Agencies aren’t losing ground in the constant effort to share national security data.
And a set of technology initiatives will make secure information sharing even more straightforward in this post-WikiLeaks environment.
Kshemendra Paul, the program manager of the Information Sharing Environment, said there are five priorities the intelligence and law enforcement communities have focused on to implement secure information sharing.
Securing removable media, such as thumb drives
Reducing anonymity across the networks
Insider threat programs
Controlling the access to data and systems
Developing enterprise audit capabilities so there is a record of who was on the system and looking at the data and when they were there.
“There’s been progress made along those different dimensions,” Paul said in an exclusive interview with Federal News Radio. “Some examples here are the establishment of a leadership role of the Committee on National Security Systems around our secret fabric. CNSS always has been out in front and there’s a stronger role for them now with DHS as a co-chair. We are involved in those activities. We are co-chairing an information sharing panel to make sure we are bringing in mission requirements.”
Paul also is working with the Chief Information Officer’s Council on the Federal Identity Credential and Access Management (FICAM) framework and is part of an effort to apply the framework to the classified network.
“As we look at leveraging the good work the CIO Council has done, we will be able to drive consistency and interoperability across security domains,” he said. “The key to making the enterprise audits work is the audit logs are meaningful across organizational boundaries. That goes to having some consistency in attributes and how you implement policy enforcement across organizational boundaries.”
Insider threat guidance under development
The ISE detailed these five priorities and a host of other accomplishments in its sixth annual report to Congress released in August.
The report highlights how information sharing efforts are maturing, how the ISE is playing the role of convener to get industry and law enforcement agencies to develop and agree to standards and ensuring privacy and civil liberties are part of the discussion from the beginning.
The five priorities to improve government-to-government information sharing are part of the ISE’s effort foster a culture of responsible information sharing.
Part of that effort is insider threat guidance. The Office of the Director for National Intelligence led the development of the National Policy on Insider Threat over the last year.
Paul said task force submitted the policy still is in draft and is going through the interagency process. He said the policy would be issued soon but gave no specific timetable.
A part of the protecting against the insider threat, however, is the work the ISE and the General Services Administration are doing to create a back-end attribute exchange.
“The idea is this back-end attribute exchange will provide a secure capability to exchange attributes about people and about information that they want to access,” he said. “You can make automated decisions to enforce policy across organization boundaries. This is critical to implementing our vision of responsible information sharing.”
GSA and the ISE want to test the exchange with different lines of business.
One such pilot could be around sharing criminal intelligence information, which includes strict rules and requires users to have specific training.
“Much of the information related to terrorism in the public safety realm falls in that category,” Paul said. “To share that information across sensitive but unclassified networks, you want to know the person you are sharing with has that training. That training becomes an attribute and a profile about that person. Now you have a trusted way of ensuring … that person has the credentials to be able to look at that information.”
Additionally, the back-end attribute exchange enables an audit trail that expands across agencies, and that becomes a critical piece of accountability to battle against the insider threat.
Along with creating policy and processes to increase the likelihood of responsible information sharing, the ISE also is part of the effort to update the National Information Sharing Strategy.
The document is more than five years old and Paul said last year the intelligence community was doing an update.
“The White House has taken direct control over it. It’s gone through several interagency iterations,” he said. “I think it’s close. The annual report highlights some of the themes.”
Expansion of reporting standards
While these two strategies remain under development, the ISE is working with the state and local law enforcement agencies and Fusion centers to promote the use of the Suspicious Activity Reporting (SAR) standard.
Paul said at least 250,000 police officers are using the standard and the FBI has opened up 900 cases based on the information that comes in through SAR reports.
“Last year, we provided the seed funding and oversight to develop the training that goes to Hometown Partners,” he said. “We have 800,000 police officers who are integrated into the nationwide SAR initiative, but we also want to bring in the 1.3 million firefighters, 75 percent of which are volunteer, the emergency medical services technicians, the 911 call center operators, the folks who work in the correction systems or probation, emergency management folks and the 2.3 million private security folks. All of them have a role in identifying suspicious activity and taking action to keep their communities, their plants and their enterprises safe.”
Paul said vendors also now are supporting SAR as part of their normal software upgrade cycle, which makes it easier for the Fusion Centers to use the standard.
Additionally, 19 cabinet agencies, governments in Canada, Europe and industry have adopted the National Information Exchange Model (NIEM), on which SAR was developed against.
The Defense Department is implementing SAR reporting in its force protection mission in partnership with the FBI.
“As we have the collection piece, we need to put an increasing focus on the analytics,” Paul said. “There’s a growing interest in other cross domain information sharing challenges to look at this, for instance, incident reporting and response around cyber, and other national security threats with a domestic nexus such as organized crime or narcotics.”
Tom Temin is the host of The Federal Drive, which airs from 6-9 a.m. on 1500 AM in the Washington, DC region and online everywhere. Tom has 30 years experience in journalism, mostly in technology markets. Before coming to Federal News Radio, he was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines.