Lack of Progress in Development and Implementation of the Joint Systems and Joint Operational Architectures
The Joint Technical Architecture and its DII-COE and SHADE adjuncts are useful efforts. But they can only enable and facilitate interoperability, rather than assure it. The Joint Technical Architecture is only one part of the triad of operational, systems, and technical architecture. Furthermore, the Joint Technical Architecture and DII-COE address interoperability problems at the "lower layers" (e.g., data transport), leaving a large universe of "higher-layer" data and applications interoperability topics (e.g., data semantics) still on the table, though being worked on.
DOD is not fully executing its strategy in the formulation of the Joint Systems Architecture and the Joint Operational Architecture. The committee fully supports the fundamental idea underlying the Joint Operational Architecture, namely that obtaining the maximum value from C4I systems and networks depends on an understanding of how information is used by various parties in various circumstances (i.e., different operational scenarios) and how that information must flow between parties to support military operations. At the same time, the committee believes that the universe of all possible military operations is simply too large for a single Joint Operational Architecture to be developed successfully, and thus prospects for progress through a single DOD-wide operational architecture effort comparable to that of the Joint Technical Architecture are doubtful.
The committee did encounter some service activities, such as those of the Army Force XXI architect, that are seriously dealing with these issues, but did not see any visible effort to extend them into the joint arena. Significant progress on the Joint Systems Architecture was not apparent. A major reason the strategy is not being executed is that the DOD has defined an approach that is too broad in scope. For this reason, it is not surprising that Joint Operational Architecture efforts to date have mostly been void of operational content, with progress largely limited to definition of a framework and formalism.
One consequence of the lack of progress on the
operational and system architectures is that the DOD strategy is thus far
largely silent on security, except for security standards contained within the
Joint Technical Architecture. One instance of this is the lack of
architectural guidance for reconfiguring systems in response to cyber-attack.
A common (and reasonable) response to increased levels of cyber-threat
(Chapter 3) is for a system to drop non-mission-critical functions ("reconfigure the system" so as to reduce the number of avenues of information attack). However, in a visit to one exercise, the committee learned that mission-critical and non-mission-critical functions were not easily separated in the (implicit) Operational and Systems architectures of the operations center. Mission-critical functions were determined by a process in which all functionality is disabled and then individual functions restored (designated as mission-critical) when someone in the operations center demands them.
Security considerations cannot be managed in isolation. System architectures must deal with the issues of boundaries of trust and configuration controls relevant to that system. Operational architectures are intimately related to security because they specify information flows, and help identify those mission-critical functions for which information flows must be assured even under conditions of threat. Real-time determination of mission-critical functions while under attack is inevitably much more haphazard than a thoughtful consideration--included in the architectural design--of what functions are mission-critical at what level of threat.