Data sharing and security

 

Connecting state and local government leaders

SPECIAL REPORT | These common threads run through many of the items on IT leaders' 2007 agendas.

Federal superspy Jack Bauer battles fate and countless foes on the hit TV show '24''a drama unfolding in real time and depicted on several windows within the screen.


Like the Bauer character, who himself is the fictional successor to an earlier superagent who liked his tipple 'shaken, not stirred,' federal IT users frequently will have to share information quickly if they hope to prevail or even survive in 2007.


The information-sharing conundrum is one of several that promise to stay on the desks of CIOs and other tech leaders, who already have their own 'day job' agency missions.


To frame this special report on federal IT in 2007, GCN reporters and editors met with a range of technology leaders and pooled their impressions of the most important agenda items shaping the year.


We chose, in honor of 2007, seven people, seven policies and seven programs that we believe will drive the pivotal issues in federal IT. Each of these 21 items will affect agencies differently, but surely will leave their mark before 2007 is in the books.


Against the background of the technical and policy issues that agencies will either seek to promote themselves or have forced onto their IT agendas, another overarching theme will continue to shade the arena: shaping appropriate information sharing.


So many official reports, speeches and commentators have soberly intoned the mantra of information sharing as the silver bullet for counterterrorism that a backlash has started.


One senior intelligence community official recently characterized the words information sharing as a 'bumper sticker' signaling lip service to the goal.


But at the technology level, CIOs and their strategic advisers have been weaving together systems that create data vines, so to speak, across which data can swing from one agency 'tree' to another.


They have laid the groundwork for common standards'from intelligence to medical to financial-management information'that will help agencies share data by standardizing various forms of metadata.


The intelligence community soon will release a group of seven IT security rule reforms designed to help agencies share data, partly by standardizing methods for defining the 'protection levels' that shield data from hijacking [GCN, Nov. 20, 2006, Page 17].


The related privacy protection issues also will garner heavy attention from Capitol Hill and private-sector advocates.


But there are a number of troublesome issues that must be corrected while dealing with privacy and security concerns.


'The privacy issue is going to be increasingly challenging,' said Ray Bjorklund, vice president for market intelligence and chief knowledge officer at Federal Sources Inc. of McLean, Va. 'The really gross instances of data being compromised, like the one at the Veterans' Affairs Department, have put that issue front and center for CIOs.'


In response to the VA data breach scandal, House Veterans' Affairs Committee chairman Steve Buyer (R-Ind.) pushed for IT centralization because of the agency's record of failed IT projects costing hundreds of millions of dollars.


Reforming VA technology put secretary Jim Nicholson in the role of challenging the 'centurions of status quo,' as Buyer calls them.


In late 2006, Nicholson signed a directive to fully centralize VA IT, including applications development, under CIO Robert Howard. Buyer calls VA's decision a model for other decentralized agencies to follow.


Consolidation Driver

James Carafano, senior fellow at the Heritage Foundation, calls that centralization trend, which is helping to drive data center consolidation, a move toward data-centricity similar to the Pentagon's drive to net-centricity.


Other agencies are moving toward centralization as a means of fostering information sharing and gaining control over information fiefdoms.


In the Homeland Security Department, G. Guy Thomas, the Coast Guard's science and technology adviser for the maritime domain awareness project, said the question of permission to access data lies at the core of the information-sharing issue.


'Technology is the easy part,' Thomas said. 'The problem is changing the policies so people understand that they have permission to share information, while at the same time making sure that they don't give away the store.'


Thomas said agencies' outlook on information sharing typically has been, 'What's mine is mine and what's yours is negotiable.' However, he cited two presidential documents, National Security Presidential Directive 21 and National Security Presidential Directive 41, that require agencies to improve information sharing.


Common and Collaborative

The ultimate goal that technologists and policy-makers should strive for is user-definable interfaces, which would provide a 'common operational picture that serves as an interface to a collaborative information environment,' Thomas said.


'I think the technology is there to build the system today,' Thomas said, 'but you clearly need the oversight as to who sees what information.'


The Coast Guard has worked with Johns Hopkins University and the Navy's Space and Naval Warfare Systems Command on the collaborative environment, Thomas said.


'Right now, we are trying to develop the investment strategy to develop the maritime domain awareness strategy,' Thomas said, foreshadowing 2007 as a pivotal year for decisions involving spending on the technology.


One of the most critical technology aspects of the information-sharing reform will be the gradual creation of standards for using 'High Assurance Guards [HAGs],' which are microchips that allow the transfer of information across various levels of classification.


And the Coast Guard is not alone in trying to improve their information-sharing abilities.


Departing director of national intelligence John Negroponte has been working through his CIO, retired Air Force Lt. Gen. Dale Meyerrose, to reshape the use of HAGs so police patrol officers, for example, can have access to certain classified information.


DOD and Intel also have taken small steps to better coordinate data, while civilian agencies, such as the Health and Human Services Department and the Office of Personnel Management are working on standards that will improve data sharing for medical and human resources data.


As the executive branch wrangles with its own issues, CIOs can expect much tougher scrutiny from a source that has been generally docile for six years: Congress, now controlled by the Democratic Party.


Leaders in Congress have signaled that they expect to increase oversight.
For example, Rep. Henry Waxman (D-Calif.), new chairman of the House Government Reform Committee, is working with his staff to arrange a series of oversight hearings on federal procurement and waste, fraud and abuse, sources said.


The House Homeland Security Committee, which has a history of relatively bipartisan oversight hearings, will hold federal IT accountable, according to its new chairman Bennie Thompson (D-La.).


As for actually passing laws, congressional Republicans have quickly found themselves in the same soundproof, locked room that they originally built for Democratic members.


Rep. Peter King (R-N.Y.) former chairman and now ranking member of the Homeland Security Committee, issued a letter to new speaker Nancy Pelosi (D-Calif.) citing her plans to move quickly on some homeland security legislation, especially that regarding the allocation of grant funds.


'Speaker-elect Nancy Pelosi has indicated that Democrats plan to bring legislation directly to the floor without first allowing subcommittees or committees to hold any hearings or markups,' King wrote. 'The legislation is expected to include several important and far-reaching homeland security measures, drafts of which we have not yet been allowed to view.'


Alongside lawmakers' competition for headlines, agencies' IT executives likely will have to approach Congress with their hats in hand to secure funding for a number of programs, including smart identification cards for federal employees and contractors under Homeland Security Presidential Directive-12 and
e-government, and Defense Department transformation projects as Future Combat Systems.


Dealing the Cards

HSPD-12 mandates the completion of background checks by next October for all employees and contractors with fewer than 15 years in their jobs. Since last October, agencies slowly have been issuing cards to employees and contractors and getting their infrastructure in place to use the cards.


Procurement policy and organizational changes, some of which could attract Hill scrutiny, also promise to complicate CIOs' business operations this year.


Interagency contracting will come into focus, and Office of Federal Procurement Policy administrator Paul Denett likely will review how agencies develop and implement multiple-award contracts and increase the oversight of these acquisition vehicles.


Along with Denett's attention to acquisition, industry experts say Waxman; Rep. Tom Davis (R-Va.), ranking member of the Government Reform Committee; and the House and Senate Armed Services committees will closely watch the Services Acquisition Reform Act panel's recommendations to improve service contracting.
The General Services Administration's ongoing reorganization promises to affect the ways federal agencies run acquisition projects. This could inspire agencies to use GSA's services again, by restoring trust in GSA's operations.


Amid the general concern about security, private companies finally got what they have been clamoring for over the past few years: a DHS assistant secretary for cybersecurity. Greg Garcia, who took over the position in September, will use his position to evangelize the importance of IT security as well as raising the expectations of federal agencies.


Meanwhile, OMB is approaching security via its Lines of Business approach. It likely will tap six agencies as centers of excellence'three to oversee Federal Information Security Management Act compliance and three in training.
On the military side, the Air Force's new Cyberspace Command will draw attention to the growing threat.


'The story that is really going to grow is this massive Chinese intrusion,' Carafano said, citing Chinese hacks at military service academies and other national security targets. 'At some point, somebody is really going to hold hearings on that.'


IT security also likely will focus on the spread of robust botnets or webs of zombie computers that are becoming increasingly difficult to crush.


As for the Chinese hacking threat and the possibility of Beijing or another foreign power mounting a similar attack linked with a physical attack, Uncle Sam will have to rely on the Jack Bauers of this world to quickly gather and share the information needed to finesse the threat.


'We are not the Pentagon,' said one federal homeland security official. 'I had 39 years with the Pentagon, and this is a different problem set that won't respond to the Pentagon approach of barging in and laying down the law. It has to be approached by a carefully built and orchestrated coalition of forces.'


A typical example of a coalition problem is the task of fielding technology to secure the borders, a task that calls for unprecedented data sharing.


'The more you merge and federate data, the more requirements you have for data security,' Carafano said. 'That means the different communities of interest each have to have their data secured without inhibiting the flow of information.'
FSI's Bjorkland noted that information sharing is not something CIOs can easily influence.


'I am not saying that CIOs are just technologists,' Bjorklund said. 'But the cultural barriers that have prevented information sharing have put the CIOs in the position of building tools so that federal officials can tap into one another's datasets.'




X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.