Agencies try tiered links to trade info

Federal, state and local agencies all agree that data sharing is vital to effective homeland defense. They've also come to realize that it's a supremely difficult task from a technical standpoint.'I think it will be a matter of finding ways to use different multilevel security approaches to put the necessary technical guards in existing networks,' said James Flyzik, who last year helped Homeland Security secretary Tom Ridge craft an initial systems agenda during a stint at the White House before the new department opened its doors.'They are looking at ways to redact the information so they can protect intelligence methods and procedures,' said Flyzik, the former Treasury Department CIO who is now a partner in the consulting firm of Guerra, Kiviat, Flyzik & Associates of Potomac, Md. 'It is necessary to get these tools in place.'The new department's IT shop is grappling with data sharing on three levels:The first article of this three-part series covered the policy issues affecting data sharing. This part examines the technical issues.Homeland Security's nearly two dozen component agencies bring the new department a dowry of legacy systems from which to fashion a logical enterprise architecture'and enterprise. In use among the agencies are 23 personnel systems and more than a dozen financial systems.Systems range from mainframes to the latest networks that Unisys Corp. has built for the Transportation Security Administration.Some agencies are still running Microsoft Windows 3.1, said David Colton, vice president of the Information Technology Association of America. 'The trick is to design the information so that it is accessible by very baseline technologies,' he said.The department also is facing the problem of tying together disparate users of data'from work forces trained according to military standards, as at the Coast Guard, to workers at civilian agencies such as the Federal Emergency Management Agency, which has a tradition of openness and unclassified systems.James A. Lewis, senior fellow and director of technology policy for the Center for Strategic and International Studies in Washington, said information architecture mergers have spotty track records. 'DHS is going to be following behind what industry has done,' he said.In a corporate merger, integrating enterprise architectures often takes two years or more 'and is successful maybe 60 percent or 70 percent of the time,' Lewis said.Plans for the integration of the component agencies' IT infrastructures were the focus of a task force of CIOs gathered by the White House's Homeland Security Office last year, under the leadership of Steve Cooper, now the department's CIO.To forestall the creation of additional incompatible systems within the new department, the Office of Management and Budget last summer forced the agencies to suspend major IT procurements while Cooper's staff studied alternatives.The procurement freeze continued through the final months of 2002 as Congress wrestled with the fiscal 2003 budget. Early this year, Homeland Security officials put out the word that they would begin issuing IT contracts in the spring.One of the early steps is detailing the 22 agencies' IT platforms. The department has formed teams to analyze security architecture and policy, network and directory, smart cards, and collaboration software.An immediate problem, Colton of ITAA said, is the need for authentication and security so that parties sending information across the department can be sure of the credentials of the receivers.Many vendors have products that address authentication and security problems, but, Colton warned, 'I think we know in the real world if it is not bulletproof simple, that adds a serious issue.'Homeland Security is a big department, but its data-sharing issues are just beginning. For effective delivery of its mission, the department must share with other, often data-protective departments. Early on, the White House homeland team identified databases and other information stores of domestic defense information. The total ran to 500, not counting systems at the Defense Department.Lewis cautioned that while Ridge may be secretary of his department, 'he is not in charge of CIA, he is not in charge of the FBI or any of the state and local agencies.' In other words, he'll need lots of cooperation.Among the dozens of officials selected to craft the IT structure at the new department is Lee Holcomb. The former CIO of NASA is Homeland Security's director of infostructure.Holcomb said department planners addressed policy issues such as how first responders who lack high-level security clearances could determine whether a suspect is on a watch list. They coined the term 'watch out list' for the function of linking, but not merging, the federal government's collection of more than a dozen databases of suspected terrorists. For those links, Holcomb said, he and his colleagues determined they needed a sensitive but unclassified network available to first responders.That network would be part of the network of networks through which the new department plans to share information among its components and with outside agencies, he said.Cooper said the network-of-networks approach was designed to cope with two pressing issues: to exploit the capabilities of existing intelligence networks rather than start from scratch, and to transfer sensitive intelligence information to law enforcement officials who lack secret security clearances.The intelligence agencies banded together to conduct background checks on and grant clearances to more than 600 police officials attached to the FBI's 66 joint terrorism task force centers. Homeland Security and intelligence officials also established a technical approach for stripping identifying data from intelligence information'a process known as sanitizing.As the homeland security network of networks grew during late 2002 and early 2003, intelligence and law enforcement agencies began sanitizing data and using the controlled interfaces to exchange it. The controlled interfaces stand between systems at predetermined security levels, so filtering information about the sources and methods of intelligence is based on who is accessing the data (see chart).For example, the interfaces allow information exchanges between the top-secret Joint Worldwide Intelligence Community System network and DOD's Secret IP Router Network, said John Brantley, director of Defense's Intelink Management Office. The interfaces meet stringent security requirements for cross-domain information transfer.But even within the networks protected by controlled interfaces, agencies limit what information is shared. For example, the law requires that the FBI shield some information'such as grand jury testimony'from outside eyes, said Wilson Lowery, the FBI's executive assistant director for administration. And the intelligence agencies hoard some information. Brantley said the clandestine world has provided system connectivity to agencies such as the Justice and Interior Departments but won't share all its data.'We take information and put it in a bucket' for the civilian agencies, Brantley said. 'But we don't let them go into our space and look at bomb damage assessments from Iraq.'As domestic defense, law enforcement and intelligence agencies weave their collections of databases, many plan to adopt middleware to accomplish the task.Mike Gilpin, a research fellow at Giga Information Group Inc. of Cambridge, Mass., said the government essentially has two approaches for integrating information. One is creating a warehouse'an operational data store or ODS, Gilpin said. 'For that you bring data, usually a subset of the information, from all operational systems. You collect that into a central database that security personnel can access for the special information they need'that gives them a consolidated view.' The other is enterprise application integration, or EAI, which transmits information among systems, Gilpin said. 'For example, when somebody makes a travel booking, if their identity is on a watch list, the booking system would forward information about the booking' to the appropriate agency's system. That might be Homeland Security, State or TSA. 'You really need both, according to the particular problem you are trying to solve,' Gilpin said.In cases where IT managers are adding new capabilities to existing systems, a data store is probably the best approach, he said.'If you are trying to make existing systems more aware of events happening in other existing systems,' Gilpin said, 'then moving these events between systems through EAI would be preferable.'An ODS relies on databases and tools to extract, transform and load data. EAI uses process modeling tools and middleware.For e-government programs, the Office of Management and Budget has been asking agencies to use Microsoft Web Services or Sun Microsystems Java2 Enterprise Edition, both implementations of Extensible Markup Language.For the consolidation of systems at Homeland Security, Flyzik said, the likely evolution would begin with 'some kind of dashboard up-front using an XML interface that could create the appearance of one system. Then, over time, as contracts expire, you begin slowly evolving to fewer systems with the goal of getting to one platform.'