The IJIS Factor
Blog Home All Blogs
The IJIS Factor is the IJIS Institute's blog that covers technology and information sharing and safeguarding topics, including national standards and initiatives.

 

Search all posts for:   

 

Top tags: information sharing  corrections  NIBRS  cybersecurity  Interoperability  justice-to-health  mid-year briefing  CJIS  CTA  FBI  Global  ijis  NG911  standards  standards coordinating council  Alliance Partner  APCO  APPA  CAD  courts  CPAC  DHS  Geospatial  HIPAA  iCERT  Internet of Things  IoT  NDEx  NIEM  OASIS 

WIS3 Highlights Cooperation and Coordination in Info Sharing

Posted By Ashwini Jarral, Monday, April 4, 2016

The Workshop on Information Sharing and Safeguarding Standards (WIS3) is an annual event sponsored by the Standards Coordinating Council (SCC) and the IJIS Institute. The 2016 event was held on 17 March at the Hyatt Regency Hotel in Reston, Virginia.

This year’s WIS 3 was an interactive workshop that brought together more than 100 government and industry leaders to chart the future for architecture and standards frameworks for the national information sharing environment.

The workshop opened with an introduction from Victor Harrison, senior VP of Object Management Group (OMG). WIS was co-located with the OMG Technical Meeting.

The opening keynote presentation was given by a special guest, Michael Echols, director of the Cyber Joint Program Management Office, National Cybersecurity Policy and Risk Management, Department of Homeland Security. He spoke about the recent executive orders on cybersecurity and what progress has been made. He had two important points that he emphasized to participants: 1) that cybersecurity is a team sport with many communities of interest that are involved and 2) that public/private partnerships are essential for success in improving the state of cyber security in this country.

Of particular interest to the WIS3 attendees and the SCC, Echols noted that, “standards are how we empower the weakest team members and make the networks that link us strong.”

Echols went on to discuss the need for information sharing platforms to be linked. He discussed the need for more organizations and individuals to get involved in the Information Sharing and Analysis Organization (ISAO) Standards Organization, www.isao.org. He went on to say that, “we want to move cyber threat information to the right people at the right place in the right time,” and that realizing this would start with standards and mean working with organizations in the community of interest.

The first panel of the workshop was Project Interoperability 2.0. The panelists provided the vision for Project Interoperability 2.0 activities. The panel was moderated by Kshemendra Paul, program manager, Information Sharing Environment (PM-ISE), Office of the Director of National Intelligence (ODNI) and the panelists were:

  • Steve Ambrosini, executive director, IJIS Institute
  • Mark Reichardt, president and CEO, Open Geospatial Consortium (OGC)
  • Jamie Clark, general counsel, Organization for the Advancement of Structured Information Standards (Oasis)
  • Ashwini Jarral, director of operations, IJIS Institute

At the start of the panel, Paul reviewed PM ISE’s perspective on the future of Project Interoperability and the role of PM ISE in that effort. He also discussed the development and importance of the Information Sharing and Safeguarding (IS&S) Playbook, http://www.standardscoordination.org/iss-playbook, and how the Playbook interacts with the work of the SCC and Project Interoperability.

Ambrosini discussed IJIS’ role and interest in the SCC and Project Interoperability and noted that through the SCC, organizations can send out relevant standards to communities of interest, public and private, to encourage use and adaptation.

Reichardt discussed that OGC’s interest in the SCC is access across standards development organizations (SDOs) and different communities of interest so that standards created worldwide by OGC are not created in a vacuum. He provided an example of this, noting that earlier versions of the National Information Exchange Model (NIEM) were able to transmit location information but not within the frameworks of the GIS providers. OGC conducted a pilot to use NIEM to transmit location information and now the changes discovered through this process are a part of NIEM 3.0. He stated that engaging industry in the creation of tools and testing things in real operational situations are examples of success through SCC. OGC is an international organization and the international connections help them enable information sharing across national boundaries. OGC is planning pilots in the international space to further these important efforts.

Jamie Clark build on this concept using an analogy that all the SDOs are out there creating tools, but if you put a toolbox in front of people without any experience with a hammer, they won’t be able to make any sense out of the 45 different hammers in the box. The SCC can be thought of as a way to help guide those people to understand what is in that toolbox and ways it can be used, ultimately encouraging people to reach in the box and use the tools effectively instead of being overwhelmed and closing the box. Clark encouraged people from other SDOs to participate in the SCC so we can help the greater information sharing community properly use the toolbox.

Clark also had a real-world example; OASIS was working on XACML and through their involvement in the SCC they discovered that OGC was working on the geospatial component of XACML. The two organizations ended up working together to both organization’s and both standard’s benefits.

Jarral discussed how the many pieces that were discussed so far, like the SCC, Project Interop, and others, fit together and interrelate.

Following the panel presentation, a town hall-type session was held to allow the audience to provide comments and ask questions of the panelists about the SCC and Project Interoperability. It was a very lively session that went to the last minute with audience questions and comments.

The next panel was a discussion of information sharing and interoperability in the maritime domain. The moderator for the panel was Doc Holliday from the PM-ISE and the panelists were:

  • Dr. Mark Haselkorn, professor of human-centered design and engineering, University of Washington, and director, Center for Collaborative Systems for Security, Safety, and Regional Resilience (CoSSaR)
  • Bradford Clark, Mission Integration and Capability Development Division, Office of Shore Forces (CG-741), U.S. Coast Guard

Haselkorn and Clark educated participants on how Federal partners have co-sponsored and teamed with the University of Washington to analyze the Puget Sound operational sharing environment, how Project Interoperability tools and resources are being employed there, and how the results of this work, in addition to being shared across the greater maritime community of interest.

Haselkorn noted in his presentation that we aren’t designing systems for users because users are a part of the system; it is more like we are designing Interventions to close the socio-technical gap. His presentation also focused on the work of the CoSSaR. He went on to state that the intent of the work being done should be the development of a common operational picture instead of hoping that someday there would be one big system that everyone used, as that was not a possible scenario.

The next panel was a use case about law enforcement deconfliction and request for information. The panel was moderated by Hank Oleyniczak from the PM-ISE and the panelists included:

  • Alan Rosenhauer, CTO, RISS Technology Center
  • Glenn Fueston, associate deputy director, Intelligence and Information Sharing Initiative, Washington/Baltimore High Intensity Drug Trafficking Area

Deconfliction is becoming a standardized term within the law enforcement community. The panelists discussed the varying degrees of what deconfliction represents in the law enforcement community and reviewed a successful implementation interconnecting three nationally-recognized event deconfliction systems (RISSafe, Case Explorer, and SAFETNet).

The panelists described the three types of deconfliction: 1) Event Deconfliction is agencies avoiding an event at the same time in the same place, 2) Case/Subject/Target/Entity Deconfliction is law enforcement provider to law enforcement provider communications about issues, and 3) a Request for Information is a generic request for info about a topic in a general sense.

Both presenters reinforced the necessary ingredients between partners for deconfliction activities are  building trust, enabling interoperability with security/safeguarding, and achieving scalability as deconfliction efforts move from event to general requests for information and all within the framework of countering terrorism and enhancing homeland security.

Rosenhauer discussed future plans for enhancements involve investigating potential connections with the Drug Enforcement Agency, cyber organizations, FBI, N-DEx, and other national and regional partners. More about their project can be learned at www.ncirc.gov/deconfliction.

The fourth panel was entitled Scaling Trust and Interoperability: Lessons from Federating Identity and Access. The panel was moderated by John Wandelt, fellow and division chief, Information Exchange and Architecture Division, Georgia Tech Research Institute (GTRI). The panelists were:

  • Alan Rosenhauer, CTO, RISS Technology Center
  • Marc-Anthony Signorino, JD, CIPP, executive director, Identity Ecosystem Steering Group, Inc.
  • Bill Phillips, security specialist, Nlets
  • Tom McCarty, director, Identity, Credential and Access Management (ICAM) Program Management Office (PMO), Information Sharing Environment Office, Office of the CIO, DHS
  • Jim Derry, IT Manager, Tennessee Methamphetamine & Pharmaceuticals Task Force

Scaling trust and interoperability across autonomous federal, state, and local partner organizational boundaries is a fundamental requirement of the information sharing and safeguarding environment to support the counterterrorism and homeland defense mission. The panelists explores experiences, lessons learned, and strategies from existing trust framework operators and stakeholders during the implementation of the federated identity use case.

The fifth and last panel of the day was called New National Initiatives: Leveraging Project Interoperability and Standards to Create Information Sharing Momentum. The moderator for this panel was Ashwini Jarral, director of operations, IJIS Institute, and the panel included:

  • Laurie Flaherty, Coordinator of the National 911 program, Department of Transportation
  • Vernon Mosley, Senior Cybersecurity Engineer, Cybersecurity and Communications Reliability Division, Public Safety and Homeland Security Bureau, Federal Communications Commission (FCC)
  • Peter Shebell, Deputy Director for Standards Policy and Coordination, Office of Standards, Capability Development Support Group, Science and Technology Directorate
  • Jeff Bratcher, CTO, FirstNet
  • Richard Spires, CEO, Learning Tree International (former DHS CIO)

The panelists discussed opportunities and challenges around interoperability, standards, and building trust within their community. Panelists provided their perspective on using different components of Project Interoperability and SCC resources to develop an information sharing and safeguarding environment. The panel also addressed the policy and procurement challenges that agencies face as they develop standards-based capabilities.

The workshop closed with a wrap up of the day’s events and view for the future by Paul from the PM-ISE.

Planning has already started for the 2017 WIS3. Please visit www.standardscoordination.org for event information as well as other SCC information and activities.

Tags:  cybersecurity  information sharing  interoperability  WIS3 

Share |
PermalinkComments (0)
 

IJIS Facilitates Panel at APCO Conference

Posted By James (Jim) W. Dundas Jr., Friday, August 28, 2015
Updated: Monday, August 24, 2015

APCO International is the world’s oldest and largest organization of public safety communications professionals and supports the largest U.S. membership base of any public safety association. It serves the needs of public safety communications practitioners worldwide - and the welfare of the general public as a whole – by providing complete expertise, professional development, technical assistance, advocacy and outreach. I attended this year’s APCO Conference along with Ashwini Jarral, IJIS director of operations. It was held August 16 – 19 at the Walter E. Washington Convention Center in Washington, DC.

During the conference, IJIS facilitated a panel on cyber security with respect to public safety communications and information systems. The three-member panel discussed wide-ranging cyber issues that can disrupt public safety services, including denial of service (DoS, DDoS) attacks, critical infrastructure disruption, and data security breaches. As U.S. public safety agencies grapple with these issues, another specific area of vulnerability exists relative to opening connections and sharing critical information across public networks in support of national law enforcement and fusion center missions. With the Internet as the medium for sharing this information, the session explored methods for sharing and safeguarding public safety data using national information security standards and advanced information security architectures.

As with previous APCO conferences over the past few years, FirstNet, cyber security, and Next Generation 911 were frequent topics of discussion. The exhibit hall floor this year housed CAD and Land Mobile Radio vendors, consulting and engineering firms, and test equipment suppliers and federal government agencies that operate in the public safety communications space.

Tags:  APCO  cybersecurity  firstnet  NG911 

Share |
PermalinkComments (0)
 

RAND Report: Using Future Internet Technologies to Strengthen Criminal Justice

Posted By Andrea A. Walter, Tuesday, August 25, 2015
Updated: Monday, August 24, 2015

Future World Wide Web technologies commonly labeled as being part of Web 3.0 and Web 4.0 could substantially change how the criminal justice enterprise operates. These notably include Semantic Web technologies, intelligent agents, and the Internet of Things. In September 2014, RAND conducted an expert panel for the National Institute of Justice to discuss how the criminal justice community can take advantage of (and reduce the risks from) these emerging technologies. The top unifying theme from the panel was to leverage web technologies to improve information-sharing and protection across the criminal justice enterprise, and to address challenges that the new technologies raise. Another major theme was improving practitioners' knowledge of web technologies. Priorities included general education on key web technologies, and model policies and procedures for using them. A third theme was to improve the networking infrastructure needed to support web technologies (and other applications), especially for courts and corrections. Fourth, several needs became apparent related to leveraging wearable and embedded sensors (part of the Internet of Things), with an emphasis on using sensors to improve officer health and safety. Finally, panelists frequently noted the importance of civil rights, privacy rights, and cybersecurity protections in using the emerging technologies for criminal justice. While there were few needs about these topics specifically, panelists noted that more than half of the needs raised security, privacy, or civil rights concerns, or had implied requirements on these topics. Read the full report online at http://www.rand.org/content/dam/rand/pubs/research_reports/RR900/RR928/RAND_RR928.pdf.

Research Questions

  1. How will web technologies that are just over the horizon, including semantic tagging, intelligent agents, and the Internet of Things (IoT), change how the criminal justice enterprise operates?
  2. How can the criminal justice community take advantage of (and reduce the risks from) these emerging web technologies?

Key Findings

Information-Sharing Must Be Improved

  • There is a need to leverage web technologies to improve information-sharing and protection across the criminal justice enterprise.
  • In addition to leveraging web technologies for information-sharing in general, top priorities included developing a common criminal history record and cataloging scheme; developing real-time language translation capabilities; and developing displays or "dashboards" to meet officers' tailored, dynamic information needs.

Practitioners' Knowledge of New Web Technologies and Their Uses Must Improve

  • Priorities included general education on key web technologies, as well as the model policies and procedures for using them.
  • Panelists also called for procurement checklists and cost-benefit tools for systems acquisition, as well as for policies and procedures to address the anticipated rise of unmanned vehicles.

Infrastructure Must Be Improved

  • The networking infrastructure needs improvement to support web technologies (and other applications), especially for courts and corrections.

Criminal Justice Uses for Emerging Sensors Related to the Internet of Things Should Be Explored

  • Several needs were expressed related to leveraging wearable and embedded sensors (part of the Internet of Things), with an emphasis on using sensors to improve officer health and safety.

Civil Rights, Privacy Rights, and Cybersecurity Protections Must Be Addressed

  • Panelists frequently noted the importance of civil rights, privacy rights, and cybersecurity protections.
  • While few needs about these topics were specifically expressed, panelists noted that more than half of the needs discussed either raised concerns or had implied requirements regarding security, privacy, or civil rights.

Recommendations

  • Partner with the Standards Coordinating Council and constituent information-sharing development efforts to explore how semantic tagging and intelligent agents might be leveraged to expedite information-sharing, with criminal history data as a starting point. Experiment with real-time language technologies.
  • Focus education efforts on: semantic technologies that support finding, accessing, and translating key information; sensor systems for monitoring officer health, officer safety, and maintaining community supervision; video conferencing; and civil rights, privacy rights, and cybersecurity protections.
  • Designate a group to develop law enforcement requirements, policies, and procedures for interfacing with self-driving cars.
  • Develop field experiments with video teleconferencing links for inmate communications and remote education. Pursue novel business models and support to make Internet links more affordable in rural areas.
  • Experiment with health and safety sensor feeds, both wearable and embedded, and with Internet-connected sensor systems to support maintaining the location and tracking of offenders under community corrections supervision.
  • At a strategic level, seek to ensure that civil rights, privacy rights, and cybersecurity protections are built into technology developments, standards, policies, and procedures from the beginning. For intelligent agents that support decisionmaking, research how to ensure the quality of data used to make the decision, and how decisionmakers should use the agents' recommendations. Conduct research to advise on common attributes for policies, procedures, and required protective technologies for sensors related to the Internet of Things.

Source: John S. HollywoodDulani WoodsRichard SilberglittBrian A. Jackson, RAND Research Report, 2015, http://www.rand.org/pubs/research_reports/RR928.html

Tags:  criminal justice  cybersecurity  IoT  NIJ  RAND  Standards Coordinating Council 

Share |
PermalinkComments (0)
 

A Different Cyber Perspective at InfoSec World 2015

Posted By Steve Ambrosini, Thursday, May 14, 2015
Updated: Monday, May 11, 2015

A few weeks ago I attended InfoSec World 2015. The IJIS Institute is an association partner of the event and this was our first visit to this annual conference and expo. It is put on by the MIS Training Institute (MISTI).

InfoSec World 2015 was a great experience and it provided a different perspective on the very large topic of cybersecurity that we are used to seeing at the IJIS Institute events. The conference is focused on the perspectives of technologists and Certified Information Systems Security Officers (CISSO) in the quest for cybersecurity. I am more accustomed to hearing discussions about front end access to systems and Identity Management (ICAM) issues versus the deep technology dives at InfoSec. It was a refreshing change of pace to look at this topic from another angle.

Two quick thoughts regarding InfoSec World 2015:

  • There was a lot of discussion at the event about understanding the vulnerability contours in the world of open source, and how pervasive and continuously growing the use of open source is even with known vulnerabilities. Some of the environments that we might consider the most secure are still using open source components with known vulnerabilities. As open source is essential and obviously here to stay, the path forward looks like the same path one might use to eat an elephant…focusing on one bite at a time by bolstering the immediate lines of defense with operating system component patches.
  • The term incident response, as in cyber incident response, was thrown around a lot at this conference. Assistant Special Agent in Charge Ari M. Baranoff, U. S. Secret Service/Criminal Investigative Division, gave a fantastic keynote address on organized cybercrime, and stepped through the cyber incident response steps of investigation, arrest, and prosecution. It struck me that the world of law enforcement/criminal justice incident response and cyber incident response are not as different as you might think at first glance. I recently heard about companies using the Incident Command System, borrowed from the fire service, to manage cyber incident response. What things can law enforcement/public safety and cyber crime fighters learn from one another about incident response?

It was a great time to immerse myself in this cybersecurity perspective at InfoSec World 2015 considering that the IJIS Institute, through the Standards Coordinating Council, is getting more and more involved in the defense against cyber attacks through the development of standards for sharing cyber incident information. Stay tuned to the IJIS Factor blog for more on the SCC and Executive Order 13691 on Promoting Private Sector Cybersecurity Information Sharing.

Tags:  cybersecurity  ICAM  information sharing  standards coordinating council 

Share |
PermalinkComments (0)