Obama Administration Outlines National Information Sharing Strategy
The NSISS broadly outlines how the Obama administration wants to promote the secure sharing of national security information.The Obama administration is releasing details of its approach to facilitating better sharing of national security information between agencies and authorized parties. The president on Dec. 19 released the National Strategy for Information Sharing and Safeguarding (NSISS), which is meant to provide guidance for developing policies, processes and standards to promote secure information sharing between government agencies and between the government and authorized individuals. Information sharing has been at the center of the debate about cyber-security legislation, with some worrying that privacy rights will be trampled while others express concern that the sharing of threat information is often only one-way, with companies doing the sharing. "At the end of the day, we have to understand that cyber-criminals are coordinating their efforts and are well-versed in sharing vulnerabilities and attack methodologies," said Torsten George, vice president of worldwide marketing, products and support for Agiliance, a risk management solutions vendor. "To counter them, government and the private sector must work hand-in-hand to quickly disseminate information about threats."
Though not specifically about the challenges the country is facing in cyberspace, the document notes that differences in policies and technologies prevent authorized users from gaining access to critical resources and information on disparate networks and creates barriers across agencies and departments. In addition, increased information sharing requires advanced correlation and analytic capabilities.
- aligning information sharing and safeguarding governance to foster better decision making, performance, accountability and implementation of the Strategy’s goals;
- developing guidelines for information sharing and safeguarding agreements to address common requirements, including privacy, civil rights and civil liberties, while still allowing flexibility to meet mission needs;
- adopting metadata standards to facilitate federated discovery, access, correlation, and monitoring across federal networks and security domains;
- extending and implementing the Federal Identity, Credential and Access Management (FICAM) road map across all security domains; and
- implementing removable media policies, processes and controls; providing timely audit capabilities of assets, vulnerabilities and threats; establishing programs, processes and techniques to deter, detect and disrupt insider threats; and sharing the management of risks to enhance unclassified and classified information safeguarding efforts.