A Trusted Information Network for Homeland Security

A Trusted Information Network for Homeland Security.

The 9/11 Commission report is available in pdf
and in book formats. The focus on information sharing begins on page
416 of the pdf document. Here's what the Commission says:

“We
propose that information be shared horizontally, across new networks
that transcend individual agencies. The current system is structured on
an old mainframe, or hub-and-spoke, concept. In this older approach,
each agency has its own database. Agency users send information to the
database and then can retrieve it from the database.

“A
decentralized network model, the concept behind much of the information
revolution, shares data horizontally too. Agencies would still have
their own databases, but those databases would be searchable across
agency lines. In this system, secrets are protected through the design
of the network and an 'information rights management' approach that
controls access to the data, not access to the whole network. An
outstanding conceptual framework for this kind of 'trusted information
network' has been developed by a task force of leading professionals in
national security, information technology, and law assembled by the
Markle Foundation. Its report has been widely discussed throughout the
U.S. government, but has not yet been converted into action.

“Recommendation:
The president should lead the government-wide effort to bring the major
national security institutions into the information revolution. He
should coordinate the resolution of the legal, policy, and technical
issues across agencies to create a 'trusted information network.'”

The Markle Foundation report was issued in December 2003. It's called: Creating a Trusted Information Network for Homeland Security.
It's fascinating reading. And one can't help but notice the
similarities between Groove and the Task Force's attributes for the
'trusted information network' it outlines.

In the December report the Task Force says:

“Steps
have been taken at the federal, state, and local levels to broaden the
sharing of terrorist-threat data among government agencies at all
levels and to improve analysis of terrorism-related information. To
date, however, the government is still a long way away from the
creation of the dynamic, distributed network for sharing and analysis
that we envision. The sharing of terrorist-related information between
relevant agencies at different levels of government has only been
marginally improved in the last year, and remains haphazard and still
overly dependent on the ad hoc “sneaker net” of personal relations
among known colleagues. It is not the result of a carefully considered
network architecture that optimizes the abilities of all the players.”

The
Task Force advocates the creation of what it calls the System-wide
Homeland Analysis and Resource Exchange (SHARE) Network. Exhibit D in
Part 1 of this report outlines the attributes of the SHARE Network as
defined by the Task Force. They are:

1) No single points of failure

a) Support for redundant or complementary analyses in numerous locations

b) Multiple and redundant communication pathways

2) Loosely coupled architecture

a)
Implemented in a decentralized, peer-to-peer environment in which
information flows without dependence on a central information broker

b)
Data repositories should be accessed through a common data layer and
kept independent from applications to allow for easier interoperability

c) Adherence to industry-standard data-exchange practices

d) Ability to support on-demand as well as ad hoc information sharing

3) Directory-based services

a) Ability to find pointers to all information relating to persons, organizations, locations, time and methods

b) Ability to support publish and subscribe models for information dissemination and to permite remote queries

4) Support for real-time operations

a) Real-time dissemination, collaboration, and communication

b) Leverages the edges of the network

c) Gets information to and from users at all levels, and provides feedback

5) Security and accountability to prevent abuse

a) Multifactor authentication and access control

b) Strong encryption and data protection

c) Immutable audit capabilities

d) Automated policy enforcement

e) Perpetual, automated screening for abuses of network and intrusions

The Department of Homeland Security already has its Homeland Security Information Network
in place. Maybe this can be the model for the “trusted information
network” that both the 9/11 Commission and Markle Foundation advocate.

[Groove.net Weblog]

Leave a comment