http://limnthis.typepad.com/limn_this/2006/12/three_and_a_hal.html

Here’s a quick excerpt…

After three and a half years I’m still new to the world of defense contracting but there is something about it that is bugging me, really bugging me…

We entered the Second World War in December 1941 and finished it in August 1945, or after just a little bit more than three and a half years. Our war to topple Sadam Hussein began in March 2003 and it is now December 2006, or just a little bit more than three and a half years. It is amazing to me that we’ve been in Iraq for as long as we were directly involved in WWII. Pearl Harbor, Coral Sea, Midway, North Africa, Stalingrad, The Bulge, Iowa Jima, Hiroshima… all of it happened in the time we’ve spent in Iraq.

BIO

Interview with Michael E. Krieger, Director of Information Policy, Office of the Department of Defense

As Director of Information Policy for the Department of Defense, Michael E. Krieger assists the CIO in managing, directing, executing, overseeing and implementing all facets of information policy across the DOD. He is responsible for providing policy, guidance, and direction for implementing its Net-Centric Data Strategy and enabling the transition to an Enterprise Service Oriented Architecture. He has broad experience in Information Technology and Command and Control Systems. Krieger served as a US Army officer for twenty-five years with operational assignments in communications and command and control. He commanded the 121st Signal Battalion, 1st Infantry Division at Fort Riley, Kansas. He also served in the Joint Staff J-6 and OASD-C3I. He holds a BA from the United States Military Academy, an MS in Physics from Georgia Institute of Technology, and an MS in National Security Strategy from the National Defense University. Writer Ben Bradley talked with Krieger about the challenges of implementing the DoD’s data stragegy, which calls for separating data from applications.

BRADLEY: I’ve reviewed the DoD’s Net-Centric Services Strategy. The promise of transformation depends on “un-isolating” systems and making information available to the people that need it most. At the center of this promise is the idea of interoperability and data sharing. It seems the Achilles heel is data consistency. There must be thousands of different data standards in thousands of different applications in an organization as large as the DOD. How are you dealing with this?

KRIEGER: In the past, the DoD tried to standardize data definitions across the entire organization. This didn’t work because the DoD is a large and extremely complex enterprise. The fact that there are many different data sets is not our weakness, it is our strength. Our weakness is that we build systems that are too tightly coupled to the data. To get that data into different systems, we have to pay integrators to move it out of one system and into another. We do this as a point solution. So we end up with a bunch of point-to-point solutions. This is what we’re fixing.
We’re starting to see programs build capabilities that anticipate unanticipated use by decoupling data from applications. That means data is available as a service, and applications are independent of the data. Applications should be able to discover and pick the data assets they need. We can’t anticipate what local problem a 19 year-old soldier on the night shift wants to solve. But making data available as a service pushes problem solving out the edge of the network where it is needed.

The data strategy gives priority to visibility, accessibility, and understandability over standardization. We’re more concerned about interoperability between applications without a reliance on hard-coded, tightly coupled point to point interfaces between systems. The objective is for many applications to leverage the same data without forcing the developers to anticipate how the data, services, or applications will be leveraged.

Understandability is addressed by Communities of Interest (COIs), a collaborative group of users that must exchange information in pursuit of shared goals, interests, missions, or business processes. To do this, they must have a shared vocabulary for the information exchange.
The DISA Defense Information Systems Agency)Net-Centric Enterprise Services (NCES) program include security, messaging, and (is there missing punctuation?) content discovery enterprise services. The availability of these services means each organization does not need to reinvent capabilities. Common services also ensure data visibility, accessibility, and understandability.

BRADLEY: So what is the Achilles Heel?

KRIEGER: Previous approaches tried to standardize and control data structures across the DoD. The intent was interoperability via standardization. The DoD is a large enterprise with many different communities of users – warfighters, intelligence community members, and business users. This approach was our Achilles Heel. I think our new Achilles heel is the transformation and change required to get communities together to address information sharing challenges by agreeing on shared vocabularies and exposing and sharing data as a service.

BRADLEY: How is the data paradigm changing?

KRIEGER: Industry understands the agility and power that separating data from applications represents. Consider the Google Maps service and the Google Earth application. It is based on a community vocabulary for modeling and storing geographic data called KML (keyhole markup language). By publishing data as a service in KML, the Google Maps service or the Google Earth application seamlessly plots the data on a map or a globe. There are thousands of applications available on the Internet that depict data on Google Maps (e.g. crime by neighborhoods, home sales by zip code, cheap gas by zip code, and many others). There are also many websites and blogs that provide resources to help users publish data to be consumed by Google Maps or Google Earth.

BRADLEY: How are market forces driving implementation of your data strategy?

KRIEGER: If you define the market as the universe of users with the DoD and related agencies, then data is a market driven asset. It is a consumable. Need for data drives the formation of a COI). COIs form when people recognize they have a common information sharing problem and they must collaborate to solve the problem. All that is needed to form a COI is a willingness to stand up and work across DoD departments to make it happen. The Federal Maritime Domain Awareness COI is a great example. Users from the Navy, Intelligence Community, Coast Guard, and Department of Transportation collaborated to address a maritime information sharing problem. They delivered an initial capability to address the information sharing problem in nine months.

BRADLEY: How does metadata fit into the data strategy?

KRIEGER: Metadata, or data about data, (is this a common term? Can we put into English?) makes data assets visible or discoverable. The Department of Defense Discovery Metadata Specification (DDMS) specifies how to use metadata to make data assets visible to the enterprise. It describes how developers, engineers and users should advertise data assets posted to shared spaces so that others can discover them. We didn’t make up our metadata standard. The DDMS is based on the industry Dublin Core standard, and we added a security leg to it. This approach moves people away from hoarding data and increases data visibility and sharing.

For example, the Maritime Domain Awareness Community of Interest was created when three federal (DoD, DHS and DoT) departments wanted to share maritime vessel tracking data. DDMS compliant discovery metadata was used to make four large data assets visible to authorized Federal users and improve awareness maritime vessels, cargo, and crews.

BRADLEY: Were there cultural changes?

KRIEGER: Of course. There will always be cultural issues when you ask engineering teams from different Federal agencies — each with different architectures — to collaborate. Collaboration places a premium on trust. The key here is the COI was truly a community effort because the community is formed to solve a real problem. As a result this effort was enthusiastically supported.

BRADLEY: How did you handle resistance to the information standard?

KRIEGER: It helps when the community develops the vocabulary or information exchange semantics. This helps both data consumers and producers. One-way translation from the community standard at the producer or consumer location is the only requirement. Technologies like XML easily enable data wrapping for one-way translations. Resistance is reduced because you only need to fix one side of any legacy system. This is how you can republish data from a legacy system to unanticipated users without rebuilding legacy applications.

netcentricity

Now, with sovereign wealth funds, many experts are asking whether cross-border investment is evolving into cross-border nationalization, raising the prospect of government interference in free markets, only this time, in other countries’ markets.

I recently spoke with Dennis Wisnosky about the process of moving the world’s largest business from “as-is” to a “to-be” state. Wisnoksy is chief technical officer (CTO) of the Department of Defense (DoD) Business Mission Area (BMA) within the office of the Deputy Under Secretary of Defense for Business Transformation (OUSD (BT)). He is recognized as a creator of the Integrated Definition (IDEF) language, the standard for modeling and analysis in management and business improvement efforts. Mr. Wisnosky holds a bachelor’s degree in Physics and Mathematics from California University of Pennsylvania, a master’s in Management Science from the University of Dayton, and a master’s in Electrical Engineering from the University of Pittsburgh.

BRADLEY: What is your role?

WISNOSKY: I have two roles. As Chief Technical Officer my job is to look over the horizon at transformational technologies. As chief architect, my role is oversight of the Business Enterprise Architecture (BEA) and the netcentric architectures to which it federates within the BMA. These architectures define the corporate systems, processes, business infrastructure services, laws, rules, polices and data standards common to the DoD and related agencies.

BRADLEY: How did you get here?

WISNOSKY: I worked for the Air Force on manufacturing architectures in the late 70’s, so I am familiar with what goes on here. After that, I went into the private sector and started my own company and wrote books about automation, BPR and simplifying IT investments by improving architectures.

A few years ago, I sent some ideas to Donald Rumsfeld. That letter was forwarded to Paul Brinkley (Deputy Under Secretary of Defense for Business Transformation). We met and agreed immediately on all the things that needed to be done and could be done. I joined as a contractor and about a year later, they made it official and asked if I would join the Department.

BRADLEY: In the private sector, Paul Brinkley led one of the largest business transformation efforts in the technology industry sector. What approach is he using to staff the Business Transformation Agency (BTA)?

WISNOSKY: Before he was appointed to Deputy Undersecretary of Defense for Business Transformation, Brinkley transformed JDS Uniphase by migrating 40 acquired companies with nearly 30,000 worldwide employees onto common enterprise-wide processes and technologies in less than two years. Now the task is even bigger. We’re teaching the world’s largest employer (1.6 million active duty personnel and 1 million reservists and nine hundred thousand civilians) to manage and embrace a technology refresh every 18 months.

To do this, we’re operating at start-up speed. Brinkley is using a hiring process more typical to Silicon Valley than the Pentagon - he is looking for highly qualified individuals from all walks of life and he is using every rule and role that he can to find to put the right people in the right roles. He is absolutely going out after the best and the brightest. He has a combination of young people with 10 and 15 years experience and some like me who have been around for a long-time.

BRADLEY: How does the netcentric vision fit into your role?

WISNOSKY: Interesting question. For whatever reason, this analogy comes to mind – I am a PADI certified SCUBA Diver (Rescue). When I think about SCUBA diving, it is about the dive, not the water. Netcentricity is much like the water – it is just there. Or, at least I am counting on my DISA people to make it so.

BRADLEY: What do we need to do?

WISNOSKY: Back in the early 1980s I shared the stage with W. Edwards Deming. He told about the time a CEO of an auto company asked for a turn-around plan that would make them competitive (again) with the Japanese in 1 year. Deming said something to the effect, “It took you guys 30 years to get in this position, it will take you at least a decade to get out of it.”

In the DoD today, we are in a similar situation. Without a doubt, the U.S. warfighting machine is the best the world has ever known. Our troops are the best equipped, the best trained and the best managed. But, this has come at a tremendous cost in infrastructure, especially the business systems and IT infrastructure.

Since WWII the Department has been adding to an infrastructure based on a Cold War threat. The result is that while businesses have made unprecedented advances in business productivity and reduced the cost of the IT infrastructure (the two go hand in hand), the DoD spends nearly 45% on IT overhead. The DoD has allowed duplication, triplication and quadruplication of business processes.

The DoD is not in the “business of business.” The DoD is in the business of warfighting. However, we must reduce the cost of doing business so we can return more money to our core mission. We can reduce the cost of doing business and the cost of infrastructure by eliminating complexity.

Within the past 2 years, we’ve created our “to be” architecture (Business Enterprise Architecture or BEA), we have a blueprint (Enterprise Transformation Plan or ETP) roadmap and we have an Enterprise Architecture Federation Strategy and Roadmap based upon Service Oriented Architecture or (SOA). So the pieces are in place.

BRADLEY: How will we get there?

WISNOSKY: In an organization as large and complex as the DoD, there are many paths that we must take simultaneously, but our overall approach is to work together with the DISA and with the Components, Services and Agencies to define and to implement our SOA based upon realities such as a common DoD portal known as Defense Knowledge Online (DKO) and the DoD SOA Foundation Services such as mediation, discovery and work flow.

From the BMA perspective we are studying how to rationally dismantle giant systems and converting key functions into services. For example, we looked in depth at all twenty-six of the systems that are the responsibility of the BTA. We found functionality that overlaps from one system to another and between mission areas to another. Some of this is how it should be — the Intel Mission Area should be responsible for such things as identity management, for example. But, in other areas such as personnel and procurement, a common approach at the OSD should be more efficient and more effective. These functions are great candidates for conversion to services to be shared by all. So a keystone of our strategy is to use SOA to make our business and IT infrastructure smaller and more agile.

BRADLEY: How long will this take? How will business transformation address culture change?

WISNOSKY: I defer to Deming on this question – this is a journey. I can only promise that we have begun and the initial results look very promising. With respect to culture – the cliche that this is the hardest part is quite true. It will take a generation. The approach is constant communication and that we train the people as we go along.

When I read about organizations that go out of business, it is not because they aren’t willing to change. It is because they try to change too fast. They run out of money or there is a backlash from the old guard.

Culturally we need to strike the balance between having the vision clearly understood, having confidence that the vision will work and that it will continue to work. That is the approach that Paul Brinkley has taken, and that is the reason that he has brought in people like me who have been around the block a few times.

BRADLEY: What is the biggest challenge?

WISNOSKY: We’re at war. Everyone is in a hurry. The challenge is making sure we do this right and leave behind a sustainable architecture and infrastructure. We’re spending as much time teaching as we’re spending doing. You can’t loose sight of that. We could probably do a lot of things faster but the risk is that we wouldn’t build a sustainable culture.

At the same time, this is a big project – perhaps the biggest ever. It is a process and a journey. The Department has decades of momentum in doing business in a certain way.

We must overcome this momentum.

BRADLEY: What have we done wrong?

WISNOSKY: The simple answer is that in the past we put the same level of rigor into building military systems as we did into building business systems. We overbuilt our business systems to last decades. They are out of step with the ability of SOA to introduce new capability in months not years and a technology refresh cycle that should be 18 months. And, we outsourced much of our intellectual capital.

BRADLEY: Last question, what is the role of marketing to communicate the vision?

WISNOKSY: If you want to get resources and support, you have to sell your message. Communications is an essential part of any IT project. Marketing projects like this is about helping stakeholders maintain their confidence through the change. When there are bumps in the road – there are always bumps in the road – marketing helps you maintain the vision.

Helping people understand the importance of efficient business processes is a marketing function. The architecture explains it and helps us ensure that the roadmap is connected to the blueprint. Communicating that architecture and using that architecture to manage and constrain investment decisions should be viewed as much a marketing process as a governance process. We are using this approach within an end to end Business Capability Lifecycle or BCL that couples the blue print (BEA) the road map (ETP) and Investment review (IRB)s. And we are building outreach, visual aides and training material for all levels of stakeholders both internally through the BTA, and cooperatively with DISA and the Defense Acquisition University or DAU.

Conversely, the first group that cracks this problem has the potential to leapfrog the others in assuming the role of global powerhouse. Given the speed with which technology and organizational models are evolving, we can’t assume it will be a state. Corporations seemed poised to take on that role in the 1990s; non-governmental groups are the lead candidates today. It’s entirely possible that the kind of social organization that will become the next hegemonic force has yet to be invented. One thing is clear: the next superpower, whoever or whatever it is, will be the actor that finally figures out the new meaning of power.

Despite the end of the utility of conventional force, the lack of certainty as to what the next wave of global compellence power will look like will inevitably lead to strategic mistakes. As we look ahead, it’s clear that if another state — say, China — decides to take America’s place as the leading hegemonic power on the planet by emulating the current American model of extreme emphasis on conventional force projection, that state has already become another Lost Hegemon. The system has changed, and the meaning of power has changed.

Dr. Myers is the Principal Director for the Department of Defense (DoD) Deputy Chief Information Officer. In this role, her primary focus is on leading the Information Age transformation for the Department by enabling net-centric warfighting and operations.

Her prior positions include Acting Deputy Chief Information Officer; Acting Deputy Assistant Secretary of Defense for Command, Control, Communications, and Intelligence (C3I) Acquisition; and Director of Information Technology Acquisition and Investment for the Assistant Secretary of Defense for C3I. She was appointed to the Senior Executive Service in 1992 as the Deputy Commander and Technical Director of the U.S. Army Operational Evaluation Command. In 2005, she retired from the U.S. Army Reserve as a Colonel.

She earned a B.A. in mathematics from Colorado College, an M.S. in operations research from American University, and a Ph.D. in information technology from George Mason University.

I recently spoke with Dr. Margaret Myers, principal director in the Office of the Deputy Assistant Secretary of Defense for Information Management and Technology, about the DoD’s SOA strategy.

BRADLEY: How is the Department of Defense improving data sharing?

MYERS: The DoD is embracing web-based services and service oriented architectures (SOAs) as a way of breaking down the traditional and ineffective information stovepipes.

In the Cold War, the Soviet Union was pointing missiles us. We were pointing missiles at them. We focused on a single threat — our organization, our infrastructure and our tactics were designed with this single threat in mind.

Today the threat is evolving and unknown. So we need to confront this uncertainty with agile fighting forces and systems that support them. Hard-wired information stove pipes won’t work. We must enable information sharing.

No matter how good the software development team, our current and future conflicts are characterized by uncertainty. It is impossible to write a requirements definition that defines our future system requirements. We don’t know where we will be fighting. We don’t know who we will be fighting. We don’t know which allied countries will need access to our systems. We cannot anticipate our information needs in the next conflict.

That type of uncertainty demands agility. We must confront uncertainty with agility. To do so we are leveraging the power of information Therefore, data must be visible, accessible, understandable and trusted. The Department’s “Net-Centric Data Strategy” describes our strategy for sharing data with known and unanticipated users (and can be found on our website www.dod.mil/cio-nii).

Using web-based services and implementing SOA is key to how we are changing. Using web-based services means we are moving away from a reliance on client specific software. SOA supports an information environment built upon loosely coupled, reusable, standards-based services. It promotes data interoperability rather than application interoperability. By using SOA, capability providers can reuse what already exists rather than recreating it every time. New capabilities can be fielded much more quickly, greatly increasing military agility. Ultimately, SOA provides the services to discover, access and use data by the people that need it, when they need it.

Services, which are registered in a service registry, can be used in ways the original developers never envisioned. Many systems can leverage the same capability without an integration penalty.

Most important, the need for time consuming and individually engineered point-to-point interfaces is eliminated. The practice of buying individual, highly tailored, proprietary systems with a requirement for users to have client specific software must end. This is an important message to industry – particularly to the defense contractors currently building information stovepipes and applications that cannot support agile information sharing.

We are about to release the DoD Net-centric Services Strategy that describes our vision and goals for realizing this information environment. This document will be available online in the next weeks.

BRADLEY: Is the DoD equipped to share? Sharing seems counter-intuitive to security?

Myers: ”Information is power” was the prevalent attitude in the past. Instead, we must change our mindset to understand and utilize “the power of information.” In fact, information is a strategic asset and as powerful a weapon as anything in our arsenal. If I know more than my enemies, I can defeat them. Our desire to protect our information advantage reduced the utility of that information. Information within the DoD became silo’d as each owner of that information sought to protect it from others. We’re trying to change that. But to do so we must behave as stewards of information and not information owners.

The old model was “need to know.” The new model is “need to share” and “right to know.” As you would expect, there are cultural issues that we’re working to overcome. But we are making progress.

Data enables effective decisions. To make effective decisions, you need access to the right data. Data must be shared. In fact, if no one knows about the data, what good is it?

That is why data, like services, is discoverable. Creators tag data with metadata to make it easier to find. Creators and users of data build and register a shared vocabulary that imparts meaning to the data. Data is available for authorized users when and where they need it. Users are alerted when their data subscriptions are updated or changed.

BRADLEY: Explain the shared vocabulary concept.

Myers: Communities of Interest (COIs) form when groups of users need to exchange data with others to support a shared mission. For example, we currently have a COI that tracks maritime targets of interest anywhere in the world. This Maritime Domain Awareness COI includes participation from the Navy, the Coast Guard, and the Department of Transportation.

A shared vocabulary is necessary for the participants to understand the data about the various assets being tracked. A shared vocabulary helps when advertising the data by enabling more precise searches. A very simple example is the word “tank” – does it mean an oil tank or a tracked armored vehicle? Our armored divisions don’t want to see information about oil tankers and our maritime units don’t want to see information about tracked armored vehicles.

We have a specification that governs how COIs advertise their data. This metadata specification allows some basic search parameters to be standardized while allowing more precision searches based on context of data. All data must be tagged with metadata so it is useful to other agencies that could benefit from the information. The DoD Metadata Registry provides guidance for improving visibility of each COI through tagging.

BRADLEY: Describe some of the growing pains

Myers: CavNet is a great example. CavNet was designed as a web-based interactive community to help officers in the 1st Cavalry Division in Iraq trade information at the tactical level about insurgent tactics, gear and even advice on running effective Civil Affairs operations.

In one case, it was learned that insurgents were booby trapping posters of Moqtada al-Sadr – a Shiite cleric. When the posters were ripped down, an IED would detonate. This information was posted to CavNet. Another officer, operating in another sector of Bagdad, read about this new tactic on CavNet and briefed his men about this new technique. Later that day, using this information, soldiers were able to spot these booby traps and disarm the IEDs without any casualties. Without CavNet there was no way that this type of tactical information could be disseminated quickly and efficiently.

This is the power of information. It flowed to the people that needed it and it completely bypassed the hierarchical command and control processes of the past. The downside of this approach is that it doesn’t scale. A Marine Expeditionary Force, located in another sector of Bagdad doesn’t have access to CavNet because of firewall and access restrictions. Intelligence analysts operating in Virginia have no access to this information. Our challenge is enabling information sharing at an enterprise level. The Net-Centric vision allows an analyst in the Pentagon, a lieutenant in the 1^st Marine Division or a major in the 1^st Calvary to subscribe to and publish notifications of new insurgent tactics.

BRADLEY: What lessons can you share for readers in the private sector?

Myers: Information is key. The private sector has lead the way in exploiting the web and the power of information. The DoD needs to learn from that but we will need to lead the way on making sure that we can secure and trust information.”

Thinking about Brave New War, I grabbed a copy of Innovation Happens Elsewhere from my shelf and looked for the secret of why open source works. I guess it is not a secret because right on page 60 they tell you…

Open source works when a group of people all embrace a shared set of goals and establish a community based on mutual trust. All three factors – enough interested people, shared goals and trust – are required; if any one is missing, the project will fail.

Open source in people working on things for the public good in the commons. In software, the commons is the source code. The business model around the commons, then, must support the code. The free market tells us that businesses will be created in the halo of the code.

Over at Global Guerillas, Robb reprints an article from Defense News about the IED Marketplace in Iraq. He compares IED production with self-organizing open-source software networks.

Small, highly skilled IED cells often operate as a package and hire themselves out to the more well-known insurgent groups, such as Amman Al Zarqawi’s al-Qaida in Iraq or the Sunni group Ansaar al Sunna. They advertise their skills on the Internet and are temporarily contracted on a per-job basis, but otherwise remain autonomous.

It appears that reputation and trust and marketing have as much impact in the IED world as they do in the software world. In fact, flipping back through Innovation Happens Elsewhere, there is a section titled: why do they do it? Why does anyone produce open source software? To summarize:

• need for the product
• Enjoyment, fun and desire to create and improve
• Reputation and status
• Affiliation
• Identity
• Values and ideology
• Training, learning, reputation
• Hope of making things better
• Feedback

“We have entered the age of the faceless, agile enemy. From London to Madrid to Nigeria to Russia, stateless terrorist groups have emerged to score blow after blow gainst us. Driven by cultural fragmentation, schooled in the most sophisticated technologies, and fueled by transnational
crime, these groups are forcing corporations and individuals to develop new ways of defending themselves.

The end result of this struggle will be a new, more resilient approach to national security, one built not around the state but around private citizens and companies. That new system will change how we live and work—for the better, in many ways—but the road getting there may seem long at times.

The conflict in Iraq has foreshadowed the future of global security in much the same way that the Spanish civil war prefigured World War II: it’s become a testing round, a dry run for something much larger. Unlike previous insurgencies, the one in Iraq comprises seventy-five
to one hundred small, diverse, and autonomous groups of zealots, patriots, and criminals alike. These groups, of course, have access to many of the same tools we do— from satellite phones to engineering degrees—and they use them every bit as effectively. But their single most important asset is their organizational structure, an open-source community network—one that seems to me quite similar to what we see in the software industry. That’s how they’re able to continually stay one step ahead of us. It is an extremely innovative structure, sadly, and it results in decision-making cycles much shorter than those of the U.S. military. Indeed, because the insurgents in Iraq lack a recognizable center of gravity—a leadership structure or an ideology—they are nearly immune to the application of conventional military force. Like Microsoft, the software superpower, the United States hasn’t found its match in a Goliath competitor similar to itself, but in a loose, selftuning network.

The transformation to a net-centric force requires huge changes in process, policy and even culture across defense operations, intelligence functions and business processes.

Over the coming months, this website will explore the joint processes that improve the speed of command, reduce combat operations time, increase agility and enhance mission effectiveness. We’ll interview key people who are working to make the Netcentric vision a reality.