by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2013
16 GCN FEBRUARY 2013 • GCN.COM CYBEREYE BY WILLIAM JACKSON NATIONAL SECURITY INCREASINGLY depends on the ability of agencies at the federal, state and local level to cooperate across organization- al and jurisdictional lines. "This cooperation, in turn, demands the timely and ef- fective sharing of intelligence and information about threats to our nation with those who need it, from the president to the police o cer on the street," says the president s National Strategy for Information Shar- ing and Safeguarding released in December. This requirement has been complicated by turf wars, siloed databases and a lack of interoperable technology and policies. The strategy calls for a shift to interoperable shared services (read: cloud) and inte- grated policies that will require system upgrades in what the strategy calls an "extremely austere budget environment." In other words, don t look for the needed improvements in information sharing infrastruc- ture any time soon. But the real headache in meeting the strategy s goals will be establishing the common identity and access manage- ment schemes that are needed to enable secure sharing. Today s systems, policies and procedures were developed to lock information down, not to share it securely. The security posture has been defensive and outward-facing. "The focus of information safeguarding e orts in the past was primarily bound to systems and networks at spe- cific classification levels," the strategy says. This focus will have to shift to the data itself, regardless of where or what it is, with common standards for tagging data with metadata to enable discovery across multiple databases and using common platforms for identity and access management. It might be relatively easy to move federal, state and local intelligence to interoperable cloud platforms in standard- ized formats, although it will take money. But common identity and access manage- ment schemes systems will be tough to do. It has been more than eight years since Homeland Secu- rity Presidential Directive 12 mandated an interoperable electronic ID card that could be used across all executive branch agencies and their contractors for both physical and logical access. Standards and specifica- tions were developed by the National Institute of Standards and Technology in record time, and millions of Personal Identity Verification Cards have been issued. But despite this progress, most agencies still lack platforms for using the cards for unified access control for both physical facilities and IT systems, and there is little if any interoperation between departments accepting each other s cards. The problem is both a lack of mutual trust between agen- cies and the legacy systems underlying access control that have not been updated to ac- commodate a common set of electronic credentials. Specifications have been de- veloped for PIV-Interoperable cards, which could be used by citizens and state and local governments and accepted by federal agencies, and this could serve as a model for the kind of interoperable environ- ment envisioned in the presi- dent s strategy. But PIV-I cards are not being adopted and the lack of cross-agency accep- tance of PIV cards at the fed- eral level shows the di culty of establishing a broad-based, secure scheme for identity and access management. Getting thousands of law enforcement, security and intelligence agencies on the same page and willing to share their most valuable assets is likely to prove a serious hurdle to achieving the president s vision. Creating such as scheme probably will require legisla- tion as well as policy mandates, and a willingness by the federal government to accept state and local agencies as full partners rather than supplicants. Creat- ing a technical standard and then making its acceptance vol- untary has not worked. Clear standards for identity and access management, including provisioning of credentials, will have to be developed and enforced, and a system established for certifying that these requirements have been met. Agencies then must be required to accept certified cre- dentials from any other agency, whether it is the National Security Agency or the Muncie, Ind., Police Department. This still does not address the issue of legacy systems. It will take time and money to replace or update systems and to get the needed equipment into the hands of everyone who needs it. The federal government s experience with the PIV and Common Access Cards shows that agencies can do wonders in meeting unfunded man- dates in a relatively short time, but it also shows how little impact these e orts can have on operations if there is no follow-through on updating back ends and eliminating turf wars. These are the final steps that will be needed to make the president s vision for secure and practical information shar- ing a reality.• INFO-SHARING CALLS FOR AGENCIES TO MANAGE DATA, NOT NETWORKS Today's systems, policies and procedures were developed to lock information down, not to share it securely.