Defense Builds Teams to Mine Data

U.S. and Australian officers pull up information on a computer screen during a coalition exercise. The U.S. Defense Department is trying to stay one step ahead of emerging technology capabilities as it formulates data policies and procedures to serve all manner of network-centric forces.

The U.S. Defense Department is wrestling with a multitude of issues to provide the right people with the means to access different forms of data. Complicating potential solutions is the fact that the types of potential users are as varied as the types of data, which makes access and verification exponentially difficult.

The department’s aim is to make data visible, accessible, understandable, trusted and governable. That will require broad-based adoption of new standards and specifications, along with changing the way that defense and intelligence personnel do business. Ultimately, the commercial sector may provide both the model and the solution.

“What we’re trying to do is the same thing that industry is doing,” states Michael Krieger, director of information policy in the Office of the Defense Department’s Chief Information Officer (CIO). “Look at what Google Maps has done: It has a common semantics called Keyhole Markup Language; it has a common service called Google Maps or an application called Google Earth, and what you’re seeing on the Internet today is a host of people who use those semantics to expose data as a service. Suddenly, you can plot anything that you want in Google Maps and Google Earth. You can plot the price of gas, home sales or crime statistics by zip code. It’s all [possible] because they have a common semantics—Keyhole Markup Language—and they offer the visual display part as a service.”

Krieger wants to extend that type of capability down to a 19-year-old U.S. Army private on a night shift. If that private can discover the data with a common language and a similar service, then he or she could cobble together the answer to his or her commander’s problem. That is the type of environment the department is trying to build in the military, the intelligence community and the federal government, he explains.

This requires working across the Defense Department’s three processes—the Joint Capabilities Integration and Development System, or JCIDS; the acquisition system; and the planning, programming, budgeting and execution system (PPBE)—which is no small feat in itself. But it also requires managing the cultural change from need-to-know to need-to-share.

“The challenge is huge,” Krieger declares.

Part of the effort involves separating data from applications. Success in this endeavor will allow multiple applications to have access to the same data. Currently, this often requires building point-to-point access to that data.

Krieger allows that a key activity for achieving his goals is simply to show progress. By providing momentum that shows the value return, users will want to adopt the new approaches. By getting Defense Department components to “own this problem,” they will address it and enable faster solutions.

One way of doing this is through the establishment of communities of interest (COIs). COIs inherently work across domains, Krieger notes, because they comprise multiple users with a common information sharing problem. When they assemble to address that problem, they generate programs of record with procedures that provide tracking for the next round of programs.

Krieger emphasizes that he does not make a move without the participation of the intelligence community. He has established the Senior Enterprise Services Governance Group that he co-chairs with his intelligence community counterpart. Its purpose is to examine policy and implementation issues for both data and services. “The Defense Department cannot do this without total partnership with the intelligence community because the Defense Department owns the unclassified classified/network, but the intelligence community owns the Top Secret network,” he emphasizes. “You want the same information technology infrastructure, services, and data access and standards across all three networks.”

The Defense Department CIO and its Director of National Intelligence (DNI) counterpart have published a memorandum of agreement calling for a services-based information environment. The agreement also calls for reinforcing department and DNI collaboration to implement business and information services and service-oriented architecture. Krieger relates that he is working with his own counterparts in the intelligence community to converge attribute-based access control activities, which is a high priority.

Krieger declares that the bulk of the challenges hampering the department’s efforts are cultural. Technological challenges pale in comparison to getting people to want to share information. Current incentives for programs of record continue to be inherently component-centric and not focused on joint problems, he says.

But technological challenges do stand in the way, and the department actively is developing solutions. For making data visible, Krieger relates that the Defense Information Systems Agency’s (DISA’s) Net-Centric Enterprise Services program includes a discovery service. This service includes Google appliances with a federated search specification that allows the use of discovery metadata, which permits a better first-round hit on data. The use of discovery metadata becomes vitally important when dealing with video or audio files, which are harder to index and search, he notes.

Participants in a COI identify the data assets that they want to share, and then these assets are made visible. Krieger explains that his office asks participants to make these assets visible to the National Communications System (NCS) discovery service, which has an enterprise content integrator that points to data assets. Participants can open up their ports to be crawled by Internet Google appliances, and the Defense Department is leveraging Google appliances that Intelligence Community Enterprise Services is using on the secret Internet protocol router network (SIPRNET) and the Joint Worldwide Intelligence Communications System (JWICS).

Another way to make these assets visible is through a Web service that can be employed to register the discovery metadata of the participants’ data assets with a content integrator. The COI’s enterprise then is aware of the data asset and its discovery metadata.

A third way is for participants to build their own discovery metadata catalogue and register it with their own Web service with the enterprise content integrator. Krieger offers that this probably is the hardest way technically in that it requires the most work.

“For visibility, those are the three choices we give to a COI and say, ‘We’d like you to do one of these three choices to share your data asset discovery metadata with the larger enterprise,’” Krieger allows. The discovery metadata must be compliant with the Defense Department discovery metadata specification, which is based on an industry standard but adds security fields necessary for national security uses.

Accessibility offers a different technical challenge. “You have to have authoritative attribute sources; you have to identify the attributes that you need to make machine-to-machine authorization decisions,” Krieger observes.

Only authorized users can access the data, and this mission begins on the nonsecure Internet protocol router network (NIPRNET). Public key infrastructure (PKI) cards help provide secure accessibility, Krieger notes, and collaboration with the intelligence community is helping implement attribute-based access control service. DISA is working this task as part of the NCS.

Part of the collaboration with the intelligence community is to identify the authoritative attribute sources. Krieger notes that DISA has a specification for an attribute retrieval service, and a partnership with industry is leading to a pilot effort on a commercial implementation that will encompass the Distributed Common Ground System (DCGS). Jericho Software will implement a government specification to share the attributes in an attribute retrieval service. If this succeeds, the commercial implementation of a government specification will be making authorization decisions for accessibility. Krieger notes that the DCGS uses both Defense Department and intelligence community specifications, which allows it to work on both SIPRNET and JWICS.

For JWICS, the pilot will establish separate Army, Air Force and Navy enclaves for the DCGS. In one enclave, a user will employ the federated search specifications to discover an asset in another enclave. The user will pass its credentials to the other enclave, which will contact the attribute retrieval service from the NCS. When the attributes are attained, they will be verified against the Jericho decision software to allow or deny the user access. This effort should help extend and identify the technical challenges in accessibility, Krieger states.

Then comes the issue of understandability. The Defense Department is partnering with the intelligence community on a small semantic exchange schema for “what, when and where,” Krieger relates. The framework is based on the Geographic Markup Language geospatial consortium standard along with intelligence community information security markings for the security tags. These will permit machine-to-machine information exchanges across security domains. Others such as the Army Blue Force Tracking and the maritime domain awareness communities already are using the universal core that this schema will affect.

But this effort addresses semantics at a very small level across the entire enterprise. Krieger emphasizes that communities must develop a common semantic information exchange schema for sharing information within the community. These semantics would be registered with the Defense Department Metadata Registry and Clearinghouse, which also encompasses NASA, NATO, the U.S. Department of Homeland Security (DHS) and the intelligence community.

On the COI front, one hugely successful COI involves participants in the drive toward maritime domain awareness. This is a federal effort that encompasses the Navy, the intelligence community, the U.S. Coast Guard and the Department of Transportation. Armed with a presidential directive calling for more maritime domain awareness, these groups came together to solve problems that they could not address alone.

Krieger says that his office is using this COI as a use case on how to perform enterprise certification and accreditation for data published as a service or for value-added services and applications. While the department has a new Defense Department Information Assurance Certification and Accreditation Process (DIACAP) policy, it does not know how to implement it effectively to obtain certification and accreditation that would be accepted widely. The office is collaborating with the COI on a pilot to develop a repeatable process for certifying and accrediting services and data on the network.

The reason that this particular COI effort has been successful may have been because of a happy confluence of events, Krieger suggests. Just as the presidential directive came about, the department suggested the COI approach. That suggestion has brought results, which strengthened its applicability as a solution to a problem. “We’re seeing that more and more folks are adopting this approach to attacking their information sharing problems,” he warrants.

Other COIs are taking up the fight to develop data access methodologies. A strike COI is being led by a joint functional component command, Global Strike Integration, U.S. Strategic Command. It encompasses the Army, Air Force and Navy along with Australian and United Kingdom forces. The target is joint situational awareness information, and the COI is using the universal core as semantics.

Krieger’s office also is working with the U.S. Central Command (CENTCOM), the Army, the Navy, DHS and the Joint Improvised Explosive Device (IED) Defeat Organization (JIEDDO) on an IED activities COI. The aim is to develop semantics on how to exchange significant activity reports on IEDs. This will streamline understanding of IED reports, particularly with regard to harmonized taxonomies of their wording.

Even financial elements are in the department’s sights. Krieger relates that a federal financial accounting transparency act requires the government to share some contract and procurement data with the public. So, the department is working with the Office of Management and Budget on a pilot program for providing Defense Department data network-centrically. This effort would be expanded to cover other government departments as well, he notes.

“Everything we’re doing is to get some Defense Department components to try this COI approach to get some traction—and then have people do it more on their own,” Krieger declares.

With the commercial sector already involved in these efforts, Krieger states that industry has several roles to fill. The biggest struggle is over common specifications for the key enterprise services that will be implemented across the Defense Department and the intelligence community. “In a services-oriented environment, what keeps the interoperability is a strict adherence to some specific service interface specifications. Industry is not going to converge on those fast enough, because its incentive is not to.

“So the government is probably going to have to develop and own some key interface specifications; we will need to collaborate with our industry partners to make sure that we write the specifications such that the products will implement them in a noncompetitive manner and that they will get their competitive return based on the additional features that they do under the same specifications,” he declares.

He cites the simple mail transfer protocol as an example. Because of that protocol, a user could purchase and employ any e-mail product and still exchange e-mail with others using different e-mail products. The department must identify the service interfaces across the entire infrastructure layer collaboratively with industry so that the commercial sector follows that e-mail model.

“What we need from industry is to inform us if we’re doing something stupid that doesn’t make sense,” Krieger allows.

The other challenge for industry is to determine the new business case for building data services as well as the incentive for people to use a service made by someone else that is hosted on the SIPRNET. “This is a whole different business model discussion that we’re having with industry,” he says.

The department also must change its requests for proposal (RFPs). “Right now, I’m asking for a lot of point-to-points,” Krieger says. “I’m asking in RFPs for industry to do it in a way I don’t really want them to do. So, we’re having a dialogue with industry right now about what needs to be in an RFP to incentivize doing data and applications separately and in a service-based environment.

“So there is a whole business model discussion that we’re having now with industry that will be key to this transformation,” Krieger imparts.

Web Resources
Defense Department Chief Information Officer: www.defenselink.mil/cio-nii
Defense/Intelligence Community Memorandum of Agreement: www.defenselink.mil/cio-nii/docs/DoD_ICC.pdf