Better cooperation and enhanced information sharing between the government and industry will go a long way toward safeguarding digital networks and building up the work force needed to protect the information infrastructure. These are some of the recommendations offered by the nonpartisan Commission on Enhancing National Cybersecurity in its much-anticipated report released this month.
When NATO recognized cyberspace as a “domain of war,” the designation committed all alliance members to provide military support for “crisis-management operations.” The move speaks volumes.
Now that the federal government is collecting cyberthreat intelligence from agencies and private businesses, the repository undoubtedly will be a prime target by the very threat the program seeks to wipe out.
In June, the Departments of Homeland Security and Justice issued final guidance for the Cybersecurity Information Sharing Act (CISA) of 2015, which Congress passed in December after years of industry efforts to push information sharing legislation over the finish line.
CISA paves the way for private companies to share cyberthreat information, not just with each other but with the government, and appointed the Department of Homeland Security (DHS) as the clearinghouse for all of that data.
The Department of Homeland Security (DHS) Science and Technology (S&T) Directorate announced today the implementation of a new technology to streamline and improve secure information sharing between the DHS and its partners. The Backend Attribute Exchange will simplify user identification and verification between different organizations for the Homeland Security Information Network (HSIN) by eliminating redundancies while ensuring proper security.
The U.S. Senate passed the controversial Cybersecurity Information Sharing Act (CISA) on Tuesday, paving the way for private companies to share cyberthreat information not just with each other, but with the government.
A salient point of the measure, S. 754, centers on the freedom companies would have to share what they deem to be cyber intelligence without fear of lawsuits. But a vocal opposition to the measure took to social media during the Senate’s debate, calling on lawmakers to defeat the bill because it will tantamount to sanctioned government spying on citizens.
Cosmo: There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think ... it's all about the information!
Recently at the AFCEA International Cyber Security Summit in Bethesda, MD, Army Maj. Gen. John A. Davis, Senior Military Advisor for Cyber to the Under Secretary of Defense, said “Cyber partnerships such as those with the National Security Agency and the Defense Intelligence Agency and external partnerships such as those with industry, international allies and academia represent a transformation in the way DOD approaches cybersecurity.”
For years, the U.S. Defense Department, not surprisingly, took a “do it alone” posture when it came to sharing information and protecting its networks and communication infrastructures from security attacks.
The U.S. Defense Information Systems Agency (DISA) is helping lead the charge to bring more mobility, cloud computing and information sharing to the Defense Department. Sweeping changes ahead aim to make secure and nonsecure communications possible down to the handheld level. In this month's issue of SIGNAL Magazine, Technology Editor George I.
Organizations have a much better chance of tracking and catching criminals if more cross-agency information is available to them. That's why the Army's Biometrics Identity Management Agency, which is tasked with coordinating biometrics efforts across the Defense Department, is expanding data-sharing capabilities with other government agencies and coalition partners. The agency operates the department's premier biometrics database, and is coordinating with the departments of Justice, State and Homeland Security to share their biometrics data. In this month's issue of SIGNAL Magazine, Technology Editor George I.
Federal government agencies produce reams of documentation, not all of which is classified, but much of which is sensitive. For decades, agencies applied their own individual markings to categorize sensitive data. However, these notations conflict with other agency marking, which opens the possibility of infomration being withheld or potentially being released. These issues were pondered by the Wednesday morning panel at the AFCEA SOLUTIONS conference. Controlled unclassified information (CUI) is data that requires some protection. However, because of the conflicting agency rules for CUI, the government has recently issued an order to implement a CUI famework to stanardize the documentation across the government.
Emerging trends impacting information sharing was the subject of the morning panel at AFCEA's Solutions symposium. Experts pondered the implications and challenges for sharing data between military and civilian organizations within the U.S. government. Panelists discussed a range to related topics such as bandwidth issues and connectivity. It was noted that the military is ahead of the civilian government in operating in low bandwidth areas. In the aftermath of hurricane Katrina, civilian government first responders had considerable difficulty establishing communications, explained Pete O'Dell, founder of Swan Island Networks. Sometimes technology creates new problems.
Tuesday's afternoon keynote speaker highlighted the importance of accepting technological change across the U.S. government. David Wennergren, Deputy Assistant Secretary of Defense for Information Management and Technology and Defense Department Chief Information Officer, shared his ideas for improving technology processes throughout the federal space. He began his speech by stressing the need for information sharing across federal agencies, noting that in 2005 the human race created 150 exabytes of data and that by 2010 this had increased to 1,200 exabytes. Chief information officers and managers will have to manage a constantly increasing sea of data. "Data has to be sexy for you," he quipped.
In "New Document Provides Framework for Interagency Data Sharing," Henry Kenyon describes a newly released document that sets common standards for data security and risk management: the NIST Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST SP-800-37).
"Everybody imagines that everyone wants to share information because somehow it will make things better. That's a huge assumption, and it may not be what you think it is." -- Capt. Timothy Spratto, USN, JCD&E Capabilities Solutions Group lead
What does the United States need to make its efforts in Afghanistan successful? According to SIGNAL's newest Incoming columnist, Dr. Linton Wells II, the answer is sharing unclassified information--a key channel to allowing the United States and its coalition partners to reach the populations they're trying to help. Wells argues that unclassified situational awareness--and the communications networks to share it--are critical enablers. He says:
While the push forward for better collaboration and information-sharing capabilities will require technical advances, the experts at today's NATO workshop in Brussels, Belgium, are struggling with an even bigger challenge than connecting the bits and bytes.
This is my take on the AFCEA, Northcom and George Mason University conference on "Inter-agency, Allied and Coalition Information Sharing," which was covered on SIGNAL Scape last week.
No, we still can't connect the dots as well as hoped and never will, but conferees agreed that what matters most is the thoughtful and trusting use that humans could make of what information manages to flow through IT systems, however improperly they may be connected. Technology is neither the roadblock nor the solution to building an information sharing network.
The Obama administration can take certain key steps to improve the ability to recognize and deal with national security threats, according to recommendations in "Nation at Risk," a report issued by The Markle Foundation Task Force on National Security in the Information Age. Jeff Smith of Arnold & Porter LLP, a steering committee member for the report, presented it yesterday at the AFCEA SOLUTIONS conference on information sharing.
The dramatic culture shift that needs to happen for government agencies to embrace change kept coming up at the SOLUTIONS conference like the refrain of a popular song: agencies must move from an emphasis on risk avoidance to a focus on risk management. Without that shift, the quest to achieve 100 percent risk avoidance is quixotic at best; more realistically, it hampers agencies' ability to share information.
Although there has been a great deal of progress in streamlining information sharing among allied forces over the past decade, many impediments remain. As the panelists at this morning's session on the challenges surrounding information sharing in a coalition environment noted, the devil is in the details.