Assured Information Sharing

By Bill Neugent

Achieving a decisive military advantage through end-to-end communications and universal situational awareness is the idea behind net-centric operations. The Department of Defense's (DOD's) vision is to connect everyone from the commander to the warfighter in the field, who operates at "the tactical edge." Achieving net-centricity depends on the supporting infrastructure of the DOD's Global Information Grid (GIG).

s the need to share data becomes increasingly important in the fight against terrorism and in conducting the war in Iraq, we are helping our sponsors find ways to ensure that information is available to our own people and allies and is protected from the enemy.

Sharing data becomes more complicated in situations that involve many diverse organizations, such as partners in a war—the U.S. services and coalition forces—or the many agencies defending the country against terrorism—from the Border Patrol to the local police. In these situations the "need to know" becomes the "need to share."

MITRE teams are working on a broad range of projects to provide the security that enables sharing information. Our work ranges from developing new technology to helping sponsors sort out organizational issues, such as developing policies on when to share and with whom. Many problems remain, some technological, some organizational or cultural. But there is a huge push from the government to bring down barriers.

In this article we discuss a few of the areas we are working on, such as making information accessible and discoverable, creating sharing policies, and monitoring how information is used.

Making information discoverable to soldiers in the field means more than making it accessible, although that's also critical. The data has to be on a server that the soldier can access. But the access only counts if the soldier can then understand the data. Is the metadata compatible between systems? Does it point the way to the coordinates or description the soldier needs?

For example, the intelligence community (IC) is building a data exchange standard to help its various agencies share information about terrorists. The Terrorist Watchlist Person Data Exchange Standard combines practices from several agencies into one accepted practice, which will make the data issued from all agencies discoverable by each other. This is just one example of what is needed among the Department of Defense (DOD, IC, and Department of Homeland Security) groups.

In the past, there was a real feeling of "ownership" of information by various groups and a reluctance to share it openly. After September 11, the government asked all the agencies to come up with common solutions to information sharing—new systems, governance, and processes. MITRE and its sponsors have been working on these issues, pursuing programs in what is called secure, cross-boundary, or cross-domain information sharing.

MITRE has been investing resources in an initiative called XBIS (Cross-Boundary Information Sharing), designed to explore approaches to cross-boundary information sharing and make recommendations. A team looked at many dimensions of sharing: social and cultural, as well as data, security, and the enterprise architecture. Rather than thinking of security as a wall, we started thinking of it as a web of relationships and resources. Sharing is the result of networking, building relationships, and fusing information. Now we're looking at translating these concepts into security measures.

As part of Operation Enduring Freedom, Marines in Afghanistan talk to local citizens during a security operation.

New Capabilities

The need for common practices and standards among groups is obvious. Intel analysts deal with reams of information coming in from all over the world. They don't necessarily know the value of certain bits of information to the warfighter in Iraq, so the challenge for analysts is to make their information available to users even when they can't gauge its value.

The users have to be able to search and pull what they need when they need it. One of the best ways to promote sharing is a take-off from the commercial world: Allow analysts from different organizations access to one another's information through a search engine. Since late 2004, thousands of military and intelligence community personnel have been doing that, using a MITRE-designed technology called the Multi-Domain Dissemination System (MDDS).

In the past, long-standing rules restricted people from searching multiple networks because the networks operated at different classification levels. These barriers—as much organizational as technical—forced analysts to hunt for information that should have been available but dwelled just out of reach, a sure recipe for creating frustration and information gaps.

MDDS allows intelligence providers and analysts to "browse down" through the databases of both intelligence community and military computer networks, allowing the analysts to produce more detailed, accurate reports.
Because MITRE doesn't manufacture or sell products, we advised a commercial company that was building a similar product and then worked with the Defense Intelligence Agency to get MDDS approved and operational. That's one way the DOD and IC can achieve security quickly, adapting commercial products to their security needs.

MITRE teams are studying numerous capabilities for information sharing to see how they might meet our sponsors' needs, from metadata-based release policy to access control, to monitoring systems.

One way to make sure data is accessible to others is to use new protocols and standards, such as XML, which enable sharing across and within security levels. Many government agencies, as well as the medical and finance communities, have created flexible sharing systems using XML firewalls. Other possibilities for secure data management are: write to share, tear-line production, time stamping, and integrity wrapping.

Monitoring

Another way to make people feel more comfortable about putting their information on shared systems is to create efficient monitoring systems. How do we track information we've made available and monitor how it is used? Also, how do we know what information was valuable to users and what wasn't, so that we can share more of what's useful? Monitoring serves many purposes, from detecting malicious insiders to measuring users' satisfaction with information available.

We are helping the DOD and IC find better monitoring methods. The new trend is to "Let them have the information but keep an eye on them." Take the risk, but manage it. Ways of monitoring include watermarking data, fingerprinting it, or putting a beacon on it that tells you where it went.

This is probably the biggest technological gap when it comes to enabling information sharing: creating monitoring systems that reflect the different needs of the users. For example, the monitoring requirements for counter-intelligence information will be different from those of law enforcement or medical information. This variety has to be built in.

Sharing Policies

We're also involved in discussions among agencies on coming up with accepted sharing policies. These decisions can be very complex, particularly when different levels of classification are involved and when sensitive defense networks and civilian networks intersect. The latter usually are not as well protected as the DOD and IC networks. Thus, deciding who owns data and who can view it and use it is often as difficult as creating the technology that enables sharing. MITRE has come up with some recommendations for policy-based sharing standards.

The theme of our recommendations is let the mission determine the rules for releasing data. Today, the process is overly reliant on humans to make every call. Whoever controls sensitive data gets to determine whether or not to give it to someone else for the other group's purposes. This can be a slow process that doesn't work well during a crisis.

MITRE has recommended a policy that optimizes gain and loss. First you ask, "What are the benefits to the mission if the information is shared and what are the risks if the information—or the means by which it was collected—are compromised?" Then you ask, "Who gets to decide?" There's no one answer; it depends on the mission. The biggest barrier is trust. The process of getting stakeholders together to create the policy is critical—it represents the "relationship" part of the web.

The MITRE team working on this project also discussed it with the Markle Foundation, a non-partisan, non-profit organization that advises the government on issues of IT that concern national security and healthcare. For example, the Markle Task Force invented the Systemwide Homeland Analysis and Response Exchange Environment.

The government continues to push for more and more sharing among agencies—for ways to bring down the stovepipes, both technical and cultural. MITRE will continue to work closely with sponsors on various initiatives to protect both networks and information shared among government and civilian agencies. Our projects range from trusted computing architectures to cryptography, to Digital Rights Management, and our research looks ahead to newly emerging technologies that might provide the answers in the future.

For more information, please contact Bill Neugent using the employee directory.

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.

Privacy Policy | Contact Us