Best-Laid Plans
n June 18, a half dozen chief information officers of federal agencies gathered for dinner in the Concorde Room at Washington's Hay Adams Hotel-which sits just across Lafayette Square from the White House. Over a three-course meal with sorbet and wines, they discussed the White House's proposal to create a Homeland Security Department and the indispensable role of technology in bringing that department to life. Several of the agencies represented at the table would be merged into the new organization.
The CIOs debated the transfer of more than a dozen agencies and offices into the new department. They felt emboldened to make suggestions because the Homeland Security structure will use communications and information technologies as its bricks, mortar, pipes and roof. CIOs are itching to draw the blueprint.
When an organization tries to tie together disconnected databases or computers-as many agencies have tried for years-it must follow some kind of model or guide. For several years, the favorite model in the government has been enterprise architecture, a loose term that describes the overall plan or design for getting many disparate systems to cooperate and communicate.
The administration's Homeland Security proposal says the department will have an enterprise architecture, but it doesn't say how it will create one. That troubles some, because never have so many agencies been asked to form new missions and new operations that cut across so many jurisdictions and boundaries. Once the bureaucratic structure of the department is in place, making it all work together is the architect's job.
here are few, if any, examples of a federal enterprise architecture actually succeeding as planned.
"Agency executives have historically not understood the purpose, content, and value of these architectures," GAO wrote in a February report (GAO 02-6).
The CIOs agreed that at the Homeland Security Department, someone will have to step up to the plate to create an enterprise architecture. It's still unclear just who that person will be, but the Office of Homeland Security, the Office of Management and Budget and officials from the agencies to be merged into the Homeland Security Department have been working on a draft architecture that would presumably be taken over by the new department's yet unnamed CIO.
The groups are crafting the architecture while another team in the White House is creating a national homeland security strategy, says Steve Cooper, the Office of Homeland Security's CIO. That plan was expected in July, but now White House officials say it will probably come in the fall.
The proposed architecture would be based upon that vision, says Cooper, and would implement the technologies needed to carry out the tasks of homeland security-everything from screening visitors at borders and scanning cargo for weapons to monitoring the air and water for contamination.
The Office of Homeland Security has established three working groups to examine architectures in three of the four proposed divisions of the new department: border and transportation security; emergency preparedness and response; and chemical, biological, radiological and nuclear countermeasures.
Cooper and his crew are working to create some sort of plan, but its details are still sketchy. Of course, deciding what an enterprise architecture should look like requires that you believe it's a good idea in the first place. There are few, if any, examples of a federal architecture actually succeeding as planned. A Homeland Security Department would already be burdened by bureaucratic infighting and unclear missions. Throwing a new requirement for technology standards into the mix would be like trying to catch a greased pig with a paper bag and a pair of salad tongs.
But let's say, for now, that enterprise architecture is the right way to ensure that all the components of the Homeland Security Department communicate and share information with one another. What's the right plan? The best way to answer that is by asking, "What's not the right plan?"
Many architectural experts agree that building a single Homeland Security database is the wrong thing to do. It would take too long, cost too much money and probably fail to improve the quality of collaboration. "If someone sets out with a notion that they're going to build the one big database in the sky, the job will never get done," says Renny DiPentima, a former deputy commissioner of the Social Security Administration who oversaw a $750 million annual technology budget. "It will be years and years and years, and it will never get done."
Why? Consider the case of Social Security. Its oldest databases are written in a language that very few programmers understand today. Sucking out all that old data, making it readable and then putting it in a new database that's built to talk to others would probably take 10 to 15 years, according to several estimates.
CIOs are frustrated that lawmakers expect them to throw all their agencies' data into one big pot, thinking the exercise will prove useful. "I can turn a fire hose of data on. . . today, if that's what they want," says one CIO who was at the Hay Adams dinner and asked to remain anonymous. But it wouldn't make any difference, he argues. "All that matters is what the information means."
Data means different things to different agencies. For instance, data housed in the systems of the Federal Emergency Management Agency isn't coded, or "tagged," so that it could be recognized by the search engine of, say, the Immigration and Naturalization Service. Just melding two sets of data together without devising a common language would be like interweaving a Chinese and a Greek dictionary and calling the product English. Searching tools must recognize some common language, a "data dictionary," some have called it, if the data they find is going to be of use to more than one organization.
In the near term, DiPentima and others say, the Bush administration should adopt a "shared services" model. To picture how it would work, imagine you're building a personal profile of Tom Ridge. You'd get the most accurate information by calling a number of agencies, fetching his name and date of birth from Social Security, his earnings history from the Internal Revenue Service, and his most recent address from the Postal Service. Each of the agencies that would be subsumed by the Homeland Security Department is an authority on at least one category of information. Getting access to only the most needed pieces would be easier than creating an enterprise architecture from scratch to house all of them.
Meanwhile, most federal officials seem more concerned that homeland security agencies will continue to go their own way and install incompatible systems. But many of those officials aren't questioning whether the enterprise architecture strategy is practical or even necessary. Considering its spotty history, these people seem to have forgotten the first rule of holes: When you're in one, stop digging.