Information Sharing Environment:

Better Road Map Needed to Guide Implementation and Investments

GAO-11-455: Published: Jul 21, 2011. Publicly Released: Jul 21, 2011.

Additional Materials:

Contact:

Eileen R. Larence
(202) 512-6510
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Recent planned and attempted acts of terrorism on U.S. soil underscore the importance of the government's continued need to ensure that terrorism-related information is shared in an effective and timely manner. The Intelligence Reform and Terrorism Prevention Act of 2004, as amended, mandated the creation of the Information Sharing Environment (ISE), which is described as an approach for sharing terrorism-related information that may include any method determined necessary and appropriate. GAO was asked to assess to what extent the Program Manager for the ISE and agencies have (1) made progress in developing and implementing the ISE and (2) defined an enterprise architecture (EA) to support ISE implementation efforts. In general, an EA provides a modernization blueprint to guide an entity's transition to its future operational and technological environment. To do this work, GAO (1) reviewed key statutes, policies, and guidance; ISE annual reports; and EA and other best practices and (2) interviewed relevant agency officials.

Since GAO last reported on the ISE in June 2008, the Program Manager for the ISE and agencies have made progress in implementing a discrete set of goals and activities and are working to establish an "end state vision" that could help better define what the ISE is intended to achieve and include. However, these actions have not yet resulted in a fully functioning ISE. Consistent with the Intelligence Reform and Terrorism Prevention Act of 2004 (Intelligence Reform Act), the ISE is to provide the means for sharing terrorism-related information across five communities--homeland security, law enforcement, defense, foreign affairs, and intelligence--in a manner that, among other things, leverages ongoing efforts. To date, the ISE has primarily focused on the homeland security and law enforcement communities and related sharing between the federal government and state and local partners, to align with priorities the White House established for the ISE. It will be important that all relevant agency initiatives--such as those involving the foreign affairs and intelligence communities--are leveraged by the ISE to enhance information sharing governmentwide. The Program Manager and agencies also have not yet identified the incremental costs necessary to implement the ISE--which would allow decision makers to plan for and prioritize future investments--or addressed GAO's 2008 recommendation to develop procedures for determining what work remains. Completing these activities would help to provide a road map for the ISE moving forward. The administration has taken steps to strengthen the ISE governance structure, but it is too early to gauge the structure's effectiveness. The Program Manager and ISE agencies have developed architecture guidance and products to support ISE implementation, such as the "ISE Enterprise Architecture Framework," which is intended to enable long-term business and technology standardization and information systems planning, investing, and integration. However, the architecture guidance and products do not fully describe the current and future information sharing environment or include a plan for transitioning to the future ISE. For example, the EA framework describes information flows for only 3 of the 24 current business processes. In addition, the Program Manager's approach to managing its ISE EA program does not fully satisfy the core elements described in EA management best practices. For example, an EA program management plan for the ISE does not exist. The Program Manager stated that his office's approach to developing ISE architecture guidance is based on, among other things, the office's interpretation of the Intelligence Reform Act. Nevertheless, the act calls for the Program Manager to, among other things, plan for and oversee the implementation of the ISE, and officials from the key agencies said that the lack of detailed and implementable ISE guidance was one limiting factor in developing agency information sharing architectures. Without establishing an improved EA management foundation, including an ISE EA program management plan, the federal government risks limiting the ability of ISE agencies to effectively plan for and implement the ISE and more effectively share critical terrorism-related information. GAO recommends that in defining a road map for the ISE, the Program Manager ensure that relevant initiatives are leveraged, incremental costs are defined, and an EA program management plan is established that defines how EA management practices and content will be addressed. The Program Manager generally agreed with these recommendations.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: As part of the 2015 high risk update, GAO conducted a review of the current state of terrorism-related information sharing. As part of that review, we revisited the recommendations we made in our 2011 report on the Information Sharing Environment (ISE). In the 2011 report, we noted that the ISE could benefit from leveraging individual department's information sharing initiatives and that the Program Manager--in consultation with the information sharing policy committee (within the Executive Office of the President) and key departments--should determine potential ways to realize such benefits government-wide. The 2013 ISE Annual Report to Congress identified several instances where key agencies were incorporating other agencies' initiatives. For example, the Federal Bureau of Investigation's (FBI) eGuardian system allows law enforcement agencies to submit suspicious activity reports into a single system that is accessible by thousands of law enforcement personnel. In the 2013 ISE annual report, 11 of 15 agencies that participate in the ISE reported that they use the FBI's eGuardian system. Also, in the 2014 Performance Assessment Questionnaire--which surveys the federal agencies involved in the ISE to gain an understanding of the overall state of information sharing among and between federal agencies--numerous agencies also mentioned fusion center information sharing as an initiative that they were leveraging. Specifically, all agencies that answered the 2014 question related to fusion center progress reported satisfaction with improvements made in the last year to enhance the capabilities and performance of the national network of fusion centers. This included improving the sharing of threat and encounter information between the federal government and state, local, and private partners. The above examples demonstrate that progress has been made in leveraging individual department initiatives across the ISE. Based on these and other actions, we consider this recommendation to be closed as implemented.

    Recommendation: To help ensure effective implementation of the ISE, and to support future progress in developing and implementing the ISE, and after the end state is defined, the Program Manager, with full participation from relevant stakeholders, should, in consultation with the Information Sharing and Access Interagency Policy Committee (ISA IPC) and key ISE agencies, determine to what extent relevant agency initiatives across all five communities could be better leveraged by the ISE so that their benefits can be realized governmentwide.

    Agency Affected: Office of the Director of National Intelligence: Office of the Program Manager--Information Sharing Environment

  2. Status: Closed - Implemented

    Comments: As part of the 2015 high risk update, GAO conducted a review of the current state of terrorism-related information sharing. As part of that review, we revisited the recommendations we made in our 2011 report on the Information Sharing Environment (ISE). In our interviews that supported the 2015 update, officials from each of the five key ISE departments (the Departments of Homeland Security, Justice, State, and Defense, as well as the Office of the Director of National Intelligence) said that information sharing activities are a daily activity that go hand in hand with the mission of the agency and related budgets, and are not separate mandates to fund. Therefore, the officials noted that there is no need to separately identify incremental costs since information sharing activities and costs are embedded within the agencies' mission operations. The Program Manager for the Information Sharing Environment and department officials also noted that the ISE Implementation Plan--which provides detailed guidance for the 16 priority objectives that are fundamental to creating the standards, technologies, and cooperation necessary to advance information sharing--assigns priority objectives to those departments whose mission most aligns to the initiatives under each objective, thereby helping to ensure that the activities receive funding. Based on these actions, we consider this recommendation to be closed as implemented.

    Recommendation: To help ensure effective implementation of the ISE, and to support future progress in developing and implementing the ISE, and after the end state is defined, the Program Manager, with full participation from relevant stakeholders, should, in coordination with the ISA IPC and the Office of Management and Budget (OMB), task the key ISE agencies to define, to the extent possible, the incremental costs needed to help ensure successful implementation of the ISE and prioritize investments.

    Agency Affected: Office of the Director of National Intelligence: Office of the Program Manager--Information Sharing Environment

  3. Status: Open

    Comments: As part of the 2015 high risk update, GAO conducted a review of the current state of terrorism-related information sharing. As part of that review, we revisited the recommendations we made in our 2011 report on the Information Sharing Environment (ISE). In the 2011 report, we noted that the Program Manager for the Information Sharing Environment and key ISE agencies had developed architecture guidance and products to support ISE implementation, such as the ISE Enterprise Architecture Framework, which is intended to enable long-term business and technology standardization and information systems planning, investing, and integration. However, the architecture guidance and products did not fully describe the current and future information sharing environment or include a plan for transitioning to the future ISE. We recommended that in defining a roadmap for the ISE, the Program Manager ensure that an Enterprise Architecture (EA) program management plan is established that defines how EA management practices and content will be addressed. As part of our 2015 high risk update, we reported that the Program Manager has made progress in addressing this recommendation by issuing guidance to improve the ISE's EA management. For example, the ISE Implementation Plan includes tasks and time frames associated with establishing aspects of the ISE's architecture. Such tasks and time frames include improving interoperability by developing the Information Interoperability Framework (I2F), defining needed capabilities and services, and developing a plan for a repository of these capabilities and services. This plan will help ensure that the information-sharing community is aware of the available capabilities and services. The Program Manager has issued an initial version of the I2F to guide the implementation of information-sharing capabilities. The I2F begins to describe key information sharing elements, including how different departments might be able to align their enterprise architectures with interoperability concepts described in I2F. In addition, this framework outlines, among other things, an approach for establishing core sets of standards and specifications across organizations. For example, officials from the office of the Program Manager stated that the framework helped provide technical specifications for a Maritime Information Sharing Environment, including specifications to publish and search for information about a ship's location. However, the Program Manager has not yet demonstrated that key departments are implementing over time the approach and interoperability concepts described by I2F. Additionally, the Program Manager has not yet demonstrated how he will hold key departments and entities accountable over time for executing key architecture-related tasks described in the Implementation Plan and for achieving associated outcomes. We will continue to monitor these EA activities in this high-risk area to ensure that they are sustained over time and our 2011 recommendation is fully implemented.

    Recommendation: To better define ISE EA guidance and effectively manage EA activities to support ISE implementation efforts, the Program Manager should, in consultation with the ISA IPC and key ISE agencies, establish an ISE EA program management plan that (1) reflects ISE EA program work activities, events, and time frames for improving ISE EA management practices and addressing missing architecture content and (2) defines accountability mechanisms to help ensure that this program management plan is implemented.

    Agency Affected: Office of the Director of National Intelligence: Office of the Program Manager--Information Sharing Environment

 

Explore the full database of GAO's Open Recommendations »

Jun 25, 2015

May 14, 2015

Nov 19, 2014

Aug 1, 2014

Jul 23, 2014

Jul 8, 2014

Dec 5, 2013

Sep 10, 2013

Looking for more? Browse all our products here