Standards for Sharing Intelligence and Information

It has taken years to remedy the intelligence-sharing deficiencies reported by the 9-11 Commission, but Congress and the President have worked hard to overcome the ignorance and apathy that once were the norm but are now the exception.

When individual professionals, government agencies and other organizations, and the private sector join forces to develop consensus standards – i.e., standards approved by a consensus of stakeholders – the success of the process depends a great deal on all of those stakeholders sharing the same level of information and intelligence. Largely for that reason, the creation and success of information-sharing standards themselves require not only the harmonization of software and hardware but also the standardization of processes and procedures and, of even greater importance, the standardization of governance, particularly with regard to the safeguarding of sensitive information.  Most importantly of all, perhaps, it involves the development of trust between and among the numerous stakeholders involved.

The challenges involved in information- and intelligence-sharing go far beyond the routine problems of information-sharing at the stakeholders table, where some agency stakeholders still distrust a system in which industry shares equally in consensus decision making; and in which at least some industry representatives are still not comfortable communicating in a forum that includes their competitors. There is a greater underlying challenge that affects all levels of government and industry in the homeland-security and national-defense communities, however, and it includes and reaches far beyond just those of standards development.  What all levels of government, and the private sector, have learned from the terrorist attacks against the United States on 11 September 2001 is that the inability to work and plan together, combined with the inability, and/or unwillingness, to share information, can increase both individual and collective vulnerabilities.

Even before the 2001 attacks, though, the difficulty involved in the sharing of information and intelligence was considered a major challenge to the nation’s successes in emergency management. After the attacks that difficulty was identified (in the 9-11 Commission’s Report) as a key contributor to the federal government’s failure to prevent the attacks.  As the Commission Report suggested, the resistance to sharing information and intelligence probably is a carryover of the Cold War mindset that has been embedded in the thinking and behavior of the U.S. defense and intelligence communities for decades, during an era when it was clearly understood that intelligence leaks and data sharing could easily lead to catastrophe. The situation has changed considerably since the end of the Cold War, though, and today – as the 9-11 Report also suggests – continued resistance to the sharing of intelligence and information is more apt to place the United States, and the American people, in harm’s way.

Although it has appeared at times that getting all sectors of the government and industry to modify their previous information-sharing behavior will require a sea change in attitudes as well as in legislation, significant progress has in fact been made in both areas. (For a timeline of the actions (and links to additional information) that have been taken by the U.S. government over the past several years to create an acceptable, and useful, Information Sharing Environment (ISE), click on http://www.ise.gov/pages/archive.html.)

It is difficult, of course, to excerpt just those efforts that involve only the development of standards, because an accurate assessment would depend on how successful the government is with its overall efforts in the promotion of information sharing. Following, nonetheless – with links to additional information also included – are some of the more notable steps the United States has taken, in the years indicated, to encourage (or in some cases require) the sharing of intelligence and other information:

2002 – The National Commission on Terrorist Attacks Upon the United States (also known as the 9-11 Commission – a bipartisan commission created by Congress and the President) was chartered to prepare an independent assessment of the 2001 terrorist attacks, and to develop recommendations to guard against future attacks.

2004 – The 9-11 Commission issued its Final Report, citing the lack of information/intelligence-sharing as a key factor in the nation’s failure to prevent the 2001 attacks, and presenting a number of recommendations for changes in this area. 

2004 – Responding to the Commission’s recommendations, Congress enacted and the President signed the Intelligence Reform and Terrorism Prevention Act (IRTPA – Public Law 108-458), which specifically called for the creation of the previously mentioned Information Sharing Environment (ISE) to, among other things: (a) facilitate the sharing of information (e.g., about terrorism, weapons of mass destruction, and homeland security); and (b) to rationalize, standardize, and harmonize the policies, business processes, architectures, standards, and systems used by both the government and the private sector to share information. (For additional information about the Intelligence Reform and Terrorism Prevention Act, click on: http://www.ise.gov/docs/guidance/irtpa.pdf.)

Note: The IRTPA also called for the appointment of a program manager (PM) for the ISE and the creation of an Information Sharing Council (ISC). On 15 March 2006, Ambassador Thomas E. McNamara was appointed to fill the PM post within the office of the Director of National Intelligence (DNI). (For ISE contact information, contact: Program Manager, Information Sharing Environment, Office of the Director of National Intelligence, Attn: Program Manager, Information Sharing Environment, Washington D.C., 20511; or call (202) 331-2490.)

2004 – The President established the National Counterterrorism Center (NCTC), a multi-agency facility dedicated to eliminating terrorist threats to U.S. interests at home and abroad. The NCTC was directed to serve as the primary federal organization for integrating and analyzing all intelligence pertaining to terrorism and counterterrorism, and to conduct strategic operational planning by integrating all relevant U.S. resources in this area. In December 2004 the NCTC was placed in the Office of the Director of National Intelligence.

2005 – A National Information Exchange Model (NIEM) was created by the U.S. Department of Homeland Security (DHS) and the U.S. Department of Justice (DOJ) to serve both as a foundation for and as a common standard for national inter-agency information-sharing and data exchange in the areas of justice, emergency management, and intelligence. One of the NIEM’s more remarkable capabilities is that it not only automates information sharing, and thus makes information easily accessible in a universal namespace – but also can compartmentalize information for different levels of sharing. NIEM also is designed to allow the modification and growth of standards as new data components are harmonized and/or added. The nation’s private-sector technology community has responded well to creation of the NIEM. (To contact NIEM, click on nisshelp@ijis.org or information@niem.gov; or call 1-877-333-5111 or 1-703-726-1919.)

2005 – A presidential memorandum was directed to the heads of executive departments on “The Guidelines and Requirements in Support of the Information Sharing Environment,” which provides five ISE priority areas for their attention and follow-through: (1) Defining common standards for how information is acquired, accessed, shared, and used within the ISE; (2) Developing a common framework for the sharing of information between and among executive-branch agencies and state, local, and tribal (SLT) governments; (3) Standardizing procedures for “sensitive but unified” (SBU) information; (4) Facilitating information-sharing between executive agencies and foreign partners; and (5) protecting information privacy and other legal rights of Americans. 

2006 – The ISE Implementation Plan was created to provide a trusted one-voice partnership of all levels of the U.S. government, the private sector, and foreign partners that would help them: (a) share information in a multi-dimensional fashion; and (b) work together to build new core systems to detect, prevent, disrupt, preempt, and mitigate the effects of terrorism. To further allay the concerns of many with regard to the quality and management of shared information, the Plan emphasizes that the information provided not only will be timely, validated, protected, and actionable, but also supported by education, training, and awareness programs. (For further information about the ISE Implementation Plan, click on:http://www.ise.gov/docs/reports/ise-impplan-200611.pdf.)

2006 – ISE privacy guidelines and implementation procedures were released by the PM-ISE, and an ISE Privacy Guidelines Committee (PGC) was formed to assist agencies in implementation.  The ISE Privacy Guidelines (http://www.ise.gov/docs/privacy/privacyguidelines20061204.pdf) focus on existing privacy protections, and from that base strive to improve protections while also enhancing the sharing of information between and among all levels of government. Here it is important to note that the PGC is headed by the PM-ISE and includes the privacy officials of each ISC member. (Requests for additional information about the PGC and/or the privacy guidelines and implementation procedures should therefore be directed to the PM-ISE at the link provided above.)

2007 – The Common Terrorism Information Sharing Standards (CTISS) program was established, as a subcommittee of the ISC, to provide ongoing governance, configuration management, and both cross-agency and cross-government coordination and review of the standards developed. CTISS standards are thus performance-based “common standards” for preparing terrorism information for maximum distribution and access within the ISE. 

2007 – The National Strategy for Information Standards (NSIS) was created: (a) to integrate all prior terrorism-related information-sharing policies, directives, plans, and recommendations; and (b) to provide a national framework against which to implement the ISE. The NSIS requires that the ISE support the inclusion of locally generated information because such information is often extremely important to the development of statewide and national assessments of terrorist threats. The CTISS program also embraces the Federal Enterprise Architecture’s Data Reference Model, a standards-based model designed to optimize data architectures for improved cross-agency information sharing. The first version of an enterprise architecture framework for the ISE was published earlier this year.

2007 – Under the CTISS program, a multi-agency partnership started, converging information exchange standards of NIEM, and the Department of Defense/Intelligence Committee’s Universal Core or UCORE. The purpose of the NIEM-UCORE partnership is to share information at critical times through the entire justice, public safety, emergency- and disaster-management, intelligence, and homeland security communities.

2008 – NIEM released a common format (in January) for law-enforcement data, LEXS, creating another important linkage in the NIEM-UCORE partnership, as well as an important linkage for state, local, and tribal partners. Three months later, the Department of Defense (DOD) and the Intelligence Committee (IC) issued a formal announcement on the status of UCORE, describing it as a standard that links many DOD and IC systems into common information components, basically of a geospatial nature.

2008 – The PM-ISE issued the first CTISS functional standard – i.e., one that provides the data and information-sharing foundation for operational information-sharing of Suspicious Activity Reports (SARs) in the ISE and supports demonstrations to include the SAR Evaluation. (The DOJ and Federal Bureau of Investigation (FBI) are working with fusion centers to adopt and implement the SAR functional standard both at the federal level and at selected fusion centers.  The Department of State also has plans underway to apply the standard to its SAR database.)

2008 – A presidential memorandum was issued (on 9 May) to the heads of executive-branch departments and agencies on the designation and sharing of “Controlled Unified Information” (CUI) – implementing the recommendations of an interagency coordinating committee – i.e., that a common framework will streamline the designation, marking, safeguarding, and dissemination of CUI within the ISE.

2008 – Marking a significant change in the information-sharing culture, the FBI sponsored the creation of National Joint Terrorism Task Forces (NJTTFs) to combine federal and SLT units dedicated to combating terrorism in specific geographical areas. As of early August, more than 80 JTTFs had been created.  The NJTTF effort includes a fusion operation, which means that threat intelligence and information are instantly shared vertically from FBI headquarters to all JTTFs and across NJTTF agencies. There are a number of state and major urban area fusion centers already working with local JTTFs. Creation of the NJTTFs represents a huge cultural change in regard to information-sharing because it demonstrates development of the awareness that different levels of government need, both to trust one another and to forge the agreements needed to quickly share detailed information in order to be effective. It also contributed to the Law Enforcement Information-Sharing Program (LEISP) Exchange Specification (LEXS) – a subset of the NIEM.  (For information about local JTTFs, click on: http://www.fbi.gov/contact/fo/fo.htm.)

2008 – The President and Congress directed establishment of an Interagency Threat Assessment and Coordination Group (ITACG), integrated into the NCTC to improve the sharing of information with SLT and private-sector representatives. The creation of the ITACG is considered another major step forward toward the dissemination of federal data at the state, local, and tribal levels of government, and to the private sector as well, focusing on threat alerts, situational awareness reports, and strategic assessments of risks and threats. By integrating with the NCTC efforts, the ITACG has the added benefit of accessing information and experts of the FBI-sponsored NJTTFs, and that capability facilitates the production of federally coordinated terrorism-related information products intended for dissemination to SLT officials and private-sector partners. Considerable progress also has been achieved by the ITACG and the NJTTG in their efforts to develop a national network of state and major urban area fusion centers.

It is obvious that over the past several years the federal government has put considerable effort into promoting a new culture of information-sharing, and in making it understood that this is not just a good idea whose time has come, but an entirely new behavior pattern that is both recommended and mandatory. In short, although it took longer than anticipated after the 2001 terrorist attacks to surmount its previous problems with information sharing, the federal government has made significant progress on this front, particularly over the past year. Moreover, it is expected that the PM- ISE will be issuing a training module in the near future both to guide agency representatives toward an even greater shared awareness of the ISE and also to guide them in promoting information- sharing on their staff through the judicious use of performance evaluations and incentives. 

diana hopkins
Diana Hopkins

Diana Hopkins is the creator of the consulting firm “Solutions for Standards.” She is a 12-year veteran of AOAC INTERNATIONAL and former senior director of AOAC Standards Development. Most of her work since the 2001 terrorist attacks has focused on standards development in the fields of homeland security and emergency management. In addition to being an advocate of ethics and quality in standards development, Hopkins is also a certified first responder and a recognized expert in technical administration, governance, and process development and improvement.

SHARE:

TAGS:

No tags to display

COMMENTS

Translate »