Government: Unlocking data, locking down access
- 29 August, 2006 09:40
The U.S. federal government is often seen as a laggard in IT, a bloated bureaucracy that runs well behind the innovations of private industry. But look closely and you'll find programs that are truly groundbreaking.
Take the AKO (Army Knowledge Online) portal and messaging platform. It began life in the 1990s as a way for the Army's top brass to swap notes and chat with one another online. It's now one of the world's bigger intranets and is set to spearhead the entire U.S. military's move to network-centric operations.
And then there's HSPD-12 (Homeland Security Presidential Directive-12). That's the tongue-twisting moniker for an effort to establish a single, governmentwide security pass that will give holders access to any government building or computer, and it's something many believe could finally shake hidebound agencies loose of their stovepiped past.
The U.S. Army's ever-expanding portal
The AKO had just 97,000 users in October 2000, a year after it went live, but usage ballooned after Sept. 11, 2001, and the start of conflicts in Afghanistan and Iraq. There are now more than 1.8 million account holders. On March 17 this year, a new record was established with nearly 755,000 log-ins in one day.
One major problem in establishing the AKO was accessing the data contained in the large number of legacy systems the Army had built around the world. Physically replacing or otherwise integrating those systems using middleware would have been prohibitively expensive, so the Army instead opted for a single data warehouse using Oracle.
For redundancy, the Army eventually built a second datacenter. But instead of making it a costly fail-over asset that would sit unused until a failure occurred at the primary center, it uses automation software so both centers can collaborate in configuring and coordinating the growing AKO infrastructure.
Any account holder can access AKO from any computer and use the built-in services, such as e-mail and IM. That's proved a boon to morale and soldiers' readiness, according to Gregory Fritz, AKO deputy director.
"Many Army organizations have information for and from their family readiness groups on AKO," Fritz says. "That allows the unit to share information with their families and allows families to stay in contact with other families within the organization."
It has also allowed "communities of interest" to exchange information and lessons learned, which has proved invaluable for those soldiers either already deployed or who are preparing to deploy so they can better understand the issues they are facing, Fritz says.
And it's added an edge to the Army's vaunted organizational capability, which (believe it or not) showed itself during last year's Hurricane Katrina emergency.
The day after the hurricane hit the Gulf Coast, Army CIO Lt. Gen. Steven Boutelle ordered an online assistance center. Three hours later, a Katrina information center opened on AKO, providing a virtual community center where Army, Reserve, and National Guard members and their families could contact one another and find financial and housing assistance.
The military has big plans for AKO. Last year Boutelle and Air Force Lt. Gen. Charles Croom, director of the Defense Information Systems Agency (DISA), decided to expand the AKO into DKO (Defense Knowledge Online) to include all of the services and Defense Department agencies.
The goal is a single portal for all of the military who will use an SOA to deliver the AKO services that have already proven themselves, as well as newer collaboration capabilities using IBM's Sametime suite, which DISA recently licensed to provide amenities such as Web conferencing, white board tools, application sharing, broadcasting, chat, and audio and video capabilities to soldiers.
"[DKO] will also provide a cost reduction across the DoD by leveraging enterprise buying power of the DoD versus each service and agency buying and maintaining separate portals," says Marvin Wages, deputy chief of the knowledge management division at the Army CIO's office.
It could take longer than planned for this to happen, however. Initial expectations had the first version of DKO launching this summer, but budget problems, along with ensuring that the AKO architecture can scale to the expected number of DKO users, has put the start off to a time yet to be decided.
Raising the bar on access control
Budget problems are also hindering agencies' efforts to get in line with the HSPD-12 directive.
Issued in August 2004 by President Bush, HSPD-12 requires agencies to issue standard identity credentials, in the form of biometrics-laden smart cards, to their employees and contractors by Oct. 27.
It's an "inordinately complex" undertaking for most agencies, says Bruce Brody, vice president of information security at Input, a technology analyst firm that focuses on government markets. But the technology issues are probably the easiest concerns to deal with.
That's because the government can set its own standards. The National Institute of Standards and Technology (NIST) last year published FIPS (Federal Information Processing Standard) 201, which specifies the smart card functions, the interface technologies, and the biometric identification data.
Vendors must ensure that their systems are FIPS 201-compliant before government agencies can even consider buying them.
But the requirements for the identity management systems that will handle card distribution and application of the biometric data for each agency, as well as manage the databases that contain the identity information, are not so clear. And it's likely they never will be, as these requirements must integrate card management systems, registration systems, a number of different personnel-management systems, and enterprise-level physical and network security access systems that have traditionally been very attuned to individual agency's needs.
"The government's industry partners have wrestled [the technology issues] to the ground," Brody says. "But it's the cultural issues and the need for the agencies to find US$100 million to do this that are proving problematic."
The White House has said agencies will not receive any more money to deal with the HSPD-12 mandate, so agencies must find the funds from existing budgets. And program managers at the agencies can't skimp on what they do, Brody says, because a true enterprise solution means having to deal with all manner of stovepiped legacy systems, involving people as well as technology.
A recent Input study showed that about half of federal government IT managers still don't have a plan to meet the October deadline.
Beyond security, functionality such as secure remote access, SSO (single sign-on), enterprise integration through Web-based interfaces, better agency coordination during emergencies, and better forensic capabilities are all touted as additional advantages not covered by strict HSPD-12 compliance.
"The concern is if agencies just stop at handing out the credentials," says Randy Vanderhoof, executive director of the Smart Card Alliance. "There's so much more potential in the new credentials to getting agencies to work together and develop usable solutions."