For feds, secure information sharing puzzle slowly coming together

Jason Miller, executive editor, Federal News Radio

wfedstaff | April 17, 2015 11:27 pm

Agencies haven’t quite found the right balance between cybersecurity and accessibility when it comes to their data. Nearly two years after the White House issued its strategy on information sharing and safeguarding, the Information Sharing Environment continues to steer efforts to achieve the administration’s goals.

Kshemendra Paul, the program manager of the Information Sharing Environment (ISE) said one key policy and technology issue is taking shape to strike the balance of secure information sharing.

“We’ve been working with GSA on some shared services in helping support them on the Federal Identity Credential and Access Management Roadmap,” Paul said in an exclusive interview with Federal News Radio. “The President’s National Strategy for Information Sharing and Safeguarding calls for the FICAM as the basis for a U.S. government federated identity credential and access management. We sponsored an effort with the National Security Agency and the Committee on National Security Systems to port FICAM to the secret fabric. That was done successfully. CNSS issued a policy around that.”

The shared services with the General Services Administration, known as the back-end attribute exchange, may be the furthest along. The ISE and GSA have been working on the effort since 2011. The Justice Department in 2013 completed a test with the technology and policy with federal law enforcement officials sharing data in the gang tattoo database with state and local police officers in Texas through the Regional Information Sharing System (RISSNet) program.

Advertisement

Paul said the back-end attribute exchange is expanding.

“There is a current project around a secure attribute registry service. The secure federation of sensitive but unclassified networks [LEO, RISS, HSIN, and Intelink- U] have agreed to about eight managed attributes that are common across that network. They’ve agreed to federate those attributes. That’s critical,” he said. “So attributes like sworn law enforcement officer or whether the law enforcement officer has certain privacy training that are required to look at criminal intelligence information, things like that now can be securely shared across the identity federation, and that supports policy automation so you can do automated access and discovery of information over time.”

Moving security to the data layer

Another expansion of the back-end attribute exchange is the use of a security trimmed federated query. This is where law enforcement officials can tell the assorted databases to provide only the information the person who made the query is allowed to see based on their attributes.

Paul said this is a big change because it’s moving the security from the network layer, where if someone could log into the network, they’d get access to all the data, to the data layer and does it in a federated way across all users and all databases.

“The attribute exchange registry is at the initiation stage,” he said. “The fact that the SBU networks have worked out the protocol to use the attributes and will migrate to use these other services over time.”

All of these technology and policy changes are about reducing the risk of insider threat, but at the same time not restrict how information is accessed by those who need it.

The ISE, which is celebrating its 10th anniversary, sent its annual report to Congress highlighting many of its successes, and the impacts of its tools and techniques on terrorism and criminal information sharing nationwide.

Paul said over the last decade through the ISE’s efforts the complexity of sharing information has diminished, though there still is a long way to go.

And over the next decade, he expects information sharing and accessibility to continue to get easier as the federal, state and local government investments become more aligned.

“It will look more coherent,” he said. “I think you will see more institutionalized use of the frameworks like project interoperability. We are at the early stages of our work with the standards coordinating council. I’m incredibly bullish on that work. It’s great to see the enthusiasm by our private sector partners, the standards partners around project interoperability. So I have high expectations for how those interoperability frameworks will be better packaged, made more accessible, adopted by industry and more readily available so we in the public sector can buy solutions from our partners in industry that are increasingly interoperable.”

The ISE launched Project interoperability in March with the goal of identifying and isolating best practices for information sharing and tying them to existing standards so they can use and improve upon them.

Addressing duplication, overlap

The ISE put the information sharing guide on the GitHub platform to expose it to a wider audience for input and feedback.

Paul said the change is slow, but coming. A 2013 Government Accountability Office report found a lot of overlap among federal entities, including the Homeland Security and Justice departments. In April 2013, GAO found that 34 of the 37 entities located across the eight urban areas conducted an analytical or investigative support activity that overlapped with another entity, especially in the all-crimes and counterterrorism areas and in the dissemination of information.

Paul said ISE has been working to align those different networks and offices, particularly at the state and local level.

He said one area where the ISE has helped law enforcement officials make process is around officer deconfliction.

“This is an officer safety issues, but it’s also the case that you may have long- running investigations on shared targets and you want to deconflict those upfront. By sharing information effectively, you can start to develop insight, tactical intelligence and leads,” Paul said. “And finally, there is the issue of resource allocation. A state bureau of investigation mandated deconfliction policy across its internal cases and found 20 percent of their cares had some connection. So who could afford just to not look at that kind of overlap from a resource allocation perspective?”

He added there are three deconfliction systems, one used mostly in the western U.S. and two others that are nationally used, that law enforcement officers are using widely. Paul said two are interconnected, and the third one will be added in the coming month or so. He said those systems also could be connected to federal systems, such as those run by the Drug Enforcement Administration, in the coming year.

“It’s a great example of how we are helping these centers align and be able to work together so you don’t have the perception of fragmentation, duplication or overlap,” Paul said. “They each have independent missions, but there’s an opportunity for them to work together and leverage common policy, business processes and technology. This initiative, tying together deconfliction systems, hits all of those different food groups. So it’s wonderful to see this.”

Paul said the deconfliction system used mostly on the west coast is doing around 2,000 deconflictions a day, and 30 percent have some overlap in time and location.

RELATED STORIES:

White House: Information sharing a ‘key ingredient’ in cyber efforts

PM-ISE shepherds secure data sharing tool from validation to expansion

Information Sharing Environment having intended effect after 10 years

Kshemendra Paul, Program Manager, Information Sharing Environment

Redundant agency programs wasting billions of dollars