I am pleased to issue this update to the Department of State's Information Technology Strategic Plan (ITSP) which reflects current initiatives and priorities, and addresses State's requirements through 2010.
The Plan was updated to align it with the recently released Department of State and USAID Strategic Plan, which specifies seven strategic goals and 27 strategic priorities. The five IT goals and implementing strategies in this Strategic Plan are mapped to the Department and USAID goals, and examples are provided of how IT will further these goals and the Department's foreign affairs mission.
A second new theme is Transformational Diplomacy, a key initiative of Secretary of State Condoleezza Rice. Transformational Diplomacy focuses on two areas: (1) working with citizens and governments around the world to promote transformation toward greater peace, freedom, prosperity, and social justice; and (2) transforming the way State does its work to be more efficient and effective. The quote from Secretary Rice on the cover page of this Plan reflects the first focus while the quote below reflects the latter.
"Transformation in diplomacy, as in business and other fields, rests on the empowered individual who works (with) greater freedom and greater initiative and thus greater responsibility, ... and who, aided by the power of technology, can accomplish what was once required of many people." Secretary Rice.
As Chief Information Officer, I am committed to helping the Secretary and the Department use IT to promote both of these ambitious notions. We will continue to modernize our IT infrastructure and make value-added information and usable tools available to increase the efficiency and effectiveness of our diplomats operating around the world. As our personnel work with citizens, institutions, and governments anywhere in the world, we will partner with them to deliver the secure IT services and tools they need.
James Van Derhoff
Chief Information Officer
This Information Technology Strategic Plan outlines a future-oriented technology program for the Department that directly supports U.S. foreign policy and diplomacy as articulated in the latest Department of State and USAID Strategic Plan. This Plan sets forth five key IT goals for FY 2006-2010. Several of these goals represent significant departures from the Department's current ways of doing business and allocating IT resources. To build consensus around the key IT goals and strategies, a Goals Paper was published and circulated throughout the Department for discussion and refinement. This IT Strategic Plan reflects the discussions that ensued as well as the Department's new Strategic Plan which was issued recently. The result is an ITSP that provides clear direction for the next five years and forms the basis for major decisions on IT investments and projects.
Current Status of IT in the Department
The Department's former IT Strategic Plan, which covered the period FY 2001- 2005, served as a starting point for this new Plan. Under the earlier plan, State successfully modernized its global IT infrastructure. Now, it will take the next step: putting in place end-user oriented tools and information resources that will aid the employees who carry out the Department's international affairs mission.
The Department has made extraordinary progress under the former IT Strategic Plan. Much demonstrable success has been achieved in all five goal areas, and the results have changed the way the Department does business. The enthusiastic support of the Secretary of State and senior management for rapid, continuous IT modernization in support of diplomacy has been, and will remain, critical to success. This support has led to improvements in IT governance processes, including broad representation in decision-making. It has also led to substantial increases in investment, enabling the Department to catch up rapidly in basic infrastructure technology. Table 1 highlights the major accomplishments under the 2001-2005 Plan.
Table 1: Accomplishments Under Department of State FY 2001-2005 IT Strategic Plan
ITSP Goal | Major Accomplishments |
1. A Secure Global Network and Infrastructure | • Highly standardized, available, and reliable global IT infrastructure with 99.5% network availability in FY2005 • Defense-in-depth security - e.g., server, e-mail, and workstation anti-virus, network intrusion detection, and operational CERT and CIRT processes • Certification and Accreditation program • Modern, reliable classified and unclassified networks • Desktop Internet access and Virtual Private Network (VPN) capabilities • Centralized IT modernization and refresh worldwide through Global IT Modernization (GITM) program • Enterprise network management |
2. Ready Access to International Affairs Applications and Information | • Continued improvement and centralization of border security systems • Public affairs and Public Diplomacy applications and Web sites • Specialized mission-support databases and applications (e.g., Treaties, Refugees, Contacts) • Connectivity to SIPRNET and OSIS, and establishment of a strong State knowledge-sharing program on SIPRNet • Collaboration capabilities supporting diplomacy, border security, and humanitarian information programs • Initial steps toward mobile communications |
3. Integrated Messaging-- | • Single, worldwide e-mail systems for classified and unclassified traffic • Initiation of State Messaging and Archive Retrieval Toolset (SMART) program to deploy innovative worldwide, integrated messaging |
4. Leveraging IT to Streamline Operations | • Significant progress in implementing Web-based administrative applications to improve efficiency • Server consolidation through Enterprise Server Operations Center (ESOC) • Financial systems for both State and USAID centralized in Charleston |
5. Sustaining a Trained Productive Workforce | • Skilled IT workforce • Best Practice in recruitment and retention • Modern, effective training/certification programs |
Key impacts of IT modernization to date are:
Strategic Mission and Business Drivers
A key driver for this new ITSP is the FY 2007-2012 Department of State and USAID Strategic Plan, which describes the Department's mission and strategic objectives and goals. The Department's mission is to:
"Advance freedom for the benefit of the American people and the international community by helping to build and sustain a more democratic, secure, and prosperous world composed of well-governed states that respond to the needs of their people, reduce widespread poverty, and act responsibly within the international system." [State/USAID Strategic Plan, FY 2007-2012]
The State/USAID Strategic Plan identifies seven strategic goals and priorities that constitute a strategic planning framework. A centerpiece of the plan is the notion of "transformational diplomacy," which calls for the integration of diplomacy and foreign assistance to advance U.S. security interests, development interests, and democratic ideals. In carrying out its mission, State works with other U.S. Government agencies, foreign governments, Non-Governmental Organizations (NGOs) and international organizations, foreign and domestic press, and foreign and domestic publics. The IT goals presented in this Plan are driven by the mission requirements articulated in the Strategic Plan, as shown in the mapping table in Appendix A.
A second key driver is input from end users, bureaus, and posts as documented in the Department's recently published joint State/USAID Enterprise Architecture, interviews and overseas visits conducted by the IRM Bureau Planning Office, and a survey conducted by the Office of e-Diplomacy of more than 3,000 policy and management officers worldwide.
A third driver is the President's Management Agenda (PMA) and related government-wide IT initiatives, especially e-Government (e-Gov). Through these initiatives, the State Department seeks to promote efficiency in the delivery of administrative services as well as increased coordination among agencies operating overseas.
The Strategic Plan, Enterprise Architecture, and e-Government initiatives all emphasize the value of information and information technology as key tools in diplomacy, foreign assistance, and operational excellence. The Enterprise Architecture calls for extensive communication, coordination, and collaboration within the Department and with external organizations. The objectives and initiatives in the Strategic Plan depend heavily on high quality information that can be accessed and shared appropriately and securely from anywhere and at anytime. World-class IT tools, such as video conferencing, mobile computing, intelligent data search and retrieval, sophisticated data integration and analysis, and knowledge management/data warehouse systems are essential if State is to achieve its strategic objectives and goals and satisfy its customers and constituents, notably the White House, Congress, other government agencies, U.S. allies, and above all, the American people.
A fourth driver is rightsizing. The Joint State/USAID Strategic Plan and the PMA both emphasize "rightsizing" the entire presence of U.S. Government agencies and personnel overseas. Rightsizing promotes enhanced mission capabilities, cost-efficiency, and security. This IT Strategic Plan supports rightsizing by promoting interagency integration, delivery of services from regional and central locations, mobile computing, a robust global IT infrastructure, and self-service through modern IT solutions.
This ITSP explains how IT will be a significant force helping State pursue its mission over the balance of this decade. As the lead international affairs agency, State is committed to being a leader in exploiting IT to further U.S. diplomatic aims.
Key IT Trends
State is committed to maintaining a high quality, global IT environment that can exploit advances in technology and government-wide initiatives such as e-Government. Table 2 identifies important trends and best practices that will affect IT for the next several years. The table contrasts these trends and best practices with outmoded ways of doing business.
Table 2: "In-Out" Table: Trends & Best Practices
IN | OUT |
Enterprise-wide, Government-wide solutions | Single bureau, single agency approaches |
Rapid technology change and adoption | Reluctance to innovate and bureaucratic roadblocks |
Social networks and community collaboration | Individual effort |
Leveraging specialized expertise through outsourcing of non-core activities | Reliance on internal management and in-house execution for all functions |
Wireless | Wired |
Next generation data mining and search | Fragmented data sources accessible in restricted ways |
Mobile | Tethered to the desk |
Voice/data integration/voice over IP | Separate networks |
Voice input and speech recognition | Keyboards |
Voice-mail/email integration | Separate message stores |
Partnerships | Isolation |
Automated, real-time language translation services | Limited ability to get documents translated |
"Out of the box" COTS | Highly customized solutions, including overly customized COTS |
Web-based | Client-server |
Tailored multi-media communications | Rigid formats, cables, documents |
Enterprise-wide business continuity planning | Ad-hoc approach to critical infrastructure protection |
Computing and networking as utilities | Non-standard, isolated IT environments |
Adaptable networks -- Self-configuring, dynamic | Hardwired, inflexible networks |
Dockable laptops | Desktop computers |
Risk management | Risk aversion and reluctance to make decisions |
Dataless posts | Expensive and vulnerable distributed data model |
In past years the Department's IT program has provided essential support for administrative and consular functions, but has not been able to offer similar support for core diplomatic activities. Advances in technology make increased support for diplomacy feasible, and new challenges and opportunities make it imperative.
The vision for 2010 is one in which IT becomes a much more active partner than it has been with the Department's organizations and employees most directly involved in our diplomatic activities. By organizing and improving access to critical information now scattered around the world, and delivering state-of-the-art systems, tools, and networks, IT will empower U.S. diplomacy.
The Department's program for Transformational Diplomacy notes: "Communications capabilities and IT functions will be centralized to ensure that information is dispersed smoothly, accurately and securely. The goal is to provide the State Department workforce with quick access to the knowledge and real-time information they need whether at their desktops or on travel. Cutting-edge information technology will enable sharing information across regions and between agencies." |
Vision Empowering diplomacy with |
By 2010, the Department will achieve the following:
The five IT goals supporting this vision and State's mission priorities are:
Descriptions of these five IT goals are set forth in the following pages. Until now, investments have produced a global IT infrastructure connecting all overseas and domestic locations. With this revised Plan, the focus shifts to using the global infrastructure -- bolstered with enhanced capabilities and capacities -- to empower transformational diplomacy.
1. The Right Information: Knowledge Leadership for Diplomacy
Goal 1 will make available tailored foreign affairs information to meet the needs of individual officers, internal and external customers, and target audiences. The Department of State is an information-producing machine whose annual output includes more than 2 million cables, 200 million e-mails, hundreds of thousands of indexed documents on thousands of Department web pages, and other reports, analyses and information. In addition, Department personnel have access to the vast resources of the Internet and the networks of other government agencies. Yet much of this information fails to meet requirements because it is inaccessible, of questionable accuracy, out of context, not updated, or in the wrong format. As a result, our officers cannot easily find the information they need and are overloaded with marginally relevant information. Goal 1 will promote knowledge creation, dissemination, and management for internal use, interagency sharing, and outreach to various publics and State's other stakeholders.
Knowledge Leadership is the Department's approach to improve knowledge sharing and collaboration within the Department and with our foreign affairs partners. The approach draws on State's deep subject matter knowledge of the foreign affairs environment, coupled with superior technology to empower personnel at all levels to make informed decisions and lead foreign policy formulation and implementation. Knowledge Leadership will help establish a knowledge sharing culture within the Department and the broader foreign affairs community. Engineering such a cultural change will require a significant initiative that focuses on four fronts: people, processes, organizations, and technologies.
Knowledge and Information Management Tools
|
Department users will have access to an enterprise-wide content management service, staffed by researchers, information management specialists, and policy experts. This service will be responsible for managing the Department's substantive databases and content management tools and technologies, and assisting users with complex information management requirements.
State will continue to apply its centrally run and funded Content Management System to support broad-based information access and dissemination, providing U.S. citizens and foreign publics with information about U.S. foreign policy. The public-facing web sites are organized to be searchable by standard commercial search engines. We apply data architecture concepts (including the Federal Enterprise Architecture Data Reference Model) to ensure that our data is organized to promote maximum accessibility. Tests indicate that State sites appear near the top of search lists when relevant foreign policy terms are used. We plan to continue to monitor the performance of our public-facing web sites to ensure that they provide effective and broad access.
Value-Added Logical Knowledge Bases
Strategic Goals | Strategic Priorities | Examples of Knowledge Bases |
Strategic Goal 1: Achieving Peace and Security | • Counterterrorism • Weapons of mass destruction and destabilizing • Conventional weapons • Security cooperation and security sector reform • Conflict prevention, mitigation, and response • Transnational crime • Homeland security | • Effective conflict prevention and response programs • Counterterrorism initiatives and results • Security agreements • Knowledge bases that cross topics - e.g., impact of economic growth and transnational crime |
Strategic Goal 2: Governing Justly and Democratically | • Rule of law and human rights • Good governance • Political competition and consensus building • Civil society | • Status of good governance and democracy around the world • Reports of various organizations on government effectiveness |
Strategic Goal 3: Investing in People | • Health • Education • Social services and protection for especially vulnerable populations | • Integrated global databases on public health, education, and poverty • Best practices in delivering human services |
Strategic Goal 4: Promoting Economic Growth and Prosperity | • Private markets • Trade and investment • Energy security • Environment • Agriculture | • Integrated databases on economic and energy issues • Environmental and economic impact of policies and initiatives |
Strategic Goal 5: Providing Humanitarian Assistance | • Protection, assistance, and solutions • Disaster prevention and mitigation • Orderly and humane means for migration management | • Best practices in disaster prevention and humanitarian response • Refugee tracking |
Strategic Goal 6: Promoting International Understanding | • Offer a positive vision • Marginalize extremism • Nurture common interests and values | • Annotated databases of promotional materials and multi-media products for presenting and promoting U.S. values and interests • Tracking of reactions to U.S. policies and programs |
Strategic Goal 7: Strengthening Consular and Management Capabilities | • Consular services (Visas, Passports, American Citizen Services) • Major management functions | • Border security databases • Integrated data warehouse to track financial and other administrative information |
Users will draw on the following:
Officers work on-line, using groupware software, with counterparts from other countries and agencies to draft a NATO resolution. |
Public Diplomacy officers create "Blogs " that contain specialized content drawn from Department knowledge bases to target specific audiences. Blogs may be interactive inviting commentary from outside organizations and individuals. |
Modern concepts in knowledge management will provide access to implicit and tacit knowledge dispersed throughout State. Personnel will be encouraged and rewarded for sharing their expertise. |
State needs a broad, unified policy that recognizes information as an enterprise-wide asset. This is in contrast to the current practice where the organization that gathers, compiles, or develops information treats that information as an organizational asset, sharing the information only upon specific request. This will require substantial culture change mandated from the top and reinforced through tangible incentives. |
These practices and tools will position the Department to capitalize on the next wave of intelligent technologies and processes to strengthen the use of our knowledge resources -our databases and above all, our people-in the interest of foreign policy leadership. As discussed under Goal 5, these will also create a new, broader role for IT and Office Management Specialist (OMS) personnel as content managers and information consultants.
To accomplish this goal and provide top quality knowledge and information services for diplomacy, the Department will shift the balance among the competing demands for IT resources, tilting a greater share toward foreign policy requirements. This theme is discussed further under Goal 3, through which e-Government solutions will be employed to reduce the costs of administrative systems, thus freeing up resources for diplomacy.
Table 3-1: Goal 1 Strategies
Strategy | Key Components | Performance Indicators |
Information/Data Architecture Framework | • Categorization schema - developing a standardized vocabulary • Thematic Communities of Practice - centered around shared information needs • Linkage of Business Processes to supporting Information • Process to review the performance of State's information dissemination and access efforts | • Increased information sharing opportunities across organizations • Controlled redundancy and increased consistency in information • Increased ease in finding, analyzing and managing information |
Dashboard/Executive Information/Data Warehousing | • Focus tools on executive and management needs for overseeing diplomatic and foreign assistance operations • Develop data warehouse capabilities • Assess role of existing and planned systems (e.g., Global Affairs Dashboard) | • Ability to satisfy stakeholder queries • Extent of use by State executives, and external stakeholders • Proliferation and use of tailored data marts and management dashboards |
Knowledge Management | • Knowledge-sharing culture and leadership • Information-sharing architecture and collaboration tools | • Number of people participating in knowledge sharing |
Integrated Data Management Strategy | • Data stewardship policies • Baseline data architecture inventory • Data exchange and integration standards • Data security policies • Data storage/warehouse • Enterprise-wide database administration (DBA) function | • Growth in volume of data in central repository(ies) • Increased data quality • Increased number of queries to central databases and data warehouse • Increased connections among databases • All official documents, including emails, included in searchable archive |
Information Service, Virtual Library | • Organizational/staffing approach -- combination of virtual and physical • Scope of services and service delivery metrics • Service delivery and pricing | • Growth in use of and demand for services from internal and external users • Quality of information products • Responsiveness to customer demand |
Evolving Suite of Innovative and Collaborative Tools | • Baseline suite of tools • Ongoing evaluation of new capabilities and needs of younger officers (e.g., social networking) • Capability to integrate new tools rapidly | • Time to implement new user capabilities • Effectiveness in meeting user needs for information management • Extent of user participation in collaborative workspaces |
2. Anytime/Anywhere Computing: Diplomats on the Move
Goal 2 will provide an IT environment that allows full access to all needed knowledge and computing resources at anytime from anywhere in the world. The focus for State's IT infrastructure is two-fold: mobile computing and continuous and rapid technology innovation-absolute musts for modern diplomacy.
By its nature, diplomacy entails travel and mobility, as well as regular contact with people outside of State facilities. Effective diplomacy requires that our officers participate in policy discussions with the U.S. Government executive agencies and with Congress, meet with counterparts in foreign governments at executive leadership conferences, attend sessions of foreign parliaments and organizations, represent the U.S. before foreign and domestic organizations and publics and travel to other cities and countries. Our most effective diplomats cultivate relationships with foreign officials, parliamentarians and citizens, using these relationships to acquire expertise about the host country, to understand developments that affect U.S. national interests, to implement programs and to promote U.S. foreign policy objectives. Much like others involved in advocacy or public relations, our diplomats spend a good deal of their time out of their offices in circumstances where effective access to State resources is essential.
Through this IT goal, the Department will provide technology to support the mobile employee. It will enable State's officers to use standard commercial personal digital assistants (PDAs), cell phones, laptops, and new devices as they emerge. These devices will deliver the knowledge resource products described under Goal 1, and will also allow full connectivity from home, while on travel, or at meetings. Personnel will be able to telecommute and have access to all necessary information including their classified and unclassified e-mail, documents, files, voice mail, contact information, and will be able to participate in secure video and audio conferencing-all while at home or on the move.
The IT environment of 2010 will be characterized by:
|
They will be easily able to consolidate and manipulate information from these multiple sources and formats. Voice input and output will be supported, and voice and data will be fully integrated. New and improving technologies, such as video conferencing and video mail, Geographic Information Systems (GIS), and language translation software will be made available as they are proven feasible.
Five elements must be in place to enable "anytime, anywhere" connectivity:
The networks and end-user devices of the future will have embedded intelligence to recognize and react to varying conditions, tailoring their configurations and security features appropriately.
As the political officer of the future leaves the embassy to call on the foreign ministry, his PDA is automatically reconfigured to continue to receive unclassified messages. In the car, he checks his unclassified e-mail via his PDA and sees that the Department wishes him to immediately deliver a new demarche to the host government.
The IT environment will function much as today's electric and telephone utilities. End-users will be able to "plug in" to the network with any device regardless of location. The following strategies will contribute to the establishment of this ubiquitous computing environment:
Labeling and "wrapping" all information-structured and unstructured-permitting complete and appropriate access to information from anywhere. Wrappers will be extended beyond security and retention and will include information necessary for rendering information on various device types and content adjustment or filtering based on the users' current location. Labeling or tagging will be done for small units of information, enabling content to be assembled and reassembled in multiple ways for different purposes.We will provide "end-to-end" performance management, no longer thinking that connectivity stops at the entrance to the embassy or mission. We will ensure adequate performance and reliability to the end-user device whether it is located in the embassy compound, at warehouse facilities, or other locations where users work. |
The entire service delivery operation will be overseen by a governing body made up of user representatives and IT staff, and will report directly to the CIO. Key metrics will be tracked on a real-time basis and presented to this body.
Key Service Delivery Metrics:
|
IT consolidation is a key enabler of rightsizing of overseas posts. By delivering services from central or regional service centers, we can dramatically reduce the numbers of IT support staff needed at posts. This is especially important, not only in reducing costs and improving service, but also in minimizing the numbers of American personnel in high threat locations.
Table 3-2: Goal 2 Strategies
Strategy | Key Components | Performance Indicators |
Mobile Computing/End-User Device Program | • Full user capabilities from mobile devices -- eliminate restrictions and customization • Virtual organization and telework, providing flexibility to vary work hours and locations | • Range of mobile devices permitted on network and connecting via the Internet • Comprehensiveness of capabilities available via remote devices • Numbers of users with OpenNet Everywhere (ONE) or other mobile devices • Numbers of teleworkers and time spent teleworking |
Consolidation, Integration, and Standardization | • Single ops center and services • Enterprise server operations centers • Global networks and processing centers to meet user needs • Central remote management of all components to reduce costs and improve security • Identify and build on best practices • Expand use of thin client model to reduce costs and improve security | • Single unclassified network • Number of distributed processing facilities eliminated • Volume of information processed and residing centrally/regionally • Substantial reduction in IT staff located at posts • Number of bureaus and posts receiving centralized consolidated server, desktop support and helpdesk services |
Replacement and Modernization | • Implement GITM customer oversight mechanism • Implement adaptable deployment methodologies • Implement flexible deployment configurations | • Percentage of replacement and modernization activities under GITM |
Networking Strategy | • Outside global network assessment/reengineering • Latest Internet Protocol standards (IPv6) • Voice Over IP (VOIP) • Partner with Internet2 and Next Generation Internet (NGI) initiatives | • Reduction in worldwide costs for telephone service • "Connectedness" -- multiple links to ensure always being connected • Network problems no longer cited as impediment to progress |
Competitive Service Delivery | • IT Desktop support services managed centrally as a utility • COTS with no customization • Innovative contracting, outsourcing, competitive sourcing, and other privatization options • Fee for service to ensure that services respond to demand and are cost-competitive • Loosely coupled, highly cohesive business modules providing services • Established Service Level Agreements (SLAs) with agreed-upon performance standards and metrics | • Performance that meets SLAs • Elimination of duplicative systems • User satisfaction |
3. External Partnership: Diplomacy Through Collaboration
Under Goal 3 the Department will establish an IT environment that promotes external connectivity and information sharing. This goal draws on the concepts of the e-Government initiative, applying it to diplomatic and administrative operations. Through this goal the Department will provide IT support to collaboration and coordination activities directly related to its diplomatic mission. It will also rely increasingly on and promote interagency processes and systems for administrative work. Implementation of this goal will reduce costs and improve productivity.
The Department works in concert with other U.S. Government agencies, Non-governmental Organizations (NGOs), and foreign governments in promoting the U.S. foreign policy agenda. The Department also offers services to U.S. citizens and businesses, such as travel assistance and support for international trade and exports.
By 2010, a global electronic community will be in place connecting all participants in U.S. diplomacy and foreign assistance programs. Layers of access will be supported to balance information security and access requirements, based on logical and physical controls.
IT has supported some level of intergovernmental information sharing through SIPRNET, OSIS, and Intelink. The Department's Strategic Plan calls for greater levels of collaboration over the next five years, for example with:
The Department will expand services to U.S. citizens domestically and overseas by leveraging IT. Examples include adoption tracking, passport issuance, and access to travel information and advice.
In addition, the Department is committed to the President's Management Agenda and to OMB's efforts to consolidate the administrative systems that support government agencies. The Department will be an eager customer of government-wide services when available for Human Resources, Payroll, Finance and Accounting, Logistics, and Inventory and Asset Management. Given the need to support administrative operations at more than 200 locations around the world, the Department would benefit greatly from government-wide administrative services and systems that enabled streamlining of our overseas presence.
Four broad strategies will be pursued to achieve this goal:
To accomplish this goal, the Department will participate actively in and leverage government-wide initiatives, such as today's Quicksilver e-Government efforts, with the aim of freeing up resources that can be devoted to foreign affairs activities. By 2010, the Department expects to be using government-wide systems and services for all administrative activities, except those unique to overseas operations (e.g., local hiring, housing, and purchasing).
This goal explicitly supports OMB's goal of a U.S. government-wide IT Enterprise Architecture. It is also a logical extension of Goal 1, The Right Information, and Goal 2, Anytime/Anywhere Computing, throughout the U.S. Government in support of the President's Management Agenda (PMA).
Our e-Government Vision
The Department advocates greater integration and sharing (collaboration) of mission critical information through the development of a single government network, a single government-wide directory, and shared virtual knowledge bases. The Department is committed to moving its administrative support systems (e.g., Human Resources, Logistics, Financial, Budget, Payroll, Acquisitions, Travel) to centrally managed, government-wide solutions as soon as practicable. |
Strategy | Key Components | Performance Indicators |
Foreign Affairs Extranet Program | • Foreign affairs agency portals accessible via the Internet and/or USG networks • User authorization and authentication policies • Network architecture and security model | • Volume of use and numbers of users of extranets |
Business Process and Application Streamlining | • Reengineer processes to support rightsizing of overseas locations and cost-efficiency of domestic operations | • Specific performance targets for process efficiencies (e.g., increases in number of transactions per day, reduced lag times) • Meeting rightsizing targets -- fewer people, servers, data, and applications at posts • Meeting targets for domestic bureau streamlining -- fewer IT staff and distributed servers, applications, and data. |
e-Gov Solutions | • Develop and carry out transition plans for moving to Government-wide, LoB-based solutions | • Adoption of transition plan by e-Gov Program Board • Resources shifted to e-Gov solutions |
Government-Wide Overseas Network | • Work with OMB to develop a concept, network architecture, and funding approach • Assess existing initiatives and environments and develop and carry out transition plan | • Plan and budget adopted by at least 70% of overseas agencies; plan funded • Elimination of agency networks at posts |
Application Architecture -- Web-Enablement (Self-Service) | • Middleware (SOA, EAI) for promoting interchange of information with other agencies and partners | • Measurable shift to web-based processing • Functions available for self service and extent of use • Volume of use of multiple, integrated databases |
4. Risk Management: Mission Effectiveness and Security
Under this goal, the Department will establish a strengthened IT security program based on risk management, critical infrastructure protection (CIP), the Federal Information Security Management Act (FISMA), and deployment of pre-approved security solutions. The intent is to enable rapid and secure introduction of new technologies. The risk management process will be engineered to support rapid management decision-making, normally yielding a decision within 90 days.
Good risk management practices lead to effective security controls commensurate with risks. They strengthen security by eliminating the need for vulnerable workarounds, permitting appropriate access to mission-critical data, and ensuring consistent security solutions. |
In the past, the Department has been slow to adopt new technologies, in large part due to security processes that rely too heavily on security experts and not enough on managers, IT professionals, and end-users-that is, the employees carrying out the Department's mission. Managers have been unwilling to make timely decisions, and security assessments have focused largely on the risks of security breaches, and not enough on the dangers of overly restricting access to required information. The introduction of new technologies must be business driven, not security restricted. It must also be timely to ensure that solutions are not obsolete before they have been accepted.
Comprehensive security engineering has not received enough attention or resources, and it has not been conducted as a collaborative effort involving security, IT, and end-user experts. Security debates have been an "us and them" affair, with security expertise concentrated in the security organizations of the Bureaus of Diplomatic Security and IRM, and no one with authority representing the end-users and diplomats. Under this goal, the Department will change the process to establish effective risk management. The following list exemplifies the types of decisions that must be made now and in the future:
The Department must explore with its national security partners the concept of integrating Confidential into the OpenNet environment, not unlike the architecture employed by the British Foreign Office. The Department must also position itself for the rapid implementation of full multi-level security when available.
State will take advantage of the rapid advances in security technologies and best practices likely to occur over the rest of this decade, including:
Five key elements of IT security will demand attention under this goal. First, is the establishment of true risk management. Characteristics of an effective risk management process include:
In order to accomplish effective risk management, the Department will establish a user-led, business driven, risk management process staffed by end-users, IT and security experts. This process will be designed to support rapid evaluation and adoption of new solutions. It will be based on a thorough exploration of the risks of deploying or not deploying proposed technologies. If the Department is going to fulfill its responsibility of foreign affairs leadership, it must innovate to provide its employees with the knowledge they need. The Office of e-Diplomacy will continue to provide a strong foundation to lead this process.
The enterprise must manage and accept risks- not place the burden on the individual user. |
Second, the IT security program will deliver improved technology and management solutions for increasing the reliability and availability of the IT infrastructure, and to ensure information integrity and proper authentication of information creators and users. To accomplish the goals of ubiquitous computing and make information available whenever and wherever needed, systems and networks will need high levels of fault-tolerance, redundancy, regular back-ups, and highly professional management. The Department will position itself to take advantage of the rapid advances in security technologies and best practices, such as advanced guard technology and multi-level security solutions for linking classification layers, business continuity planning, data encryption and centralization, thin client, and other approaches. The Department takes seriously the mandate from OMB to strengthen infrastructure and system security, and will use its IT Capital Planning process to promote security enhancements.
Third, we will clearly differentiate and set different policies and barriers for classified vs. unclassified systems. For unclassified systems, including SBU, we are committed to rapid adoption of new technologies that are commonplace in the commercial world. Other organizations, such as financial institutions, protect sensitive data, comparable to State's SBU, using the full capabilities of modern networks and systems, including remote access, wireless devices, and synchronization of systems. We must do the same if the Department is to remain competitive and effective. If necessary, we will improve the labeling of SBU information to prevent unauthorized access; however, the existence of SBU information will not be allowed to stymie the use of new technologies on unclassified systems that are vital for our diplomats to do their jobs.
Fourth, we will establish a process to pre-approve security solutions and modules that can be re-used throughout the Department without further review or approval. The process will be folded into today's Configuration Control Board (CCB) activities. We will apply the emerging Certification and Accreditation processes to these solutions, ensuring that they provide the strong security required. Examples of security solutions to be deployed are:
Fifth, we will ensure that all of State's business processes and systems protect personally identifiable information to the maximum extent possible. Process and system owners will be tasked with reviewing their operations to identify those that collect and/or record PII, seeking to minimize the need for such information, and ensuring that security measures are in place and fully tested to restrict access to personal information and to respond rapidly and effectively in the event of a breach.
When the U.S. established its new diplomatic presence in Kabul in 2002, State was unable to establish secure telecommunications and provide remote access to needed IT systems and data under the battlefield conditions faced by our diplomats. In the same environment, the Department of Defense was able to provide troops with laptop access to classified data and systems. DoD was able to set up this effective, secure, and mobile IT environment in a matter of days. State must be able to do so as well. |
Renewed emphasis on these security solutions, along with a sensible risk management policy, promises to increase IT security while also improving the ability of our diplomats to do their jobs without unnecessary security impediments.
MISSION IS JOB ONE!
Table 3-4: Goal 4 Strategies
Strategy | Key Components | Performance Indicators |
Consolidated IT Security Architecture | • Establish security standards, metrics, and monitoring • Consolidate infrastructure security models | • Single network for each security enclave • Demonstrated ability to meet all business requirements |
New Technology Assessment | • Rapid and responsive process for assessing and approving new technologies • Clarify organizational roles and responsibilities • Establish system owner as accrediting official | • 90-day decisions |
Identity Management | • Government standards -- HSPD 12, PKI, e-Authentication, FIPS 201 | • Common access controls for other agencies and external partners |
Business Continuity | • Oversight by a single entity • Objectives and metrics • Comprehensive plan, schedule, and resource needs • Enterprise business continuity services, e.g., shared COOP facilities, backup and recovery • Execution of advance activities • Comprehensive training • Comprehensive annual testing | • Test results indicate full readiness, approved by executive management |
5. Work Practices and Workforce: Leading Change
State will organize its workforce and IT organization to support the achievement of the other four goals in this Plan, and to enable continuous adaptation to the increasingly rapid changes likely to occur, both in requirements and technology. Technical support operations will be regionalized or centralized, whichever is most cost-effective, to promote rightsizing at posts and missions, and to create centers of excellence at consolidated locations. Such consolidation will ensure that IT staff are positioned to deliver exceptional customer service to end-users to help them maximize the value of information and systems.
The focus of Washington-based and regional organizations will be to support the direct diplomatic and foreign assistance work carried out in the field. The central IRM organization will focus on delivering solutions to the embassies and consulates. Innovations in technology will be configured, pilot-tested, and deployed first to field locations.
This goal will focus first on the work practices and personnel engaged in diplomacy and foreign assistance, and then on aligning IT processes and staff to support the mission related work and personnel. The intent is to provide an integrated IT organization supporting all State operations and extended eventually to the entire foreign affairs community. This new organization will be customer-oriented and driven by service standards and performance metrics.
IT governance processes will be streamlined to ensure that IT resources are allocated in accordance with the strategic plan and evolving priorities.
As technology becomes more pervasive, the Department's foreign affairs officers will become increasingly reliant on the use of sophisticated technology in their daily activities. Under this goal, the Department will ensure that foreign affairs officers have the necessary skills to exploit new and evolving IT solutions. Building on the success of programs such as the Foreign Service Institute's "Training Continuum," innovative training programs and technologies will be used, much as was done under the FY 2001-2005 IT Strategic Plan.
Training for Diplomacy
|
OMSs will be trained to develop into an organizational resource for embassies in IT areas, such as publishing content developed by policy officers on classified web sites, and formulating effective Internet and database searches.
The IRM Bureau and the IT workforce will change to mirror the new, broader focus on information resources: to help our personnel do their day-to-day work, which itself is changing. IT staff, especially those overseas, will spend more time helping end-users get the most value from IT systems and knowledge resources and less time maintaining hardware and networks. The IRM Bureau will focus on core information and user support activities, and will outsource non-core operations to the private sector or government-wide services. The end result will be an IRM Bureau organization re-tooled to provide knowledge leadership services, high-end consultative support to end-users, and technical support for the few unique Department applications.
Service level management will drive the re-tooled IT support environment. Service levels will be established for all services, and service metrics will be collected and published on a monthly basis. Examples include:
The Department will revamp its IT workforce, building on its recent successes in recruitment, retention, and training. The new IT worker will be skilled as an information consultant, able to help Department personnel make the most of the available knowledge bases and analytical tools and suggesting new technology solutions to meet business needs. IT staff at overseas posts will no longer worry about technical support for cranky hardware and applying software patches, tasks which consume far too much of their time today. Instead, they will become a valuable part of the Country Team, providing direct support for the post's strategic priorities.
A new professional discipline will be identified: The "knowledge worker" will understand both mission imperatives and the intricacies of IT. Some technical staff will continue to support the IT infrastructure and technology, but there will be a shift in emphasis toward information consulting and end-user support. |
The success of this Goal and the entire strategic plan depends heavily on the Department's ability to promote innovation, absorb new technology, and make changes far more rapidly than it has done in the past. This will require effective change management and commitment at the highest levels of the organization. It will also require a systematic examination and clarification of the Department's work processes for mission and management related activities. This will enable a more effective IT program focused on 21st century diplomacy. It will also allow officers to make better use of the collaborative, decision support, and information sharing tools and transfer their expertise from post to post.
Beyond the $3,000 Typewriter People use only a small fraction of the capabilities available to them through modern IT. To expand the value of technology, this Plan takes a holistic approach focusing on process reengineering, training, change management, as well as technology innovation. The Department must embrace the value of information and create a knowledge sharing culture. |
Table 3-5: Goal 5 Strategies
Strategy | Key Components | Performance Indicators |
Innovative End-User Training | • Expand IT component of substantive training • Explore ways to make courses more accessible to other agency personnel to improve the effectiveness of the federal overseas workforce • Offer multiple training delivery mechanisms • Require IT training for all personnel • Change management | • Greater volume of IT-enhanced work products (e.g., multi-media, visualization tools) • Measured skill levels of end-users and IT staff • Attendance of end-users, include other agency personnel • Greater use of IT tools in substantive business activities |
Performance Management for IT Service Delivery | • Reorganize the IT support organization for service delivery and customer orientation • Establish steering committee of customers, including field/overseas users, and IT • Develop service level standards and performance metrics • Institute measurement and reporting | • Achievement of service metrics • Corrective actions taken |
Revamp IT Organization | • Develop concept and structure for revamped IT organization | • Elimination of duplications • Efficiencies due to economies of scale • Adoption of new organization |
Technology Innovation | • IT laboratory for innovation • Promote idea generation from multiple sources • Open Standards • Open Source | • User satisfaction with introduction of new technologies to meet business needs • Elapsed time between identified requirement and adoption • Reduced dependence on single vendors for critical technology such as operating system software |
Centralization/Regionalization | • Assess IT needs at posts, regions, and HQ • Develop rightsizing plan for regionalizing and centralizing • Adopt and manage service levels for centrally delivered service • Explore alternative sourcing and pricing options • Expand regional training and use local external training suppliers | • Achievement of rightsizing targets for IT and other personnel • Customer satisfaction • Availability of alternative sources and prices |
Appendix A: Mapping of IT Goals to State/USAID Strategic Plan Goals and Priorities
Joint Strategic Plan | IT GOALS - Examples of IT Support for Strategic Goals and Priorities | |||||
Strategic Goal | Strategic Priorities | 1. The Right Information | 2. Anytime/ Anywhere Access | 3. External Partnerships | 4. Risk Management | 5. Work Practices and Workforce |
Strategic Goal 1: Achieving Peace and Security | • Counterterrorism • Weapons of mass destruction and destabilization • Conventional weapons • Security cooperation and security sector reform • Conflict prevention, mitigation, and response • Transnational crime • Homeland security | • Tailored knowledge bases on key issue areas and diplomatic initiatives (e.g., effective conflict prevention and response programs) • Improved linkage across knowledge bases and information sources (e.g., counterterrorism and economic growth and promoting international understanding) | • Secure mobile access to classified and unclassified to enable officers to work from anywhere • High levels of redundancy equals high availability and business continuity | • Integration of visa and other border security information with Department of Homeland Security. • Upgraded interagency communication links and enhanced coordination with DoD and the intelligence agencies | • Flexible need-to-know policy allows wide access by foreign affairs professionals to information and analysis across issue areas and geographic regions • Using risk models to allow coordination of activities and information across federal, state, and local governments and private organizations to promote homeland security | • IT workforce retrained in mission-related knowledge functions, multimedia techniques, and mobile support for diplomats |
Strategic Goal 2: Governing Justly and Democratically | • Rule of law and human rights • Good governance • Political competition and consensus building • Civil society | • Databases, tools, and metrics for assessing the state of governments around the world • Information products to promote understanding of good government | • Mobile computing to free political officers to work closely with host governments to institute reforms • Portable devices contain and provide access to information needed for negotiation and persuasion • Election monitoring using advanced technology | • Platforms for sharing information on democratic principles and processes with host countries | • Security model that promotes collaboration with foreign publics and governments | • Training State officers and host government officials in democratic institutions, election monitoring, etc. |
Strategic Goal 3: Investing in People | • Health • Education • Social services and protection for especially vulnerable populations | • Integrated global databases on public health, epidemiology, education, and poverty • Access to the most advanced research data about human services issues | • Ability to respond to public health crises and epidemics anytime, anywhere • Providing technology resources for use by host countries to improve the lives of their citizens | • Coordination with host governments and public health and education experts to promote human services • Assistance in creating electronic medical records • Interagency collaboration with all USG organizations involved in public health, education, and human services | • Unrestricted access to unclassified information and advanced Internet capabilities | • Using advanced technologies and networks for human development and training • Training for U.S. and host country personnel to expand use of technology for the betterment of peoples' lives |
Strategic Goal 4: Promoting Economic Growth and Prosperity | • Private markets • Trade and investment • Energy security • Environment • Agriculture | • Intelligent search engines that produce tailored information related to the global economy • Integrated databases on worldwide environmental and energy issues | • Remote access to tailored tools for analyzing and presenting economic data focused on individual countries and regions • Multi-media technologies for interacting with government and business communities around the world | • Collaboration with agencies involved in economics, energy, and the environment • Collaboration with U.S. businesses to assist in overseas marketing and operations | • Streamlined, responsive process for rapid analysis and approval of new technologies | • Economics officers given the tools and training to enable full use of IT |
Strategic Goal 5: Providing Humanitarian Assistance | • Protection, assistance, and solutions • Disaster prevention and mitigation • Orderly and humane means for migration management | • Databases on best practices and success factors in providing humanitarian assistance | • "Office-in-a-box" for rapid deployments to aid in disaster relief • Rapid establishment of remote operations centers for first responders to humanitarian disasters • Innovative tools for first-responders | • Extranets for real-time coordination with NGOs, foreign governments, and experts in refugee assistance and disaster response | • Flexible security posture to enable extranets and robust mobile access from remote locations | • Support for fluid work teams formed as needed to respond to needs for humanitarian assistance |
Strategic Goal 6: Promoting International Understanding | • Offer a positive vision • Marginalize extremism • Nurture common interests and values | • Customer Relationship Management tools customized for the languages and cultures of specific populations • Multi-media materials to present U.S. values and vision | • Video and Web casts and on-line seminars (Webinars) for target audiences extended throughout the world • Interactive tools to engage citizens around the world in key foreign policy issues | • Collaboration tools to coordinate the messages of the federal government presented to overseas populations • Effective public relations materials that reflect benefits provided by all U.S. Government agencies (e.g., USAID foreign assistance, Peace Corps projects, educational grants, scholarships) | • Security model that allows maximum and rapid release and sharing of information | • IT personnel retrained to create and manage content of web sites and to establish Web Logs (Blogs) for person-to-person communication with foreign publics • Political and economic officers trained to use multi-media IT to interact effectively with host country residents |
Strategic Goal 7: Strengthening Consular and Management Capabilities | • Consular services (Visas, Passports, American Citizen Services) • Major management functions | • Continued application of advances in technology to secure travel documents • Data warehouse to consolidate management information and support effective oversight - performance metrics, budgets, customer service | • IT consolidation improves efficiency, service delivery, and rightsizing of overseas operations • Global network and mobile tools for remote consular functions anywhere in the world | • Overseas platform for interagency telecommunications • Consolidation of services across agencies overseas • Enhanced FOIA services for better access to the foreign affairs record | • Risk-based decision-making to ensure rapid introduction of new technologies that meet all USG requirements overseas | • IT workforce elevated in skills and importance in foreign policy function • Management training in effective risk management and decision-making to enable flexible application of IT |
Acknowledgments
Jim Van Derhoff, Chief Information Officer, would like to thank the IRM Strategic Planning team (past and present team members) for developing the FY 2006-2010 IT Strategic Plan:
Kenneth R. Alms* Donald C. Hunter Michael A. Cesena Karen Mummaw Janice J. Fedak Andy Tainter Wally Francis Andrew Winter Barry Finkelstein DeAnne Bryant Michael Ingram Elaine Tiang-Chu*
The IRM Strategic Planning team would like to thank the following individuals for their input to the ITSP:
Susan Swart Chief Knowledge Officer
Deputy Chief Information Officer
Business, Planning and Customer Service Charles Wisecarver Chief Technology Officer
Deputy Chief Information Officer
OperationsJohn Streufert Chief Information Security Officer
Director
Office of Information Assurance
*If you have questions or comments concerning this paper, please contact the IRM/BPC staff indicated above.
| Under a new Department program, bureaus and posts have been developing and maintaining classified web sites available on SIPRNet to promote interchange of important classified information. The lessons learned from this experience will be incorporated into future strategic efforts to centralize web site development to broaden and control access to vital information throughout the foreign affairs and intelligence communities. This will support a key Department function-publishing critical and timely information for its customers. |
The Department will further the goals of e-Government to improve services and transactions for citizens and businesses through the organization, dissemination, and sharing of more and better information.