The Federal Government’s Information Sharing Environment is an agency that provides relevant and timely information with regards to terrorism, weapons of mass destruction, and homeland security information to all law enforcement agencies, analysts, investigators and special operators in order to help keep America safe from internal and external threats. The said analysts, operators, investigators and law enforcement agents come from diverse backgrounds and belong to different communities. Thus, the primary purpose of ISE is to provide an environment that leads to effective collaboration. ISE’s track record has been proven in the past, especially with regards to information sharing. However, it is time to expand and enhance the information sharing capability of ISE so that it will also include information on cyber crimes and cyber terrorism.
It is therefore of critical importance that the Program Manager for ISE or PM-ISE would be able to incorporate and synergize the plan for cybersecurity into its mission, vision, and objectives. The PM-ISE pointed out that there is no need to start from scratch because the US Department of Homeland Security (“DHS”); the Department of Defense (“DOD”); the Department of Justice (“DOJ”); and the National Institute of Standards and Technology (“NIST”) have developed a Cybersecurity Action Plan.
One of the key portions of the Cybersecurity Action Plan is on how to institute the necessary mechanisms needed to deal with the hurdles that could block the way towards the implementation of national cybersecurity initiatives (ISE, 2013). It also includes an overview of the efforts needed to create a competent workforce. At the same time it also includes an overview of the efforts needed to develop a public-private relationships that would lead to a more cost-effective sharing of information. Finally, the plan calls for increased awareness on the threats and challenges of cybersecurity in the context of the American experience. It has to be pointed out that the said action plan must be aligned with the strategic focus and priority objective of the National Strategy for Information Sharing and Safeguarding (“NSISS”).
It is important to establish a legal framework that can help combat cybersecurity in the most extensive and exhaustive manner. In other words, the legal framework does not only address the dilemma faced by agents who are into data gathering but it must also provide a clear mandate when it comes to information sharing especially when it comes to interagency collaboration and the public-private linkup.
It is also imperative to look into the negative perception by various stakeholders with regards to the lack of clear strategic stability within cyberspace. There is a need to acknowledge that cyberspace is complicated and unpredictable. Information Technology continues to expand and improve every day. New applications and newly created sophisticated software can change cyberspace in an instant. Nevertheless, it is important that the DHS, DOD, DOJ, NIST and NSISS together with the PM-ISE develop a practical and believable methodology that can help address the challenges of cybersecurity in the context of information sharing (ISE, 2013). When it comes to the responsibility of the ISE, two things must happen. First, the PM-ISE must develop a plan that would integrate cybersecurity into ISE’s mission, vision and objective. Second, the PM-ISE must develop a plan to enhance collaboration and information sharing between different government agencies and chosen partners in the private sector.
Vision, Mission and Objectives
ISE’s vision is simple and straightforward: National security through responsible information sharing. The vision will be realized through a tripartite mission statement with its related objectives. The following is an enhanced vision-mission statement as the need for cybersecurity has been integrated into the vision, mission and related objective of ISE (ISE, 2013:
Advance responsible information sharing to further counterterrorism and homeland security missions
- Innovate and standardize information sharing capabilities nationwide to support decision making more effectively and efficiently
- Transform the domestic information sharing architecture to better identify and respond to threats
- Build and deliver capabilities to manage, integrate, and make sense of vast stores of information
- Improve nationwide decision making by transforming information wnership to stewardship
- Information sharing is not limited to data gleaned from the study and monitoring of terrorism, weapons of mass destruction, and homeland security but must include information pertaining to cybersecurity.
Achieve greater interoperability through standards-based acquisition
- Drive responsible information sharing by interconnecting existing networks and systems with strong identity, access, and discovery capabilities
- Standardize, reuse, and automate information sharing policies and agreements with strong protection of privacy, civil rights, and civil liberties
- Standardize and automate information sharing with regards to cybersecurity issues and cyber terrorism threats.
Promote partnerships across federal, state, local, and tribal governments, the private sector, and internationally
- Build organizational capacity through engagement, coordination, training, and management support
- Encourage cultural change through communities of action
- Coordinate, manage, analyze and share information with regards to cybersecurity threats.
The core component of the plan deals with the implementation of the Information-Sharing Architecture (“ISA”) in both the Federal and local government. Thus, the ISA becomes the foundation stone for the government’s cybersecurity information-sharing requirements. At the same time ISE will take the lead in consolidating business rules, standards, policies and processes that would lead to machine-speed interoperability and will connect all agencies in the Federal and local government.
Another important milestone of the said plan is to synchronize all the disparate technology used by different agencies of the Federal government and transform it into a comprehensive and coordinated cybersecurity information-sharing framework (ISE, 2013). The first step is to coordinate the collaboration among federal agencies but eventually the information-sharing network includes state and local governments. At the end certain parts of the private sector would be integrated into this information-sharing network. At the forefront of the mammoth collaborative undertaking are two key leaders, one from each the PM-ISE and the Comprehensive National Cybersecurity Initiative-5 (“CNCI-5”).
Before going any further, it is imperative to point out the information-sharing shortfalls brought about by the decentralized nature of the agencies from the federal government (ISE, 2013). Thus, a key strategy is the establishment of a Program Management Organization and its first objective is to combine lessons and insights learned from CNCI-5 and PM-ISE. The end result is the creation of the National Shared Situational Awareness (“SSA”) Program Management Office or PMO. The purpose of the SSA-PMO is to leverage existing structures and formalize the partnership of CNCI-5 and PM-ISE teams.
The SSA-PMO must also oversee existing working groups specifically those who are in-charge of coordination, implementation of policies and the creation of working policies. The SSA-PMO is also the administrator when it comes to oversight activities. Finally, the SSA-PMO coordinates with different federal agencies in order to come up with implementation guidance so that ISA’s objective would be accomplished as soon-as-possible.
Within 30 days after the issuance of an Action plan, the SSA-PMO will develop and secure an implementation strategy that is agreed upon by various stakeholders, specifically the various federal agencies that will benefit from the said activity. The said implementation plan identifies the time-phased capability increments based on the needs of the core players such as DHS, DOD, and DOJ. Nevertheless, one of the primary goals of the implementation plan is to accommodate the needs of stakeholders and partners that are not part of the Federal government. Therefore, the planners, from the very beginning had demonstrated their desire to consider the needs of the small players.
Within 90 days after the approval of the action plan, the PM-ISE will work closely with the SSA-PMO in order to communicate to all concern the implementation roadmaps for integration and deployment. The PM-ISE becomes the primary information-sharing hub when it comes to the dissemination of information with regards to synchronization of efforts between different agencies.
Fig. 1 Action Plan Timeline developed by PM-ISE (source: www.ise.gov)
Measure and Monitor
It is not enough to layout the plan and the synchroonization strategies. The PM-ISE must also monitor and document the measurement and monitoring component of the project. Thus, PM-ISE must monitor and measure initial pilots with regards to the implementation of the ISA. PM-ISE will make sure that the pilots were able to accomplish its stated purpose and it is to help advance situational awareness. A successful pilot will result in the acceleration of the implementation of cybersecurity implementation exchange. The pilots are like seeds planted by the Federal Government in partnership with PM-ISE and SSA-PMO to lay down the foundation for information–sharing among non-government partners.
The next step is for PM-ISE together with SSA-PMO and NIEM Cyber Domain Leads will initiate a pilot with the NIEM framework in order to observe cyber incident information sharing (ISE, 2013). The said pilot uses the NIEM functional exchange process to understand the data, tools, and techniques needed to enable information-sharing. The pilot will be completed in 2013 and will pave the way for an in-depth study of Identity, Credential and Access Management as well as to show the need for Data Tagging with cyber standards such as Structured Threat Information Exchange.
Within three months after the approval of the action plan, the PM-ISE together with the SSA-PMO will monitor and document the lessons learned in the execution of a peer-to-peer analytical pilot in order to determine both machine-to-machine and hybrid federated search of malware repositories. The end goal is to reduce redundant malware analysis as well as increase decision-making capabilities.
Within four months after the approval of the action plan, the PM-ISE together with SSA-PMO will monitor and document the lessons learned in the execution of a pilot designed to increase national situational awareness as the result of using machine-speed alerts from participating cyber centers (ISE, 2013). Within five months after approval of action plan, the PM-ISE will coordinate with DHS and SSA-PMO to monitor and document the lessons learned in the execution of a pilot to test the effectiveness of an interface created for the exchange of cyber information between federal government agencies, state, local, and major urban area fusion centers (ISE, 2013).
The PM-ISE will work with SSA-PMO in order to figure out the necessary authorizations and mandates to share information. The same partnership will also exert the necessary effort to document the controls when it comes to sharing and safeguarding information. The said controls and mandate are primarily derived from existing legislation, national policies, and the processes required to achieve the abovementioned goals.
The end goal for developing the appropriate policies is to come up with a practical and yet effective cybersecurity information-sharing agreement model. The model is based on information-sharing protocols at machine speed. The model will be refined through the assistance of the ISA IPC as well as the NSISS.
Everything will be for naught if the PM-ISE fails to communicate the plan to all stakeholders and partners. Even when the action plan is still in the deliberation phase and awaiting approval, the PM-ISE will be make sure that federal stakeholders are aware of the various milestones incorporated in the said plan. But within 30 days after approval of the action plan, the PM-ISE together with the SSA-PMO will implement a comprehensive plan for communication to inform stakeholders in the U.S. Congress, Federal agencies, and the private sector.
This document aims to clarify the role and responsibilities of the PM-ISE with regards to the need for a comprehensive strategy to enhance cybersecurity in order to protect the citizens and government agencies of the United States of America (ISE, 2013). But the primary objective is to inform first the members and leadership of ISE that the PM-ISE wants to expand the scope, vision, mission, and objective of the ISE to include cybersecurity as its major concerns when it comes to information-sharing.
The PM-ISE has outlined the responsibilities of ISE and pinpoints the specific areas wherein active participation is expected. At the same time this document aims to highlight the several partnerships that has to be established in order for the PM-ISE to succeed in leading a group of disparate agencies develop a comprehensive cybersecurity to protect the people of America. By doing so the PM-ISE provides a clear explanation why the vision and mission states and related objective must be modified to include cybersecurity issues.