The US government, through its various intelligence operations, collects an enormous amount of information; especially recently, private organizations and businesses have assembled some pretty impressive collections of their own (think Google or Facebook). These collections have the potential to tell us a lot about the emergence of threats to either physical or information systems assets. The problem has always been that it is much more challenging to sift through and analyze the information than it is to collect it in the first place. I’m sure most readers have heard the narrative about all the warning signs of the 9/11 attacks; they were not hard to find after the fact, but no one “connected the dots” beforehand. Furthermore, even among government agencies, information was not always shared, either because of inter-agency politics, or just inertia. Information exchange between government and private-sector entities was even more problematic.
In the last decade, there have been efforts made to improve this situation. As part of that overall effort, this past week the White House released a new National Strategy for Information Sharing and Safeguarding [PDF here, 24 pp. total]. As the title implies, the Strategy recognizes that information must be shared, but in a controlled way; sharing everything with everyone risks giving too much information to potential adversaries. Citizens’ rights and privacy concerns also need to be taken into account.
Our national security relies on our ability to share the right information, with the right people, at the right time. As the world becomes an increasingly networked place, addressing the challenges to national security—foreign and domestic—requires sustained collaboration and responsible information sharing.
It also recognizes that many entities, not all of them governmental, are involved:
The imperative to secure and protect the American public is a partnership shared at all levels including Federal, state, local, tribal, and territorial. Partnerships and collaboration must occur within and among intelligence, defense, diplomatic, homeland security, law enforcement, and private sector communities.
To the extent that this reflects a shift toward looking at this problem as a whole, and not just at individual pieces, this is a welcome development.
I have had a quick preliminary read of the Strategy; although it is, like many similar documents from large organizations, over-supplied with jargon, its basic thrust seems sound. The approach is based on three basic principles:
- Information is a National Asset
- Information Sharing and Safeguarding Requires Shared Risk Management
- Information Informs Decisionmaking
The last is perhaps the most important, in the context of recent history. Information in a form that cannot be used to inform decisions is not worth much.
The Strategy identifies five broad goals going forward:
- Drive Collective Action through Collaboration and Accountability
- Improve Information Discovery and Access through Common Standards
- Optimize Mission Effectiveness through Shared Services and Interoperability
- Strengthen Information Safeguarding through Structural Reform, Policy, and Technical Solutions
- Protect Privacy, Civil Rights, and Civil Liberties through Consistency and Compliance
Each of these is discussed, and further broken down to more specifics. The Strategy then goes on to identify objectives for action going forward.
As is often the case with security policy issues, the devil is very much in the details of implementation; but it is encouraging that a reasonable framework has been developed as a starting point.