Information Sharing Environment:

Better Road Map Needed to Guide Implementation and Investments

GAO-11-455: Published: Jul 21, 2011. Publicly Released: Jul 21, 2011.

Additional Materials:

Contact:

Eileen R. Larence
(202) 512-6510
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Recent planned and attempted acts of terrorism on U.S. soil underscore the importance of the government's continued need to ensure that terrorism-related information is shared in an effective and timely manner. The Intelligence Reform and Terrorism Prevention Act of 2004, as amended, mandated the creation of the Information Sharing Environment (ISE), which is described as an approach for sharing terrorism-related information that may include any method determined necessary and appropriate. GAO was asked to assess to what extent the Program Manager for the ISE and agencies have (1) made progress in developing and implementing the ISE and (2) defined an enterprise architecture (EA) to support ISE implementation efforts. In general, an EA provides a modernization blueprint to guide an entity's transition to its future operational and technological environment. To do this work, GAO (1) reviewed key statutes, policies, and guidance; ISE annual reports; and EA and other best practices and (2) interviewed relevant agency officials.

Since GAO last reported on the ISE in June 2008, the Program Manager for the ISE and agencies have made progress in implementing a discrete set of goals and activities and are working to establish an "end state vision" that could help better define what the ISE is intended to achieve and include. However, these actions have not yet resulted in a fully functioning ISE. Consistent with the Intelligence Reform and Terrorism Prevention Act of 2004 (Intelligence Reform Act), the ISE is to provide the means for sharing terrorism-related information across five communities--homeland security, law enforcement, defense, foreign affairs, and intelligence--in a manner that, among other things, leverages ongoing efforts. To date, the ISE has primarily focused on the homeland security and law enforcement communities and related sharing between the federal government and state and local partners, to align with priorities the White House established for the ISE. It will be important that all relevant agency initiatives--such as those involving the foreign affairs and intelligence communities--are leveraged by the ISE to enhance information sharing governmentwide. The Program Manager and agencies also have not yet identified the incremental costs necessary to implement the ISE--which would allow decision makers to plan for and prioritize future investments--or addressed GAO's 2008 recommendation to develop procedures for determining what work remains. Completing these activities would help to provide a road map for the ISE moving forward. The administration has taken steps to strengthen the ISE governance structure, but it is too early to gauge the structure's effectiveness. The Program Manager and ISE agencies have developed architecture guidance and products to support ISE implementation, such as the "ISE Enterprise Architecture Framework," which is intended to enable long-term business and technology standardization and information systems planning, investing, and integration. However, the architecture guidance and products do not fully describe the current and future information sharing environment or include a plan for transitioning to the future ISE. For example, the EA framework describes information flows for only 3 of the 24 current business processes. In addition, the Program Manager's approach to managing its ISE EA program does not fully satisfy the core elements described in EA management best practices. For example, an EA program management plan for the ISE does not exist. The Program Manager stated that his office's approach to developing ISE architecture guidance is based on, among other things, the office's interpretation of the Intelligence Reform Act. Nevertheless, the act calls for the Program Manager to, among other things, plan for and oversee the implementation of the ISE, and officials from the key agencies said that the lack of detailed and implementable ISE guidance was one limiting factor in developing agency information sharing architectures. Without establishing an improved EA management foundation, including an ISE EA program management plan, the federal government risks limiting the ability of ISE agencies to effectively plan for and implement the ISE and more effectively share critical terrorism-related information. GAO recommends that in defining a road map for the ISE, the Program Manager ensure that relevant initiatives are leveraged, incremental costs are defined, and an EA program management plan is established that defines how EA management practices and content will be addressed. The Program Manager generally agreed with these recommendations.

Recommendations for Executive Action

  1. Status: Open

    Comments: When we confirm what actions the agencies have taken in response to this recommendation, we will provide updated information. Status last confirmed on 01/24/2014.

    Recommendation: To help ensure effective implementation of the ISE, and to support future progress in developing and implementing the ISE, and after the end state is defined, the Program Manager, with full participation from relevant stakeholders, should, in consultation with the Information Sharing and Access Interagency Policy Committee (ISA IPC) and key ISE agencies, determine to what extent relevant agency initiatives across all five communities could be better leveraged by the ISE so that their benefits can be realized governmentwide.

    Agency Affected: Office of the Director of National Intelligence: Office of the Program Manager--Information Sharing Environment

  2. Status: Open

    Comments: When we confirm what actions the agencies have taken in response to this recommendation, we will provide updated information. Status last confirmed on 01/24/2014.

    Recommendation: To help ensure effective implementation of the ISE, and to support future progress in developing and implementing the ISE, and after the end state is defined, the Program Manager, with full participation from relevant stakeholders, should, in coordination with the ISA IPC and the Office of Management and Budget (OMB), task the key ISE agencies to define, to the extent possible, the incremental costs needed to help ensure successful implementation of the ISE and prioritize investments.

    Agency Affected: Office of the Director of National Intelligence: Office of the Program Manager--Information Sharing Environment

  3. Status: Open

    Comments: When we confirm what actions the agencies have taken in response to this recommendation, we will provide updated information. Status last confirmed on 01/24/2014.

    Recommendation: To better define ISE EA guidance and effectively manage EA activities to support ISE implementation efforts, the Program Manager should, in consultation with the ISA IPC and key ISE agencies, establish an ISE EA program management plan that (1) reflects ISE EA program work activities, events, and time frames for improving ISE EA management practices and addressing missing architecture content and (2) defines accountability mechanisms to help ensure that this program management plan is implemented.

    Agency Affected: Office of the Director of National Intelligence: Office of the Program Manager--Information Sharing Environment

 

Explore the full database of GAO's Open Recommendations »

Nov 19, 2014

Aug 1, 2014

Jul 23, 2014

Jul 8, 2014

Dec 5, 2013

Sep 10, 2013

Aug 22, 2013

Jun 20, 2013

Looking for more? Browse all our products here