Information sharing: Are we safer?

A decade after the 9/11 Commission identified agencies' reluctance to share information as a dangerous shortcoming, the government is moving in the right direction.

After the Sept. 11 disaster, the lack of appropriate information sharing within the federal government community was highlighted as a key weakness by the 9/11 Commission. Its final report states that "agencies uphold a 'need-to-know' culture of information protection rather than promoting a 'need-to-share' culture of integration."

Since then, there have been many changes, with the establishment of the Department of Homeland Security and the Office of the Director of National Intelligence being most significant and visible. But other changes have been implemented that have sought to help, including the Patriot Act's removal of some barriers that once restricted the sharing of information between the law enforcement and intelligence communities.

In addition, the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004 established the multi-agency National Counterterrorism Center to analyze and integrate all intelligence pertaining to terrorism, including threats to U.S. interests at home and abroad.

And a collection of 78 fusion centers have been established throughout the U.S. to physically bring together federal, state and local law enforcement and first responders to deal with threats and disaster conditions.

In terms of information sharing, IRTPA also mandated that the president establish an Information Sharing Environment (ISE) as "a decentralized, distributed, and coordinated environment [that] to the greatest extent practicable...connects existing systems,...builds upon existing systems' capabilities currently in use across the government,...facilitates the sharing of information at and across all levels of security,...and incorporates protections for individuals' privacy and civil liberties."

Many federal agencies participate in and contribute to ISE, but the law further mandates that a program manager be designated to oversee it and that an Information Sharing Council be formed to advise the president and the program manager on the development of ISE policies, procedures, guidelines and standards, and to ensure proper coordination among federal departments and agencies participating in ISE.

A decade later, how has ISE fared? Can we effectively rate the government's improvements to intelligence, law enforcement and counterterrorism information sharing, and have they been made in a way that protects privacy and our civil liberties?

Or the more basic question: Are we safer now than before Sept. 11, 2001?

From a structural perspective, the program manager for ISE, Kshemendra Paul, and his organization report to the director of national intelligence but carry out the mission of ISE by coordinating across federal, state, local and tribal government organizations. The Information Sharing Council has been recast as the Information Sharing and Access Interagency Policy Committee (ISA IPC), which still carries out the primary coordination role.

In 2007, then-President George W. Bush issued the first National Strategy for Information Sharing. President Barack Obama issued the updated National Strategy for Information Sharing and Safeguarding in December 2012.

In the 2013 edition of PM-ISE's annual report, Paul reports on the organization's progress in implementing the objectives of the national strategy. Below are a few important highlights:

  • One positive accomplishment has been the establishment and success of the Suspicious Activity Reporting program, which enables federal, state and local jurisdictions to readily and rapidly share information regarding suspicious activity. Nevertheless, a report published last year outlines ongoing issues and recommends improvements to the SAR program. The ISA IPC is overseeing the implementation of the recommendations.
  • To support improved information discovery and access through common standards, the FBI's Criminal Justice Information Services Division expanded the capabilities of law enforcement's National Data Exchange to accommodate more records and users, and officials began sharing investigative reports in near-real time with criminal justice partners. Furthermore, the Defense Department took a major step forward in promoting common standards with the decision to adopt the National Information Exchange Model (NIEM) for standards-based data exchange.
  • In light of the WikiLeaks and Edward Snowden incidents, sharing and safeguarding information requires enforcing the controls that are necessary to protect sensitive and classified information, as well as the privacy, civil rights and civil liberties of individuals. But it is also necessary to provide efficient access to mission-critical information so that analysts, operators and investigators can effectively perform their jobs. Striking the correct balance will continue to be a challenge for the members of ISE.
  • As cybersecurity threats have grown, PM-ISE is playing a more direct role in government by working with DHS and critical infrastructure companies to help define governance and technical standards by which sensitive information regarding cybersecurity threats can be shared. DHS has expanded its Enhanced Cybersecurity Services program in accordance with Executive Order 13636 (Improving Critical Infrastructure Cybersecurity) to better assist critical infrastructure owners and operators with protecting their systems.

When I was DHS CIO from 2009 to 2013, I worked closely on information-sharing issues with PM-ISE; across the federal, state, local, tribal and territorial governments; and with groups such as the IJIS Institute and the International Association of Chiefs of Police. During that time, I saw tremendous improvements to information sharing and a deep concern for addressing privacy and civil liberties issues.

I found the dedication of people at all levels of government inspiring, especially given that trying to achieve consensus among multiple government bureaucracies can be truly daunting.

The highlights from PM-ISE's 2013 annual report give a sense of that progress and the maturation of our efforts to share and safeguard information. In particular, I would note that PM-ISE has helped spread the idea that innovation prospers when it is based on standards for sharing information. I can state emphatically that we are safer today because of efforts of many individuals at many departments and agencies in the federal government, along with partners at state and local governments and even in the private sector.

Yet there is still much that can and should be done. For example, there are significant gaps in information sharing. Some of them are cultural, but many could be addressed through the proper use of emerging technologies that help ensure that information is being properly shared with the proper partners, in the proper context and with the appropriate privacy protections in place.

In particular, we need:

  • Greater support for programs that rely on federated identity, credential and access management. Those programs are crucial if we are to move to a higher level of information sharing, particularly as we wish to make information discoverable across the boundaries of government. ICAM systems must be interoperable and part of a larger ecosystem to enable cross-organizational identity management. We need a vibrant identity ecosystem that is privacy-enhancing, secure, resilient, interoperable, cost-effective and easy to use, as outlined in the National Strategy for Trusted Identities in Cyberspace.
  • Further support for the maturation of community-driven XML data standards developed under NIEM to help overcome technical barriers to sharing information.
  • Widespread adoption of the efforts of DHS and other agencies to set data-tagging standards to enable specific protections and limitations on data use or to handle special cases governed by law or regulation.
  • Aggressive implementation of new technologies and the upgrade, consolidation and retirement of older systems to enable enhanced information sharing. The continued stovepiped nature of many government systems and the lack of unified IT infrastructure are the greatest inhibitors to properly sharing information.

In July, the former commission members issued "Reflections on the Tenth Anniversary of the 9/11 Commission Report." Regarding the threat of terrorism, the report states, "The 'generational struggle' against terrorism described in 'The 9/11 Commission Report' is far from over. Rather, it is entering a new and dangerous phase, and America cannot afford to let down its guard."

The report makes two recommendations with regard to information sharing:

  1. The director of national intelligence should focus on advancing interagency information sharing, unified IT capabilities and other communitywide initiatives.
  2. Congress should enact legislation to enable companies to collaborate with the government to counter cybersecurity threats. "Companies should be able to share cyber threat information with the government without fear of liability," the report states.

Let us hope the Obama administration and Congress heed the continued advice of the 9/11 Commission.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.