ICITE Observations

It seems I have taken October and November off for no apparent reasons other than my day job along with some pro bono work for the ODNI has taken up more time than I thought they would.  When I wrote my last edition of the MazzInt Blog defunding the Affordable Care Act (ACA, aka ObamaCare) was the cause célèbre engaging the Congress as it was trying to avoid a government shutdown. They famously failed and now in the waning legislative days left before the winter holiday recess the Congress is again struggling to get some kind of budget deal in place before the current continuing resolution (CR) runs out on 15 January.  So far over the past two years I have not lost any money betting that the Congress will avoid hard budget choices and eventually agree to a CR with some adjustments.

In the mean time President Basher al Assad has agreed to the enforced destruction of Syria’s chemical weapons in order keep his regime in power and stem international support for the rebels.  Similarly, Iran has agreed to reduce its nuclear enrichment program for six months to get economic sanctions relief and put Israel in a position where it can’t militarily move against the Mullahs’ nuclear weapons program.  Then there is President Kharzhi refusing to sign the status of forces agreement necessary for residual US forces to remain in Afghanistan post withdrawal of combat forces at the end of 2014.  No worries, I am sure a few billion dollars in some kind of aid that he can personally tap into will get this all on track.  Meanwhile over the Thanksgiving Holiday weekend China established a controversial Air Defense Identification Zone (ADIZ) of the East China Sea to thwart Japan from asserting control over the disputed Senkaku Islands north of Taiwan.  In classic Cold War fashion the US immediately challenged this new ADIZ by flying two B-52 (BUFs) into it for over two hours causing the PRC to establish active fighter aircraft patrols in response. This gets dicier when we deploy a carrier strike group into the East China Sea ADIZ and the Peoples Liberation Army Navy (PLAN) responds with surface ships to interfere with flight operations.

Since the government reopened on 18 October though, the dominant national news story has been the botched rollout of Healthcare.gov so especially young healthy Americans could sign up for medical insurance under the Affordable Care Act (ACA).  Both opponents and proponents of the ACA were amazed and dismayed that the Information Technology (IT) necessary to allow uninsured Americans to sign up for the President’s signature program literally did not work because of flaws in the design, development and testing of what is admittedly a complex web site.  This got me thinking about how the DNI’s signature IT initiative  – - -  Intelligence Community Information Technology Enterprise (ICITE; pronounce “eye sight”)  – - -  is doing?  For the record, I view ICITE as essential for delivering an enterprise IT environment required to produce the high quality intelligence needed for decision superiority in the information age that is foundational to the IC remaining relevant.  As PDDNI Stephanie O’Sullivan says about ICITE:  failure is not an option!

In this spirit I have been listening since AFCEA’s Spring 2012 Intelligence Symposium to IC seniors (DNI, PDDNI, ODNI CIO, Agency Directors and CIO/CTO’s) talk about why ICITE is the critical path for moving the IC closer to the integrated end state that all agree with the DNI is necessary for producing better intelligence at lower costs.  What I have not heard any of these seniors say though, is why ICITE will succeed when recent IC IT enterprise efforts such as IC-MAP, GeoScout, Trailblazer, Horizontal Fusion, and JIVA failed to deliver on promised capabilities.  When asked this question IC seniors consistently answer along the following lines: IC leadership is fully committed to ICITE succeeding, budget pressures, and we have burned the boats/we have no other option/failure is not an option.  These bumper sticker responses, however, just reiterate the strategic importance of ICITE to the IC’s collective future without telling anyone how ICITE will avoid the pitfalls of size, cost, interoperability, security, schedule, and program management that got ICITE predecessors “over the breakers.”

But wait, the IC Deputies Executive Committee (DEXCOM) under the leadership of the PDDNI meets weekly to actively steer the direction of ICITE and neither IC-MAP nor those other programs ever had that!  I would feel more confident about the weekly involvement of the DEXCOM in ICITE if the Liberty Crossing II (LX II) “green door” was more transparent regarding decisions being made and the direction being given to individual IC agencies with ICITE Service Provider responsibilities.  Perhaps I have just not been paying attention, but I am not aware of any ICITE activity traceable to DEXCOM direction.  Then there’s the issue of an ad hoc committee of IC Deputy Directors with immediate personal and budget issues to deal with being the management team for a complex and technical effort like ICITE.  Seems like given its importance, running ICITE should be somebody’s full time job.

The DNI regularly describes ICITE as being about tagging the data and tagging the people so information and products can be shared and collaborated on securely across the IC.  Despite the DEXCOM’s prodding, ICITE technical standards for data tagging, security protocols, and identity management have yet to be agreed upon let alone tested.  The cost model for ICITE services and the processes for service providers to be reimbursed for the IT services they provide to other remains under consideration.  Since nothing has been promulgated in open channels, I am presuming ICITE’s acquisition strategy is classified, though I am not sure why it would need to be.  Given that ICITE is going to be developed and delivered as piece parts by individual IC agencies as service providers I am also wondering who/where/how it all gets integrated?  A testing plan for ICITE also needs to be developed, particularly in light of the Healthcare.gov experience.

In its current state and critical importance to IC mission accomplishment, ICITE in corporate speak seems to need an accelerated and vigorous “get fit” program before it can achieve its goals.  Not that anybody is asking (or going to ask) me, I would recommend that the IC DEXCOM direct a strategic pause in order to bring in subject matter experts from across the government (not just the IC) and industry to “RED TEAM” ICITE in order to discern what is working and why, as well as what is lagging and how to correct it.  What the IC doesn’t need is a Walter Pincus column on ICITE missteps or to be answering HPSCI and SSCI questions about why with its importance ICITE can’t deliver basic IT functionality such as Single Sign On (SSO), secure access to data based on identity, authorities, and permissions or is unable to deploy 100,000 Desk Top Environment (DTE) workstations in less than two years.

As the Secretary for Health and Human Services (HHS) now knows, what the DNI can’t allow to happen is for intelligence agencies to be in the situation where ICITE is costing them more than they were spending on IT and providing less capabilities than they had before.  The Healthcare.gov experience is a warning shot across ICITE’s bow that should be heeded!

That’s what I think; what do you think ?

5 comments on “ICITE Observations

  1. Christopher Jackson says:

    JoeMaz — I’d make a comment about your wisdom and shrewd insight, but if your head swells too much, your stocking cap will no longer fit and you’ll be at risk of catching a chill. Don’t want that! Seriously, your list of well-intentioned but ultimately futile initiatives should be a required part of the due diligence for ICITE…otherwise, we get deja vu all over again. Or, in the immortal words of F. Ross Johnson (former CEO of Nabisco and R.J. Reynolds), “I don’t know if the screwing I’m getting is worth the screwing I’m getting.” As a taxpayer on the other end of my service to the IC, I know what he’s talking about.

    Merry Christmas from the JFCOM survivors (or non-survivors) colony. Very respectfully, Chris

  2. Bob Gourley says:

    Joe,

    Thank you for the insight on ICITE. Really good context.

    I would also point out, that the part that got my attention the most, was your articulation of the leadership messages that “we have burned the boats/we have no other option/failure is not an option.” Upon analysis, that approach is one of the biggest contributing factors of the Healthcare.gov fiasco. That was the guidance there too. Failure was not an option. That direct order was repeated over and over again. Anyone who has ever worked on a complex task knows failure is always an option. If leadership understands that up front they can design to mitigate problems and reduce the chance of colossal screw ups like Healthcare.gov Knowing you can fail is why good programs take steps to reduce risk and even then they test and test and test.

    Anyway, I appreciate your article and hope IC leaders really understand that failure is always an option. In IT, the system gets a vote.

  3. Dave McDonald says:

    Greetings Joe – timely blog! A few quick points: 1) They didn’t burn the boats – that’s just something agency CIOs say to ensure ODNI and Congress and other “consolidation stakeholders” believe the agencies that continue to invest in and govern their wholly-owned networks are “all in” on the new religion, and 2) Never underestimate the complexity, design and accreditation cost, and, holy cow, the sustainment cost of “tag the data and tag the people.” Said another way (on this second point), just because pretty smart computer scientists can put cartoons on Powerpoint charts depicting agile, multi-domain, stand-up/stand-down-in-a-jiffy, scalable, fully-instrumented, and fully-accredited multi-national/all-of-government computing clouds of sophisticated zero-client “unified capabilities” applications and services, complete with “big data” and “semantic web” and a “common security backplane,” doesn’t mean anyone has the money to build it, much less maintain its configuration (patch/test/report, and do again a thousand times this month), and therefore its continued ATO for any kind of affordable cost. In the DoD world, the analogous case for your apt analysis is, of course, JIE – something you should blog on next.

    • Christopher Jackson says:

      Ow ow ow ow ow — and spot on (but it still hurts). Great comment — and great recommendation for the next Mazz-INT posting.

  4. joemaz says:

    Chris, Bob, Dave,

    Thank you all for thoughtful and positive feedback.

    With some serious systems engineering, strong program management and transparent governance I believe ICITE can deliver the IT enterprise the IC needs.

    joemaz

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s