Updated platform rescues DHS info sharing network

 

Connecting state and local government leaders

The Homeland Security Information Network was in danger of cancellation until refocused project management enabled the launch of a more secure platform for sharing sensitive information across federal, state and local agencies, as well as the private sector.

It has traveled a long, difficult road, but the Homeland Security Information Network is getting into place. 

Project at a glance

Name of the project: Homeland Security Information Network, Release 3

Office: Homeland Security Department Office of Information Sharing Environment

Technology: Microsoft SharePoint, Adobe Connect, Cisco Jabber

Time to implementation: Development began in September 2011 and initial operating capability achieved in July 2012. The legacy platform was decommissioned in August 2013.

Cost: The new platform is expected to provide a cost savings of $50 million over five years and lower the cost-per-user by 25 percent.

More on HSIN

HSIN in action: Boston bombing, Deep Water, Super Bowl

Despite its troubled history, the DHS Homeland Security Information Network has demonstrated its capabilities as a platform for event management and disaster response. Read more.

HSIN is the primary platform for sharing sensitive but unclassified information among the Homeland Security Department and other federal, state and local agencies as well as the private sector. It is a secure Web portal with collaboration tools to enable real-time communication and managed access to data hosted at DHS data centers.

Release 3 of HSIN, which includes improved identity and access management and enhanced controls on information contributed by users, began rolling out to users in late 2012; the 10-year-old legacy platform has been discontinued. 

First implemented in 2003, HSIN was intended to replace the informal personal networks for information sharing that predominated at that time. It has been used in the responses to events such as the Boston Marathon bombing in April, Superstorm Sandy in October 2012, and the Deep Water Horizon Oil Spill in 2010.

The limitations of ad hoc networks based on personal relationships had been tragically highlighted by the Sept. 11, 2001, terrorist attacks. “The question with HSIN was, how do you foster trust across the enterprise,” when face-to-face relationships were not possible, said Kshemendra Paul, the Information Sharing Environment program manager in the Office of the Director of National Intelligence. “That is a key part of what Release 3 is providing.”

Getting to Release 3 was not a simple task, however. “HSIN has been a little bit of a lightning rod,” Paul said.

Congress, the Government Accountability Office, and stakeholders all have criticized the early versions of the program. The inadequacy of security and information sharing in the original platform limited its use both by DHS and other members. These limitations were to be addressed in a new version, but HSIN Next Gen ran into management problems that led to its cancellation.

“That deployment failed,” said Michael Brody, HSIN manager for policy outreach and communications at DHS.

The GAO in 2008 said inadequate project management for the program presented a “risk of operating in an ad hoc and chaotic manner.” In July, GAO included HSIN Next Gen in a list of 15 failed federal IT projects.

What now is HSIN started as the Joint Regional Information Exchange System, a collaboration between the Defense Intelligence Agency and law enforcement agencies that was transferred to DHS in 2003. But because of conflicts between the needs of local law enforcement, intelligence analysts and counterterrorism agents, the system proved inadequate and in 2007 DHS had stopped updating it in favor of a complete replacement. The department continued to operate the legacy system while developing HSIN Next Gen. A $19 million task order (with four one-year options worth another $62 million) was awarded in 2008 and a four-phase transition to the new system was scheduled to being in May 2009. The original HSIN was to be shut down in September 2009 when HSIN Next Gen would be fully operational.

But by October 2008 GAO concluded that, “DHS has been challenged in its ability to efficiently and effectively manage the department’s existing primary information-sharing system. In particular, although DHS has invested upwards of $70 million on the system, it still does not fully meet user needs.” Development of the Next Gen system was plagued by a lack of project and acquisition planning, inadequate requirements development and poor risk management.

“Investing money given the current state of management controls puts the project at risk,” GAO concluded.

Then, in April 2009, one month before the transition to Next Gen was to begin, a hacker using federal credentials got into the system, accessing sensitive but unclassified information. This was followed by a second breach in May. In October 2010 DHS shut down Next Gen. GAO estimated that killing the project saved the department $129 million.

DHS reexamined HSIN user requirements and security needs, and in November 2010 got the go-ahead from the Office of Management and Budget for Release 3, which would feature better identity management and access control and would fit in with the department’s plans to consolidate its Web portals, reducing the number of sites providing the same types of services. Development began in September 2011 and in July 2012 it achieved initial operating capability.

DHS took to heart GAO recommendations for fully staffing a HSIN program office with clearly identified roles and accountability, pursuing a requirements-based development process with appropriate change controls, and ensuring risk management for the development and procurement cycle.

“It all starts with leadership,” said Brody, who gives Donna Roy, executive director of the DHS Information Sharing Environment Office, much of the credit for the success of the program. There was a strong senior management team and accountability to a timeline and to stakeholders, he said. The focus was on user needs, he said. “There is no room for ego.”

The legacy HSIN was decommissioned in August 2013 and 40,000 users and millions of documents have been moved to the new system. Release 3 is on track to achieve full operating capability by the end of the year, Brody said. All users receive in-person identity verification before being given an account, and access now requires two-factor authentication. Users logging onto an account must not only use a user-ID and password, but also a code sent out-of-band to a device such as a phone that they must also have in their possession.

The agencies that upload information to the system retain control over it. The information is tagged by the owners with metadata that is matched with access rights to determine who can access and use it.

This tagging for access management is enabled by Microsoft’s SharePoint collaboration software. The platform also uses Adobe Connect Web conferencing software and Cisco Jabber for instant messaging. Administrators have created 140 communities of interest to allow collaboration, sharing and chatting among the group.

Some work remains in fleshing out HSIN Release 3. Simplified sign-on is being planned to enable interoperability with other networks, including Law Enforcement Online (LEO), the FBI’s information sharing network; Regional Information Sharing Systems (RISS), a network of distributed law enforcement systems; and Intelink, the intelligence community’s network of intranets.

HSIN also is in the process of joining the National Identity Exchange Federation, using the Federal ICAM Backend Attribute Exchange, a standards-based architecture for exchanging credentials for verification from authoritative sources.

These enhancements are expected to more fully integrate HSIN Release 3 into the federal, state and local public safety communities.

Read about more 2013 GCN Awards winners.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.