ODNI’s secret sauce to make sure they are all on the same IT standards page
Cynthia Mendoza, the intelligence community’s chief architect, said the reference architecture framework is defining consistent, repeatable approaches to ensu...
If there is one thing the Office of the Director of National Intelligence has learned over the last decade, it is that bringing the technology hammer down doesn’t work well.
The latest proof point is the reference architecture framework. Through this document, ODNI leaders say building trust across the IC is a fundamental tenet.
Cynthia Mendoza, the intelligence community’s chief architect, said the framework is defining consistent, repeatable approaches to ensure security and interoperability among enterprise IT capabilities. And that could only happen if there is trust across the IC IT enterprise.
“Without the engagement and enduring commitment of the community experts and stakeholders, we would simply have more shelfware, and what I mean by that is documents that sit on a shelf and collect dust,” Mendoza said on Ask the CIO. “Our light touch, oversight and leadership approach, plus bringing together and collaborating with a broad, diverse and amazing set of mission executive, programmatic and technical subject matter experts who represent CTO, CIOs, service providers, architects, engineers and of course, privacy and civil liberties perspective, is very important.”
Mendoza said this way the broader IC can take ownership of how the technology standards and approaches, and therefore have a vested interest in seeing the capabilities work well.
“We are able to achieve foundational consensus to help make the IC information environment priorities real,” she said. “The trusted partnership enables us to rally around a common purpose, with accountability to deliver capabilities with an enduring commitment for success.”
ODNI initially tried a more one-size-fits-all approach to enterprisewide services approach on the IC through the IC IT Enterprise (ICITE) program.
By 2018, the IC realized that ICITE Epoch 2 would fare better through a different approach. One that focuses on a managed federation based on a reference architecture that outlines a minimum set of standards and emphasizes buy before build.
Mendoza said the RAF aims to be a “cradle to grave” model where the IC can take advantage of the standards to rapidly implement IT initiatives through standard business and integration approaches.
“Today, the RAF has advanced interoperability and safeguarding in three foundational areas. I like to call these the bedrock: Collaboration services, identity, credential and access management and the data reference architecture,” she said. “These foundational architectures provide collaboration capabilities and tools across our community shared space. The RAF success in the IC has been promulgated globally to the Five Eyes enterprise with our international partners as well. The RAF continues to mature as we’re ensuring clear and repeatable guidance is developed and is available for others who like to use that in their enterprise and organization. We are fully committed to a train the trainer philosophy to help others institutionalize the reference architecture framework within their own end to end business processes. We believe the outcome will enable increased sharing, interoperability and mission success.”
Define consensus guidelines
The success of an architecture framework depends on gaining acceptance from the beginning.
She said ODNI leads the effort to define community consensus guidelines and guardrails, and then predefines reuse processes, letting each IC member participate when and how it is best for their own mission and users.
“When you peel all the layers back of the reference architecture framework, it’s primarily a people process. It begins with developing a stakeholder engagement strategy that is inclusive of all the key enterprise stakeholders and together we focus on a gap,” she said. “For example, when we were working on the collaboration, reference architecture, they were those four service areas, the email, the shared collaboration, the unified communications and user mobility, and you say, ’email, well, aren’t we passed that?’ Well, sure we are, but encryption and file size transfer, we were having some challenges in that area. So we wanted to be standard and consistent. What we do is we understand and validate key stakeholders perspectives. We need to understand how to engage on their own turf. We actually conducted parish visits, so we honestly visited as many of the 17 agencies as possible. We listen to what the problem was, and what they believe desired outcomes that we can have from these different architectures. And then what we do is we take these different autonomous views, we analyze their perspectives, we look at the different stakeholders, and which were the ones that we really need to have on board, and which are the ones that we need to help get them to come along the way. So they completely understand. And that’s the main major common themes that we have for taking off our strategic phase of the reference architecture framework. And one of the things that we’ve done really well with is we’ll have an offsite, and we’ll bring the whole community together. And we actually have a solid plan.”
By listening and learning, Mendoza said the trust relationship is solidified, and then by delivering standards that everyone in the IC owns, the mission and technology meet their desired goals.
She said a perfect recent example of the architecture having its desired impact was with the implementation of an online chat tool during the pandemic.
“We had certain agencies who didn’t have a chat tool so we did a hybrid approach where we served up a Mongoose chat in a community shared space. Some agencies had a communication tool called Jabber and others were using Skype. In the implementation, we were able to federate that across those three communication tools. That’s an example where different people had different perspectives and we were able to bring that together. At the end of the day, if your agency doesn’t need that mission requirement, then you don’t have to fulfill that. It’s not the hammer coming down to say thou shalt do these things. We are trying to increase information sharing in the community shared space for what makes the best sense for the enterprise and for each of the agencies.”
Weekly interviews with federal agency chief information officers about the latest directives, challenges and successes. Follow Jason on Twitter. Subscribe on Apple Podcasts or Podcast One.