We are seeing a level of partnership and collaboration in information sharing that we never have seen before. The national security community, now expanded to include homeland security, long has recognized the need for information sharing, and we have had some interfaces among these elements for some time. But only in the past few years has this requirement received appropriate priority. Homeland security, the Global War on Terrorism and increased emphasis on nontraditional missions have placed a premium on information sharing. However, this remains a work in progress.
In fact, every organization has made information sharing its top priority. At the same time, technology is providing greater means for information sharing through a shift from systems- to service-oriented architectures. This facilitates information sharing by leveraging common resources rather than time- and network-consuming information exchange.
Recently, as part of its Net-Centric Enterprise Services initiative, the Defense Information Systems Agency (DISA) undertook an enterprise buy of collaborative tools for the entire U.S. Defense Department. DISA now is able to offer collaborative tools to the services and the intelligence community at no cost to the end user. This is an essential first step toward multi-enterprise information sharing.
The most recent Quadrennial Defense Review noted that one of the biggest issues emerging from the evolution of the Global Information Grid is the planned elimination of seams between individual networks. Today, both the Defense Department and the intelligence community are seriously advancing the notion of collapsing networks. As that happens, it will be necessary to work in partnership to fundamentally change the way we give people access to information.
This holds special significance for the intelligence community. If we can do that properly—eliminate boundaries and allow people to access information at its source—then we don’t have to push information to the customer. People can pull the information that they need when they need it from the original source when they choose.
The intelligence community is striving to change its paradigm from “need to know” to “need to share.” The problem is that all of our infrastructures are built around the old premise, and it’s very hard to make that shift.
So now is the time to call on industry to accelerate its efforts to help solve this difficult problem.
To put it simply, the commercial sector must address the entirety of information sharing issues with the national security community. Industry must work on creating global scale in technologies such as identity protection and verification, role-based access and object-level security. Most of these technologies and capabilities exist today, but not at the scale we need. Migration strategies are needed to transition identity verification and attribute correlation to widely available on-network services.
Industry must help solve the problem of scalability and inter-enterprise transparency. We must be able to federate identity and individual attributes across enterprises so that data owners can make informed decisions on access. Link these initiatives with the knowledge management efforts underway in the intelligence community and the Defense Department, and we could achieve an ease of delivery that is lacking today. Major contributions are needed from industry on migration strategies from the current network and systems architectures to the more integrated service-oriented architectures that are emerging. Current security solutions cannot be removed until robust object protection schemes are in place. Simple network and system access mechanisms we use today cannot be replaced with more object-focused access controls until identity verification and attribute correlation can be provided as a multi-enterprise service. Access to data will not be transparent across enterprises until there is uniformity of metadata and seamless network interfaces.
It is these migrations that present the greatest risk. Our networks and systems will be most vulnerable as we shift security and access strategies. Only thorough integration and careful coordination of the migration process will allow us to avoid attacks through inadvertent security breaches.
The entire national security community must work together to articulate to industry the gaps in process, governance and technology, and to specify the priorities in filling these gaps. There is great work being done in agencies throughout government to address information sharing. Most of that work is internal to the enterprise. More cross-enterprise work is now needed.
As someone who has spent years in private industry addressing national security issues, I know how industry’s inherent capabilities can address our information sharing needs. What is needed now is a holistic approach to meeting the challenges of information sharing. These are not individual challenges; they are all interrelated. The means for achieving a solution must take the same direction