>Fusion Centers and Enterprise Architecture

>

An important way to share law enforcement and intelligence information in a physical setting is through fusion centers.

Government Technology’s Emergency Management Magazine, Spring 2008, states “the ultimate goals of any fusion center is to prevent terrorist attacks and to respond to natural and man-made threats quickly and efficiently.”

“Data fusion involves the exchange of information from different sources—including law enforcement, public safety, and private sector—and with analysis, can result in meaningful and actionable intelligence and information…The fusion process allows relentless re-evaluation of existing data in context with new data in order to provide constant updates.”

Fusion centers bring together federal, state, local, tribal, and private sector subject matter experts to share information, provide risk and threat assessments, and provide a coordinated response.

“Nearly every state now has a fusion center to address gaps in data sharing.” In the fusion center, there is real time video monitoring that can be panned and zoomed, GIS mapping capabilities and the ability to amalgamate information. The advantage of the fusion center is that all participant organizations have the potential of seeing and hearing the same thing at the same time—although local authorities “cited difficulties accessing federal information systems.”

Not all fusion centers are permanent; some only are formed to deal with special security events like the Olympics and so forth. But those that do function 24×7 hone the skills of the participants by having them work together in a steady ongoing fashion.

While you would think that technology would do away with the need for fusion centers, since the information can be shared virtually, and therefore participants would not need to be co-located, there are benefits to having people deal with people from other organizations face-to-face.

As a User-centric enterprise architect and one who believes strongly that the human capital perspective is under-appreciated or neglected altogether, I appreciate the need for fusion centers, joint operations centers, interagency coordination centers, and the like to share not only information and technology resources, but to actually work together, cooperate, coordinate, and build stronger ties across functional and organizational silos. This is really what “enterprise” architecture is all about—breaking down the silos and building a unified, more effective and efficient organization.

The fusion center solution acknowledges that the challenge of law enforcement, intelligence, and counter-terrorism efforts needs to go beyond pure information technology initiatives. We can’t afford to just have siloed agencies and organizations working out of their own “corners.” There is a need for people to come together and collaborate in a face-to-face environment.

As architects, there is an erroneous tendency to focus on technology solutions. This is suboptimal. We need to look at business process improvement and reengineering, the introduction of new technology, and continuing to build an ever more skilled, innovative, and cohesive work force. This User-centric EA approach ties to a three-pronged approach of people, process, and technology.

>Disaster Preparedness and Enterprise Architecture

>

There are several disaster preparedness exercises that test and train our government and private sector partners’ ability to respond to incidents that could have catastrophic consequences. These exercises can be supported by a robust enterprise architecture; here is a brief description followed by a sketch of how EA can support disaster preparedness.

TOPOFF

“Top Officials (TOPOFF) is the nation’s premier terrorism preparedness exercise, involving top officials at every level of government, as well as representatives from the international community and private sector. Thousands of federal, state, territorial, and local officials engage in various activities as part of a robust, full-scale simulated response to a multi-faceted threat.” [Exercises have tested responses to chemical, biological, and radiological attacks.]

(http://www.dhs.gov/xprepresp/training/gc_1179350946764.shtm)

Cyber Storm

“The U.S. Department of Homeland Security’s (DHS) National Cyber Security Division (NCSD) successfully executed Cyber Storm, the first national cyber exercise Feb. 6 thru Feb. 10, 2006 [and a second biennial exercise was conducted in March 2008]. The exercise was the first government-led, full-scale cyber security exercise of its kind…Cyber Storm was designed to test communications, policies and procedures in response to various cyber attacks and to identify where further planning and process improvements are needed.”

(http://www.dhs.gov/xnews/releases/pr_1158340980371.shtm)

Government Computer News, 14 April 2008 reports on the Cyber Storm II exercise in which DHS “hosted federal, state, local, and international government agencies along with more than 40 private-sector companies” in these “high-stakes war games.”

Carl Banzhoff, the vice president and chief technology evangelist at McAfee summed it up as follows: “when the internet burns to the ground, how are you going to get updates?”

The goal was to test communication coordination and partnerships across sectors.”

Bob Dix, the vice president of government affairs at Juniper Networks said that “the greatest impediment to sharing information still is trust.”

Whether the preparedness tests are for terrorism or cyber security, the essence is to test our ability in preparing, preventing, responding, and recovering from security incidents. This involves building capability for uninterrupted communications, information sharing, and coordinated response.

How can enterprise architecture support disaster preparedness?

  1. Requirements—EA can capture strategic, high-level requirements from mission areas across the many functional areas of homeland security and weave these into a core map of capabilities to build to. For example, we have a requirement for system security that is mandated by law and policy, and securing our communications and infrastructure is a core capability for our information systems that must be executed. The weakest link in security has the potential to jeopardize all components and their response capability.
  2. Planning—EA analyzes problem areas and uncovers gaps, redundancies, inefficiencies, and opportunities and uses these to drive business process improvement, reengineering, and the introduction of new technologies. Improved business processes and enabling technologies can enable integration, interoperability, standardization, modernization, and information sharing that can enable a better prepared homeland security infrastructure. For example, identifying shared mission communities and building information sharing and collaboration among stakeholders in these improves our preparedness abilities.
  3. Governance—EA brings the various stakeholders to the table to vet decisions and ensure sound business process improvement and IT investments. Governance involves sharing information, building trust, and making decisions towards a unified way forward. For example, through the DHS Enterprise Architecture Board (EAB), the CIOs of all components can collaborate and engage in developing targets that will lead to implementation of best practices and standards across the Department that will improve overall efficiency of all components.

Of course, EA is not the be-all and end-all for preparedness, but it provides critical elements of requirements management, planning, and governance that contributes to disaster preparedness.