President Obama Lays Out Information-Sharing Strategy7:17 PM EST Thu. Dec. 20, 2012
President Obama issued a document intended to lay out a new strategy for information sharing, but the strategy provides more of a framework for the development of policy as opposed to establishing an actual set of new regulations.
"This Strategy recognizes this vital information for what it is -- a national asset that must be both protected and shared, as appropriate," reads the introduction to the document. "The threats to our national security are constantly evolving, so our policies to ensure this information is used and protected as intended must evolve as well. This includes protecting private and personal information about United States persons and upholding our commitment to transparency. This Strategy makes it clear that the individual privacy, civil rights, and civil liberties of United States persons must be -- and will be -- protected."
To that end, the document outlines five key objectives that focus on collaboration and accountability, improved information discovery and access, shared services and interoperability, structural reform, and privacy protection. The common thread throughout the document involves cooperation and collaboration based on a common interest in maintaining the security of the nation, its data and its infrastructure.
"I think the biggest fear is about whether the data, once collected, will be used in inappropriate ways," said Gartner security analyst Lawrence Pingree. "But bringing together data could actually reduce the downside. Data sharing will improve the context of any investigation, and context is lacking in a lot of cases. Interconnecting databases is important in pulling together a whole picture that will help you to assess what is really going on while at the same time respecting the privacy rights of people."
Pingree went on to explain that effective information sharing can lead to enhanced behavioral and reputational context that can prevent someone from government scrutiny simply because they used the wrong words on Twitter, for example.
"Interconnecting some of these agencies might reduce the ability to trip the trigger and then get nabbed because of something you said that you had no intention of acting out. On the other hand, if a known host on the Internet launches an attack, you want to be able to tell everyone that that person is an attacker," he said. "It would be very useful if the government would share that in a dynamic manner."
NEXT: Navigating The Databases
But aside from gathering buy-in from all the government agencies and the public at large, Pingree pointed out that establishing an automated system for information sharing would be a huge undertaking. Thus, the political challenges of such a framework may be overshadowed by the technical challenges combined with the underlying need for standards. It would take this sort of cooperation to move the policy beyond the appearance of security toward the delivery of actual security that makes a difference.
"In order to share information between any sort of separated databases, you have to have common tables and formatting," he said. "Then you need a framework to map them together, which also calls out the major elements that you would need to share. Intelligence information, historical context of activities, and event data are just a few of things that would need to factor into that equation."
With upward of 1 billion records breached so far, according to Pingree, the challenge associated with a coordinated effort is a necessary one.
"We give up our privacy regularly, for convenience," he said. "Usually people who are dismissive of policy haven't experienced the reasons behind the policy. Has a hacker taken $10,000 out of your bank account? If that has happened to you, the policy hits a lot closer to home."
PUBLISHED DEC. 20, 2012