Jeff Smith Keynote Address

From AFCEAWiki

Jump to: navigation, search

9:10 a.m. - 10:00 a.m. Plenary Session

Mr. Jeff Smith, Arnold & Porter LLP (Confirmed) Steering committee member for Nation At Risk report The Markle Foundation Task Force on National Security in the Information Age

After years since the 9/11 attacks we still remain vulnerable to multiple access of attacks.

As part of the Markle Foundation http://www.markle.org/ Zoe Baird and Jim Jones with a focus on information sharing Many of the recommendations have been addressed by the government On March 10th we released our most recent paper on Information Sharing

He will address the four themes in the report Info sharing most be maintained as top priority of the new administration all government information needs to be discoverable the new administration should develop government wide security policies and practice the president and congress should overcome bureaucratic inhibitors need to share versus the need to know models of the past

A brief progress report The urgency of the sense of information sharing has diminished Many laws have been enacted A key law is the 2004 law that established ICE in the DNI Office Establish a information sharing environment that has helped build cross

Did not talk much about talking with our allies Jeff and Zoe did travel to Europe to discuss with several countries and allies on information sharing

old habits die hard. Need to know is important but it inhibits the ability to share.

much more needs to be done. we need stronger leadership and stronger direction. we found that across multiple organizations that greater information sharing is occurring mostly in the realms of combating terrorism, but other federal cross organization needs are still greatly lacking. there still is a long way to go.

The new administration is pushing hard to make major changes to include ICD 5001 being signed on 21 January. Admiral McConell has been very instrumental

Jim Griggs asked me to talk about technical aspects and considerations of the recommendations. West Point Story..

First recommendation is that information sharing must be a top priority 60 review annual report bring the Information Sharing ties directly to the president this is attracting some attention Believe that a lot of the ICE best practices that have been established. They are working well in the intelligence community but this needs to be exported into other industries

Making Information Discoverable and controlled access the information sharing framework needs to be discoverable and needs to have the ability it must be traditional requires this adjustment allows the ability to provide a user the ability to see in our view privacy and meta data is transferred to the index. But the content is not it minimizes data transfer improves the bandwidth utilization in the long run it opens the doors for analytics and greater capabilities that will allow data to find data. The index can be created that doesn't identify an individual by name which reduces the risk of exposure- this can only be worked if data is tagged at the point of collection. Mentioned ICD 5001 to get teh DOBSI to adopt discoverability.

This way someone can look to see if something exists. Won't necessarily be seen but know it exists. Then a librarian can know that someone is seeking information. Then can seek to push info if appropriate. They think this is all doable in current technologies

The DNI is working to put in place a Enterprise Architecture to help

The third area is to enhance privacy and security. Absolutely essential

Agencies indicated that they needed better help on the privacy act. We need better guidelines to ensure appropriate sharing of personal information

The fourth category was to build information metrics and measures They think better training is needed – only 50% had adequate resources to share. This is more a people issue than a resource issue Found in the field that when you get people together to work against they roll up there sleeves – we need to find out how to bring that same cooperation in the field to the conditions needed to get work done in the virtual environment

On Cyber we aren’t sure of what the task force responsibilities will be. Many individuals have encouraged us to move into Cyber, The leadership has not established a direction. To provide his own thoughts 1. This is a really hard problem. “we are in the early stages of a cyber cold war” electronic pearl harbor 2. how can we tell if we are attack, how do we strike back

need to understand that the internet is a glbal resource our goal must be a internet that is secure’ it must protect the privacy of our citizens our policies must protect technical innovation

is it like spectrum? Do we need a new global org to manage? How do we address public private accountability in this space Do we need a public private agreement to bring

Once we settle some of these then we need

Need to break out of the whose in charge debate and seek

Q: It seems that all questions on info sharing are centered around risk… is there any methodology that you are developing to help people understand how to access risk

A: our hope is that this system in authentication and authorized use should answer that question. There is in place a system that monitors, reports and manages that. Conceptually this should work. You are right. We don’t want info to get to the wrong hands, only want it to get to the right person. We came down to more sharing versus not sharing.. Additionally don’t punish the person who decides to share and that person misuses

Q: it seems it is describing a government entity- the problem is both public and private. Where you could provide guidelines to be used by others A: Great idea we have talked about it, we have worked with the ISACS(?) public private across various industries. It’s a huge challenge we need to push on with some hard work

Q: since the discussion of ht cultural change … do have any recommendations on how to incentivize information sharing A: Yes touched on lightly during the presentation… there is more in the book. Examples: metrics measuring effectiveness, submission of reports – how much is discoverable and how much is not. If you have held things out… if you have held out… then how much. There are ways to measure. For individuals – make part of an annual appraisal. Also using things like the dissent channel that allows for free flow. There is a non-retribution for making these points. They have made a number of suggestions thinks the people sessions will be very valuable

Q: A lot of folks in the HS area have legal concerns in sharing. How do you think we can overcome this A: Ahh the wall, the break between law enforcement and intelligence – they are finding that the way is rebuilding itself. The wall was a major problem prior to 9/11 some improvements have been made but we have a lot of work to do to fix it. It is creeping back into the problem

Online Q: We have the tech, capability, missing the people side of the equation. A: similar to previous question… the 5001 and card catalog is in place. The problem is leadership.. they have met with McConnel and Mr Paneta. He doesn’t know how the Armed Services are doing with this.

Missed questions..

Q: There is a ca[ability within DoD the problem is working across domain and cross domain authentication. Might want to take a look at

COL Jenkins Q: Obstacles in HS is intelligence oversight – challenges are lengths of time A;

Retrieved from "http://www.afcea.org/wiki/index.php?title=Jeff_Smith_Keynote_Address"
Personal tools