TASK FORCE CALLS FOR GREATER INFORMATION SHARING TO PROTECT INFRASTRUCTURE
Critical infrastructure such as telecom networks remain at risk of terrorist attack in large part due to a failure of federal agencies such as the Dept. of Homeland Security (DHS) to share information, a new report said Tues. While there’s plenty of information both in the federal govt. and the private sector to make critical infrastructure more secure, legacy models of information sharing are insufficient, and President Bush should intervene, said The Task Force on National Security in the Information Age, formed shortly after Sept. 11 by the Markle Foundation. John Gannon, a former deputy CIA dir. and now staff dir. of the House Select Homeland Security Committee, said the report’s goals echoed those of Chmn. Cox (R-Cal.) and the select committee.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The task force released a preliminary study in Oct. calling for greater information sharing. The full report issued Tues. -- “Creating a Trusted Information Network for Homeland Security” -- emphasized technology solutions, such as a computer information-sharing network on a decentralized peer-to-peer (P2P) model for federal agencies, first responders and the private sector. But task force Exec. Dir. Michael Vatis acknowledged proposing solutions was easy -- the challenge was changing decades of keeping information close.
“Changing the culture is probably the hardest thing to do,” Vatis said. He was the first dir. of the National Infrastructure Protection Center (NIPC), and said that to change govt. culture, “ultimately the president has to do it,” not just with an occasional comment but with repeated emphasis. Congress, he said, also has an important oversight role, and Gannon said his committee was fulfilling just that.
The task force called on President Bush to issue 2 executive orders. The first would create a decentralized network of information sharing, set rules and guidelines for how that information should be shared, specify Executive Branch oversight and designate DHS as the lead agency. Markle Foundation Pres. Zoe Baird, co-chair of the task force, said DHS’s authority had been undermined partly by Executive Branch creation of the Terrorist Threat Integration Center (TTIC). That executive order would clarify the roles of DHS, TTIC and other agencies. The 2nd would establish procedures for intelligence gathering and institute safeguards for civil liberties. The order should be unclassified as much as possible and put out for public comment, the task force said.
While the task force includes privacy advocates such as Jerry Berman and James Dempsey of the Center for Democracy & Technology (CDT), the report didn’t call govt. data mining abhorrent in itself. “We are disappointed that Congress found it necessary to ban research and development of technologies that would make use of privately held data,” the report said. Several task force members at a Capitol Hill briefing said that if the Terrorism (formerly Total) Information Awareness program had been developed in a public discussion, it could have become a tool to fight terrorism without violating civil liberties. “Pattern analysis is still in the research phase,” said task force member Gilman Louie, CEO of In-Q-Tel. That company provides venture capital to develop new technologies for the CIA.
The network proposed by the task force -- the Systemwide Homeland Analysis & Resource Exchange (SHARE) Network -- has 5 key attributes, most of which resemble music file-sharing services: (1) It has multiple and redundant pathways to ensure no single point of failure can bottle up information. (2) It uses a decentralized P2P approach. (3) It has a directory service to help locate information. (4) It supports real-time communication. (5) It contains, unlike commercial P2P software, multiple authentication layers, strong encryption and data protection and automated policy enforcement.
The decentralized approach is crucial to ensure information flows to the right people, said task force member Tara Lemmey, a high-tech consultant formerly with the Electronic Frontier Foundation. She said she was surprised to learn that in the public sector, “sending information forward means sending it up,” meaning “the CEO is inundated” with information and choices. The SHARE network, she said, would permit widespread dissemination of information, while assuring that people received only the information they needed. Lemmey acknowledged that many software vendors had been marketing such solutions to the federal govt., but said their model was built with off-the-shelf and open source software.
Baird and others stressed a sense of urgency. “It is critically important that guidelines be established before another major terrorist incident occurs,” the report said. “If public debate were to take place in the shadow of another major national tragedy, it could lead to rushed and poorly conceived initiatives that not only fail to solve the underlying problems, but also have a detrimental impact on civil liberties.”
DHS should be the motive force for change, task force members agreed. In fact, one of DHS’s directorates focuses on information sharing -- the Information Analysis & Infrastructure Protection (IAIP) Directorate. Immediately under IAIP are 2 offices, Information Analysis & Infrastructure Protection. Under Infrastructure Protection is the National Cyber Security Div., which is co-hosting a cybersecurity conference this week. Gannon said the House Select Homeland Security Committee was focused on IAIP and its performance.
“Information sharing is the thread that moves through all of it,” Gannon said. The culture of holding information close “is still very much alive and well” from the 22 agencies folded into DHS, he said. IAIP can change that culture, he said, and Cox and his colleagues are ready to help. Gannon said next year 2 measures might serve that end. One would be a DHS reauthorization bill, the other would be a DHS enhancement bill, where the committee could make changes to help DHS meet its mission. The task force recommended that after Dec. 31, 2004, the Executive Branch and Congress evaluate the progress DHS and other federal agencies were making in changing information sharing, recognizing that “it is not realistic to expect that the job will be completed in a single year.”
The task force is composed of technology and policy experts from Republican and Democratic administrations, including former National Security Agency Gen. Counsel Stewart Baker (Clinton Administration), 3Com Chmn. Eric Benhamou (member of Clinton’s Information Technology Advisory Committee), Presidential candidate and retired U.S. Army General Wesley Clark, former Sen. Slade Gorton (R-Wash.), former Justice Dept. Deputy Attorney Gen. Eric Holder (current Bush Administration), and former Utah Gov. Mike Leavitt (R), Bush’s nominee to run the Environmental Protection Agency. However, 2 of the 3 primary task force leaders calling for executive orders from the Bush Administration have Democratic ties. Baird was in the Carter and Clinton Administrations, and was a Clinton nominee to the U.S. Supreme Court (she withdrew her nomination). Vatis is another Clinton Administration veteran. The other co-chmn., former Netscape CEO James Barksdale, is on the President’s Foreign Intelligence Advisory Board. While he has given generously over the years to candidates in both parties, he has given maximum donations to President Bush in the 2000 and 2004 campaigns.