As cybersecurity legislation continues to languish in Congress, the White House is pushing the issue forward with the release of the National Strategy for Information Sharing and Safeguarding strategy this week. The plan seeks to achieve a balance between the need for better processes for the sharing of critical security-related intelligence within the government at the federal, state, and local levels, as well as between government and the private sector, while working to uphold the public trust by safeguarding privacy and civil liberties.
"While these two priorities—sharing and safeguarding—are often seen as mutually exclusive, in reality they are mutually reinforcing. This Strategy, therefore, emphasizes how strengthening the protection of classified and sensitive information can help to build confidence and trust so that such information can be shared with authorized users," President Obama stated in the introduction to the strategy.
The plan outlines a framework for developing standardized policies and processes for promoting "secure and responsible information sharing" that first seeks to recognize that the ability to collect and mine large amounts of data means that information has become a critical national asset, and that stakeholders have an obligation to pool data that is deemed essential to supporting national security objectives.
The initiative also acknowledges that such data is essential to the quality of decision making processes at all levels, and that effective information sharing will require the development of a common risk management strategy that will instill trust between all parties involved in order to foster the timely dissemination of intelligence to the applicable entities while maintaining a focus on achieving five primary goals:
- Driving Collective Action through Collaboration and Accountability: Establishing governance models that enable mission achievement; adopting common processes to build trust; simplifying the information sharing agreement process; supporting efforts through performance management, training, and incentives.
- Improving Information Discovery and Access through Common Standards: Developing clear policies for making information available to approved individuals; establishing proper identity, authentication, and authorization controls; standardized data tagging; enterprise-wide data correlation; common information sharing standards; rigorous processes to certify and validate use.
- Optimizing Mission Effectiveness through Shared Services and Interoperability: Optimizing mission effectiveness through shared services, data and network interoperability, and increased efficiency in acquisition.
- Strengthening Information Safeguarding through Structural Reforms, Policies, and Technical Solutions: Policies must focus on identifying, preventing, and mitigating insider threats and external intrusions; enhance capabilities for data-level controls, automated monitoring, and cross-classification solutions.
- Protecting Privacy, Civil Rights, and Civil Liberties through Consistency and Compliance: Increase the consistency in applying privacy and civil liberties protections; building corresponding safeguards into the development of information sharing operations; promoting accountability and compliance mechanisms.
The text makes a point to note that this strategy is not intended to supersede the goals outlined in the National Strategy for Information Sharing (2007 NSIS), nor does it seek to define specific categories for the types of information to be shared, but instead is intended to act as a guideline for defining requirements for information sharing that specifically support the need for effective decision making at all levels within the bounds of existing laws and established policies.
"Our national security depends on sharing the right information with the right people at the right time. We will therefore keep working to maintain an environment in which information is shared in a manner that is responsible, seamless, and secure. Guided by this Strategy, we will continue to leverage critical information to keep our Nation secure and our fellow citizens safe," President Obama decreed.