“This is additive to the existing mission because now we also are looking at classified information sharing and supporting those activities,” Paul said in an interview with Federal News Radio. “It’s not an either/or. We see it as complimentary and synergistic because best practices for secure information sharing are best practices. Clearly the risk profile is different for classified information, but it’s shared best practices and I think that is a big part of what we bring to the table.”
The ISE will continue to play a coordinating role across the new entities the order created:
Senior Information Sharing and Safeguarding Steering Committee
Classified Information Sharing and Safeguarding Office
Interagency Insider Threat Task Force
“Our prime role is to be the arms and legs for the steering committee under the leadership of OMB and the National Security Council,” Paul said. “We are up and operational now and have started bringing folks from other agencies and surging resources to improve our posture.”
Coordination and collaboration
The main focus of the Classified Information Sharing and Safeguarding Office (CISSO) is to bring subject matter experts together to figure out the best ways to safeguard and share classified information.
“We’ve put in place, working with our partners in the interagency partners, a performance framework that centers on a series of key information sharing and safeguarding indicators,” Paul said. “These key indicators roll up in to a dashboard that allows for reporting up and allows for collective data drive decision making. It also drills down in to operational relevant measures and metrics that can help influence what different folks are doing in the interagency on specific programs. We coordinated pulling that together and we are operating the business processes around collecting that information, assimilating it and making sure we have data quality.”
The ISE also is working on the policy side. Paul said his office is supporting the steering committee’s efforts around what the shared service strategy should be and the recommendations for resource allocation.
The ISE supports the Insider Threat Task Force by helping identify best practices for enterprise audits and standards for logging information and audits.
“It’s important to note that the Insider Threat Task Force is a distinct entity with a distinct mission,” Paul said. “We are all complementary and will have to work together to be able to bring that full picture to bear here.”
With these new responsibilities, Paul said the ISE is making do with the resources it has and being creative.
“We are bringing on other agency employees to sit in our space. And then we are also doing lot of collective work through existing working groups or agency based activities,” he said. “We are helping to coordinate all of that. There is a real focus across the interagency to address common vulnerabilities.
Across the government people do look at what happened here as a major thing. It has highlighted vulnerabilities, highlighted areas where we didn’t do as well as we needed to and we need to improve. Folks recognize that we can’t do it in sharing and safeguard stovepipe and we have to do it together. So that is what is happening.”
No more resources, for now
The ISE also is working through the normal fiscal 2013 budget process to request more resources.
Paul said even though the EO focuses on classified information there are several overlapping lessons the ISE and others have learned in the unclassified environment.
“There are nuances and it would be over simplistic to say they are the same, but there is a huge amount of commonality,” he said. “Think about how you do identity credential and access management. The key thing we are focused on is driving anonymity out of our different networks and that you are doing attribute-based access control. The approach to doing that in terms of architecture frameworks, standards, there is huge commonality. That is part of the value-add synergy we bring. We have been very active in looking at those things at the sensitive unclassified level, and to support classified mission around counterterrorism. There is a real push in the interagency to accelerate those kind of frameworks.”
Paul said the order keeps in motion several initiatives that have been making a difference in the 11 months since WikiLeaks.
“Agencies have done a tremendous amount in the past year and more to address the vulnerabilities and issues that were identified through the WikiLeaks breach,” he said. “Things like enhancing control of removable media, improvements with identity management, including reducing user anonymity and increasing user attribution across classified networks, improving awareness around inside threat type issues, security and access controls. There are a variety of things agencies have done to improve our posture against the identified vulnerabilities.”