This document discusses national security through responsible information sharing. It presents a vision of advancing information sharing to further counterterrorism and homeland security missions. The mission is to transform information ownership to stewardship and promote partnerships across different levels of government and sectors. The scope describes the different entities involved in information sharing. The context outlines relevant laws, strategies, and initiatives. It describes principles and the information sharing environment for connecting information across the United States.
1. N AT I ONA L S E C U R I TY
THROUGH
RESPONSIBLE
I NF OR MATION S HA RI NG
Kshemendra Paul
Program Manager, Information Sharing Environment
February 2013
2. V I S I ON
National security through responsible information sharing
M I S S I ON
Advance responsible information sharing to further
counterterrorism and homeland security missions
Improve nationwide decision making by transforming
information ownership to stewardship
Promote partnerships across federal, state, local, and tribal
governments, the private sector, and internationally
2
3. S C OP E
International
Private Sector
Tribal
Local
State
Federal
Law Enforcement
Information
Communities
Defense
Frontline Sharing
• Investigators Intelligence Environment
• Analysts
(ISE)
• Operators Homeland Security
Diplomacy
Information Technology Industry
3
4. C ONTE XT
IRTPA
Intelligence Reform Executive Order 13388
and Terrorism
Protection Act of 2004
2007 National Strategy
Presidential Guidelines 2012 National Strategy
Markle Task Force Executive Order 13587
4
5. Principles:
• Information as a national asset.
• Information sharing and safeguarding requires shared
risk management.
• Information informs decision making.
5
6. D OME STI C ISE
Multiple Missions & Authorities National Approaches to Interoperability
Crushing Financial Pressures Integrated Capabilities & Shared Services
Evolving & Converging threats Common Operating Models
300+ million 77 Fusion Centers
People
80,000 8 RISS Centers 28 HITDAs
Agencies
750,000+ FBI
Officers FIGs ▫ JTTFs ▫ JRIGs
250,000 DHS
911 Operators I&A ▫ ICE ▫ CBP ▫ DNDO ▫ NPPD
1.2 million
Firefighters
DOJ
ATF ▫ DEA ▫ OJP
2.2 million Maritime NCTC
Security Officers ITACG
Domain
Air
18 CI/KR Sectors DoD Domain
* Numbers are estimates NORTHCOM
Protection of Privacy, Civil Rights, and Civil Liberties 6
7. P R OA C TI VE
D E C I S I ON M A KI NG
Frontline Agency Heads
INVESTIGATORS ANALYSTS OPERATORS CHIEF EXECUTIVE
OFFICERS
◘ Suspicious activity reporting
◘ Threats, vulnera
◘ Alerts, warnings, and notifications bilities
◘ Requests for information ◘ Risk
◘ Event, case, & subject deconfliction management
◘ Cyber incident reporting & response ◘ Resource
allocation
◘ Other mission processes
Cases Threat & Safe & ALIGNED
Connected Vulnerability Effective
& Solved Assessments Operations ACTION
7
8. TA R GE TED
C A PA BI L I T I E S
Trusted interoperable networks
User access,
authorization & control Distributed correlation
across data sets
Cross-organization information sharing
Shared IT & agreements & policy enforcement
analytic services
Timely, quality data
Information Access &
discovery
Performance &
compliance feedback
8
9. S TA N D A R D I Z I N G D ATA
MOVING ACROSS SYSTEMS
National Information
Exchange Model
I N T E R FA C E
I N T E R FA C E
COMMONLY
LEGACY FORMATTED LEGACY
DATABASES DATA DATABASES
Translation
10. I D E N T I T Y, C R E D E N T I A L , A N D
ACCESS MANAGEMENT
Enabling trust and interoperability for more effective information sharing
10
11. S TAT E W I D E I S E :
NEW JERSEY CASE STUDY
State County Local New
Agencies Agencies Agencies NYC PA CT
York
NJ CJ Agencies State Partners
UASI
NJ-ISE OHS
Enterprise P
Standards Based
ROIC Services Interaction
• Shared Services
• Info Exchange
NJ OEM
LE
NJSP
FBI Nat’l Fusion Private
NSI
JTTF Center Net Sector
Federal Partners External Partners
12. F U TU R E
Cyber Security
Statewide ISE: Race to the Top
Standards-Based Acquisition . . .
12
13. L E A R N M OR E
Standards-Based Acquisition
• TODAY: Advancing Information Sharing
Through Procurement Innovation w/ Vijay Mehra
3:15pm in the Woods Room
ISE Case Study
• TOMORROW: New York State Integrated Justice
Portal w/ Vijay Mehra
11:45am in the Birch Room
13
14. PLUG IN
PUBLIC SECTOR
S TA N D A R D S
DEVELOPMENT
O R G A N I Z AT I O N S
I N D U S T RY
A S S O C I AT I O N S
Speakers notes:The Challenge:Today, there are multiple identity federation efforts underway across the government that are critical to establishing trusted, assured identity, which is essential for responsible information sharing. However, these efforts are not necessarily coordinated, nor are their solutions functionally interoperable. The current fragmentation leads to confusion by vendors of products and services, users, and partners across the systems - it also leads to overlaps and gaps in governance. Sharing sensitive information requires each organization in the chain of custody to trust the methods for authenticating users, verifying their access, and safeguarding information based on these practices.The Approach:PM-ISE subject matter experts can help you interface with the Federal CIO Council’s Information Security and Identity Management Committee (ISIMC) to advance your ICAM efforts. Federal Digital Policy, with ISE Partner GSA: defining user attributes and data tags and establishing digital access rules that match user attributes to data attributes, authorizing user access to critical information in near-real-time or in advanceBackend Attribute Exchange (BAE), with ISE Partner GSA: managing and collecting user attributes through an attribute source (provider) so that a user’s attributes can be authenticated and authorized through a direct connection, either real-time or in advance, based on the Digital PolicySmart Data, with ISE Partners GSA, NSA: developing an approach for data-tagging (aka Resource Attribute Management) within the Federal Identity, Credential, and Access Management (FICAM) framework so data can be matched with user attributes, enabling near-real-time access to critical information at the appropriate level for the userImplementing FICAM on Secret Fabric, with ISE Partner DHS: developing a Government-wide plan for implementation of integrated identity and access-control capability based on the FICAM Framework across the Federal Secret FabricSimplified Sign-On and Search, with ISE Partner DHS: Advance interoperability between networks of key partners in the Sensitive But Unclassified (SBU) security domain through the development of Simplified Sign-on, Search and Identity Credential and Access Management (IdAM) toolsThe Solution:The Federal Identity Credential and Access Management (FICAM) Roadmap and Implementation Guide provides mission partners with a common set of standards, functions, and services for identity and access management.Today:95% of agencies responding to the 2012 ISE Performance Assessment Questionnaire plan to adopt FICAM standards and 52% report having already made significant progress in implementation. In addition, 89% of respondents report they have implemented and are using an accessible, authoritative source for identity information on at least one classification domain.Work remains to be done to bring all agencies’ identity and access processes in line with accepted standards – this is especially true when considering how these practices can and should extend across security domains. PM-ISE has the expertise and experience to help you navigate these waters.
Speaker’s Notes:Companies can efficiently deliver solutions that meet your needs if they know your requirements ahead of their production schedules and your requirements reflect industry-accepted standards.Challenge:In this constrained fiscal environment, agencies are focusing on controlling costs and streamlining. However, there is little consistency when referencing information sharing frameworks, standards, and guidance in RFPs, grants, or other acquisition vehicles.Approach:PM-ISE is working to create a common set of technical standards that should be incorporated into all ISE partners’ enterprise architectures.PM-ISE and GSA are sponsoring an initiative through the American Council for Technology – Industry Advisory Council (ACT-IAC) that will provide an industry perspective on standards-based acquisition and ACT-IAC has received input from more than 80 vendors.Solution:By understanding industry motivation, incentives, and rationale for using standards in software development and maintenance, we will identify which kinds of standards are most valuable for enabling information exchange, and theextent to which they are adopted or being adopted for government and commercial projects.Today:Industry is responding to the signal, with leading-edge technology vendors beginning to market NIEM integrationand compatibility as part of their product line.