09.01.2009
CJIS, data sharing, Information sharing, law enforcement, Law enforcement information sharing, LEIS, public safety, Strategy
Some who read this may take it as a rant against agencies/providers who say we need more money for implementing law enforcement information sharing (LEIS), but in-fact, this post is really about understanding the landscape and influencing the choices and priorities of state and county policymakers and the affected law enforcement executives.
Let me first layout the agency landscape :
- There are about 14,000 state and local law enforcement agencies;
- In roughly 3,000 counties;
- That make up the 50 states of our great nation.
Now let’s layout the funding landscape:
- For 2008 the Department of Homeland Security (DHS) allocated $3,200,000,000 (billion) for state and local assistance grants;
- In that same year, the Department of Justice (DOJ) made another $2,000,000,000 available;
- For 2008 that’s a total of $4,200,000,000;
- For 2007 that number was $4,500,000,000;
- For 2009, we are hoping that number stays about the same or goes even higher.
- To all these numbers you must add funding from the Department of Defense, Department of Transportation, Department of Health and Human Services, or State funding sources for LEIS.
Finally, let me lay out the cost landscape for LEIS:
- In my eight or so years of experience of building and deploying LEIS, I’ve seen the costs associated with hooking up an agency to vary between $5,000 and $80,000 per record system connection;
- On average though, I feel the safer number is between about $20,000 and $40,000;
- For arguments sake, let’s use the high number of $40,000.
Now comes the fun part…let’s do some math…
- To be realistic, let’s say that 25% of the 14,000 agencies are already sharing information;
- That leaves about 10,000 agencies left to connect;
- At $40,000 an agency, we would need a total of $560,000,000 (Million);
- Divide that by the 3,000 counties, and we will need about $190,000 per county;
- If we do this over three years, that’s only $63,000 per county, per year for three years!
With (on average) every county getting about $1,400,000 every year for law enforcement and public safety (out of the $4.2 Billion allocated annualy), I would like to think that we (collectively) can see the benefits of LEIS enough to spare $63,000 a year for three years to get it done.
Here’s where the issue of choices and priorities comes in. If we can agree that the money IS there, what we really need to work on are ways to convince the policymakers and law enforcement exectutives in those counties that investing a little in LEIS is a better investment than whatever it is their currently spending their part of the $4,200,000,000 on. Do you agree?
I’d also like to know what role youthink the IACP, MCC and NSA would play here?
Thoughts and comments invited…and yes, I used a calculator…;-)
r/Chuck Georgo
08.01.2009
CJIS, data sharing, Information sharing, law enforcement, Law enforcement information sharing, privacy, public safety, security
The IJIS Institute announces the appointment of Chuck Georgo, founder of NOWHERETOHIDE.ORG, as the Chairperson of the IJIS Institute’s Security and Privacy Advisory Committee.
The purpose of the IJIS Institute’s Security and Privacy Advisory Committee is to provide advice and counsel to the Department of Justice’s Office of Justice Programs (OJP), as well as other national organizations, on issues of information system security and privacy as applied to integrated justice and public safety information systems, and to develop materials and seminars to educate industry and government staffs on security and privacy measures, designs, and related issues.
The Security and Privacy Advisory Committee strives to be vendor agnostic in all activities and work products and to be the authoritative source for establishing effective privacy and security measures throughout the justice, public safety, and homeland security information sharing community. Additionally, the committee’s goals include increasing government and industry awareness and understanding of technical and non-technical privacy and security requirements and improving the privacy and security posture for federal, state, local, and tribal justice information sharing efforts. In order to achieve these goals, the committee performs research, issues white papers, develops and conducts training, participates in advisory working groups, and supports technical assistance projects.
Chuck Georgo, regarding his appointment, noted that, “Successful information sharing requires trust. I believe that to get trust you need two things—honorable motive and reliability. Organizations must know that your motives benefit the social good and that your means to protect shared information from compromise is achievable and durable. While honorable motive is in the hands of law enforcement and justice agency executives, I believe that the IJIS Institute, through the Security and Privacy Advisory Committee, can help government and industry to employ effective ways for achieving the reliable means to protect that information. I look forward to working with my fellow committee members to further advance the cause of information sharing through robust security and privacy principles and practices.”
Chuck Georgo has nearly 28 years of experience in intelligence, national security, defense, and law enforcement arenas. He has served as a strategic planner, business analyst, and technologist supporting the National Security Agency, Federal Bureau of Investigation, Department of Homeland Security, Naval Criminal Investigative Service, Naval Security Group, and many other public and private sector organizations.
# # #
About the IJIS Institute — The IJIS Institute serves as the voice of industry by uniting the private and public sectors to improve mission critical information sharing for those who protect and serve our communities. The IJIS Institute provides training, technical assistance, national scope issue management and program management services to help government fully realize the power of information sharing. Founded in 2001 as a 501(c)(3) non-profit corporation with national headquarters on the George Washington University Virginia Campus in Ashburn, Virginia, the IJIS Institute has grown to more than 240 member and affiliate companies across the United States. For more information visit www.IJIS.org.
About NOWHERETOHIDE.ORG – NOWHERETOHIDE.ORG, LLC, was established to help federal, state, and local law enforcement, justice, and homeland security agencies to better achieve their public safety and national security objectives. As our name implies, we want to help these agencies become so effective that criminal elements have nowhere-to-hide from justice. We offer planning, assessment, and technology consulting services to help law enforcement, justice, and national security agencies identify and resolve the issues that currently stand in the way of achieving high performance standards. For more information visit www.nowheretohide.org.
Doris Girgis | Communications Specialist | IJIS Institute | Ph: 703.726.1096 | www.ijis.org
Realize the power of information.
Support the IJIS Institute by ordering your gifts from one of 700 stores on the iGive portal and selecting the IJIS Institute as your organization of choice.
January 6, 2009
02.01.2009
CJIS, data sharing, Evaluation, Information sharing, law enforcement, Law enforcement information sharing, LEIS, Performance Measures, Processes, public safety, SOA, Strategy, Technology, Uncategorized
Tom Peters liked to say “what gets measured gets done.” The Office of Management and Budget (OMB) took this advice to heart when they started the federal Performance Assessment Rating Tool (PART) (http://www.whitehouse.gov/omb/part/) to assess and improve federal program performance so that the Federal government can achieve better results. PART includes a set of criteria in the form of questions that helps an evaluator to identify a program’s strengths and weaknesses to inform funding and management decisions aimed at making the program more effective.
I think we can take a lesson from Tom and the OMB and begin using a formal framework for evaluating the level of implementation and real-world results of the many Law Enforcement Information Sharing projects around the nation. Not for any punitive purposes, but as a proactive way to ensure that the energy, resources, and political will continues long enough to see these projects achieve what their architects originally envisioned.
I would like to propose that the evaluation framework be based on six “Standards for Law Enforcement Information Sharing” that every LEIS project should strive to comply with; they include:
1. Active Executive Engagement in LEIS Governance and Decision-Making;
2. Robust Privacy and Security Policy and Active Compliance Oversight;
3. Public Safety Priorities Drive Utilization Through Full Integration into Daily Operations;
4. Access and Fusion of the Full Breadth and Depth of Regional Data (law enforcement related);
5. Wide Range of Technical Capabilities to Support Public Safety Business Processes; and
6. Stable Base of Sustainment Funding for Operational and Technical Infrastructure Support.
My next step is to develop scoring criteria for each of these standards; three to five per standard, something simple and easy for project managers and stakeholders to use as a tool to help get LEIS “done.”
I would like to what you think of these standards and if you would like to help me develop the evaluation tool itself…r/Chuck
Chuck Georgo
chuck@nowheretohide.org
www.nowheretohide.org
07.10.2008
data sharing, Information sharing, Technology
I had the pleasure of attending a briefing today on the Virtual Alabama (VA) Project. Jim Walker, Director, Alabama Department of Homeland Security, and Chris Johnson, VA Project Manager gave a full blown, real-time demonstration of VA’s capabilities. While just seeing Google Earth Enterprise technology is cool in itself, what was really astonishing was to see how the project has worked to get access to an amazing number of data sources–they have engaged over 1,100 agencies in implementing information sharing accross the state!
Driven by specific business needs, the VA project now supports law enforcement, fire, emergency management, business and economic development, property tax assessment, port security, emergency evacuation, and they’re only into the project about 10% (their number). Other states would do well to take a look at what they’ve done in about 18 months for about $500,000 with a team of four people. And, don’t focus solely on the specific technology they chose–the real lesson here is what they did to get Alabama agencies to share their data! This is the true accomplishment.
I hope the project can find time write up and share a white paper to document the various strategies they employed to get access to the data–arm twisting, the shame game, Friday afternoon strategy sessions at local watering holes, etc.
Here’s a YouTube movie about it: Google Earth Enterprise Case Study: Virtual Alabama
Enjoy!…r/Chuck Georgo
06.10.2008
data sharing, Information sharing, Strategy
Today, the Office of the Director of National Intelligence (ODNI) released a new federal policy [document] that aims to increase terrorism related information sharing among members of the Intelligence Community (IC). The policy “directs agencies to work with their human resources departments to add items about information-sharing skills and behaviors to performance appraisals.”
The release of this policy effectively means that the sixteen politically appointed IC agency heads, all of their deputies, the hundreds of senior executive department heads, and thousands of mid-level division managers failed in their efforts to get their folks to share. I guess the thinking is that adding a sentence of two to the performance appraisal of each of the 200,000+ individuals in those agencies will make information sharing happen–wow, what a sad commentary to the failure of leadership in these agencies.
To me, information sharing is a “means to an end” and NOT an end in itself. Before you can say that you do not have sufficient information sharing, you should be able to say (specifically) what the impact of not having that information is to your mission activities. The diagram below illustrates a Knowledge Model (similar to one that I picked up during my work at NSA).
As you can see from the diagram–information leads to knowledge of “something”, and that something causes (or requires) specifc action, and the specifc action leads to “real-world-effects” (like the prevention or disruption of terrorism or other criminal activity). Some examples of impact statements include:
– “We are unable to ascertain the threats to water supplies in the city of xxx…”
– “We cannot determine the whereabouts of bad guy xxx…”
– “We do not understand the objectives of the xxx threat group…”
If you follow my logic so far, then you also have come to the conclusion that the lack of information sharing is really a management issue, driven by internal agency data sharing and security policies and should not be left to the purview of individuals within those agencies. Here are a couple other points to ponder in support of this thought:
1. I believe information sharing should primarily be implemented through technological mechanisms; take it out of the hands of agency individuals and political culture.
2. it should also be driven by MISSION needs and NOT just for the sake of sharing; many analysts will tell you we share TOO much irrelevant information and NOT ENOUGH of the stuff they really need.
3. No single individual in any agency should have the ability to withold information from another agency; if this is the case, there’s a manager somewhere who requires some alignment.
4. If individuals do hold back information, they do so against the will of their leadership (assumingly); most agency employees are loyal and will follow (to a fault sometimes) their manager’s will.
Comments and thoughts welcomed…r/Chuck
30.09.2008
data sharing, Information sharing, Strategy, Uncategorized
LInX is the Naval Criminal Investigative Service’s Law Enforcement Information Sharing Project. Those of you that know me know that I was an architect of the LInX approach and a project manager for many of the LInX locations over a five year period. What many don’t realize is that LInX was started by the Navy with a mere $50,000 purchase order. Through what was a largely grass-roots efforts by state and local law enforcement executives, fueled by the leadership of John McKay (one of the fired U.S.Attorneys) and Dave Brant (former NCIS Director), LInX has grown to a nearly $100 million dollar project in nine major regions around the U.S.
What’s particularly interesting about this whole saga is that when John took this information sharing success story to his leadership and offered it up as a “proven approach to nationwide information sharing,” they put the politics of internal DOJ projects ahead of the needs of state and local law enforcement and in the process took a good man down.
Unfortunately, they saw LInX as a competing “IT system” and not as what I and others believed–that LInX really was “a proven and standardized process for organizing, implementing, and evaluating regional law enforcement information sharing.” I and others believed the LInX approach could have been implemented with many of the other IT systems currently in use around the country at that time (or being developed) for information sharing. We also recognized that LInX was not a threat to any of the national-level systems being developed by DOJ (or DHS) and, in-fact, (as DOJ would attest to today) are now convinced that those national efforts CANNOT succeed unless LInX-like information sharing projects are quickly replicated in other parts of the country.
While I am sure the final chapter in the U.S. Attorney firings has yet to be written, my hope is that the recently released report will help us to move past federal politics and realize that the true victims here are the state and local law enforcement agencies who were cheated out of a proven approach to enabling the electronic sharing of each other’s law enforcement records–let’s give the LInX approach (and what John and Dave started) its due and develop a formal project to make the process available to other’s who are still struggling with getting it done. I’ve summarized the LInX approach below.
STEPS IN THE LINX APPROACH—It is NOT about the technology.
-
Strategy – Develop a regional law enforcement plan detailing areas of concern and how to leverage information sharing for the desired impact.
-
Governance – Establish an information sharing governance infrastructure that gives each participating Chief Executive Officer an equal vote on all matters pertaining to the regional LInX system.
-
Data – Identify and agree to integrate ALL relevant data. The key to success is sharing more not less information.
-
Capabilities – Provide easy to use query and analysis tools, with multi-levels of security. LInX is a system developed by law enforcement personnel for law enforcement personnel. Feedback from user groups and the flexibility to make enhancements to the system keeps the LInX system robust and valuable to the community.
-
Technology – The LInX system is built with open standards and leverages existing technology to integrate diverse systems. An open standards architecture that is flexible, scalable, sharable, and possess the ability to enhance current systems interfaced with.
-
Full Support – There are some requirements for the participating agencies. The goal is to have minimal impact on a participating agency’s resources, however, there is a need to support user training, system administration, and maintenance.
-
Evaluation – Conduct formal evaluations to assess achievement of desired impact. The LInX system is being developed to enhance law enforcement utilizing technology to assist the investigator and patrol officer.
04.02.2008
SOA
It’s been a while since I’ve added anything to my blog. Largely because I’ve been engaged in a wonderful project to help a State Police agency develop an EA and a Service-Oriented approach to replacing their Hotfiles and Message Switch. I’d be interested in learning about anyone else engaged in a similar effort, or ayone developing a law enforcement or justice Service-Oriented Architecture (SOA)…Please email me at chuck@nowheretohide.org.
29.08.2007
Performance Measures, Processes, SOA, Strategy
After some time thinking about my last post about EA being dead, I decided to resurrect it and marry it up with three other diciplines that I have been working in for the last 10 years; that being Strategic Management, Business Process Management and (now) Service Oriented Architecture. If you’re going to use the word “enterprise” in the context of architecture, then doesn’t it make sense to include the WHOLE enterprise?
So, the result of my thinking is shown below – I’m calling it EA v2.0. When you look at the diagram, the one thing to pay attention to is the relationships between the layers of the model, and not so much what’s in each layer. The fact is that fairly mature methodologies exist for every layer. This model is my attempt to build better understanding about the linkages BETWEEN the layers. In other words, there are a lot of models out there for conducting strategic planning, business process modeling, workflow management, and technology archtiecture; however, I have yet to find anything that explains in simple terms how all this crap ties together in a way that organization executives can understand.
So, take a look at my EA v2.0 reference model below and tell me what you think….r/Chuck
26.08.2007
Information sharing, Uncategorized
I just finished reading through Thomas Erl’s latest book SOA: Principles of Service Design. It is a great read for those getting involved in Service Oriented Architecture, yet one thing he doesn’t adress head-on is where does Enterprise Architecture end and SOA begin? All he says is that “SOA spans BOTH enterprise and application architecures.” – not much help.
With apologies to every organization that’s invested boatloads of money in developing an EA, I’m starting to believe EA in general is dead. Why do I think it’s dead? In my eight years of doing EA, I have yet to see an EA effort that meets my five criteria for success:
- EA championed by senior executive from start to finish
- EA addresses all levels–business needs, systems capabilities, technical standards
- EA development followed through to produce at least one full iteration of products
- EA products integrated in to systems acquisition and operational planning processes
- EA success evaluated based on achievement of real business results
Because of this, organization’s are growing weary of their EA efforts – I have seen many EA efforts come to a screeching halt recently. And, with EA on life-support, in comes SOA–tada!
Tell me what you think…r/Chuck