CUTTER IT JOURNAL VOL. 29, NO. 1
Clearly we live in a world where terrorism is a major global threat. So when the Cutter IT Journal team asked me for my thoughts about technology trends and predictions for 2016, I started thinking about the role of enterprise architecture (EA) in an age of terrorism.
Terrorism can affect any enterprise at any time, and by its very nature, the impact and consequences of a terrorist attack cannot be predicted. In some ways, this is no different from many other external events — political, economic, environmental, social, or technological — that have a direct effect on an enterprise. To be resilient and sustainable, enterprise architectures must be able to respond and adapt positively to unpredictable and unanticipated situations. So what can EA do to anticipate, prepare for, respond to, and possibly prevent a terrorist attack?
EA IN ATTACK RESPONSE
Much has already been achieved to define ways in which EA can respond to terrorism. Version 2.0 of the Information Sharing Environment (ISE) EA Framework was published in September 2008. It provides a strategic roadmap to enable a standard information-sharing environment to support defense, foreign affairs, homeland security, intelligence, and law enforcement. The framework covers relevant goals, processes, services, data, technologies, and operational capabilities. At the heart of this, and other similar initiatives, are the concepts of cooperation, collaboration, and sharing. This starts with the sharing of information and intelligence, but it can easily move on to sharing other architectural components in order to respond to terrorist attacks.
Terrorism has also become a topic for EA-related research. For example, recent studies have covered ways in which we can use different types of models to fuse diverse information sources to help detect terrorism and how structural factors might contribute to or produce political terrorism.
EA IN SERVICE COORDINATION
Following an attack, the most immediate need is coordination of the emergency services and other responses. This broadly falls under the banner of emergency response management (ERM). Increasingly, this is necessary across organizational, jurisdictional, and geographical boundaries. In EA terms, this forces us to think of a much broader definition of “enterprise”; in this case the enterprise is the full coordinated response to a terrorist event. EA can play a vital role in ensuring that information and resources from a wide variety of different teams are effectively deployed. This is already happening in many countries and across some country boundaries.
Another good example, although not specifically aimed at terrorism, is the cross-government enterprise architecture that was published as part of a UK government initiative to bring together CTOs from across the public sector. Formed in 2005, the CTO Council has been tasked with improving government practices related to the design, interoperability, development, modernization, use, reuse, sharing, performance, and efficient use of IT resources. The potential for cost cutting was a key motivation, but opportunities for sharing information resources are likely to be the greatest benefit.
Following the immediate response to a terrorist attack, there may be an additional need for humanitarian aid or civil protection. One organization that helps provide the necessary conditions for a successful emergency response is the UN Office for the Coordination of Humanitarian Affairs (OCHA). Once again, EA could provide techniques, processes, and frameworks that would make OCHA’s (and other agencies’) tasks much easier. For example, an EA content framework would allow diverse organizations to share information about where aid was most needed and the location and availability of vital resources. Enterprise patterns could be used to identify more effective ways to leverage architectural components to maximize benefits from donations and funds. To my knowledge, this is an area where the potential for EA support has yet to be fully realized.
WHAT DOES THIS MEAN FOR YOUR ORGANIZATION?
In terms of trends and predictions, what are the key takeaways? First, all organizations need to consider the risk to their enterprise architecture from terrorism. This should include infrastructural impact, such as damage to operational platforms, as well as the business impacts. Terrorism does not even have to occur locally, as an incident can easily cause global repercussions; for example, following the shooting down of a passenger plane or damage to energy supplies. Second, companies should consider the need for collaboration with other enterprises or across a range of enterprises — either for the sharing of information or the sharing of resources.
Terrorism is not going to go away. It is highly likely that we will see more terrorist attacks and that their impact will be more devastating. It is even possible that terrorist organizations will use EA techniques to support their own cruel and malicious ends. EA can and should be used both within the enterprise and between enterprises to anticipate and sense the terrorist threat, to produce architectures that are resilient and responsive to attack, and to help us recover from the fear, violence, and disruption caused by terrorism.