An FBI agent in Chicago learns of a possible local bioterrorism event involving a hog virus. At the same time, a CIA agent in Kabul gets a tip about a terrorist sleeper cell led by a microbiologist at a Midwestern university. Given present policies and procedures, is it possible for an analyst to connect these two hypothetical events? It's unlikely, according to the Markle Foundation, which created this scenario to help policy makers understand how sharing information can enhance national security.

To appreciate the challenge of sharing national security information, consider the numbers. At last count, homeland security was supported by nine agencies with 34 major networks, 21 of them single-agency networks designed for internal communication. Eight of the networks are unclassified, another eight are classified, and 18 are "sensitive but unclassified." Each has its own rules and procedures about access and distribution. And they operate more than 100 major applications in this arena.

Not an Exotic Bird

To help intelligence and security agencies move away from their ingrained "need-to-know" culture without sacrificing security, MITRE's Center for Integrated Intelligence Systems (CIIS) launched XBIS. It's not an exotic bird, but the acronym for Cross-Boundary Information Sharing, a multi-year initiative to address the complex issues surrounding information sharing. To involve researchers from across MITRE and other staff engaged in client projects, as well as outside experts, CIIS created an online discussion list and hosted annual meetings in 2003 and 2004.

Ellen Powers (left), co-principal investigator, says all four XBIS areas face common challenges of identity management and policy. She talks in Bedford with researcher Chris Eliopoulos, developer of the Chat Guard prototype.

Then to focus the work more tightly, the MITRE Technology Program funded a "super-innovation grant." The mission: Pull together a broad spectrum of MITRE resources related to information sharing, define the state of the art, identify gaps in understanding and technology, and recommend future research needs.

Ellen Powers and Russell Graves, co-principal investigators, led the mission. Before they could start, these two CIIS software systems engineers asked a fundamental question: How do you even think about cross-boundary information sharing? "It's such a complex problem," says Powers. "What does it consist of?"

To get a handle on the problem, they partitioned the topic into four realms: information management, information security, enterprise architecture, and social science—the "human systems" that shape policy, privacy concerns, organizational culture, and personal commitment.

They realized that cross-boundary information sharing requires a holistic view that encompasses all of these domains. "We couldn't talk about information management without talking about enterprise architecture or information assurance," says Graves. "There is no clear boundary separating these areas." Overlaying all three technology areas is social science. "Social factors are huge in this area," says CIIS Chief Engineer Richard Games, calling them "the hidden force" that can derail even the best engineering solutions.

A Community Resource

One of the outgrowths of the XBIS initiative is a laboratory where MITRE researchers and sponsors can literally walk around the problem and test-drive technologies that support information sharing. Despite its somewhat ominous rubric—the "Executable War Room"—it's a place to assemble information, research, and available technologies. "A community resource," is how Graves defines it.

Marc Nobile, Ken Hoffman, and Tony Lenzi in McLean are among the MITRE experts who will be able to meet and share ideas in the XBIS Executable War Room.

Soon to open for business on the McLean campus, the war room is a 16-by-34-foot space—about the size of three offices—at one end of the glass-enclosed pedestrian bridge between the MITRE-2 and MITRE-3 Buildings. Its walls are lined with six computer workstations. The open area can be configured auditorium-style or with a large conference table, and the computer displays can be projected onto a large screen.

The room has been designed for MITRE researchers, as well as sponsor agencies, who want to test how their ideas play out with their colleagues. "The idea of the war room," says Graves, "is to have the real capabilities in place so sponsors and MITRE researchers can talk about the challenges, show some technology, and look at how that technology can enable change in organizations' policies and procedures."

Lessons Learned

More and more, cross-cutting issues are defining the nature of work at MITRE, and different technology areas take different perspectives on such multidimensional problems. Probing the information-sharing question, the XBIS team gained valuable experience in sharing across the company. In fact, the project became "a microcosm of the problem we were talking about—we had to practice it ourselves," says Ken Smith, database engineer from the Washington Command, Control, and Communications Center. It was worth the effort, according to Smith. "Everybody's perspective can educate me and teach me something I didn't know before," he says.

"One major challenge for XBIS was just sifting through the vast amount of projects and research and finding the right people," says Powers, who credits a large part of their success to persistence. Another challenge was finding a way to talk about the problem: "At first, we talked about balancing the need to protect with the need to share, but that didn't describe the problem in all its dimensions," she says. The new mantra is: "Security enables sharing."

An Invitation to Dance

For future research, MITRE will look for a broad vision that embraces all areas of cross-boundary information sharing. "You gotta dance," urged MITRE Fellow Bill Neugent, XBIS team lead for information security, in a briefing for researchers. One example of why technology areas need to tango is metadata—information about the data. Can the information be trusted? Who provided it and when? Has it changed and when? When two parties share information, can you be sure they're talking about the same thing? And there's also a security puzzle: Can (and should) metadata be classified differently than the information it describes?

Based on the XBIS recommendations, a MITRE-Sponsored Research project has just been approved for three-year funding. Vipin Swarup, principal information security engineer in CIIS, will investigate whether trusted intermediaries—including people, systems, or processes—can enable enhanced cross-boundary information sharing. There are numerous other MITRE research projects related to the XBIS problem (see "Inside the 'War Room'").

How well XBIS research and the war room will work in practice will depend on active participation by MITRE staff. "I'll be really happy if all of MITRE could come together and contribute to this—share best practices and lessons learned—and get everybody in one room to talk and brainstorm," says Powers. "MITRE is so good at bringing the corporation to bear on sponsor problems," says Powers. "I see the war room as one of those places where that can happen."

—by Shari Dwyer

Related Information

Websites

• MITRE Cross-Boundary Information Sharing (XBIS) Lab

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.

Privacy Policy | Contact Us