Defence information strategy
Updated 28 December 2017
Foreword
This update to the defence information strategy incorporates many small but important changes since its publication in December 2016. The defence information vision it contained remains valid, to: “deliver information capabilities to defence that act as a force multiplier”. The measurement of our information capabilities is against our adversaries and the state of the industrial art, both of which are moving targets:
- to maintain our competitive advantage then
- development and innovation must be continuous
The exploitation of these capabilities, through digital acceleration, will lead not only to the delivery of new technologies, but the adoption of new tools and techniques by warfighting and business users alike, which will in turn require the upskilling of all our people.
The ISS transformation programme, which ended in March 2017, has shaped its people and processes to keep pace with this change through a new organisational design, operating model and defence ICT design authority. The major structural changes have been completed successfully, which will make it more responsive to its customers, however ISS will continue to evolve, most notably in 2018 with the separation of the 3* roles of defence chief information officer and chief executive officer ISS. This will allow the single organisation to maintain 2 tightly bound but distinct focuses:
- the CIO will be primarily concerned with policy, strategy, assurance and design for ICT portfolio across the department
- the CEO ISS with defence ICT delivery and support to users. Work is underway to establish the details of how this will modify the ISS blueprint, the outcome will influence the next version of the defence information strategy in 2018
Lieutenant General Ivan Hooper CEO ISS and (interim) defence CIO
Introduction
This defence information strategy (DIS) draws together key concepts, work-streams and initiatives to explain how they will meet the demands of information age warfare. It describes how defence will be provided at pace with information capabilities that are a force multiplier.
Information underpins all activities in defence, it is the medium through which we understand the world around us. Appropriate sharing of timely, accurate and trusted information across defence, partners across government, allies and with industry is critical to the effectiveness of the department of state, and for the warfighter to achieve information superiority. It is a ‘force multiplier’.
The nature of future conflict will in part be shaped by the blurring of physical and virtual domains, creating boundaryless warfare. The availability of sophisticated, commoditised technologies to what would traditionally be ‘mediocre’ adversaries is eroding information advantages previously enjoyed by higher spending forces. Technologies such as ubiquitous cloud and ‘always connected’ mobile devices are almost universally available at little cost. Maintaining an operational advantage requires the optimisation of existing capabilities, innovation and the imaginative exploitation of emerging technologies such as the internet of things, robotics, simulation and artificial intelligence.
Information needs to be appropriately managed and shared if it is to be exploited. Defence operates its networks in a technically hostile environment where the threat to our information and relative technical advantage is always evolving. As such, we need to build information capabilities that are interoperable, integrated and which are shaped, but not constrained, by the need for cyber defence. Moreover, to improve coherence it is essential that defence adopts an enterprise approach through strategy and architecture to address challenges such as ‘big data’, information assurance, agility and fiscal constraints. Information should fully support our armed forces, as outlined in joint force 2025, to protect, understand, shape and effectively respond within the changing international environment.
Transformational activities are already underway to improve defence information capabilities and relate to how defence designs, develops and operates ICT services. Information systems and services (ISS) is delivering a dynamic response to information needs across the single information environment (SIE). We are developing defence as a platform (DaaP), incorporating the new style of IT (NSoIT); making defence master of its own destiny, contracting for outcomes, and developing our people across defence. This overall DaaP approach will enable us to exploit platform economics, which teaches us that we can leverage assets and information that is operated and maintained outwith defence.
Purpose and applicability
The DIS addresses 3 key challenges:
- to describe how defence exploits and protects information as a strategic asset
- to outline the ICT response to departmental and operational needs in the context of wider government imperatives
- to provide a guiding view of how defence can meet the challenges and opportunities provided by digital technologies and digitalisation
The DIS encompasses the requirements of departmental implementation of cross-government digital strategy. It provides a definitive framework for defence from which the defence CIO (DCIO), as defence authority for information, sets the information policy that TLBs, front line commands (FLC) and defence authorities can support through their plans. The DIS is a strategic narrative that draws together the elements of DCIO’s manoeuvrist approach to show clear progress towards the DIS outcomes and creates a common language to link concepts and capabilities across defence.
The DIS applies to the full breadth of the defence enterprise. It aligns with other government departmental strategies, is consistent with policy and the appropriate target architectures. The DIS addresses the here and now, provides a clear view of what needs to be done over the next few years, and links to longer term planning.
Context
National security
The 2015 strategic defence and security review established 3 high-level objectives [^1] which are guiding the approach to defence and security. These are:
- to protect our people: at home, in our overseas territories and abroad, and to protect our territory, economic security, infrastructure and way of life
- to project our global influence: reducing the likelihood of threats materialising and affecting the UK, our interests, and those of our allies and partners
- to promote our prosperity: seizing opportunities, working innovatively and supporting UK industry
These objectives will be refined by the forthcoming national security and capability review (NSCR). It will not change the pivotal place that information is recognised to holds in relation to the United Kingdom’s defence and security. The department will continue to work with government, civil authorities and industry, particularly in relation to cyber resilience and the protection of critical national infrastructure.
Allies
Future UK operations are likely to be in a NATO context, or as part of a ‘coalition of the willing’. Our focus will be on the institutions and nations where our most critical interdependencies exist. For the purpose of planning, the priority order is NATO, the US and France. In parallel, the UK will work closely with 5 EYES partners and other multilaterals. However, future operations may also require us to work with non traditional allies, demanding innovative solutions to interoperability challenges and sovereignty.
UK defence will monitor, contribute to and where appropriate exploit major NATO initiatives, whilst complying with NATO standards wherever practicable. This includes, but is not limited to fulfilling our role as an affiliate in the federated mission networking (FMN) implementation plan in order to enhance deployed interoperability with allies and partners and engaging with smart defence and connected forces, and cyber initiatives.
NATO is also developing an enterprise architecture policy using the NATO architecture framework together with a NATO C3 taxonomy, and supported by a major IT modernisation project, which will be underpinned by an ITIL based approach utilizing a NATO Service Catalogue and Portfolio. Where appropriate, UK will align with NATO as part of our international-by-design approach, and will continue to engage with and contribute to these initiatives, similar to NSoIT.
Government
From a legislative perspective, defence must comply with its legal and regulatory responsibilities for information handling, meeting information rights and other disclosure obligations, and supporting public and parliamentary accountability.[^2] There are a number of government strategies and initiatives that will influence defence’s strategy development and direction:
- government as a platform. Government as a platform (GaaP) is the vision for digital government. A common core infrastructure of shared digital systems, technology and processes on which to build customer-centric government services. Defence as a platform, provides a set of common corporate and differentiated ICT services and is a significant contributor to GaaP
- common technology services (CTS). The aim of CTS is to provide better value technology which meets user needs, costs less and enables cross-government collaboration. CTS will aim to deliver common designs, products and reusable services. Defence will contribute all of its design patterns, including those for the NSoIT office 365 implementation, to CTS
- Digital marketplace. The digital marketplace provides customers and suppliers with a single point of interaction. The 3 facilities available are: > >1. G-cloud. G-cloud marks a move away from a product-based to a service-based delivery model. Defence shall only procure cloud computing services from the UK government cloudStore. Projects will use cloud computing services in the following order of priority, software as a service, platform as a service, then infrastructure as a service. > >2. Digital services. Defence is mandated to exploit the government digital service and the crown commercial service and, therefore, will only procure services through this method. > >3. Digital outcomes and specialist framework. The digital outcomes and specialist framework is a government provided service where suppliers are pre-approved by the digital marketplace team and crown commercial service. Defence may make use of this framework to obtain specialists for set projects.
- Open standards. The UK government is selecting a set of open standards for use in government technology. They enable interoperability through open protocols and open data/document formats. Defence ICT policy mandates all new ICT solutions to natively support both the agreed government open formats and the NATO Standards Agreements (STANAGS).
- Registers. Registers are accurate up-to-date lists of information that can be used by service teams across government departments to assist in building a better digital services. Registers are used to provide up to date information across government such as the FCO list of countries. This ensures that you will only ever be working with one accurate and up-to-date information. A register is owned by a single custodian within a department. A register shall allow a project/delivery team to provide a service more efficiently rather than checking if the data being used is still accurate.
- Sustainable ICT. The government’s vision is for a cost effective and energy efficient ICT estate with reduced environmental impact to enable new and sustainable ways of working for the public sector.
Technology horizon scanning
Defence needs to maintain its advantage in a highly contested information environment, identifying and exploiting emerging technologies and applying these as force multipliers in both the business and operational space more rapidly than our competitors. To achieve this, tracking such emerging technologies will be treated as routine business by ISS.
ISS will actively search and monitor industry, government departments, academia, social and mainstream media, identifying trends and quickly assessing potential threats and opportunities for defence. Best practice and innovation at the edge by MOD organisations will be championed and ‘swiped with pride’ so they can be made available to all across the base and deployed domains.
To maximise the potential for innovation in delivering capabilities that are a force multiplier, ISS will apply agile principles to develop, integrate and deliver products and services at pace. Regardless of role or location, discovery of new services via a single service catalogue and accessing these across the enterprise via DaaP will allow everyone in defence to consume new capabilities faster, easier and more effectively.
Ends
Force Multiplier
Delivering information capabilities that are a force multiplier dramatically increases operational and business effectiveness. For operations, it increases the effectiveness of forces across the 5 domains: * maritime * land * air * cyber * and space
while in the corporate space it increases the effectiveness of business decision making. Information capabilities can be a significant force multiplier in both environments if they are up to date, work as intended and are delivered in an agile and timely fashion. The intent behind force multiplication is to generate leading-edge capabilities through consistent innovation and imaginative exploitation.
It is essential to deliver information capabilities to support defence’s outputs, the digitalisation of defence and the development of joint capabilities. Defence will play a full role in the government’s digital strategy, working with the government digital service and across government departments to transform the way we do business. We will work to introduce digital services and information that make it simpler, easier and faster for people interacting with defence to get things done, internally, with industry and with citizens particularly in relation to recruiting, reserve forces and veterans.
The main outcome is:
*From the warfighter to the corporate HQ, users are at the heart of a single information environment in which they can access, via a single identity, and appropriately share the information they need to meet their business objectives or achieve information superiority over an enemy.
The strategic outcomes and its 2 subordinate levels are core to the strategy’s implementation in that they allow all stakeholders across defence to understand and participate in key activities and outputs. Moreover, they will form the framework against which strategy implementation will measured and reported. The ultimate aim is to ensure that implementation is coherent and focused on achieving outcomes which deliver tangible benefits to defence. The defence ICT design authority (DIDA) will ensure that all ICT programmes across defence are mapped to these outcomes and contribute to their delivery.
Requirements
DIS has to be responsive to defence’s evolving needs and provide appropriate direction to ensure that we deliver an optimal and affordable mix of information services. Defence should innovate across all we do, taking advantage of new technologies to provide information capabilities that:
- exploit and protect information as a strategic asset and ensure that the warfighter achieves information superiority in a contested battlespace
- deliver a set of common corporate and differentiated ICT services through a DaaP approach that reduces complexity, cost and which enables agility and innovation
- provide interoperable, assured and resilient systems and services which recognise that the enterprise begins at the edge
- accessorise information with weapons platforms[^3], integrating platforms from the dismounted solider to ships and aircraft as part of the single information environment
- are driven by the warfighters’ needs across a range of channels and devices
- are designed for interoperability and openness, supporting device agnostic security controls that focus on securing the data and not the infrastructure or device
- support the exploitation of digital technologies across all defence capabilities and place the customer and the citizen at the heart of what we do, supporting the government’s digital strategy
- are delivered, managed, supported and exploited by a defence workforce that has the necessary skills and knowledge needed to create world leading war-fighting capabilities
Ways
Approach
Defence will achieve the information vision by exploiting concepts, models and best practice adopted by industry, government and allies. The ‘ways’ section provides enduring models and approaches that will shape defence’s plans for the next decade. As a government department we will seek to support and exploit government initiatives, services and frameworks. In particular, as warfighters, we will work with NATO and our key allies to develop agile and interoperable information capabilities. Defence needs to be ‘masters of our own destiny’, taking responsibility for architecture, design and integration of capabilities and services. The ‘ways’ element of this strategy is key to achieving the level 1 outcomes defined in the strategic outcomes. These have been adjusted to encompass the government’s strategy and planning with respect to digitalisation and the delivery of digital services. In particular, the level 1 outcomes have been changed to align with the government approach to digital transformation, enterprise IT, user centric design, information security; and data. The titles of the updated level 1 outcomes are as follows:
- enterprise information technology
- user centric design
- information security
- operations
- data and information
- people
Ways of Working
To ensure that information capabilities realise the desired benefits, ISS will continue to develop strong relationships across the key communities in defence, particularly with PJHQ, CDI and capability areas in the FLCs as well as other TLBs. We will seek ways to improve collaboration with allies, across government and with industry to deliver better outcomes for defence. ISS will continue to exploit the opportunity offered by the existence of defence authorities for cyber, C4ISR and information.
Information
Defence should regard information as a strategic asset where its value is often increased through sharing. Classified information will be appropriately protected according to its particular value and quality, however the default should be open and accessible. Data as a source of our information will be managed as a valuable asset through data governance, master data management and data ownership through the defence authority for information.
Information is most powerful when it is available and visible to the right person, who has the necessary skills and behaviours to manage and exploit it at the right time and in the right place.
To support better decision-making, data needs to be mastered, captured and aggregated. This information needs to be assessed, assured, analysed, and combined with other multi-source information and knowledge, to enable information exploitation, reporting, visualisation and presentation of insight-based actions in a meaningful way to the decision-maker.
Management information (MI) investments across defence should be consistent with the defence MI policy and DCIO, as defence authority for management information, will expect to approve new MI investments through the DIDA.
Defence as a Platform (DaaP)
DaaP responds to the government as a platform (GaaP) initiative by updating the defence architecture to provide a universal user experience, and to ensure all systems and applications are ‘evergreen’ and deliver solutions that avoid vendor lock-in. The implementation of DaaP is based upon 3 principles:
- provide universal access and similar user experience, the look and feel should remain similar across all domains and physical locations, provide the same relevant information, and be accessible with a common login credential
- deliver “evergreen” solutions and infrastructure: service components, for users and in the underlying infrastructure, will always be up to date
- eliminate “vendor lock-in”: by delaminating IT infrastructure and contracting for services ISS will be able to use a competitive, vendor-agnostic marketplace
Current ICT and service offerings will be rationalised, minimising the number of different legacy applications, instantiations and versions supported by DaaP to allow more harmonized service provisioning. The ability to scale services in relation to business demand is required to support the flexibility that will allow a broad user base to consume a set of common services. This adaptable service approach needs to be supported by scalable IT infrastructure that can accommodate changing service capacities and deployment scenarios. Providing users with a familiar and consistent experience across a range of access channels and operational environments that will enable and engender service consumption by the user base.
Platform services will primarily be consumed by MOD TLBs but could be made available to other government departments and wider industry. These services can be supplied by any group that has a licenced and assured product and route into the MOD, creating greater flexibility when selecting suppliers and avoiding vendor lock-in. Figure 1 identifies the transition between the current vertical structures adopted by MOD for buying systems to the new structure for contracting via DaaP for shared platform services.
ISS will determine what core platform services will be available via the service catalogue. These services will apply to base, deployed and overseas at Official, Secret and above. The boundaries between base and deployed architecture will be removed in recognition that user requirements in these domains are often similar. A consequence of DaaP will be a need to manage a greater number of core platform service changes, as shorter and smaller contracts turn-over. The development and release of services will be staged to avoid conflict of change.
Figure 1
Under DaaP, ISS will become an ‘ICT as a service organisation’ providing a coherent, assured and integrated set of common ICT services to defence to be exploited by all and a mechanism for hosting differentiated business or mission specific services. Business units will have the facility to purchase additional capability through an interactive service catalogue supported by a transparent pricing model allowing better visibility of the true costs of their services. This will require structural and technical changes and the ISS service catalogue will be fundamental to success.
The service based approach also looks to end the problem of ‘technology debt’, where defence is continually challenged to invest in following vendor product lifecycles to a model of ‘evergreen technology’ provided through the service. DaaP is a way to provide shared sets of common components and infrastructure that can support all missions and lines of business services/applications across defence.
This DaaP approach will enable platform economics, where the value created can be disproportionate to the investment and size of the team required to create it. Platform economics enables the exploitation of information and spare capacity, through the creation of frictionless eco-systems across multiple linkages that can highlight business insights.
Single information environment (SIE)
….a logical construct whereby assured information can pass unhindered from point of origin to point of need’, The SIE will incorporate a single intelligence environment
Defence will provide a secure, reliable, and agile enterprise-wide information environment for UK forces and mission partners across the full spectrum of operations. An enterprise approach will enable the warfighter to focus on information and mission objectives and less on being the capability integrator. The SIE will be a force multiplier, improving mission effectiveness, enhancing cyber security, and reducing information capability complexity and costs.
The SIE as a logical construct, will be delivered through architecture, standards and patterns that are used to shape the defence information portfolio. The development of the SIE is dependent on the action plans and core services created as part of DaaP, including the NSoIT and the establishment of the Defence ICT Design Authority. This effort will realign, restructure, and modernize how the department’s IT networks and systems are constructed, operated, and defended.
Defence ICT Design Authority
The defence ICT landscape is diverse and in many cases consists of divergent systems that do not integrate well. This diversity and lack of integration has created silos of information and technology, that prevent/impede sharing of data and information.
The DIDA has achieved a consolidated approach to workflow management across ICT by introducing a 2 tiered governance structure. At a strategic level, the monthly defence ICT design authority board (DIDAB) is responsible for ensuring compliance with policies and standards, encompassing,
- architecture
- innovation
- digital
- information
- strategy
- legislation
- security
The enhanced control of departmental resources achieved by the new governance structure enables important design decisions to be made in-house and for defence to be more agile and able to exploit changes in the technological landscape.
This approach represents a fundamental shift in how we procure both new and current services. The DIDA will focus on moving all new requirements onto DaaP before moving legacy and managing associated contractual and legal issues.
Target architecture
Defence will move away from a systems-centric to a service-oriented view and exploit opportunities presented by ICT trends like cloud computing, mobility, social media and data analytics. In the OFFICIAL security tier, use of commodity offerings will be key, configuring them for defence’s needs rather than bespoking. The aim at OFFICIAL is to adopt industry best practice and design in security by adopting a ‘defence in depth’ approach. Commodity ICT will be augmented to also meet the needs of customers at higher security tiers and on operational missions. DaaP consists of a core set of platform services shared across many more specialised services spanning both the business space and the battlespace. All services are discovered and consumed through a single service catalogue and digital marketplace for defence.
The reference architecture developed by the DIDA will be applied to all new procurements. The reference architecture is detailed in the defence manual of ICT and contains 5 key elements:
- a common taxonomy aligned to the NATO C3 Taxonomy, the language used to describe our building blocks
- mandated design principles, a description of what is “good”
- published strategies for the building blocks
- agreed rules/constraints for the building blocks and the whole ICT enterprise
- an agreed governance model based upon enfranchised domains
ISS will extend its current portfolio of ICT devices to offer an increased range of options including tablet, phablets and smart phones. This range of devices will be owned and managed by the MOD enabling customers, with funding, to select the appropriate devices to support their work.
The DaaP architecture will be partitioned into 2 layers. The first consists of common “platform” services which deliver an immutable set of services to all users. The second consists of specialist services which draw on the core platform services and serve limited communities of users. Defence will develop a “common core” set of services that can be consumed by defence customers, providing a secure managed ICT enterprise with appropriate access to information where needed. Services will range from traditional technologies such as connectivity, directories and hosting through services such as identity and access management (IDAM) and productivity to services associated with providing, operating and defending the defence ICT enterprise. To enable a strong cyber defensive posture we will:
- take an enterprise-wide view of security to continuously monitor our information and networks so we can detect, contain and remediate hostile activity quickly
- invest in our security professionals to ensure we can protect our war-fighting ability, and educate our people to improve awareness and cyber hygiene
- expand our focus to include related dependencies on the critical defence infrastructure and building management systems
Much of this ‘common core’ will comprise management and security enabling services that allow commands and TLBs to easily build and deliver operational capability. The introduction of services that conduct data science analytics will provide tools to deliver key information to decision makers. Underlying networks may impose bandwidth constraints, therefore management services should optimise traffic while still allowing operational commanders to prioritise key information flows. Similarly, security services will protect the assets on the defence network from a variety of threats whilst still enabling the effective and timely processing and sharing of information.
As defence operates in conjunction with other government departments, NATO and coalition partners, these common core services will align with emergent UK government, NATO, 5-Eyes and coalition architectures.
MOD will continue its ‘cloud first’ policy, moving away from legacy applications and hosting towards a cloud computing model. The use of infrastructure as a service, platform as a service and software as a service should be considered as a priority for the design or deployment of a new services. As legacy applications move towards a cloud model, some services will become available to personal devices over the Internet. These services will include email, calendar, training and some HR functions. Evergreen IT is a consequence of adopting a cloud first strategy and requires ICT asset management to be structured around the need for continual change.
At SECRET, and for deployed, MOD will offer a ‘cloud-like’ infrastructure that provides modern services with the necessary protection of the network, hosting, applications and information required to support all defence activities including the need to share information with, or consume services from other security domains. Patterns and approaches from the fixed environment will be adopted to provide a consistent experience for customers deployed on operations.
Defence information assurance regime
Information capabilities within defence will be provided with assured confidentiality, integrity and availability. MOD needs to ensure that the right information is available, at the right time, for all levels of decision-making across all lines of activity. DCIO has published an unambiguous risk appetite for the information types exploited by the defence enterprise and approach information assurance across all business processes and the defence lines of development.
A chief information security officer (CISO) appointment will be created, with delegation from the DCIO to apply proportionate measures to mitigate the risk to MOD information capabilities and account for enterprise-wide information risk management to a number of senior forums including the 4* information board, the defence audit committee and the Defence Board.
This information assurance approach will ensure success for DaaP by ensuring that the department procures secure information systems that are fit for purpose. To achieve this DCIO will exploit a spectrum of information assurance practices which will address potential vulnerabilities in people, process and technology.
Data
Defence needs to exploit the full potential of the data it holds through active data management, better digital processes, and more timely and cost effective analysis to derive maximum value to support evidence-based decision making. As data holdings grow exponentially across the defence enterprise and unstructured data becomes a major source of insight, the need to embed good data management practice, provide the right infrastructure and tools, and have people with the right skills, knowledge and experience becomes ever more important. Defence will address the ‘big data’ challenge by developing the enterprise technologies, skills and strategic partnerships, to allow data analytics to be exploited by the business to make better decisions.
Greater understanding of the questions that defence needs answering, the information required by the various fora and boards. The performance required across the MOD, is key to prioritising improvements in defence data and developing agreed definitions and standards for delivering information that is trusted and used in defence decision making.
As individuals within defence, we need to ensure that our own data and the data we are responsible for is accurate. As providers and consumers of information we need to ensure the integrity of source data is maintained and defence standards and definitions are followed to ensure coherence across the department.
As defence modernises, we need to free data from the legacy (and often proprietary) applications to enable its wider and more dynamic exploitation. We need to develop an infrastructure capable of supporting the demand for data, developing an architecture of our authoritative data sources, enabling exploitation by new and emerging technologies. Embedding good data management practice to deliver well governed, quality assured data when and where it is needed across the enterprise is key to exploiting the breadth, depth and diversity of our data holdings.
We are working to develop communities of interest (COI) for data management and data science to bring together experts to share best practice, innovative ideas and opportunities across defence. In addition, we will support defence authorities and business units efforts to work with allies to improve the use of data to support the warfighter.
The evolving data legislation landscape, particularly the general data protection regulations, will require the MOD to align its practices with those of the cabinet office and other government departments, both from a legislative and ethical perspective. We will need to reduce the holdings of personal data through providing the capability to access, innovate and analyse data at source.
People
People lie at the heart of defence capability and the delivery of defence outputs, accordingly, the MOD relies on the commitment, professionalism and skills of its people - recruiting, retaining and developing the right people is a top priority for the department. A key challenge is that defence needs sufficient suitably qualified and experienced people (SQEP) to deliver the change portfolio. The existing SQEP are spread too thinly to achieve our desired outcomes.
In some areas, these responsibilities call for further investment in skills. Importantly BUs need to be shown the benefits of supporting the workforce planning of the 2* information skills champions and the subordinate heads of profession. MOD will actively seek to reshape its workforce to meet the challenge of transformation and create opportunities. In particular, it will increase the number of apprentices and graduate trainees.
Defence will participate in the digital technology profession work across government and use the outcomes to add value to our professions in defence. To seize the opportunities for business transformation, defence will require technology skills across the breadth of the business, not just in the ICT functions. We will work to improve digital skills and awareness in non-technical roles such as policy and among our leadership. We will also develop a digital engagement (digital inclusion) strategy to ensure no-one in defence is left behind by the move to digital services.
Cultural fit
To implement a strategy it is essential to consider the cultural fit, i.e. what cultural change is required to achieve the defined end state and outcomes? The cultural risk we face in changing so radically is the organisational and individual tendency to drift back to the way things were before; we cannot allow this to happen.
A key factor here is in challenging received wisdoms. All cultures are riddled with mental frames of reference that might once have been rooted in some valid rationale, but have become ‘the way we do things around here’. We need a culture which can ‘reimagine’ how to exploit digital technologies to deliver its outputs.
One of the key received wisdoms is that defence is unique. This is true only in so far that no other sector has governmental authority to close with and destroy the enemy. In most areas of our endeavour, there are direct parallels in orthogonal sectors. For instance, the oil and gas industries operate in hostile conditions and have information exchange requirements from gigabit pipes in the headquarters to megabit pipes in the field. It is important that we exploit best practice and solutions from wherever we can find them and implement these in a vanilla way rather than bespoking them because we are ‘unique’.
Means
Strategic action plan
This section considers how defence will implement this strategy and achieve the vision as expressed through the outcomes, end state. The vast majority of strategies fail in implementation and therefore defence needs to build on the change momentum achieved to-date to deliver information outcomes at real pace. The immediate focus is on what needs to be done from now until end 2018. A strategic action plan will identify and manage the key tasks and dependencies and business change. The ‘means’ section will focus on the key actions that are needed to implement DIS at pace and to achieve the 34 Level 2 outcomes detailed in the strategic outcomes.
With the continued support of the Defence Board, MOD is on a journey that encompasses not only technology but, importantly, progressive and enduring cultural and process change. Change that requires pervasive and iterative changes in the way ICT is organised, how services are defined, delivered, consumed and paid for, as well as how success is measured. These changes will shift the emphasis of the debate away from the cost of ICT and on to the value that it brings.
‘Masters of our own destiny’
The next stage of the journey is for ISS to become ‘masters of our own destiny’. Defence will realise this vision through the implementation of DaaP, ensuring full implementation of the DIDA and also ensuring business processes are fully embedded and optimised through the ISS transformation programme. DaaP covers the totality of the operational space in base and deployed arenas. It will be delivered through the DaaP portfolio, as shown at Figure 2.
Figure 2
The DaaP ecosystem, utilising wherever possible open architecture, open standards and underpinned by an agile commercial model, can take advantage of unexpected or rapid technology advances. In this way the platform can be said to evolve and require design orchestration rather than central mandated design. Services and applications running in the platform ecosystem have an awareness of their digital operating environment and behave in a way commensurate with the freedoms and constraints of that environment. This evolution should be an enabler to innovation and thus contribute to the vision of information as a force multiplier.
Through DaaP the primary role of ISS will change to delivering all core services to defence. The secondary role of ISS will be to enable defence to demand and consume these services. There will be 3 routes:
- ISS providing the means for all to consume them
- Business units buying capabilities through an interactive service catalogue
- adopting a hybrid approach where ISS seeds the consumption by delivering capabilities to key business units, but consumption beyond that is via the catalogue
Customers will be able to consume ISS services using 2 main routes. If the customer is certain of their requirement, for example ordering specific software or hardware, they can procure ISS services easily using the service catalogue. There will be a portal on which services can be easily searched for and browsed. For more complex requests requiring design input, all customers will be directed to follow the DIDA front door process. Information service plans (ISPs) were introduced in April 2016 to ensure customer requirements entering the DIDA front door process are strategically aligned and of a consistent quality. ISPs enable a consistent means of managing the relationship between ISS and top level budget (TLB) customers. Service level agreements (SLAs) have been implemented giving customers greater visibility of their requests as they are processed by delivery teams.
The DIDA will ensure the architectural and wider coherence of our pan-defence portfolio and govern all new requests for, or changes to information capabilities. To provide these services, the underlying architecture will be configured and managed to provide defence with an effective delivery framework:
- ISS will use the NSoIT (base) to ensure that defence customers will be on the front foot as we deliver NSoIT. Defence, at OFFICIAL, will move to a ‘cloud based service using windows 10 and office 365 with a high degree of mobility in very short order
- ISS will build on the initial service integration and management (SIAM) processes so that we are capable of procuring new aggregations of our platforms to our design in future
- services will be provided to customers through an enterprise service catalogue capability. consumers such as individual customers, authorised demanders or new capability requesters will be able to see the element of the catalogue that is relevant to them
- common programmatics and tooling will be established across the ISS portfolio and defence ICT portfolio reviews. Time and cost recording will be key to exposing unit costs
- exploiting SMAC (social, mobility, analytics and cloud) at the heart of deliverables, enabling us to communicate more effectively, whether in the office or in the field and implement a coherent IDAM solution to enable flexible authenticated access to information securely based upon user credentials to enable Information access in a virtual SIE
- providing application services such as applications hosting, agile development and application management. Compliant to defence and pan government ICT strategies and architectures, it will provide multi-discipline services from the most appropriate source with the agility and cost of industry best practice
Evolving ISS
The ISS Transformation Programme, which closed in March 2017, delivered the new processes and structures necessary to set the organisation for success in meeting customer needs. Improvement will continue across all areas, as teams refine and mature internally and build external relationships under the new construct. A key element in evolving ISS is the creation of a 3* DCIO, to focus on strategy, the development of the defence information architecture and digital exploitation across defence, allowing the CEO ISS to focus on the delivery of new systems and services, and ensuring existing systems and services are operated to customer expectations.
Agile in Procurement
ISS, as an agile organisation, needs to be able to develop and provision services for consumers and commissioners in a manner that is able to satisfy business and operational needs across the entire platform ecosystem. Commercial and technical approaches should be both commensurate and complementary to provide an organisation with the required agility and freedom to deliver services to meet the needs of their consumers and commissioners, see Figure 3.
User-centric service design and development should take an Agile approach allowing for rapid service functionality development and composition as the default position. An Agile methodology will allow service component changes to be undertaken in an iterative fashion. We need to optimise our ability to deliver information capabilities earlier in their lifecycles. We will do this across 3 stages: * stage 1. We will move from concept to business case approval in the shortest possible time. The aim being to complete this stage and seek HMT and Cabinet Office approval within 3 months * stage 2. We will fundamentally realign our processes to one where we focus on contracting for outcomes. This means moving away from specifying atomised requirements with hundreds of measures of performance, to focus on measuring against goals for the outputs that deliver the outcomes we are trying to achieve * stage 3. We will focus on agile development where we seek an overall approval followed by smaller cat D projects to enable us to prove or disprove hypotheses allowing us to fail fast/fail early, and deliver the latest technology
Figure 3
Customer
ISS will put the customer at the heart of everything we do. This is a 2 way relationship; we need to understand our customers’ needs, but we also need to educate our customers in the art of the possible. Defence and ISS will improve the control of the demand for, and supply of, ICT to ensure that defence gets, and can sustain, what it needs in a coherent and affordable manner.
In June 2016, customer services introduced a monthly customer satisfaction (CSAT) survey. This is used to capture both good and bad practice from a customer perspective. Feedback is used to inform service delivery improvement projects, the implementation of which are mandated by the information service plan (ISP) process. We also have a customer relationship management function to respond to the needs of those who have the funding to demand entirely new services. It is essential that we are able to match supply with demand and that we can ensure we have appropriate staffing in place. Overall we also need to manage our relationship with the centre and the FLCs/business units. This is done through briefings to the Defence Board, but also on a much more regular basis through the CIOs in the business us.
Innovation
In complex systems, such as the MOD network and information infrastructures, it has proven very difficult to innovate in the past due to various issues including technical dependencies (legacy ICT) and commercial (the speed and complexities of decisions). The DaaP ecosystem, by unlocking and providing access to the underlying platform services in conjunction with an agile commercial approach and marketplace, should allow multiple vendors to present a variety of offerings across the entire spectrum of user needs across all domains.
Innovation is an emergent property of the platform ecosystem rather than something that operates outside of it. The provision of an Innovation Platform, as a sandboxed slice of the common services in the platform, is essential to allow developers the chance to develop and test their solutions on a realistic infrastructure. The supply chain needs to be in place, or at least developing, to provide the innovation at both the platform and specialist services layers. The supply chain needs to have willing participants and encourage new small and medium enterprises to engage
The ISS innovation strategy will create a sustainable step change in the breadth, pace and scale of transformational innovation across MoD. This will be achieved through the creation and operation of a proactive, repeatable and agile innovation model for people, process & technology across MoD. By implementing the strategy we will be able to enable innovation at pace and at scale, right across defence and be recognised by industry, government and our allies as an innovative organisation and an organisation who are receptive to receiving and implementing innovation across all of our functions.
Research and development
Regardless of methodology, procurement options should be informed by appropriate research and development. Current procurement methods frequently fail to identify appropriate intervention opportunities and innovation is rarely fed into core ICT programmers in a timely manner. Defence needs to ensure greater direction of and pull-through of research and development into capability planning and, ultimately, into live service and work with our delivery partners and the wider defence industry to exploit private sector research into new technologies. Both the Security and defence accelerator and the innovation and the research insight (IRIS) Unit should be used to pull through disruptive technologies and innovative ideas in a timely manner from the widest possible Science and Technology base.
Controls
Governance
Governance will be franchised to organisations (FLCs, TLBs, OGDs, trusted partners) who will have autonomy to own and run ICT services via a “licencing” model. This “licence” would come with specific terms and conditions including a definition of the services being provided and the operating model under which those services are managed and operated. The elements of the platform that are heavily domain focused can be provisioned by domain experts whilst still allowing control from the central authority. Rather than federation model of governance, franchising places greater control with the platform owner enabling the presentation of a single “brand” to the consumers
Defence ICT design authority
The DIDA will act as a key control in terms of reviewing all ICT investments to ensure compliance with strategy, policy and architectural guidance. Moreover, it will test all investment plans against the strategic outcomes. The DIDA will also lead a service based approach which maximises reuse and exploitation of government commercial frameworks and services. In addition, it will also ensure that our systems and services are coherent with our key allies and NATO capabilities and plans.
Programmatics and defence ICT portfolio review (DIPR)
Information capability delivery is a defence-wide, dispersed activity that is undertaken with a mixture of centralised, federated and franchised approaches. Post information operating model delegations should be exploited coherently with information strategy, policy and architecture direction. Thus, DCIO will provide direction to shape investment in information capabilities across defence. Additionally, he will ensure that the DIS is aligned with and supports the capability management strategies and plans owned by JFC, FLCs other TLBs. The key to this approach is to develop the concept that freedoms need to be exercised based on a clear understanding of responsibilities and appropriate behaviours.
The DIPR conducted during FY 15/16 began the process of base-lining defence ICT and highlighting the challenge of managing defence ‘shadow IT’. The DCIO has now completed phase 3 which concentrated on the weapons platforms. In the ‘SMART battlefield’, platforms will be critical information capabilities to be integrated across the single information environment. Importantly the data collected through the DIPR is broadly self-sustaining, so a dynamic ‘up to the moment’ picture of ICT across defence can be generated.
Enterprise architecture
The creation in 2011 of the defence information reference model (DIRM) provided the means to capture the MOD architectural approach to its information and ICT domain. The DIRM identifies and links activities, policy, process and capability in a single coherent framework. DIRM encourages information and ICT re-use, coherence, interoperability and open standards across defence. It provides a framework that allows information capabilities to be described in a way that allows them to be consumed and shared across defence.
The DIRM is constructed using agreed models and standards exploiting industry and defence standard approaches including TOGAF and the NATO architecture framework (NAF). It comprises a series of taxonomies, which provide the consistent terminology to be used across defence to describe ICT and C4ISR capabilities, and the relationships between them and is providing a key enabler to DaaP.
Policy simplification
Examples of weak governance in the procurement and use of ICT can often be traced back to uncertainties, omissions or contradictions in the extant information and ICT policy set. defence is beset with too much, poorly expressed policy, which, over time, obstructs progress. Defence ICT and information policy will be kept under frequent review for relevance and accuracy.
Standards
To improve interoperability, acquirers and operators of defence ICT services are to apply and enforce open standards and principles wherever possible. In all cases, the following hierarchy of ICT standards, mandated in DCIO policy and set out in descending order, is to be applied:
- Open standards including international standards and the cabinet office ‘open data standards process’,
- NATO standards,
- british standards institute standards,
- other government standards,
- proprietary standards, prior agreement to each application of proprietary standards must be sought from the DIDA.
Strategic outcomes, the ISS strategic outcomes for defence ICT.
[^1] The national security strategy and strategic defence and security review 2015.
[^2] Including freedom of information act 2000, data protection act 1998 and the public records act 1958.
[^3] We currently accessorise weapons platforms with information capabilities. ISS’ preferred way of thinking is to ‘accessorise information with weapons platforms’ and move away from a platform-centric view to an information-centric one.