Information Sharing and Protection

The Need for Achieving Appropriate Information Sharing

and Information Protection

The Need for Achieving Appropriate Information Sharing

and Information Protection

1

David A. Bray, PhD, MSPH [email protected]

What is the ISE?What is the ISE?

1. What is the ISE?

2. Post-9/11 Information Sharing

3. Towards Information Sharing and Protection

4. On-going ISE Development Efforts

2


3

Information Sharing Environment (ISE) spans • Federal, State, Local, and Tribal Agencies; • Private Sector; and • International Allies

Information Sharing Environment (ISE) spans • Federal, State, Local, and Tribal Agencies; • Private Sector; and • International Allies

DefenseDefense

IntelligenceIntelligence

Homeland Security Homeland Security

DiplomacyDiplomacy

Law EnforcementLaw Enforcement

Range of Missions

Com

mun

itie

s

Information Sharing

Environment

Terrorism-relatedTerrorism-related

Frontline

•Investigators•Analysts•Operators


• Established: ◦ Post-9/11 Commission Reforms w/ the Intelligence

Reform and Terrorism Prevention Act of 2004

• Purpose: ◦ Align and leverage policies, processes, technologies,

and systems

◦ Promote timely, actionable, relevant information sharing re: counter-terrorism, WMD, and homeland security

◦ Protect information, privacy, and civil liberties

4

Post-9/11 Information SharingPost-9/11 Information Sharing

5

•300+ million people•50 States•3,000+ counties•500+ Federally recognized Indian Tribes

•18,000+ Law Enforcement Organizations

•1 million+ security personnel

U.S. law provides for a reasonable expectation of privacy for all U.S. persons.


6

2004 2006 - 2008

2005

• Global Justice (GLOBAL) Fusion Center Guidelines

• President approves recommendations submitted pursuant to 2005 Guidelines Memorandum

• The “Implementing Recommendations of the 9/11 Act”

• Transfer of the President’s authorities in IRTPA to the PMISE.

• President issues the National Strategy for Information Sharing

• President issues Memorandum standardizing sensitive but unclassified information – Controlled Unclassified Information (CUI)

• GAO reviews the Information Sharing Environment

• Baseline Capabilities for Fusion Centers Issued

• Nationwide SAR Initiative (NSI) pilot project launched by PM-ISE with DOJ, FBI, and DHS

• PM-ISE Opens

• EO 13388 further strengthening the sharing of terrorism information to protect Americans, Establishes an interagency Information Sharing Council to advise the President

• Presidential guidelines and requirements in support of the terrorism Information Sharing Environment

• DOJ and DHS sign NIEM Memorandum of Understanding

• 9/11 Commission Report

• EO 13354 creates National Counterterrorism Center

• EO 13356 strengthens terrorism information sharing (revoked by EO 13388)

• IRTPA establishes calls for an Information Sharing Environment ; creates PM-ISE

2010

• Attorney General opens a Program Office for the Nationwide SAR Initiative

• SBU Interoperability project launched

• President appoints new Program Manager

• White House Issues FY12 ISE Programmatic Guidance

• EO 13549 establishes a uniform Classified National Security Program to facilitate sharing of classified information with SLTPS entities

• EO 13556 establishes a uniform program for managing unclassified information that requires safeguarding or dissemination controls (CUI)

• PM launches dialogue for updating National ISE Strategy

• Fusion Center Baseline Capabilities Nationwide Assessment Complete

2009

• EOP reaffirms need to enhance national security through an ISE

• National Security Staff organized to include Senior Director for Information Sharing

• Information Sharing & Access IPC Created

• White House Issues FY11 ISE Programmatic Guidance

• SAR Functional Standard updated

• NSI Pilot completed; plans for nationwide implementation

• Attorney General and DHS Secretary issue recommendations on CUI

Mission Partners Build and

Operate the ISE

7

2007 2008 2009 2010 2011...

ISE

Pri

ori

ties

Controlled Unclassified Information (CUI)

Interagency Threat Assessment and Coordination Group (ITACG)

Nationwide SAR Initiative (NSI)

NARA

NCTC

DOJ

Fusion Center (FC)DHS

Cargo Screening

Assured SBU/CUI Interoperability

Assured Secret Network Interoperability

DHS

DoJ, ODNI, DHS, FBI

FBI, ODNI, DHS, DOD


Towards Sharing and ProtectingTowards Sharing and Protecting

“… There is also a clear connection between cybersecurity and information sharing. The same technology that will help improve information sharing is a critical part of protecting…”

“… Regular, automated compliance and behavior audits will not only protect privacy and make possible authorized use of information, they will greatly enhance the government’s ability to monitor misuse of its information networks…”

8

-Markle Foundation, “Nation At Risk: Policy Makers Need Better Information to Protect the Country”


Protection and Sharing Represent Two Sides of the Same Coin

9


• Provide information sharing and protection mechanisms to ISE participants

• Ensure protection of privacy, civil liberties, and sensitive information appropriately

• Support authentication, authorization, and access control processes to discover data and services on all networks

• Enable access control policies to be managed and enforced at the enterprise level, to include audits that both inform protection and sharing trends

10

On-going ISE Development Efforts On-going ISE Development Efforts

11

• Building a National Integrated Network of Fusion Centers

• Continuing Implementation of the Nationwide SAR Initiative

• Establishing SBU/CUI Network Interoperability

• Improving governance of the classified National Security Information Program

• Advancing Implementation of CUI Policy

• Aspirations:

Achieve loosely coupled and interoperable enterprise-level applications and services, appropriately protecting privacy and sensitive information

12


• Achieve interoperability across the Enterprise Architectures of agencies across Federal, State, and Local levels of government

• Empower agencies to reuse standardized information exchange components to achieve appropriate sharing and protection of information

13


14


Requirements Across Departments and

Agencies

Interagency Information Integration Architecture

and Governance

Service Specifications, Including Reusable

Components and IEPDs

Contracted for Development by Industry

or Government

Reuse by Other Departments and

Agencies

Build, Test, and Certify Services, Reusable

Components, and IEPDs

Greater Reuse Across Government of Services, Components, and IEPDs Greater Demand Signal to Industry to Develop Standard Interagency Services

Questions?

David A. Bray, PhD, MSPH [email protected]

15

www.ise.govwww.ise.gov

Sign up for EmailAlerts to get the latest on:• National ISE Strategy• ISE Activities• Blogs and News

Technology

Information Sharing and Protection