Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K

Mark Haselkorn, Principal Investigator

Policy and Global Affairs

Computer Science and Telecommunications Board

Division on Engineering and Physical Sciences

NATIONAL RESEARCH COUNCIL OF THE NATIONAL ACADEMIES

THE NATIONAL ACADEMIES PRESS

Washington, D.C.
www.nap.edu



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K Mark Haselkorn, Principal Investigator Policy and Global Affairs Computer Science and Telecommunications Board Division on Engineering and Physical Sciences NATIONAL RESEARCH COUNCIL OF THE NATIONAL ACADEMIES THE NATIONAL ACADEMIES PRESS Washington, D.C. www.nap.edu

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K THE NATIONAL ACADEMIES PRESS 500 Fifth Street, N.W. Washington, DC 20001 NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The principal investigator and members of the advisory committee responsible for the report were chosen for their special competences and with regard for appropriate balance. This study was supported by Contract No. V101(93)P-1637, TO #17 between the National Academy of Sciences and the United States Air Force and a grant from the Institute of Electrical and Electronics Engineers, Inc. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the author and do not necessarily reflect the views of the organizations or agencies that provided support for the project. International Standard Book Number 13: 978-0-309-11128-7 International Standard Book Number 10: 0-309-11128-5 Additional copies of this report are available from the National Academies Press, 500 Fifth Street, N.W., Lockbox 285, Washington, DC 20055; (800) 624-6242 or (202) 334-3313 (in the Washington metropolitan area); Internet, http://www.nap.edu. Suggested citation: National Research Council (2007). Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K. Mark Haselkorn, Principal Investigator. Policy and Global Affairs. Washington, D.C.: The National Academies Press. Copyright 2007 by the National Academy of Sciences. All rights reserved. Printed in the United States of America

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K THE NATIONAL ACADEMIES Advisers to the Nation on Science, Engineering, and Medicine The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences. The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Charles M. Vest is president of the National Academy of Engineering. The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine. The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. Charles M. Vest are chair and vice chair, respectively, of the National Research Council. www.national-academies.org

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K This page intentionally left blank.

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K PRINCIPAL INVESTIGATOR Mark Haselkorn, University of Washington ADVISORY COMMITTEE Ernest J. Wilson III (Chair), University of Maryland, College Park Chris Demchak, University of Arizona Robert W. Lucky, Telcordia Technologies, Inc. [Retired] Anthony Valletta, SRA International, Inc. Staff Thomas Arrison, Project Director, Policy and Global Affairs (2005–2007) Michael Cheetham, Project Director, Policy and Global Affairs (until 2004) Jo Husbands, Senior Project Director, Policy and Global Affairs Herb Lin, Senior Scientist, Computer Science and Telecommunications Board, Division on Engineering and Physical Sciences Shalom Flank, Consultant, Computer Science and Telecommunications Board, Division on Engineering and Physical Sciences Sponsors United States Air Force Institute of Electrical and Electronics Engineers, Inc. (IEEE)

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K This page intentionally left blank.

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K PREFACE This report grew out of a National Research Council (NRC) project titled “Managing Vulnerabilities Arising from Global Infrastructure Interdependencies: Learning from Y2K.” In mid-1998 the NRC initiated planning meetings to take advantage of what was then perceived as “an extraordinary opportunity to learn…how various factors, including current management structures and practices, impact…risk that threatens serious damage to information and other critical infrastructures.” The initial focus was on vulnerabilities stemming from “the interconnectedness of complex ‘systems of systems,’” with the goal to gather data on such systems both before and after the December 31, 1999, rollover to the Year 2000 (Y2K). In early 1999 the Institute of Electrical and Electronics Engineers became a sponsor of the project. In mid-1999 the NRC began working with Air Force personnel from Information Warfare Defense (a unit attached directly to operations in headquarters) and the Air Force Y2K Office to establish a case study. Dr. Mark Haselkorn of the University of Washington was appointed as principal investigator to conduct the research and write up the results of the case study. An advisory committee was also appointed to provide general guidance. In November and December 1999, Dr. Haselkorn conducted several sets of interviews at a stateside Air Force base and at an overseas Air Force base. After the end-of-year rollover, in February and March 2000, he repeated the process. These interviews involved not only base working groups but also policy-making units at the major command and headquarters levels. He also conducted supporting phone interviews throughout the project. On April 14, 2000, an all-day Air Force–wide Y2K Lessons Learned Workshop was held in Washington, D.C. (A detailed list of the groups interviewed is provided in Appendix B.) In the 18 months following the workshop, Dr. Haselkorn compiled the results of the interviews and the workshop and summarized his findings. This paper represents the results of Dr. Haselkorn’s research. The views expressed are those of the principal investigator and do not necessarily represent positions of the advisory committee, the National Academies, or the sponsoring organizations. This paper has been reviewed in draft form by individuals chosen for their expertise, in accordance with procedures approved by the National Academies Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will ensure that the report meets institutional standards for quality. The review comments and draft manuscript remain confidential to protect the integrity of the process. In addition to external reviewers, two members of the original advisory committee also reviewed Dr. Haselkorn’s draft report.

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K We wish to thank the following individuals for their review of this paper: John L. King, University of Michigan; John Koskinen, U.S. Soccer Foundation; Bruce McConnell, McConnell International, LLC; David Mussington, RAND Corporation; Walter Scacchi, University of California, Irvine; Anthony Valletta, SRA International, Inc.; and Ernest J. Wilson III, University of Maryland, College Park. Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the content of the report, nor did they see the final draft of the report before its release. Robert Frosch, Harvard University, oversaw the review of this report. Appointed by the National Academies, he was responsible for making certain that an independent examination of this report was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the principal investigator and the institution.

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K PRINCIPAL INVESTIGATOR’S NOTE Most of the following report was written prior to the events of September 11, 2001, the Southeast Asian tsunami in 2004, and Hurricane Katrina in 2005, yet the lessons learned from Y2K are still relevant in the aftermath of these devastating events. September 11 was a tragic demonstration of the need for more comprehensive and dynamic strategies for managing our critical systems, as well as the need to base these strategies on an effective communication infrastructure that links and coordinates key participants from disparate organizational entities. Similarly, disasters like the tsunami and Katrina demonstrated the damaging effects that an incomplete plan for strategic management of information and communication systems could have on the coordination and delivery of emergency services. This is an account of the efforts of one large, highly diverse, technologically dependent global organization, the United States Air Force (hereafter simply USAF, or Air Force), to address a widely dispersed threat to its information infrastructure, namely the rollover to the Year 2000 (Y2K). The specific information and communication systems discussed in this report are simultaneously critical operational systems themselves and vital components of the communication infrastructure that supports other critical systems. In other words, these systems are simultaneously something to be protected and part of the system for protection. The Air Force response to Y2K evolved over more than five years. It ultimately involved thousands of people throughout the 108 USAF bases, interacting in varying, often nontraditional ways to address perceived threats. In addition, hundreds more people at numerous major Air Force units were active in developing guidance and support packages and in monitoring their implementation, while personnel involved in the acquisition, design, development, fielding, and maintenance of systems and applications also responded from their particular perspectives. Whatever the state of an organization’s strategic management of information and communications technology (ICT), Y2K stressed existing practices in ways they had never previously been stressed. This report presents the lessons of the Air Force Y2K experience under three interrelated headings: (1) lessons for managing ICT complexity, (2) lessons for aligning organizational and ICT strategies, and (3) lessons for minimizing ICT risk, including security, information assurance, and infrastructure protection. In each area, lessons are derived from the analysis of interrelated and dynamic responses of various Air Force elements to the perceived threats of Y2K. These lessons are preceded by discussion of background issues that provides necessary context, particularly aspects of ICT in general, Air Force ICT in particular, and theY2K problem itself. The report concludes by turning the lessons into recommendations for improving Air Force management of information and its supporting infrastructure and discussing the implications of these lessons for other organizations.

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K This report does not in any way constitute an evaluation of the Air Force’s response to Y2K. Such an undertaking would have required a broader look at the entire organization and a deeper look at component units. It would also require collecting sufficient data from other organizations to allow one to compare the Air Force response to institutions of similar size and complexity. Such an exploration would have been worthwhile, but it was beyond the scope and resources available for this effort. The fact that Y2K did not result in widespread catastrophic failures has led many people to quickly forget the experience, yet the lack of obvious impact makes it a rich source of critical lessons for strategic management of information and communication technology. Rather than being an account of fundamental flaws and cascading effects, this report is about maintenance and modernization, life-cycle management of systems and software, functional interdependency and continuity, guidance policies and certification, system ownership and responsibility, training and organizational roles, security and information assurance, and system vulnerability and robustness. Y2K tested the evolving Air Force system for management, modernization, and protection of information and its supporting infrastructure. Without the contributions and generous involvement of numerous individuals, particularly the more than 100 people who provided me with information and support in setting up and conducting interviews, this study would not have been possible. I would particularly like to thank Brig. Gen. Gary Ambrose, Lt. Col. Gregory Rattray, and Maj. John Bansemer of the USAF; Tom Arrison, Michael Cheetham, John Boright, and Jo Husbands of NRC Policy and Global Affairs; Herb Lin and Shalom Flank of the NRC Computer Science and Telecommunications Board; Dr. Joseph Bordogna and Dr. Kenneth Laker, 1998 and 1999 presidents of the IEEE, respectively; and Adam Peake of the Center for Global Communications in Tokyo, Japan. I would like to thank Luke Maki of the Boeing Corporation for reviewing some early chapter drafts. I would also like to thank the members of the project advisory committee: Ernest J. Wilson III (Chair), Chris Demchak, Robert W. Lucky, and Anthony Valletta. Finally, I would like to thank the project sponsors, the Air Force and IEEE. Mark Haselkorn Principal Investigator

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K CONTENTS     SUMMARY   1 1   BACKGROUND   13      Research on Y2K,   13      ICT General Background,   15      United States Air Force ICT,   19      The Y2K Challenge,   27 2   MANAGING ICT COMPLEXITY   37      The Need for New, Less Localized ICT Management Strategies,   37      The Need for Wider, More Integrated Efforts to Define and Stratify ICT Problems,   39      The Need to Shift ICT Management Focus from Hardware and Software to Data, Knowledge, and Organizational Goals,   42      The Need to Align ICT Management with Operational and Strategic Goals,   44      The Need to Manage ICT Cross-Functionally,   46      The Need for an Overall Information Strategy Centered on People, Information, and Mission,   50      Do Not Return to Business as Usual,   52 3   ALIGNING ORGANIZATIONAL AND ICT STRATEGIES   55      Balance Central Management and Local Execution,   57      Consider Evolution of the Problem Over Time,   58      Clarify Ownership and Responsibility,   60

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K      Consider the Impact of Local Diversity,   61      Consider the Role of Local Autonomy,   62      Build Trust Between Local Administrators and Central Managers,   64      Strengthen Horizontal Relationships Across the Organization,   65      Overcome Funding Disincentives to Working Across Organizational Boundaries,   69      Clarify the Appropriate Level of Central Guidance and Role of Central Administrators,   70      Address Cross-Boundary Issues in Life-Cycle Management of Systems,   72      Tackle the Informational Effort Needed to Support Management of Integrated Systems,   80      Address Issues of Organizational Culture,   82      Empower Permanent Organizational Entities Focused on Cross-Boundary Issues,   86 4   MANAGING ICT RISK   93      Understanding the Relationship Between Y2K Risk and Response,   94      Application to Security, CIP, and Infrastructure Assurance,   102 5   TECHNOLOGY RISK AS A SOCIALLY EMBEDDED ISSUE   111     REFERENCES   117     APPPENDICES     A   References to Workshop Discussions and Interviews   123 B   Abbreviations and Acronyms   125 C   Biographical Information on the Principal Investigator   128

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K BOX AND FIGURES BOX 1-1   Overview of Research and Commentary on Y2K,   14 FIGURES 1-1   System Layers and Y2K Problems,   28 3-1   The Continuum of Information Control,   67

OCR for page R1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K This page intentionally left blank.