Feds To Improve Threat Information Sharing

Most Wasteful Government IT Projects Of 2013

The government has established an online collaboration called Project Interoperability to help develop tools and technologies for sharing threat information among organizations inside and outside of government.

The project, recently launched by the Information Sharing Environment (ISE), a partnership between the defense and intelligence communities, addresses the need to make intelligence useable by many parties to counter increasingly sophisticated threats to national and cyber-security.

The need for better information sharing was one of the primary lessons learned from the September 11, 2001 terrorist attacks. Increased dependence on the Internet and the recent emergence -- and convergence -- of cloud and mobile computing to make systems and data accessible anytime from anywhere have stepped up the need for automated collaboration against attacks.

The ability to share information effectively could also help the management of cloud environments, where data and applications can be housed in multiple locations.

[Despite two administration's progress, more must to be done to advance the national strategy for information sharing. Read Information Sharing: Applying What We've Learned Since 9/11.]

"Information interoperability is the ability to transfer and use information in a consistent, efficient way across multiple organizations and IT systems," read a statement on the project's website. "From a technical perspective, interoperability is developed through the consistent application of design principles and design standards."

The project represents the administration's intent to provide a public platform for the development of standardized tools and techniques.

Although the Obama administration has directed agencies to incorporate cloud computing into their IT operations to lower government costs, security remains a barrier to widespread adoption of the cloud, said Pamela J. Wise-Martinez, senior strategic enterprise architect for the Office of the Director of National Intelligence.

"We're going to see over the next few years a lot of work done [to improve cloud adoption]," Wise-Martinez said during a March 25 conference on cloud computing and mobility hosted by the National Institute of Standards and Technology.

Because of the distributed nature of modern computing, as well as the interdependence of information networks and other critical infrastructure, the need to share threat information is growing. The ISE's Project Interoperability is one effort to enable sharing, she said.

The NIST conference brought together experts from government, industry, and academia to discuss the convergence of the cloud and mobility -- two trends dominating computing today, said Keith Trippie, executive director of Homeland Security's Enterprise System Development Office. The consensus among speakers was that security of cloud infrastructure and of mobile devices remains a challenge to realizing the benefits of these trends, and better sharing of information is needed to improve security.

The ISE was established by the Intelligence Reform and Terrorism Prevention Act of 2004 as a result of 9/11 Commission recommendations. Mission partners include the Defense, Homeland Security, Justice, and State departments, along with ODNI and state and local governments.

Project Interoperability will build on existing work such as the National Information Exchange Model (NIEM) and other standards schemes to help government and the private sector identify terms, tools, and techniques to normalize information sharing technology and create a mission-agnostic information sharing network.

"If we're all using different terms, we aren't going to end up with interoperable systems, and we're going to pay for duplicative systems and excessive costs," ISE Program Manager Kshemendra Paul said when announcing the program.

By hosting the project on GitHub, a Web-based collaboration tool, Paul expects to generate ideas from specialists and non-specialists. Subject matter experts will review the suggestions and try to develop tools that capture high-level languages for describing programs and systems, standards compliance programs, reference architectures, architectures for aligning geospatial systems, and threat-sharing tools.

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.