Homeland Security Department tackles enterprise architecture

Computerworld - WASHINGTON -- The U.S. Department of Homeland Security (DHS) plans to complete an initial inventory of its entire IT infrastructure by June -- a critical step toward the ultimate creation of a nationwide architecture for homeland security, said Steve Cooper, the department's CIO.
The new department has already identified more than 2,500 "mission-critical applications or automated solution sets" and more than 50,000 "items" that make up its IT infrastructure, said Cooper, speaking yesterday at the Secure E-Business Executive Summit in Arlington, Va. However, the process of taking an initial inventory is only 40% to 50% complete, he said.
The DHS includes 22 formerly independent federal agencies, and the Office of Management and Budget began working on the Federal Enterprise Architecture Framework in February 2002. The goal is to leverage IT to simplify processes and unify work across agencies and throughout federal business processes.
The challenge for homeland security, however, is to devise an architecture that is secure and aids rapid information-sharing and collaboration at all levels of government and the private sector.
"The national enterprise architecture is not just federal," said Cooper. "We've reached out to state and local environments, and we are reaching out [to the private sector]. But we haven't figured out the optimal way to reach out to the private sector."
The department has started an aggressive outreach effort that's being led by a series of independent task forces hoping to identify business processes common to the department's five directorates. Meanwhile, two separate task forces have been studying infrastructure and application security. And a third task force is studying security from a physical and business-process standpoint, he said.
The challenge of creating a robust enterprise architecture that is both open and secure has been one of the key topics during the many town hall meetings held during the past year by the President's Critical Infrastructure Protection Board. The two goals "seem to be in conflict with each other, but I would submit that they are not," said Howard Schmidt, chairman-elect of the board.
"We have to rethink the way we [create architectures]," said Schmidt. "We used to look at what we can do with it, as opposed to what [an adversary] can do against it." In addition, he said, the introduction of new technologies is forcing officials to "redefine what it means to have a secure architecture.
"Now, the end point, the handheld, the wireless phone are part of your architecture," said Schmidt. "And that architecture and the thought process has to change. When we start adopting