10 A

pril

202 3

CIPHER Study Stage

An Enterprise Architecture Approach to Options Analysis in Large Acquisition Programmes

2

10 A

pril

202 3

INTRODUCTION

Mr E. Fintan HANBURY – Thales CIPHER Team - Capability Director

3

10 A

pril

202 3

Programme Overview

The Programme – CIPHER Assessment Phase

The Thales CIPHER team (Thales, BT, Fujitsu) is one of two consortium conducting a competitive assessment of a full range of Options for delivery commencing in 2010

CIPHER is not just a technology project - the Options being assessed include varying degrees of business change, outsourcing, service-orientation and potential paradigm shifts in the technology used for information assurance

The CIPHER Programme, encompasses 3 Projects MOD’s Future Crypto Programme (FCP) MOD’s Interoperable Electronic Key Distribution Project (IKED) CESG’s Security Management Infrastructure (SMI) project

4

10 A

pril

202 3

Security Classification

Some aspects of the CIPHER Programme are classified up to TOP SECRET (STRAP)

This presentation is limited to UNCLASSIFIED material and therefore there may be areas of interest that cannot be covered and questions that cannot be answered

5

10 A

pril

202 3

Scope of CIPHER

CIPHER Single Statement of User Need (SSUN):

A capability that provides a management infrastructure for all grades of devices to meet the needs of UK MOD and wider government, and high grade cryptographic devices for UK MOD to meet the communication, confidentiality, availability, interoperability and data integrity needs of UK MOD for NEC, Defence Business and Operations

This means CIPHER must provide:

All High Grade cryptographic services for UK MoD

IA Service levels to meet the needs of the UK MoD for Defence Business & Operations

A pan-Government Security Management Infrastructure that will allow future IA components (e.g. firewalls, cryptographic functions and authentication services) to be initialised, configured, updated, and managed in a trusted & secure way

6

10 A

pril

202 3

INTRODUCTION

Mr Mike DUFFY – Thales CIPHER Team – Methods & Tools Manager

7

10 A

pril

202 3

Thales View of CIPHER

.

VISION: A single information assured architecture

MISSION: To deliver assurance to a secure and coherent information infrastructure at minimum whole-life cost while maintaining continuity of service to other CIPHER stakeholders

8

10 A

pril

202 3

An Integrated Reference Model of Information Assurance

IA comprises Components of Capability

IA Capability is more than just technical products assembled according to System Engineering principles.

It is about a Life-cycle that continuously

integrates all Enterprise Components to match levels of assurance to the value of the information being protected

No distinction between High-grade and Baseline IA as both levels encompass all IA Components of Capability.

Only difference is the relative mix of Service and Enterprise Components to achieve the required level of Assurance

Information State

Components

Service C

omponents

Enterpris

e Level

Counterm

easure C

omponents

Non-Repudiatio

n

Authenticatio

nAvaila

bility

Integrity

Processing

Transmission

Confidentia

lity

Po

licy &

Pro

ces

s/Pra

ctice

Tec

hn

olo

gy

Pe

op

le (train

ing

& e

du

cation

)

Storage

9

10 A

pril

202 3

The Starting Point - The Options Space to be explored

Phase A – Defines and Assesses 12 Options Phase B – Defines 4 Refined Options ( Rank + ‘Blend’ + ‘Distil’) Phase C – Assesses 4 Refined Options

Outsourcing – Extent of outsourcing and which aspects of solution option are appropriate to be outsourced

Performance – Degree to which the solution option meets the requirement

Translation Plan & Through Life Growth PlanRate at which new technology and processes will be fielded and updated

High

Medium

Low

High

High

As-Is

Options Space defined by

27 Point Options

10

10 A

pril

202 3

Dealing with Complexity

Given the complexity and multi-disciplinary nature of defining, assessing and comparing diverse options requires an innovative but structured approach to Options Assessment

The Thales Concept of Analysis employs: Reference Models covering all aspects of IA to ensure consistency

between Options

Enterprise Architecture to help structure and analyse Options using: MODAF rules for developing EA products to represent Options TOGAF to provide robust EA development environment

Soft Systems Methodology to provide Conceptual Frameworks to aid understanding of the problem space

COEIA based approach to determine Cost-Benefit ranking of Options and to support CIPHER Main Gate Business Case

11

10 A

pril

202 3

Reference Models to Define, Tune & Assess Options

Co

nce

ptu

al M

od

els

(IA

Sec

tor,

IA D

eliv

ery,

Def

ence

& O

GD

)

Op

tio

n ‘C

ub

e’

Ris

k

Co

st

Sa

fety

Pro

gra

mm

e

Mg

t

Bu

sin

es

s T

x

Assess Option

Option Benefit Assessment - Level of IA Capability

Capability Contribution

Capability Contribution

Capability Contribution

Capability Contribution

Option Assessment

Governance Reference

Model

Option Setting

Solution Figure of

Merit

IA Development

Reference Model

IA Service Management

Ref Model

IA Service Support

Reference Model

Use

r R

equ

ire

men

t D

ocu

men

t Capability

Contribution

Functional Elements

Axes

Mix

ing

Dec

k

Ref

eren

ce M

od

el ‘C

on

tro

l Set

tin

gs’

Shape Option Tune Option

Design Option

12

10 A

pril

202 3

A Generic Enterprise Capability Reference Model

Strategy, Polilcy & Objectives(Concepts & Doctrine)

Capability

Technical Standards

Organisational UnitActivity

Trained Competence

DriveDeliver

Pro

ject

s

ThreatServices

Data

Information

Systems Infrastructure

Depends on

Conducts

Decomposes

Uses Creates

Produces Consumes

Maps to

Produces ConsumesDeployed

on

To use

Has

Dep

loye

d a

t

Su

pp

ort

s

Go

vern

s

Go

vern

s

Go

vern

s

Go

vern

s

Capability (i.e. Desired Outcome or Effect)

Sustainment(Through-life)

Req

uirem

ents

The Ente

rpris

e Boundar

y

Location

Lo

cate

d a

t

EA Development Environment (TOGAF)EA Product Environment (MODAF Views)

Architecture Vision

Business Architecture

Information Systems

Architecture

Architecture Change

Management

Migration Planning

Technology Architecture

Prelim:Framework

& Principles

Technical Architecture

System & Application Architecture

Information & Data

Architecture

Business Architecture

EA REQUIREMENTS

Implementation Governance

Opportunities&

Solutions

13

10 A

pril

202 3

Use of MODAF Views in CIPHER Assessment Phase

Phase A avoids solutioneering by generating logical Views of Options

Phase C to produce Views required for Delivery & Through-Life Support

All Views (AV1 – AV2)

Strategic View(StV1 – StV6)

Operational Views(OV1 – OV7)

Service Views(SOV1 – SOV5

System Views(SV1- SV12)

Technical Views(TV1 – TV2)

Acquisition Views(AcV1 – AcV2)

MODAF Stack

Phase A Assessments

Requirements Engineering Enterprise Architecture

12 Options

Phase B

Rank + Distil + Blend

Phase C Assessments

Systems Engineering Business Change/

Restructure

4 Options

URD

Costed SRD

INPUTS

CONEMP

As-Is

ASSESSMENT PHASES A + B+ C OUTPUTS

Supporting EA Views

Conceptual & Logical Views Solution Related Views

14

10 A

pril

202 3

Soft Systems Methodology – Conceptual Enterprise Model

SSM uses a Generic Enterprise Reference Model and a set of Root Definitions (i.e. Statements of Purpose) as the basis for developing a Conceptual Activity Model of WHAT an Enterprise should be doing

Thales regards SSM Root Definition = MODAF StV-1 (Enterprise Vision)

P, M & C(Planning, monitoring and Control Activies)

L(Linking

activities)

S(Supportactivities)

Control actions

Environment

Enterprise Boundary

T(Transformation)

15

10 A

pril

202 3

CIPHER Phase A - Sources of Thales Generated EA Views

EA View

View Name Source of EA View

AV-1 Overview Thales IA Blueprint – Eco System View (strategic depiction of the IA environment)

StV-1 Enterprise Vision Statement of Purpose (SSM Root Definition)

StV-4 Capability Dependencies

Sub-system relationships (4 x SSM Conceptual Models)‘Interaction’ Model relationship of 4 x Conceptual Models

OV-2 Operational Node Relationship

Sub-systems within 4 x SSM Conceptual Models Analysis of CIPHER ‘Interaction’ Model

OV-5 Operational Activity Model

Activities within 4 x SSM Conceptual Models Activities logically derived by SME analysis using Thales Reference Models (4 in number)

OV-6c Operational Event Trace

Sub-system dependencies with 4 x SSM Conceptual Models Analysis of Authorities ‘Interaction’ Model

16

10 A

pril

202 3

AV-1 – Overview and Summary Information

MODAF (v1.2): AV-1 is usually a structured text that should provide executive-level summary information including assumptions, constraints, and limitations that may affect any architecture-based work programme.

The Eco System View: AV-1 should also provide a depiction of the IA environment Thales believes is best achieved by including a structured

model of that environment

17

10 A

pril

202 3

AV-1: Thales IA Blueprint – Pan Government Eco System

SUPPLIERDOMAIN

(Supplier Eco-system)

US + 5 Eyes

Collaboration Domains

NEC Links

Other USA

US DoD

Coalition Partners

NHS

SecureRegional

DWP HMRC

SecureNon-

Government

SOCA

Police Forces

UK Border Agencies

Network Providers

Solution/Hosting Providers

Crypto Provider

Innovation & Reach-back

SkyNet

DFTS

Battle Space Platforms

GCPD

CO

GCHQFCO

GCB

Critical National

Infrastructure

The Citizen

DIIDEC

(Def Elect Commerce)HF

Demanders (Defence/ High Threat Club Collaboration Domain) FCN Coverage & NEC Links

Demanders (UK Pan-Government &

UK plc Collaboration Domain)

OCEAN/PSN Coverage

CIPHERIA

IA Governance

CIPHER Services

DfId

18

10 A

pril

202 3

Eco System provides for Dynamic Communities of Interest

SUPPLIERDOMAIN

(Supplier Eco-system)

US + 5 Eyes

Collaboration Domains

NEC Links

Other USA

US DoD

Coalition Partners

NHS

SecureRegional

DWP HMRC

SecureNon-

Government

SOCA

Police Forces

UK Border Agencies

Network Providers

Solution/Hosting Providers

Crypto Provider

Innovation & Reach-back

SkyNet

DFTS

Battle Space Platforms

GCPD

CO

GCHQFCO

GCB

Critical National

Infrastructure

The Citizen

DIIDEC

(Def Elect Commerce)HF

Demanders (Defence/ High Threat Club Collaboration Domain) FCN Coverage & NEC Links

Demanders (UK Pan-Government &

UK plc Collaboration Domain)

OCEAN/PSN Coverage

CIPHERIA

IA Governance

CIPHER Services

DfId

CIPHER will generate dynamic Communities

of Interest to match scenario requirements

19

10 A

pril

202 3

StV-1 – Enterprise Vision

MODAF (v1.2): The purpose of an StV-1 is to provide a strategic context for the capabilities described in the Architecture. It also provides a high-level scope for the Architecture which is more general than the scenario-based scope defined in OV-1.

SSM Root Definition: A structured, Enterprise-level statement of purpose that contains the following explicit components: Customer or beneficiary of Enterprise endeavour Actors who undertake processes within the Enterprise Transformation – the Enterprise’s primary input/output process Perceptions of purpose likely to shape the Enterprise Owner – the wider system decision-maker (or Chief Exec) Environmental factors likely to constrain the Enterprise

20

10 A

pril

202 3

StV-4 – Capability Dependencies

MODAF (V1.2) – The purpose of StV-4 is to describe the dependencies between planned capabilities and defines logical groupings of capabilities (Capability Clusters)

SSM Enterprise Model (conceptual) - comprises a set of interdependent sub-systems where each sub-system: Is made up of a group of interdependent activities Represents a component of Enterprise Capability Has a boundary determined by control system theory

21

10 A

pril

202 3

IA Sector Enterprise Dependency Model (StV-4)

StV-4 = SSM derived Model presented at sub-system level

Activity aspect within sub-systems provides basis for OV-5 Views

Sub-systems also form basis for MODAF enterprise nodes (OV-2)

There are currently 5 of these Reference Models: IA Authority IA Sector (producer) IA Delivery Defence (User) OGD (Generic User)

2. Information Assets

Requirement

7. Development Plan

Formulations

11. Development Plan

Execution

15. Knowledge base management

16. Auditing

17. Reporting

18. Overall performance control

5. Constraint

management

Sec

tor

Org

ani

satio

ns

Cu

rren

t ch

ann

el

avai

labi

lity

Political & business changes

Vul

nera

bili

ty &

ris

k a

war

ene

ss

Req

uire

me

nts

Plans

Cha

nge

pro

gra

mm

es

App

lica

tion

s

En

viro

nmen

tal

chan

ges

Practices

Pra

ctic

es

Allocated resources

Resource requirements

Less

ons

Adaptation

Data Data

Control A

ction Performance Into

Reduced degrees of freedom

External constraints

Audits Reports

Unified IA Sector Enterprise Reference Model (St-V4)

3.Threat/Risk/Opportunity

Management

Responses

External influences

OGD Classifications

Available Services

Requirements

8.Best practice management

Developments in technology 9.

Technology exploitation

4. Environmental

changes

1. IA Sector Definition

(Scope & Membership)

Government Departments

13. Best practice

promotion

Lessons

Info

rmat

ion

Req

uire

men

ts

Sup

port

In

form

atio

n

Pla

nn

ing

Ser

vice

s &

P

rod

uct

sR

eso

urc

ing

Lea

rnin

g &

Kn

ow

led

ge

Go

vern

ance

14. Learning management

Pro

du

ct

Dev

elo

pm

ent

IA S

ec

tor

Va

lue

Ch

ain

Co

nfo

rman

ce

Go

vern

ance

Op

erat

ion

al P

erfo

rman

ce G

ove

rnan

ceD

irec

tio

nal

G

ove

rnan

ceP

rod

uct

s &

Ser

vice

s

Use

rs o

f IA

Cap

abil

ty

Del

iver

ers

of

IA C

ap

abilt

y

6. IA Infrastructure

Availability

IA A

uth

ori

ty

Sector Organisations

Policy & Standards Adoption Mechanisms

Developm

ents

in practice

Policy &Standards

Requirements

12. HR Management10. Physical Resource Management

1

5

5

22

10 A

pril

202 3

CIPHER ‘Interdependency’ Model

The following 4 x Conceptual Activity Models support the analysis of a version of the MOD’s CIPHER ‘Interdependency’ Model: IA Sector IA Delivery MOD Generic Government Department (OGD)

End User Department Model(MOD & OGD Models)

IA Delivery ModelUK IA Sector Model

IA Integrators

Influencers

Owner

Suppliers Demanders

Owner Owner

Co

nfo

rman

ce

Go

vern

an

ce

Op

era

tio

nal

Go

vern

ance

Dir

ecti

on

al

Go

vern

an

ce

IA Capability Value ChainProduce & supply IA

Components of CapabilityDelivery of IA

CapabilityOrder & Use IA

Capability

Go

vern

ance

Axi

s

23

10 A

pril

202 3

Benefits identified in using an EA based approach

Identifies relationships between business, information, system and technical aspects of various Options

Supports URD (WHAT) analysis and SRD (HOW) development Supports Impact Analysis of IA driven Business Transformation Encourages diverse Stakeholder engagement at all stages Enables rapid ‘WHAT-IF’ re-scoping of programme boundaries Better understanding of dependencies and environmental

constraints Supports a structured and disciplined analysis environment Facilitates coherency & consistency across design and analysis

activities Multi-disciplinary communication channel within the team Initiates development of a referencable Through-Life repository Provides an audit trail and supports configuration management

BUT…. EA and Reference Models are only tools to support design and analysis – they are NOT a substitute for expertise