default location for all DOD servers. 565
Area/Regional Processing Centers (A/RPC): A/RPCs are very similar to EDC in terms of 566
ownership and operation. A/RPCs are designated by the DoD CIO in collaboration with 567
geographic COCOMs to host systems which must have either a primary or back-up instantiation 568
in a particular region for technical, operational, or financial reasons. 569
Installation Processing Center (IPC): Each DoD installation may have a single IPC of the 570
minimum size necessary to host only those systems that require local instantiation for operational 571
or technical reasons. These processing centers will be allowed only by exception obtained 572
through a waiver process which includes validation from the DoD CIO. 573
Components will develop plans to relocate existing computing center facilities into one of the 574
three types of facilities described above. 575
576
Figure 4-3 DoD Data Center Consolidation Approach 577
578
4.1.3 End-User Services (EUS) 579
End user services initiatives are focused on improving mission effectiveness and reducing costs 580
by taking advantage of rapid changes and advances in the types of devices used to access 581
information and applications as well as in the operating systems upon which those systems are 582
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 4-15
built. These initiatives aim to eliminate the costs of maintaining traditional workstations and the 583
installation campus area networks and infrastructure upon which they depend, while significantly 584
increasing end-user mobility and capability. 585
The consolidation efforts will create a network infrastructure that is secure, resilient, rapidly 586
restorable, and capable of supporting multiple missions by providing the user with the mission 587
data, interoperability, and services necessary to operate in an increasingly mobile operating 588
environment. Next generation end-user devices will utilize standardized network, data, and 589
application services to maximize cost savings, flexibility, and defensibility. Centrally managed 590
diversity allows for a myriad of interoperable devices optimized for a variety of missions and 591
needs. The desired end state is for the Department to enjoy end-user devices that have a 592
minimized attack surface area, enable robust network protection, and are rapidly restorable to a 593
known good-state supporting resilience, constant continuity of operations (COOP) 594 capabilities, and user credential protection. 595
These initiatives set the stage for DoD to take advantage of recent and future technical changes 596
and advances in the types of devices people use to access their information (i.e. smart phones, 597
diskless nodes and tablets). To enable the Department to take advantage of next generation 598
devices, the DoD will move immediately to consolidate this emerging end-user infrastructure 599
and make it joint from birth by taking the following actions: 600
1. Centrally coordinate all next-generation device pilots, tests, and other initial 601 implementations to reduce unnecessarily redundant testing and expenses 602
2. The testing, certification, and procurement of next-generation devices will be 603 consolidated at the enterprise level to enable test once, use everywhere and gain the 604 economies of scale associated with aggregated enterprise-level purchasing 605
3. Centrally manage all next-generation device configurations and consolidate all next-606 generation hardware and software purchases to both take advantage of economies of scale 607
and promote software and system re-use 608
4. Establish a limited number of standard DoD development platforms and repositories to 609 save testing and certification costs through a test once, use every where process 610 optimized for next-generation end-user devices with limited bandwidth 611
5. Coordinate continued pathfinder implementations of web-based desktop productivity 612 software suites at the enterprise level 613
614
615
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 4-16
616 Figure 4-4 Notional Multi-Level Secure Desktop Environment
9 617
618
4.1.4 Application and Data Services (ADS) 619
Application and Data Services initiatives are focused on providing secure global access to 620
common DoD-wide solutions to allow our men and women to access the people and information 621
resources they need from any computer, anywhere in the world. In order to gain the full 622
operational and economic benefit of the initiatives detailed in this document, we must change 623
how we acquire, develop, field, and maintain applications. The approach is based upon 624
developing enterprise capabilities and mandating their use once operationally viable. As a result, 625
no IT investments shall be planned for or initiated to develop, modify or sustain capabilities 626
comparable to the designated DoD enterprise capabilities absent a compelling operational need 627
or documented business case. 628
The Department will pursue a three pronged approach to the consolidation of application and 629
data services: 630
Vigorous IT Portfolio Management, to include the designation and mandatory use of 631 select enterprise application and data services 632
Promulgation of enterprise reference architectures, including technical standards for 633 federated enterprise solutions, coupled with strictly enforced compliance to those architectures 634
and standards 635
Establishment and mandated use (for new applications) of a limited set of development 636 platforms and a process for rapid incremental development including a tested by one, accepted 637 by all process for joint system certification 638
639
9 Source: Al Udeid Combined Air and Space Operations Center (CAOC) Trusted Thin Client Training materials
Current Work Station Thin Client Work Station
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 4-17
To accomplish these goals, the Department will take the following actions: 640
1. Designate select services provided by one or more components as mandatory DOD 641
Enterprise Services and prohibit the programming, planning or execution of any funds (absent a 642
compelling operational or documented business case) for the development or modification of any 643
system which provides capabilities comparable to a designated mandatory DOD Enterprise 644
Service 645
2. Establish a limited number of standard DOD development platforms and repositories 646
(such as DISA RACE and SourceForge.Mil) to re-use Government developed code as much 647 as possible and save testing and certification costs through a test once, use every where process 648 optimized for next generation end user devices with limited bandwidth 649
3. Fully implement, and designate as mandatory for use, a federated enterprise solution for 650
person-based access control on all SECRET and UNCLAS networks, including a suite of 651
Enterprise Attribute Services for People which includes the implementation of component level 652
Organization Servers, Global Force Management Data Initiative, and, associated DMDC and 653 DISA provided services 654
4. Fully implement, and designate as mandatory for use, a federated enterprise solution for 655
person-based access control on all SECRET and UNCLAS networks, including a suite of 656
Enterprise Attribute Services for devices on all SECRET and UNCLAS networks, as a separate 657
and distinct set of services from those used for people 658
659
Near-term activities are focused on the Enterprise Email (ADS-1) deployment and Attribute 660
Services (ADS-2). Attribute Services provide the foundational security capability needed for 661
rapid and unanticipated information sharing. This managed and governed core support service 662
provides attributes for access decisions within a centralized enterprise model. This service 663
includes a collection of authoritative person and non-person entity (NPE) attribute data based on 664
commonly defined and governed attributes and makes them available through an enterprise 665
service model to integrate within DoD authorization and access capabilities (e.g., Attribute-666
Based Access Control). 667
The Attribute Service provides access to identity information and can expedite account 668
provisioning and speed secure information sharing. Together with other DoD authorization and 669
access capabilities, the Attribute Service provides the basis for replacing time- and resource-670
intensive manual processes with near real-time automated account provisioning and access 671
control to shared information resources in. This core service supports a more agile, flexible, and 672
responsive warfighting posture where the rules for access control can be quickly modified and 673
enforced based on changing real-world conditions. 674
Key objectives are to: 675
1. Increase warfighter access to required information and services, especially across 676 organizational and security boundaries 677
2. Increase network flexibility, allowing for rapid response to operational conditions 678
3. Improve cyber security 679
4. Drive out anonymity via strong cryptographic authentication (e.g., Public Key 680 Infrastructure) 681
5. Standardize access policies to enable more consistent access decisions 682
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 5-18
6. Reduce duplicative costs associated with existing stove-piped and redundant identity and 683 access management systems 684
7. Increase agility and interoperability with the implementation of commercial standards 685
686
4.1.5 IT Business Processes (BP) 687
The IT Business Process initiatives seek to leverage economies of scale and improved ways of 688
doing business to deliver IT efficiencies. The focus will be to identify DoD-wide approaches to 689
common IT business needs and direct IT-related business and operational practices that will 690
deliver procurement, sustainment, and energy efficiencies. 691
DoD will build on the successes of the DoD Enterprise Software Initiative (ESI)10 and 692
consolidated hardware procurement approaches established by the Army and Air Force. In its 693
first ten years of operation, DoD ESI achieved a cost avoidance of over $3 billion compared to 694
General Services Administration (GSA) Federal Supply Schedule published prices. 695
Limiting commercial-of-the-shelf (COTS) hardware (HW) procurements to enterprise-wide 696
vehicles will lower lifecycle costs by reducing procurement expenditures and lowering aggregate 697
contract administration overhead costs. In addition, reducing the number of IT hardware 698
configurations will ease testing, patch management, and software upgrade installation costs. 699
Defense Business Systems account for nearly $7 billion of the annual IT budget. There are 700
nearly 3000 registered systems. Each of these systems is maintained separately and each 701
operates on its own independent data store. There will be significant cost savings through retiring 702
legacy systems, stopping procurement of duplicate services and reducing the amount of 703
redundant data maintained in duplicate systems. 704
The Department may realize significant annual cost reduction through promoting and adopting 705
Green IT initiatives. These initiatives focus on how DoD operates IT infrastructure, procures 706
devices, services and IT supplies, and consumes the resources that support IT. 707
5 Estimated Efficiencies 708 DoD CIO estimates that additional savings of $1.5 billion to $3.5 billion over the Future Years 709
Defense Program (FYDP) are possible through IT consolidation as shown in Figure 5-1. The IT 710
Consolidation initiatives will result in a combination of direct and indirect budget savings that 711
will be retained by Components to deliver high-priority IT capabilities. These efficiencies are in 712
addition to the $1.7 billion direct budget savings from the Army ($500 million) and Air Force 713
($1.2 billion) included in the DoD FY12 Presidents Budget (PB12) submission. The Army and 714 Air Force efficiencies were identified during the SecDef-directed zero-based review of 715 functions and resources within all DoD Components. 716
A significant portion of the future IT Consolidation efficiencies will be the result of reduced 717
sustainment funding for legacy capabilities that are eliminated and replaced by enterprise 718
capabilities. As the funding for these legacy initiatives is spread over many hundreds of program 719
elements, the current budget processes and mechanisms do not provide adequate insight to allow 720
funds to be redirected. Other efficiencies will be realized through reduced procurement costs or 721
reduced energy costs. 722
10
See http://www.esi.mil/
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 6-19
The current PPBE process and supporting systems do not provide adequate transparency and 723
insight into IT expenditures and will not support accurate accounting of IT Consolidation 724
efficiencies. DoD CIO will work with the Director, Cost Analysis and Program Evaluation (D, 725
CAPE) to develop appropriate Business Case Analysis (BCA) approaches to evaluate IT 726
Consolidation initiatives. Top-line adjustments to component budgets will enable the 727
Department to redirect savings from efficiencies to the development of additional enterprise 728
capabilities. 729
The Department is evaluating alternative funding mechanisms and portfolio approaches for IT as 730
part of the IT Acquisition Reform effort required by Section 804 of the 2010 National Defense 731
Authorization Act (NDAA). As these reforms are enacted, DoD CIO will re-evaluate the ability 732
to adequately measure IT consolidation savings. 733
734
Initiative Area
Estimated Efficiencies ($M)*
Per Year by FY 15 FY 11-15
Minimum Most
Likely Minimum
Most
Likely
Computing Services 220 340 440 790
Network Services 230 730 810 1,210
End-User Services 210 230 390 530
Application and Data Services 160 240 280 680
IT Business Processes** 470 700 1,280 1,990
Estimated Total Efficiencies 1,290 2,240 3,200 5,200
Less: PB 12 Budget Reduction
Army (520) (520)
(500) (500)
Air Force (1,200) (1,200)
Potential Future Efficiencies 770 1,720 1,500 3,500
*Pending business case analysis
** Does not include initiative BP5: Standardize Business Applications
Figure 5-1 IT Consolidation Efficiencies 735
736
6 Sustaining Processes 737 Achieving the goals and objectives of IT consolidation will require strong enterprise-level 738
governance and monitoring led by the DoD CIO in partnership with stakeholders from across 739
OSD and the Components. This will require substantial cultural change within the DoD decision-740
making community. Adherence to DoD CIO policy and Enterprise Architecture guidance must 741
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 6-20
be embedded throughout the Departments core decision-making processes, and the DoD CIO 742 must have clear, unambiguous authority across the Enterprise to hold DoD Components 743
accountable for alignment to IT policies and initiatives and delivery of IT solutions. Strong 744
governance mechanisms will be required to both support the consolidation efforts and ensure that 745
all unique operational requirements are addressed. 746
Specific recommendations are discussed in the following sections. 747
6.1 IT Governance 748
Successful consolidation of DoDs IT environment will require strong, centralized leadership and 749 governance. This will require institutional changes to critical decision-making processes as well 750
as a cultural reform regarding the manner in which the Department manages information and 751
information technology. DoD must evolve from a culture in which veto powers are widespread 752
to one where leaders are fully empowered to drive transformation across the Department in 753
alignment with the central vision. Without this level of commitment, change will not endure and 754
the planned initiatives will be unlikely to survive changes in leadership or the conflicts of 755
priorities that will surely develop over time. Additionally, to achieve the targeted savings, DoD 756
must reallocate funding to facilitate the IT consolidation priorities and make corresponding 757
reductions to affected programs. 758
Effective IT governance begins with strong CIO-driven leadership to focus attention and hold 759
Components accountable for complying with DoD IT policy, architectures, and standards. Strong 760
incentives, enforceable by the DoD CIO, must be instituted to compel DoD managers at all 761
levels to comply with Departmental guidance and must be accompanied by serious penalties for 762
noncompliance. Additionally, roles, responsibilities, and relationships between the CIO and 763
research, development, and acquisition organizations must be clearly aligned to ensure IT 764
enterprise requirements are successfully translated into agile technical solutions that fully align 765
with future IT enterprise initiatives. 766
6.2 Certification and Accreditation 767
In order to achieve IT efficiencies and deliver the promise of speed of delivery, the Department 768
must reconsider how it performs IT Certification and Accreditation (C&A). IT C&A processes 769
should be consolidated and integrated alongside a review focused on determining the effects of a 770
corresponding reduction in the number of and autonomy of Designated Approval Authorities 771
(DAAs). 772
The DoD CIO will lead the effort to develop the policies and guidance necessary to consolidate 773
Department C&A practices with a focus on maximizing reciprocity and reducing duplicative 774
effort. The participation of the DoD Component C&A leads will ensure that solutions are 775
approached with the input of all stakeholders, 776
6.3 Joint Capabilities Integration Development System (JCIDS) 777
The JROC, chaired by the Vice Chairman Joint Chiefs of Staff, is the Departments governing 778 body for the identification, approval, and validation of capability gaps and requirements 779
identified by the warfighting, intelligence, business, and infrastructure mission area managers. A 780
hierarchy of boards including the Joint Capabilities Board (JCB) and Functional Capabilities 781
Boards (FCB), along with the processes delineated in CJCSI 3170 supports the JROC in this 782
capacity. 783
784
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 6-21
Implementation of the Enterprise Information Environment (EIE) portfolio approach within 785
JCIDS will be achieved through the combination of the Command and Control (C2) and Net-786
Centric (NC) Functional Capabilities Boards into a single Enterprise Information Environment 787
Functional Capability Board (EIE FCB). The Joint Staff and the DoD CIO will be directed to 788
establish this EIE FCB, adhering to the JCIDS process and answering to the JROC. This 789
Functional Capability Board will be the central source for capturing Enterprise Infrastructure 790
requirements and prioritizing enterprise capability delivery. JCB and FCB membership will be 791
expanded to include the DoD CIO, and USCYBERCOM on behalf of USSTRATCOM. 792
793
Specific JCIDS-related actions required to ensure EIE requirements compliance include: 794
795
Modify JCIDS Documentation (CJCSI 3170 series) to require documentation of 796 compliance with the DoD Information Enterprise Architecture (IEA) that contains 797
business rules and relevant capability architectures that apply to all IT investments 798
Modify Interoperability Instruction (CJCSI 6212) to strengthen DoD IEA compliance, 799 clarify the Net-Ready KPP with respect to the DoD IEA, establish the requirement to 800
align to and comply with relevant capability architectures, and require the adoption of the 801
Enhanced Information Support Plan (EISP) process to assess compliance 802
Modify the Joint Urgent Operational Needs Process (JUON) to insert steps to ensure 803 that available DoD Enterprise Services are considered and used to the greatest extent 804
feasible before considering alternative solutions 805
Modify the Business Capability Lifecycle (BCL) process to require DoD IEA 806 compliance 807
6.4 Planning, Programming, Budgeting and Execution (PPBE) 808
The PPBE process supports the Planning, Programming, Budgeting and Execution of 809
requirements and needs identified by the JROC. As the sponsor of Defense EIE portfolio, the 810
CIO will lead the collection and review of Department inputs, including from the Components, 811
to inform and direct DoD-level EIE portfolio investment and acquisition processes and decisions 812
(e.g., PPBE and Defense Acquisition System). The CIO, supported by subordinate and 813
supporting portfolios, in coordination with Director CAPE (D, CAPE) and the Joint Staff (JS), 814
will participate in the Front End Assessment (FEA) and Analytic Agenda process to develop and 815
propose upfront Defense Policy and Planning Guidance (DPPG) language to address strategic 816 guidance and military needs. 817
The CIO, in coordination with D, CAPE and the JS, will review and assess annual Service 818
Component and Agency Program Objective Memorandums (POMs) and propose budget and 819
programming alignments; to include active invited participation in key Program Review decision 820
forums (e.g., 3-Star Programmers and DAWG). D, CAPE, in coordination with the DoD EIE 821
portfolio sponsor (CIO), shall review and issue programming and budgeting guidance that 822
reflects DBS and NSS EIE portfolio recommendations to continue, modify, terminate or initiate 823
funding for EIE projects/programs to ensure compliance with approved Defense IT Enterprise 824
policy and direction. 825
Under Secretary of Defense (Comptroller), in coordination with the DoD EIE sponsor (CIO) and 826
D, CAPE, shall establish policies and procedures to ensure EIE resource data visibility and 827
accountability to support agile and informed IT EIE investment and sustainment decisions 828
consistent with DoD IT policy and direction. 829
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 6-22
D, CAPE and USD(C) shall establish business rules and procedures necessary to implement IT 830
EIE resourcing initiatives; i.e., single EIE appropriation, EIE revolving fund, and EIE 831
program/funding element restructuring consistent with DoD response to Section 804 of the 832
National Defense Authorization Act for Fiscal Year 2010 (PL 111-84). 833
As the EIE sponsor, the CIO, in partnership with USCYBERCOM on behalf of USSTRATCOM, 834
shall also serve as capability sponsor in military needs and acquisition forums as required and/or 835
determined by the VCJCS and USD (Acquisition Technology and Logistics). 836
To sustain these changes, the DoD CIO, together with USD(C) and D, CAPE must enhance 837
transparency and DoD-wide oversight of IT budget formulation and execution and exert more 838
active oversight and control of the IT budget across all Components. These changes should 839
include: 840
Stronger DoD-wide oversight of IT budget formulation: This includes capital planning, 841
preparation, prioritization and presentation activities, including determining and evaluating 842
Information and IT resource requirements in support of mission execution; and, 843
Stronger DoD-wide oversight of IT budget execution: This includes resource allocation and 844
planning activities for Information and IT systems development, operations, and services as 845
appropriate to ensure resources are expended in accordance with established IT policy; 846
Concurrently, the DoD CIO will implement robust DoD-wide IT investment reviews, tightly 847
integrated with the key decision processes, to give greater OSD governance or control in the 848
selection, planning, review, and oversight of IT investments. This includes evaluating, managing 849
risk and providing approval to proceed at the earliest state possible prior to initiating 850
procurements or advancing to subsequent phases of system development and/or acquisition; as 851
well as rigorous, regular reviews of the status and progress of projects and activities related to 852
Agency Information and IT investments to determinate whether to continue, suspend, re-baseline 853
or cancel projects or components thereof. 854
Together, this budget and investment oversight is key to holding the organization accountable to 855
the changes and achieving the targeted savings ensuring funding is applied to consolidation 856 programs and correspondingly removed from those programs providing savings. In the long 857
term, additional Planning, Programming, Budgeting, and Execution (PPBE) oversight and 858
flexibility is needed to respond to the rapid changes of the IT environment 859
Specific actions required to ensure EIE guidance is followed throughout the PPBE process 860
include: 861
862 Planning (POM Guidance): The DoD CIO will prepare an IT Addendum in the 863
Guidance for the Development of the Force (GDF) to USD(Policy) in order to provide 864
guidance specific to IT optimization via EIE architecture compliance 865
Planning (POM Guidance): The DoD CIO will prepare an IT Addendum in the Joint 866 Planning Guidance (JPG), and/or DPPG to D,CAPE in order to provide the guidance 867
necessary to ensure component programs are appropriately resourced to use, and not 868
duplicate, enterprise capabilities in compliance with both the DoD IEA and capability 869
architectures 870
Programming (POM Issue Process): The DoD CIO will request USD(C) to withhold 871 or reprogram funds budgeted for systems that fail to comply with the DoD IEA or 872
capability architectures, fail to use applicable DoD Enterprise Services, or, unnecessarily 873
duplicate existing DoD Enterprise Solutions 874
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
DoD IT Consolidation Strategy and Roadmap 6-23
Financial Management Regulations (FMR)/Funding Documents: The DoD CIO will 875 request USD(C) to modify standard DoD forms used to allocate and transfer funds (such 876
as Military Interdepartmental Purchase Requests) to include a specific statement 877
certifying that no funds on the subject funding document will be obligated for any IT 878
service or system that is not compliant with the DoD IEA or capability architectures, 879
specifically including the appropriate use and non-duplication of enterprise capabilities 880
6.5 Defense Acquisition System (DAS) 881
Contracting Officers, Program Managers, and other acquisition professionals are constrained by 882
Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement 883
(DFARS) with respect to ensuring all IT procured by the DoD fully meets, but does not 884
unnecessarily exceed at additional cost, all validated requirements for the subject procurement 885
action. In the majority of cases, validated requirements are not determined via the JCIDS 886 process, but rather by local requirements generators who may or may not be familiar with, or feel 887
compelled to use, enterprise capabilities (e.g., data centers, networks, enterprise services). DoD 888
acquisition and procurement policy and processes, as well as relevant DFARS clauses if 889
possible, must be modified to direct contracting officers to ensure that all DoD IT contracts 890
require the use of, and prohibit the duplication of, enterprise capabilities. 891
892
Successful IT Consolidation will require the Department to establish a common set of DoD 893
Information Enterprise acquisition and procurement strategies. While technical standards achieve 894
a level of interoperability, the next phases of the consolidation effort cannot be accomplished 895
unless the acquisition and procurement strategies are synchronized across all Components. 896
897
Specific actions required to ensure EIE guidance is followed throughout the DAS process 898
include: 899
900
DoD CIO will recommend changes to DoDD 5000.01 to enforce compliance with DoD 901 EIE architectures and the use of available enterprise capabilities within major acquisition 902
activities. Specific changes envisioned will: 903
o Make the use of existing and planned enterprise capabilities a mandatory element 904 of the Analyses of Alternatives (AoA) 905
o Make the use (and non duplication of) existing and planned enterprise capabilities 906 a requirement for all Preliminary design Reviews (PDR) 907
o Make the use (and non duplication of) existing enterprise capabilities a 908 requirement for all milestone B decisions 909
DoD CIO will develop and institute a standard contract clause to be inserted in all 910 contracts for DoD IT goods and services requiring compliance with the DoD IEA, and, 911
the use and non-duplication of designated enterprise capabilities 912
Incorporate the IA requirements and procedures currently defined by DIACAP into the 913 processes of the Defense Acquisition System to ensure effective information assurance 914
capabilities are designed into all IT systems from concept through systems engineering. 915
This equally applies to the acquisition and procurement of IT capabilities that 916
traditionally fall below the threshold criteria for formal acquisition 917
918
FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16
A-1
919
Appendix A Network Services Initiatives 920 921
NS1 Consolidate Security Infrastructure 922
Multiple generations of Top Level Architectures (TLA) provide network perimeter security 923
across DoD. In many cases equipment used is nearing end of useful-life requiring both refresh 924
and new technology for continuing defense of the network and providing enhanced capabilities 925
for protecting against emerging threats. This initiative is to design and deploy a DoD Enterprise -926
Top Level Architecture (D-TLA) architecture that will standardize equipment, improve 927
information assurance (IA) security capabilities, reduce the number of DISA point-of-presence 928
(PoP) connections, and simplify systems management. 929
NS2 Consolidate NetOps Centers 930
Migrate from the numerous separate Component NetOps Centers to joint NetOps centers that 931
align to common processes and standards, select and adopt common tools, and automate network 932
incident response capabilities. Leverage buying power for enterprise-wide network operations 933
software and licenses, and centralize hosting of network operations services in DoD computing 934
centers to reduce hardware costs and improve security (Under review by USCYBERCOM). 935
NS3 Implement Cross Domain Solution as an Enterprise Service 936
Create enterprise application services that are cross-domain enabled. Engineer and deploy 937 comprehensive, enterprise-grade services for common key applications such as e-mail, machine-938
to-machine data transfer, portal synchronization, chat, and web services. This effort aims to 939
provide reliable, secure, well-defended standard services for those COTS application data 940
formats that make up the bulk of cross-domain requirements. These COTS data formats, such as 941
Simple Mail Transfer Protocol (SMTP) e-mail, Microsoft Office documents, and .pdf files, are 942
predictable, well understood, standard, and common. The goal is to make it an easy investment 943
and risk decision for a DoD organization to use the provided enterprise service rather than 944
engineer, staff, and defend a local solution. 945
NS4 Implement Standard Certification and Accreditation Process 946
In order for DoD to fully transition to the new harmonized guidance, it plans to first revise its 947
existing 8500 series of guidance. This process includes upcoming revisions to the information 948
security policy documented in its directive 8500.01 and instruction 8500.2, the certification and 949
accreditation process contained in DoD 8510.01, as well as various additional instructions and 950
guidance. The first major step is to release the revised DoDD 8500.01 and DoDIs 8500.2 and 951 8510.01 in the spring of 2011. After this occurs, DoD plans to develop additional 952
implementation and assessment guidance, technical instructions, and other information. The 953
release dates for these additional items have not yet been established because their development 954
or revision is dependent on the final publication of revisions to the 8500 series guidance. 955
NS5 Extend Joint Networks Over SATCOM 956
Provides an affordable, DoD En