N AT IONAL S ECURITY
THROUGH
RESPONSIBLE
I NFORMAT ION S HARING
Kshemendra Paul
Program Manager, Information Sharing Environment
March 2013
V IS ION
National security through responsible information sharing
M IS SION
Advance responsible information sharing to further
counterterrorism and homeland security missions
Improve nationwide decision making by transforming
information ownership to stewardship
Promote partnerships across federal, state, local, and tribal
governments, the private sector, and internationally
2
S C OPE
International
Private Sector
Tribal
Local
State
Federal
Frontline
• Investigators
• Analysts
• Operators
Communities
Law Enforcement
Defense
Intelligence
Homeland Security
Information
Sharing
Environment
(ISE)
Diplomacy
Information Technology Industry
3
C ONT EX T
IRTPA
Intelligence Reform
and Terrorism
Protection Act of 2004
Executive Order 13388
2007 National
Presidential Guidelines
Markle Task Force
Strategy
2012 National
Strategy
Executive Order 13587
4
Principles:
• Information as a national asset.
• Information sharing and safeguarding requires shared
risk management.
• Information informs decision making.
5
S TA ND A RD S
WAY A HEA D
• Standards coordination and governance
◦ Standards Coordinating Council
• National Information Exchange Model
• Standards development and interoperability
• Standards Based Acquisition
• Identity and access management
• Policy automation
• Geospatial
6
D E V E L O P I N G S TA N D A R D S
TOGETHER
Develop Standards Collectively
Government
Standards
Groups
Concept
Development
Incorporate Standards
Requirements into Acquisitions
Applied
Standards
Testing
Standards
Certification
…
AFEI
NIST
NIEM
GSC
Coordination
…
OASIS
OGC
OMG
Industry Standards
Development
Organizations
Test and Certify Standards
Incorporate Standards into Tools
7
I N F O R M AT I O N I N T E G R AT I O N
FRAMEWORK
•
•
•
•
•
•
• Capability Definition
• Operational Requirements
• Requirements traceability
Systems/Networks Designs
Interfaces Control Diagrams
Data Tagging and classification markings
Exchange standards (NIEM, UML)
Auditing/Monitoring
Service profile and specification (GRA)
Information
Integration
• Records management policies
• Information disposition guidance
• Authorities - Policy/Programmatic
Guidance/Law
• Information sharing agreements to include
sharing, use and dissemination and
obligations guidance
• Controls/Protections for data in motion
• Auditing and monitoring
Best Practices
8
N I EM - U M L P ROFILE
Platform Independent Perspective
PIM
Applies
Model
Platform Independent
Model
Specifies
PIM
Profile
References
NIEM-UML Profile
Apply Principles of MDA
PIM
Conformance
Point
Information and Business Focus
Imports
Common
Profile
References
Model Packaging Perspective
PIM AppliesPIM
Specifies
MPD
Profile
Conformance Model
PIM
Point
Profile
References
Imports
References
Platform Specific Perspective
PSM
Conformance
Point
References
PSM Model
Applies
Platform Specific
Specifies
Model
PSM
Profile
Systems Implementation Focus
9
C AS E S T U DY :
N EW JERSEY
10
C AS E S T U DY :
N EW J ERSEY I S E
State Partners
(NY, PA, CT, NYC)
NJ State Agencies
(i.e. AG)
Emergency
Management
NJSP
Private Sector
Field
ROIC
Communications
UASI
NJ County/Local
Agencies
ITB
(CIO)
National Fusion
Center Network
OHSP
(HSA)
Federal Partners
(i.e. FBI JTTF, NDEx)
11
F U T U RE
Cyber Security
Statewide ISE: Race to the Top
Standards-Based Acquisition . . .
12
V IS IT I S E . GOV
@shareandprotect
13