recommended reading

Authorities Are Mum on Information Sharing During Boston Bombings

A police officer and an FBI agent search for a suspect in the Boston Marathon bombings April 19.

A police officer and an FBI agent search for a suspect in the Boston Marathon bombings April 19. // Matt Rourke/AP

Homeland Security and FBI officials declined to say whether they’ve been using a controversial communications network in the aftermath of the Boston Marathon bombing designed to share classified information across federal, state and local jurisdictions.

A March 2012 Homeland Security directive deemed the Homeland Secure Data Network, or HSDN, "the U.S. government's primary non-defense, secret level classified information network.” That directive was required under an executive order President Obama issued in August 2010 to address shortcomings in classified information sharing. But former federal officials say the system hasn’t lived up to its promises and they weren’t sure if the $365 million system was even being used.  

Boston police officials referred inquiries about their use of the network to the FBI. FBI officials said the bureau used its own classified system called Guardian, which also can share data governmentwide, to take action after the Boston Marathon bombings. The bureau referred questions about HSDN to the Homeland Security Department, which maintains the network. 

"HSDN is not an FBI system, so comments on the HSDN system should be directed to DHS," said FBI spokeswoman Kathy Wright. Homeland Security Department officials declined to comment for this story.

“HSDN has labored under a reputation as a costly system without a clearly supportive constituency,” said Stewart Baker, the first-ever DHS assistant secretary for policy. He speculated that "in a natural disaster, HSDN may well be the best place for data to be shared. In a terror situation, though, I suspect it competes with the FBI’s own information sharing system."

The 2012 directive required federal agencies, including the FBI, and district "fusion centers," such as the Boston Police's regional intelligence center, to use the DHS system "in support of a counter-terrorism or homeland security mission." Wright said she was "not aware of the FBI being mandated to use this system in a crisis.”

Before the Boston events, the bureau and DHS reportedly had collected separate intelligence on Tamerlan Tsarnaev, one of two immigrant brothers with ties to Chechnya suspected of detonating explosives at the race and killing a police officer days later. 

The recent policy change was intended to elevate the role of the secure data network, Charles E. Allen, a former top DHS official who helped launch the system, said in 2012.  The directive fulfilled part of a 2010 executive order to align data protection standards for accessing classified information across government and industry. 

Baker, who left DHS in 2009, described the network as "a secure social media site," which, he said, means its success depends on attracting participants and building community. "My sense is that HSDN has had trouble getting traffic, though perhaps that has changed recently,” he said. The department has devoted more time and effort to security and authentication because potential users initially said they would not share with people they didn’t know and approve, Baker added. 

"The early lack of enthusiasm among state and local users may have reflected some competition at the federal level for communications links to those users," said Baker, now an attorney at Steptoe and Johnson. 

Allen, who stepped down as DHS undersecretary for intelligence and analysis in 2009, still keeps tabs on the system’s progress. He has no direct knowledge of the Boston case but said the value of the network in situations like the marathon bombing is that information exclusive to DHS gets passed on to first responders and investigators. Examples include write-ups of people who enter the United States on visas and request resident status changes.

"These are very detailed dossiers," Allen said. The department’s Immigration and Customs Enforcement and Secret Service components might have acquired computer forensics evidence in the past that could assist with an investigation, for instance.  

DHS on April 24 reported having spent $365 million on the project between 2005 and 2012. The FBI’s Guardian has cost $40.4 million since launching in 2004, FBI officials reported on April 25.

“There's always questions of funding" for major IT systems such as the DHS network, but "this system can scale,” said Allen, now principal at the Chertoff Group, a consulting firm led by former DHS Secretary Michael Chertoff.  

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download

When you download a report, your information may be shared with the underwriters of that document.