Government Executive - Authors - Mathew Honan

Foundation showcases data-sharing network, urges action

Mathew Honan — Mon, 22 Mar 2004 00:00:00 -0500

The panel, members of the Markle Foundation Task Force on National Security in the Information Age, described a database-driven system that would allow officials from the Homeland Security Department to share information across agencies.

Agents from the CIA, FBI and other entities could use the shared network to quickly distribute information and seek "fuzzy links" to help connect disparate pieces of information that could reveal terrorist activities.

After the Sept. 11, 2001, terrorist attacks, Markle Foundation President Zoe Baird said, "you heard a lot of talk about how we couldn't connect the dots. The information revolution that had taken place in the nation and much of the world had not taken place in government. Unfortunately, this far out after [the attacks] the government has not taken advantage of information technology to improve security."

The task force, which consists of private- and public-sector leaders such as retired Gen. Wesley Clark and former Netscape CEO James Barksdale, spent 18 months studying government information processes and how to improve the flow of information. The main problems, the panel claimed, are government reliance on paper, compartmentalization of information and the tendency not to quickly share information across agencies.

The database would allow agents to specify different levels of security clearances to access information. Even disparate elements within field reports could be given various security levels rather than relying on redacting information before sharing it.

In the example the panel demonstrated, information collected by CIA field agents in Afghanistan on terrorist "sleeper agents" at Northwestern University in Chicago could be analyzed by agents in the Terrorist Threat Integration Center (TTIC) and other experts, and shared with the FBI and local law enforcement in the Chicago area. The information could be pieced together via a database, with FBI field reports warning of a terrorist attack in the Chicago area.

"Today this will never happen," panelist Gilman Louie said. "You will never be able, as an FBI agent, to pull up information from a CIA database."

Panelists said that today's information tends to stay compartmentalized within agencies, and does not move quickly from one agency to the next. "There are tens of thousands of bits of info coming in every year," panelist Tara Lemmey said. "This has to happen quickly. Right now you have paper memos and packages that end up in a stagnant environment."

The panel also called on the president to order the creation of such a network. "One of the most important things that needs to be done very quickly is, there needs to be a presidential directive calling for the creation of a shared network," Baird said.

"Every day you delay," Louie said, "every day you want to study it more ... is a day you leave Americans vulnerable."

]]>

Administration officials appeal for a cyber partnership

Mathew Honan — Wed, 03 Dec 2003 00:00:00 -0500

Ridge said cyber security was a top priority of the Bush administration and called on all Americans to join the massive effort to secure computer systems. "The only way to test the limits of the possible is to go beyond the impossible," he said.

"We need your input and your help to strive for a level of protection that seems impossible and impenetrable to our enemies," Ridge told the business leaders at the event sponsored by the Business Software Alliance, Information Technology Association of America (ITAA), TechNet and the U.S. Chamber of Commerce.

He noted that 85 percent of the nation's critical cyber infrastructure is in the private sector.

"To secure the homeland we have to secure our hometowns, and we have to do that at the cyber level as well," added Robert Liscouski, the assistant Homeland Security secretary for infrastructure protection. He noted that critical infrastructure exists not only within the federal government but also in businesses, schools and homes.

"The ability to compromise our systems can be as simple as seizing a few small computers in the home and using that to launch major attacks on our infrastructure," Liscouski said.

He alluded to the possibility of legislation requiring technology businesses to create and maintain more secure systems as a way to encourage the audience to aid cyber-security efforts.

"We have demonstrative results that the private sector is taking this seriously," Liscouski said. "We have to tell your story. If we can't tell your story, there are a lot of people out there who want to legislate your actions."

Speakers discounted the notion that cyber terrorism does not pose an imminent threat to the nation. "As you well know, there are countless ways computers impact society, and they are so vast we do not even think of them," said Ridge, who later cited power blackouts over the summer, and the "Sobig" and "MSBlaster" worms as examples of what can happen when computers fail. "These networks, and the infrastructure they support, do present an attractive target for terrorists."

"In some ways the situation we face now is analogous to the early days of air power in warfare," said Amit Yoran, the Homeland Security Department's cyber-security director. "There were those who thought that air power would hold little military value. But there were others [who] were able to envision how battles and wars could turn on air superiority. The war on terror is no different."

Harris Miller, president of Information Technology Association of America, said industry already is developing an early-warning system to share information among various computer systems. Just a few hours can be the difference between disaster and preventing a terrorist attack, he said.

TechNet President Rick White, meanwhile, announced the creation of a tool designed to help CEOs evaluate the cyber security of their organizations.

]]>

Homeland official outlines opportunities for tech firms

Mathew Honan — Thu, 31 Jul 2003 00:00:00 -0400

Speaking at Veritas Software here during a conference sponsored by the Information Technology Association of America (ITAA), Jane Alexander, deputy director of Homeland Security Advanced Research Projects Agency (HSARPA), described her agency's structure and mission, and stressed the need to "stitch together" tech systems across the department's 22 agencies.

She said HSARPA will ascertain departmental technology needs based on several issues that are the responsibility of multiple agencies. Those issues include cyber, biological, chemical, radiological and nuclear security.

The research agency also must meet several "customer specific" concerns within the department, such as: protecting critical infrastructure, borders and transportation systems; and aiding the Coast Guard, Secret Service, and state and local "first responders" to emergencies. The heads of those functions must assess their needs and report back to department officials.

HSARPA's main role is to rapidly prototype and adapt existing technologies for short-term solutions, satisfy the operational needs of entities within Homeland Security and develop revolutionary technology options.

Alexander said Homeland Security systems must be affordable, have solutions that match regional needs and include technology frameworks, and result in no false warnings about terrorism. "We cannot afford to believe we are under attack when we are not," she said in stressing the last point.

Alexander said 90 percent to 95 percent of the department's fiscal 2004 budget for science and technology -- which has not yet been appropriated but should be in the range of $1 billion -- will go toward identifying needs. The rest will focus on developing breakthrough technologies.

She also noted that said Homeland Security must have complete solutions suitable for civilian populations.

Alexander said that a desire to protect Americans' privacy will be a key of new systems. "The technology choices we want to make are ones that make Americans more comfortable rather than contributing to a sense of unease," she said.

The deputy director noted that federal contracting rules will be less stringently applied to HSARPA. "As long as you have generally acceptable accounting principles, then we can still do business," she told company officials. "Let's talk about the good ideas first, and then we will find a way to work together."

At least 2.5 percent of contracts will be reserved for small businesses, she said. Homeland Security is developing a Web site to register products for purchase and is soliciting contracts via the Technical Support Working Group and HSARPA announcements.

Finally, Alexander stressed that her department is still in flux and likened it to private-sector startups that must change as they grow. "We're going to consider ourselves an experiment for at least a full year," she said.

]]>

Homeland Security CIO pushes to consolidate IT procurement

Mathew Honan — Fri, 30 May 2003 00:00:00 -0400

Speaking via videoconference to people at an Information Technology Association of America (ITAA) briefing here, Steven Cooper noted that procurement processes that had been separate for the different agencies that now comprise Homeland Security soon will fall under the auspices of the department. He sketched the overall IT structure for the department and touched on how that structure will affect procurement for both government agencies and private companies.

In recent months, Cooper repeatedly has voiced the need for Homeland Security to integrate the existing systems of its 22 agencies to better manage the flow of data among federal, state and local agencies. He repeated that theme on Friday, stressing the need for greater consolidation, particularly as it relates to procurement.

"Rather than addressing application-specific types of work and procurement, what if we reached out and used the groupings at large program areas," Cooper said. "The [department] aims to reach out and group those procurement procedures. In order for us to move very rapidly to one [department], we're not going to get there in the time frame that we need to get there if we continue business as usual."

To that end, Cooper said his IT leadership team has been meeting weekly since last August, assessing and documenting technology solutions for all of the agencies and reclassifying each according to one of three categories: mission-space assets, enterprise solutions and infrastructure.

Cooper defined mission-space assets as those that are used only in the original boundaries of the agencies that comprise the department's five directorates. Enterprise solutions are technology applications that cross agency boundaries-including everything from financial management tools and e-government initiatives to Microsoft Office software and e-mail. And infrastructure encompasses the department's entire network across all agencies.

"Previously, alerts and warnings were restricted to [agencies]," Cooper said, noting that they are now being repositioned department-wide. "Many things that were once thought of solely in the mission space of one agency or bureau are in fact enterprise solutions." He also announced that the department will treat its infrastructure "as a single, integrated environment."

Cooper noted that the new policy will impact suppliers to specific agencies within the department and that there will be private-sector "winners and losers" in the transition. However, he noted that consolidation procedures will result in many new opportunities for technology vendors and encouraged vendors to contact his department with solutions and ideas.

Secure Computing CEO John McNulty, a speaker at the event, noted the difficulty and opportunities that lay ahead for department and industry. "The task that Steve Cooper is undertaking I think of as the Manhattan Project that will never end," he said in reference to the research that led to the making of the first atomic bombs. "This challenge that is homeland security must be addressed by technology."

]]>