President Donald Trump issued a memorandum on Oct. 5 that requires Federal agencies to set up an information sharing network to correspond about threats to national security.
The attorney general, the secretary of Homeland Security, and the director of national intelligence are in charge of the development of technical architectures and corresponding policy to improve the integration, sharing, and use of identity attributes across agencies. These agency heads will submit their plan to the president within 270 days.
According to the memo, the information sharing platform must protect the security of information; enable the appropriate analysis, sharing, and use of information; ensure relevant operational security; and provide for the maintenance and use of such information to protect civil liberties. The information sharing network must comply with guidelines that oversee the collection, retention, and dissemination of personally identifiable information (PII).
The agencies must also examine the current technologies that they use to share sensitive information and determine if they should be enhanced or terminated. These assessments will define the appropriate access protocols, data standards, security safeguards, and operational mechanisms that are required to meet legal, policy, or mission requirements.
The secretary of Defense, the attorney general, the secretary of Homeland Security, the director of national intelligence, the secretary of State, the secretary of the Treasury, and the secretary of Energy will also identify the agency that is best suited to take charge of each individual category of national security threat actor information.
The National Institute of Standards and Technology (NIST) will establish the methods that agencies should use to exchange information, and establish corresponding application profiles for identity attributes.
The director of the Office of Science and Technology Policy, the attorney general, the secretary of Homeland Security, and the director of national intelligence should work with agencies to synchronize Federally funded research and development activities that seek to enhance the integration, management, and use of national security threat actor information.
Greg Touhill, former Federal CISO, said that information sharing is useless if recipients of the information don’t act on it.
“You can share all day long but if people aren’t listening and they aren’t acting on it, bad things are going to happen,” Touhill, president of Cyxtera Federal Group, said at the AFCEA Homeland Security Conference on Sept. 12.
Touhill acknowledged that the Federal government has improved its information sharing process since the Office of Personnel Management breach in 2015, but he said that improvements could still be made.
“I think we stink, but we don’t stink as bad as we have in the past,” Touhill said.