Information Sharing: Applying What We’ve Learned Since 9/11
The National Strategy for Information Sharing builds on the lessons learned since the 2001 terrorist attacks, but more needs to be done.
We have learned a lot about sharing information in the 12 years since the tragic events of September 11, 2001. The 9/11 Commission made several recommendations for improving information sharing, including the creation of the Information Sharing Environment and the national office responsible for fostering responsible information sharing among federal, state, and local government agencies, our partners in the private sector, and international entities. In the years that followed, the government has made tremendous progress improving information sharing. But the work is not finished.
We were reminded in April of the persistent threat of terrorism facing our nation when terrorists detonated two bombs at the Boston Marathon. The importance of strengthening information safeguards was put in stark relief a couple of months later after the unauthorized disclosure of classified information to the media. We are being cautioned daily of the importance of strengthening our cybersecurity posture, both as individuals and as institutions
Today, we are faced with many challenges: securing the Internet, countering violent extremism, improving information safeguarding, and protecting our critical infrastructure. The threat is evolving and dynamic, with growing linkage between cyber and physical modalities. The way forward must also be agile and rooted in extending current capabilities, emphasizing whole-of-society participation, collaboration, and accountability.
There was a watershed moment for responsible information sharing last December: the release of President Obama’s “National Strategy for Information Sharing and Safeguarding.” The strategy builds on past work and calls for “timely and effective sharing of intelligence and information about threats to our nation with those who need it, from the president to the police officer on the street.”
The national strategy reinforces our commitment to prioritizing sharing and safeguarding together, including protections for privacy and other legal rights. The recently released Information Sharing Environment Annual Report to Congress provides a transparent assessment of progress and performance; gaps still to be addressed; an inventory of reusable tools and initiatives; and the way forward for implementing the strategy.
At the heart of the strategy is emphasis on developing, integrating, and maturing broad-based responsible information sharing capabilities supporting multiple common operating processes. These capabilities improve coordination of efforts, enabling faster and better decision making.
The goal is to prevent and reduce harm, strengthen preparedness and resilience, and improve response and recovery. These capabilities span communities of interest -- federal, state, local, and tribal agencies, their private sector partners, and international allies -- that share a need to collaborate. Taken together, these capabilities make up the distributed and decentralized Information Sharing Environment called for by the 9/11 Commission.
Traditionally, bureaucratic turf concerns, perceived legal barriers, variations in policies, uneven participation in standards development organizations, or agency-unique information technology has stymied progress. After 9/11, agencies rallied, resulting in impressive national-scale operational and information sharing innovations that save lives and money, with corresponding strengthening of protections for privacy and other rights. A few examples:
The “National Network of Fusion Centers” provides support for information sharing across approximately 18,000 federal, state, and local law enforcement agencies to address priority crimes and hazards. In the aftermath of the Boston Marathon bombing, law enforcement officials affirmed that investments in communications equipment, training, and investigative resources contributed significantly to the identification and capture of the suspects.
The neighborhood watch for the nation based on the “If You See Something, Say Something” campaign and the nationwide Suspicious Activity Reporting (SAR) initiative integrate more than 300,000 front-line officers in our communities, manifesting the connection between homeland and hometown security. Those and other efforts gained added visibility with October being National Cybersecurity Awareness Month.
Frameworks such as the National Information Exchange Model (NIEM) are enabling different agencies and domains of activity to align efforts to responsibly share information using common exchange standards developed under federated governance.
Information Sharing Environment capabilities are interoperable and support reuse due to the standards-based approach used to develop and specify common requirements and procure solutions. Use of the tools and initiatives that support the Information Sharing Environment reduces cost, lowers risk, improves shared situational awareness, and increases speed of collaboration and agility within and between communities of interest. These communities anchor on governance bodies and associated federal agency advisory committees, professional associations, industry associations, and international standards development organizations.
Central to the success of these efforts is awareness and alignment driven by agency heads; and commitment to and participation by them, their organizations, and their partners in these communities to develop, use, and mature responsible information sharing capabilities.
We have faced exceptional challenges over the past year, including new and evolving threats, uncertain planning horizons, and constrained budgets. Collectively, we are building on existing efforts to further strengthen national capabilities and address evolving threats. In the coming year, we will continue to use all of our tools and capabilities -- and discover new ones -- to support implementation of the president’s strategy and to further strengthen the Information Sharing Environment. Together with our partners, inside the government and out, we continue our journey to enhance national security through responsible information sharing.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.