The Workshop on Information Sharing and Safeguarding Standards (WIS3) is an annual event sponsored by the Standards Coordinating Council (SCC) and the IJIS Institute. The 2016 event was held on 17 March at the Hyatt Regency Hotel in Reston, Virginia.
This year’s WIS 3 was an interactive workshop that brought together more than 100 government and industry leaders to chart the future for architecture and standards frameworks for the national information sharing environment.
The workshop opened with an introduction from Victor Harrison, senior VP of Object Management Group (OMG). WIS was co-located with the OMG Technical Meeting.
The opening keynote presentation was given by a special guest, Michael Echols, director of the Cyber Joint Program Management Office, National Cybersecurity Policy and Risk Management, Department of Homeland Security. He spoke about the recent executive orders on cybersecurity and what progress has been made. He had two important points that he emphasized to participants: 1) that cybersecurity is a team sport with many communities of interest that are involved and 2) that public/private partnerships are essential for success in improving the state of cyber security in this country.
Of particular interest to the WIS3 attendees and the SCC, Echols noted that, “standards are how we empower the weakest team members and make the networks that link us strong.”
Echols went on to discuss the need for information sharing platforms to be linked. He discussed the need for more organizations and individuals to get involved in the Information Sharing and Analysis Organization (ISAO) Standards Organization, www.isao.org. He went on to say that, “we want to move cyber threat information to the right people at the right place in the right time,” and that realizing this would start with standards and mean working with organizations in the community of interest.
The first panel of the workshop was Project Interoperability 2.0. The panelists provided the vision for Project Interoperability 2.0 activities. The panel was moderated by Kshemendra Paul, program manager, Information Sharing Environment (PM-ISE), Office of the Director of National Intelligence (ODNI) and the panelists were:
- Steve Ambrosini, executive director, IJIS Institute
- Mark Reichardt, president and CEO, Open Geospatial Consortium (OGC)
- Jamie Clark, general counsel, Organization for the Advancement of Structured Information Standards (Oasis)
- Ashwini Jarral, director of operations, IJIS Institute
At the start of the panel, Paul reviewed PM ISE’s perspective on the future of Project Interoperability and the role of PM ISE in that effort. He also discussed the development and importance of the Information Sharing and Safeguarding (IS&S) Playbook, http://www.standardscoordination.org/iss-playbook, and how the Playbook interacts with the work of the SCC and Project Interoperability.
Ambrosini discussed IJIS’ role and interest in the SCC and Project Interoperability and noted that through the SCC, organizations can send out relevant standards to communities of interest, public and private, to encourage use and adaptation.
Reichardt discussed that OGC’s interest in the SCC is access across standards development organizations (SDOs) and different communities of interest so that standards created worldwide by OGC are not created in a vacuum. He provided an example of this, noting that earlier versions of the National Information Exchange Model (NIEM) were able to transmit location information but not within the frameworks of the GIS providers. OGC conducted a pilot to use NIEM to transmit location information and now the changes discovered through this process are a part of NIEM 3.0. He stated that engaging industry in the creation of tools and testing things in real operational situations are examples of success through SCC. OGC is an international organization and the international connections help them enable information sharing across national boundaries. OGC is planning pilots in the international space to further these important efforts.
Jamie Clark build on this concept using an analogy that all the SDOs are out there creating tools, but if you put a toolbox in front of people without any experience with a hammer, they won’t be able to make any sense out of the 45 different hammers in the box. The SCC can be thought of as a way to help guide those people to understand what is in that toolbox and ways it can be used, ultimately encouraging people to reach in the box and use the tools effectively instead of being overwhelmed and closing the box. Clark encouraged people from other SDOs to participate in the SCC so we can help the greater information sharing community properly use the toolbox.
Clark also had a real-world example; OASIS was working on XACML and through their involvement in the SCC they discovered that OGC was working on the geospatial component of XACML. The two organizations ended up working together to both organization’s and both standard’s benefits.
Jarral discussed how the many pieces that were discussed so far, like the SCC, Project Interop, and others, fit together and interrelate.
Following the panel presentation, a town hall-type session was held to allow the audience to provide comments and ask questions of the panelists about the SCC and Project Interoperability. It was a very lively session that went to the last minute with audience questions and comments.
The next panel was a discussion of information sharing and interoperability in the maritime domain. The moderator for the panel was Doc Holliday from the PM-ISE and the panelists were:
- Dr. Mark Haselkorn, professor of human-centered design and engineering, University of Washington, and director, Center for Collaborative Systems for Security, Safety, and Regional Resilience (CoSSaR)
- Bradford Clark, Mission Integration and Capability Development Division, Office of Shore Forces (CG-741), U.S. Coast Guard
Haselkorn and Clark educated participants on how Federal partners have co-sponsored and teamed with the University of Washington to analyze the Puget Sound operational sharing environment, how Project Interoperability tools and resources are being employed there, and how the results of this work, in addition to being shared across the greater maritime community of interest.
Haselkorn noted in his presentation that we aren’t designing systems for users because users are a part of the system; it is more like we are designing Interventions to close the socio-technical gap. His presentation also focused on the work of the CoSSaR. He went on to state that the intent of the work being done should be the development of a common operational picture instead of hoping that someday there would be one big system that everyone used, as that was not a possible scenario.
The next panel was a use case about law enforcement deconfliction and request for information. The panel was moderated by Hank Oleyniczak from the PM-ISE and the panelists included:
- Alan Rosenhauer, CTO, RISS Technology Center
- Glenn Fueston, associate deputy director, Intelligence and Information Sharing Initiative, Washington/Baltimore High Intensity Drug Trafficking Area
Deconfliction is becoming a standardized term within the law enforcement community. The panelists discussed the varying degrees of what deconfliction represents in the law enforcement community and reviewed a successful implementation interconnecting three nationally-recognized event deconfliction systems (RISSafe, Case Explorer, and SAFETNet).
The panelists described the three types of deconfliction: 1) Event Deconfliction is agencies avoiding an event at the same time in the same place, 2) Case/Subject/Target/Entity Deconfliction is law enforcement provider to law enforcement provider communications about issues, and 3) a Request for Information is a generic request for info about a topic in a general sense.
Both presenters reinforced the necessary ingredients between partners for deconfliction activities are building trust, enabling interoperability with security/safeguarding, and achieving scalability as deconfliction efforts move from event to general requests for information and all within the framework of countering terrorism and enhancing homeland security.
Rosenhauer discussed future plans for enhancements involve investigating potential connections with the Drug Enforcement Agency, cyber organizations, FBI, N-DEx, and other national and regional partners. More about their project can be learned at www.ncirc.gov/deconfliction.
The fourth panel was entitled Scaling Trust and Interoperability: Lessons from Federating Identity and Access. The panel was moderated by John Wandelt, fellow and division chief, Information Exchange and Architecture Division, Georgia Tech Research Institute (GTRI). The panelists were:
- Alan Rosenhauer, CTO, RISS Technology Center
- Marc-Anthony Signorino, JD, CIPP, executive director, Identity Ecosystem Steering Group, Inc.
- Bill Phillips, security specialist, Nlets
- Tom McCarty, director, Identity, Credential and Access Management (ICAM) Program Management Office (PMO), Information Sharing Environment Office, Office of the CIO, DHS
- Jim Derry, IT Manager, Tennessee Methamphetamine & Pharmaceuticals Task Force
Scaling trust and interoperability across autonomous federal, state, and local partner organizational boundaries is a fundamental requirement of the information sharing and safeguarding environment to support the counterterrorism and homeland defense mission. The panelists explores experiences, lessons learned, and strategies from existing trust framework operators and stakeholders during the implementation of the federated identity use case.
The fifth and last panel of the day was called New National Initiatives: Leveraging Project Interoperability and Standards to Create Information Sharing Momentum. The moderator for this panel was Ashwini Jarral, director of operations, IJIS Institute, and the panel included:
- Laurie Flaherty, Coordinator of the National 911 program, Department of Transportation
- Vernon Mosley, Senior Cybersecurity Engineer, Cybersecurity and Communications Reliability Division, Public Safety and Homeland Security Bureau, Federal Communications Commission (FCC)
- Peter Shebell, Deputy Director for Standards Policy and Coordination, Office of Standards, Capability Development Support Group, Science and Technology Directorate
- Jeff Bratcher, CTO, FirstNet
- Richard Spires, CEO, Learning Tree International (former DHS CIO)
The panelists discussed opportunities and challenges around interoperability, standards, and building trust within their community. Panelists provided their perspective on using different components of Project Interoperability and SCC resources to develop an information sharing and safeguarding environment. The panel also addressed the policy and procurement challenges that agencies face as they develop standards-based capabilities.
The workshop closed with a wrap up of the day’s events and view for the future by Paul from the PM-ISE.
Planning has already started for the 2017 WIS3. Please visit www.standardscoordination.org for event information as well as other SCC information and activities.