fy09 program plan for program support sub-goal it services program (ms-its) update slides dennis...

FY09 Program Plan for Program Support Sub-Goal

IT Services Program (MS-ITS) Update Slides

Dennis Morgan

10/26/2006 To meet the Sub-Goal Team Lead’s deadline of COB, 10/26/06, this input has not been reviewed by the NOAA CIO.

2

Desired End State

FY 09 FY 13 *

IT Security Enterprise-level hardware & software in place;

Establishment of additional Computer Incident Response Teams underway

Fully equipped to formulate and enforce IT security policy and respond to IT security incidents

√

IT Modernization Initiative Infrastructure, web, & electronic mail upgrades;

Continued network migration

Hardened Silver Spring Metro Center (SSMC) backbone and NOAAnet Single Enterprise Network that produces a 99.99% uptime network

√

NOAAnet Single Enterprise Network

24x7 Network Operations Center;

Major campuses established;

NWS & NMFS wide area networks integrated

Modern, flexible, and manageable network infrastructure that accommodates up-to-date security practices and dissemination tools

√

NOAA Enterprise Management Information System (NEMIS)

Analysis completed;

Databases, architecture, & dashboard instruments developed

Enhanced, fully-functional system for decision-making; Operations, maintenance, and continued development

√

OneNOAA Web Presence Design approved & migration underway

Improved access to NOAA products & services; Operations, maintenance, and continued development

√

Program Plan DetailsEnd State

*Ability to Achieve from FY09 to FY13

3

GOAL: Mission Support PROGRAM: Information Technology Services CAPABILITY: IT Security REQUIREMENT: Centralized Certification & Accreditation

(C&A) Services DESCRIPTION OF ADJUSTMENT: Implement centralized

C&A team to ensure consistency in the review of C&A packages, complete certification, and provide controls testing for each system prior to submission to Commerce

PERFORMANCE MEASURES: IT Security Incidents

Centralized Certification & Accreditation (C&A) Services

Above Core

PROGRAM ADJUSTMENT FUNDING

BENEFITS AND RISKS

ACTIVITIES, SCHEDULE & MILESTONES

Standardize C&A process throughout NOAAOct 2007

Capability of providing a suite of C&A servicesOct 2007

Automate C&A process Oct 2008 Provide C&A dashboard capability Mar 2009

(FY$M): FY09 FY10 FY11 FY12 FY13Current Program 2.0 2.0 2.0 2.0 2.0Program Adjustment 2.0 2.0 2.0 2.0 2.0Proposed Program 4.0 4.0 4.0 4.0 4.0

CAPABILITY: IT SecurityQUANTITY:Input Capacity Change FY09 FY10 FY11 FY12 FY13None 0 0 0 0 0

Output Capacity Change FY09 FY10 FY11 FY12 FY13% of NOAA IT systems with current C&A 100 100 100 100 100IT security incidents resulting from inactivity 497 447 402 362 326

If program adjustment is made: Compliance with Federal Information Security Management

Act (FISMA) and Commerce IT Security Policy Maintain 100% of NOAA IT systems that have a current C&A

If program adjustment is not made: ‘Out of compliance’ with July 12, 2006 OMB memo M-06-19

from Karen Evans (Ofc of E-Gov & IT) that requires agencies to meet existing security requirements (e.g., correct security weaknesses in stead-state investments) before new funds are spent on system development, modernization, or enhancement

Restrict public access to hazardous weather warnings and hurricane tracking information during peak demand periods when capability of enterprise security systems is exceeded

Retain IT Security material weakness (DOC OIG) Delay implementation of IT Security Architecture by 2 to 3

years

4

GOAL: Mission Support PROGRAM: Information Technology Services CAPABILITY: Enterprise Network Operations REQUIREMENT: Elimination of Single Points of Failure in Silver Spring Metro

Center (SSMC) Network Infrastructure and Public Web Services (PWS) DESCRIPTION OF ADJUSTMENT: Implement fully-redundant SSMC network

backbone with built-in failover, and mirrored web clusters at 7 U.S. locations PERFORMANCE MEASURES: Network and Application Services Availability

Elimination of Single Points of Failure (SSMC Network Infrastructure & Public Web Services)

Above Core


BENEFITS AND RISKS


Complete implementation of a 10 Gigabit Ethernet SSMC backbone & 10 Gigabit Ethernet Wash DC metropolitan area network (MAN) 2011

Complete hardening of the SSMC backbone in order to produce a 99.99% uptime network 2013


CAPABILITY: Enterprise Network OperationsQUANTITY:Input Capacity Change FY09 FY10 FY11 FY12 FY13None 0 0 0 0 0

Output Capacity Change FY09 FY10 FY11 FY12 FY13% of available network and application services 99.9 99.9 99.9 99.9 99.99

If program adjustment is not made: NOAA data products (provided via SSMC and/or other

locations) will become unavailable during a power failure or when construction/utility equipment (e.g., backhoe) severs the SSMC internet connection. For example, Hurricane X’s tracking data would not be available to the public during the time of need.

Customers and the general public will become displeased with the data unavailability, which in turn becomes front-page, above-the-fold news in the Washington Post for weeks. Can NOAA afford the bad press and management of the resulting triage?

Lack of or reduced Internet service will impact NOAA’s ability to deliver its data products to all customers and the general public. This includes, but is not limited to, Life and Property data made available to the public via the Internet. Reduction of key services will impact NOAA’s ability to deliver data products resulting in the inability for programs to meet their GPRA or corporate performance targets.

IT security risks will increase on all NOAA systems, including networks.

Dependency: Public Web Services within the Weather & Water Goal (via the Web Consolidation Initiative in NWS)

5

GOAL: Mission Support PROGRAM: Information Technology Services CAPABILITY: Enterprise Network Operations REQUIREMENT: Elimination of Single Points of Failure in Electronic Mail Services

(including migration to Commerce-wide common email system) DESCRIPTION OF ADJUSTMENT: Implement common email infrastructure that

includes redundancy with built-in failover PERFORMANCE MEASURES: Network and Application Services Availability

Elimination of Single Points of Failure(Electronic Mail Services)

Above Core


BENEFITS AND RISKS


Complete phase 2 of the consolidated electronic mail system, including complete redundancy and replication of data for all users 2010

(FY$M): FY09 FY10 FY11 FY12 FY13Current Program 0 0 0 0 0Program Adjustment 13.0 4.8 4.8 4.8 4.8Proposed Program 13.0 4.8 4.8 4.8 4.8



If program adjustment is not made: NOAA messaging operations (a primary communication mechanism

throughout the enterprise) will become unavailable during a power failure or when construction/utility equipment (e.g., backhoe) disrupts the email service connection.

Reduce the plans for email system redundancy and provide replication of email only for priority users.

DOC will continue to lack a common electronic mail system across all its agencies/bureaus.

Dependencies: Migration planning has been underway since January 2006, when

DOC alerted NOAA to begin projecting costs for the transition to a Commerce-wide common email system.

DOC has not provided clear FY09 Budget guidance with respect to the migration to a Commerce-wide common email system.

NOAA currently operates and maintains a distributed email system with multiple single points of failure, and utilizes the Thunderbird email application for more than 19,000 users, but will need funding to support Commerce’s move to a common platform without single points of failure.

On 9/21/06, as part of its Electronic Mail Study, DOC initiated a mandatory data call on e-mail costs for all bureaus; purpose: to obtain costs of email at each Operating Unit; use of data: analysis to support the business case. NOAA submitted data on 9/26/06.

6

GOAL: Mission Support PROGRAM: Information Technology Services CAPABILITIES: IT Security, Enterprise Network

Operations, Enterprise Architecture, IT Support for Administrative Systems, IT Administration and Regulation

REQUIREMENT: Transfer of Line Office (LO) CIO Operating Budgets from LO Headquarters Program to IT Services Program

DESCRIPTION OF ADJUSTMENT: Transfer of funding will allow the IT Services Program to improve performance through the IT Administration and Regulation, IT Security, Enterprise Network Operations, Enterprise Architecture, and IT Support for Administrative Systems capabilities.

PERFORMANCE MEASURES: IT Security Incidents Network and Application Services Availability, Capability Maturity Model Score

Transfer of LO CIO Operating Funds


BENEFITS AND RISKS


CAPABILITY: All 5 IT Services Program CapabilitiesQUANTITY:Input Capacity Change FY09 FY10 FY11 FY12 FY13None 0 0 0 0 0

Output Capacity Change FY09 FY10 FY11 FY12 FY13IT Services MET MET MET MET MET


If program adjustment is made: Provide centralized administration and management of IT Services across NOAA

Provide C&A dashboard capability 2009 NEMIS data storage acquisition, product inventories,

analysis, & Suite 2 dashboard instruments 2009 Complete phase 2 of the consolidated electronic mail

system, including complete redundancy and replication of data for all users 2010

Complete hardening of the SSMC backbone and NOAAnet in order to produce a 99.99% uptime network 2013

7



REQUIREMENT: Full Funding of Federal FTE DESCRIPTION OF ADJUSTMENT: Provide adequate

funding to support salaries and benefits for 107 federal FTE in the IT Services Program

PERFORMANCE MEASURES: IT Security Incidents, Network and Application Services Availability, Capability Maturity Model Score

Full Funding of MS-ITS Federal FTEAbove Core


BENEFITS AND RISKS


If program adjustment is made: IT Services Program will be better positioned to accomplish its mission, and provided adequate support to the NOAA Mission Goals

If program adjustment is not made: More overtime Slots will remain vacant as federal employees retire

or move on to other career opportunities Extend timelines and scale back functional

requirements for current projects

107 Fully-Funded Federal FTE Oct 2008 – Sep 2013

(FY$M): FY09 FY10 FY11 FY12 FY13Current Program (88 FTE) 12.7 12.7 12.7 12.7 12.7Program Adjustment (19 FTE) 2.7 2.7 2.7 2.7 2.7Proposed Program 15.4 15.4 15.4 15.4 15.4



8



REQUIREMENT: Technology Refresh & Desktop Management

DESCRIPTION OF ADJUSTMENT: Technology Refresh & Desktop Management for NOAA Computer Incident Response Team, Information Technology Center, Network Operations Center, Web Operations Center, Messaging Operations Center, OS LAN / Systems Support, and OCIO

PERFORMANCE MEASURES: IT Security Incidents, Network and Application Services Availability, Capability Maturity Model Score

Technology Refresh & Desktop Management

Above Core


BENEFITS AND RISKS


If program adjustment is made: Meet recommended system lifecycle refresh requirements

If program adjustment is not made: Extend system lifecycle refresh period from 3 years

to 5 years Extend timelines and scale back functional

requirements for current projects

Technology Refresh Oct 2008 – Sep 2013 Desktop Management Oct 2008 – Sep 2013




9

GOAL: Mission Support PROGRAM: Information Technology Services CAPABILITY: Enterprise Architecture REQUIREMENT: OneNOAA Web Presence DESCRIPTION OF ADJUSTMENT: Implement enterprise-

level web management PERFORMANCE MEASURES: Capability Maturity Model

Score

OneNOAA Web PresenceAbove Core


BENEFITS AND RISKS

ACTIVITIES, SCHEDULE & MILESTONESFY2009-13 Implement Plan to Consolidate and Organize NOAA’s Web Assets

Evaluate NOAA-wide search capability Conduct ongoing information asset inventory and evaluate

against baseline Reorganize NOAA Web offerings in thematic approach,

independent of organizational structure Coordinate with other Federal agencies to ensure customer-

centric coordination and presentation of information Begin migration to MyNOAA concept

Create unified portal providing seamless access to NOAA internal and external information

Create role-based security model to ensure integrity to sensitive information assets

Provide localized and personalized information to Web customers Begin implementation of Web Server Consolidation


CAPABILITY: Enterprise ArchitectureQUANTITY:Input Capacity Change FY09 FY10 FY11 FY12 FY13None 0 0 0 0 0

Output Capacity Change FY09 FY10 FY11 FY12 FY13Capability Maturity Model Score for Enterprise Architecture Process 4 5 5 5 5

If program adjustment is made: Improve access to NOAA products and services Meet stakeholder needs Achieve NOAA-level web management for internet and

intranet Integrate web communications to NOAA business process Create functional content and technical web architectures

with single-point access to NOAA’s vast web offerings Secure funding for long-term support and maintenance of the

NOAA Web presence If program adjustment is not made:

Recommendations from post-Isabel and post-Katrina service assessments will remain unaddressed

Continuation of disjointed operation of NOAA web holdings Potentially conflicting information posted to web

10

GOAL: Mission Support PROGRAM: Information Technology Services CAPABILITY: Enterprise Network Operations REQUIREMENT: NOAAnet Single Enterprise Network DESCRIPTION OF ADJUSTMENT: Implement common NOAA

communications Infrastructure and consolidate 9 legacy networks PERFORMANCE MEASURES: Network and Application Services

Availability

NOAAnet Single Enterprise Network Above Core


BENEFITS AND RISKS

ACTIVITIES, SCHEDULE & MILESTONES Complete the transition of all NOAA Line Office Wide Area

Networks (WANs) to the NOAAnet Single Enterprise Network 2009

Provide multiple transparent external connections throughout the nation, by maintaining up to 4 ISP large scale connections 2011

Complete the hardening of NOAAnet in order to produce a 99.99% uptime network 2013




If program adjustment is made: $30M cost avoidance over first 7 years – network transport only;

cost avoidance will be applied to enhancements Meets NOAA’s requirements and supports NOAA’s mission

performance Centrally-managed NOAA network (24x7 operations center) Reuse and share common services (i.e., email, videoconferencing,

administrative & desktop applications, corporate & programmatic operations, intranet)

Common Security Infrastructure supports single C&A and provides secure environments (i.e., communities of interest) for user communities

If program adjustment is not made: Legacy networks approaching end-of-life; more expensive to sustain Uncoordinated redundancy at shared locations increases costs Loss of connectivity at a hub location disables connectivity at

dependent remote locations Complete COOP failover is difficult or impossible when backup sites

rely on dedicated or separate networks Dependencies:

Implementation requires the redistribution of financial resources from other Goals/Programs

Intrusion Detection System (IDS) to be provided by NOAA Computer Incident Response Team (N-CIRT)

fy09 program plan for program support sub-goal it services program (ms-its) update slides dennis...

Documents