The IJIS Factor
Blog Home All Blogs
The IJIS Factor is the IJIS Institute's blog that covers technology and information sharing and safeguarding topics, including national standards and initiatives.

 

Search all posts for:   

 

Top tags: information sharing  corrections  NIBRS  cybersecurity  interoperability  justice-to-health  mid-year briefing  CJIS  CTA  FBI  Global  ijis  NG911  standards  standards coordinating council  Alliance Partner  APCO  APPA  CAD  courts  CPAC  DHS  Geospatial  HIPAA  iCERT  Internet of Things  IoT  ndex  NIEM  OASIS 

Information Sharing and Safeguarding (IS&S) Environment Playbook

Posted By Ashwini Jarral, Thursday, November 12, 2015

The IJIS Institute led the development of the Information Sharing and Safeguarding (IS&S) Environment Playbook to address the question, “if we need to create an IS&S environment and have the resources, what do we do next?”

This question got the Program Manager of Information Sharing Environment (PM-ISE) leadership and the Standards Coordinating Council (SCC) members thinking about the lack of guidance for communities of interest from different missions (including all levels of governments and industry) to standup their own IS&S environment. At the request of the PM-ISE leadership, the IJIS Institute was asked to review the U.S. Digital Services Playbookhttps://playbook.cio.gov/ and develop something similar for the IS&S environment. Within a few weeks the IS&S Environment Playbook was born and now resides on the SCC’s website at http://www.standardscoordination.org/iss-playbook.

The IS&S Environment Playbook used the U.S. Digital Services Playbook as the foundational framework and extends on the key principles required to create and sustain an IS&S environment. The Playbook identifies 15 key plays based on field experience, best practices, and standards identified by the government and the private sector.

The IS&S Environment Playbook is meant to be flexible for all types of users. It is functional at a starting-from-scratch level; however, the Playbook is also intended to allow users at any point in their process to pick up the document, identify where they are in the process, and then move forward. For organizations in beginning stages, the plays serve as a roadmap and incorporate the tried and tested processes of more experienced communities. For more advanced users, the plays that are before a point of entry still may have relevance to a development effort and may contain ideas and actions to improve a development process. In addition, the IS&S Environment Playbook is iterative. Users may complete a play and then have to go back to it as more is learned later in a development effort. Users may have a phased development approach that brings the project back to a certain point in the plays as phase milestones are crossed.

This IJIS Institute developed the IS&S Environment Playbook for all kinds of mission partners (such as law enforcement, public safety, intelligence, homeland security, and many others) who want to get together to address the IS&S challenges and develop communities of practice that can use and reuse these plays to advance IS&S mission. Considering this broad range of users with varying missions, the Playbook promotes the application of privacy and civil liberties controls, data transparency,  and responsible information sharing as stated in the National Strategy for Information Sharing and Safeguarding (https://www.whitehouse.gov/sites/default/files/docs/2012sharingstrategy_1.pdf) in the creation of an IS&S environment.

The IS&S Environment Playbook can be accessed at http://www.standardscoordination.org/iss-playbook and feedback is definitely encouraged! You can submit your feedback via email at info@standardscoordination.org or complete the structured feedback form online at http://www.standardscoordination.org/content/iss-environment-playbook-structured-feedback.

Tags:  information sharing  interoperability  playbook  standards  standards coordinating council 

Share |
PermalinkComments (0)
 

RAND Report: Using Future Internet Technologies to Strengthen Criminal Justice

Posted By Andrea A. Walter, Tuesday, August 25, 2015
Updated: Monday, August 24, 2015

Future World Wide Web technologies commonly labeled as being part of Web 3.0 and Web 4.0 could substantially change how the criminal justice enterprise operates. These notably include Semantic Web technologies, intelligent agents, and the Internet of Things. In September 2014, RAND conducted an expert panel for the National Institute of Justice to discuss how the criminal justice community can take advantage of (and reduce the risks from) these emerging technologies. The top unifying theme from the panel was to leverage web technologies to improve information-sharing and protection across the criminal justice enterprise, and to address challenges that the new technologies raise. Another major theme was improving practitioners' knowledge of web technologies. Priorities included general education on key web technologies, and model policies and procedures for using them. A third theme was to improve the networking infrastructure needed to support web technologies (and other applications), especially for courts and corrections. Fourth, several needs became apparent related to leveraging wearable and embedded sensors (part of the Internet of Things), with an emphasis on using sensors to improve officer health and safety. Finally, panelists frequently noted the importance of civil rights, privacy rights, and cybersecurity protections in using the emerging technologies for criminal justice. While there were few needs about these topics specifically, panelists noted that more than half of the needs raised security, privacy, or civil rights concerns, or had implied requirements on these topics. Read the full report online at http://www.rand.org/content/dam/rand/pubs/research_reports/RR900/RR928/RAND_RR928.pdf.

Research Questions

  1. How will web technologies that are just over the horizon, including semantic tagging, intelligent agents, and the Internet of Things (IoT), change how the criminal justice enterprise operates?
  2. How can the criminal justice community take advantage of (and reduce the risks from) these emerging web technologies?

Key Findings

Information-Sharing Must Be Improved

  • There is a need to leverage web technologies to improve information-sharing and protection across the criminal justice enterprise.
  • In addition to leveraging web technologies for information-sharing in general, top priorities included developing a common criminal history record and cataloging scheme; developing real-time language translation capabilities; and developing displays or "dashboards" to meet officers' tailored, dynamic information needs.

Practitioners' Knowledge of New Web Technologies and Their Uses Must Improve

  • Priorities included general education on key web technologies, as well as the model policies and procedures for using them.
  • Panelists also called for procurement checklists and cost-benefit tools for systems acquisition, as well as for policies and procedures to address the anticipated rise of unmanned vehicles.

Infrastructure Must Be Improved

  • The networking infrastructure needs improvement to support web technologies (and other applications), especially for courts and corrections.

Criminal Justice Uses for Emerging Sensors Related to the Internet of Things Should Be Explored

  • Several needs were expressed related to leveraging wearable and embedded sensors (part of the Internet of Things), with an emphasis on using sensors to improve officer health and safety.

Civil Rights, Privacy Rights, and Cybersecurity Protections Must Be Addressed

  • Panelists frequently noted the importance of civil rights, privacy rights, and cybersecurity protections.
  • While few needs about these topics were specifically expressed, panelists noted that more than half of the needs discussed either raised concerns or had implied requirements regarding security, privacy, or civil rights.

Recommendations

  • Partner with the Standards Coordinating Council and constituent information-sharing development efforts to explore how semantic tagging and intelligent agents might be leveraged to expedite information-sharing, with criminal history data as a starting point. Experiment with real-time language technologies.
  • Focus education efforts on: semantic technologies that support finding, accessing, and translating key information; sensor systems for monitoring officer health, officer safety, and maintaining community supervision; video conferencing; and civil rights, privacy rights, and cybersecurity protections.
  • Designate a group to develop law enforcement requirements, policies, and procedures for interfacing with self-driving cars.
  • Develop field experiments with video teleconferencing links for inmate communications and remote education. Pursue novel business models and support to make Internet links more affordable in rural areas.
  • Experiment with health and safety sensor feeds, both wearable and embedded, and with Internet-connected sensor systems to support maintaining the location and tracking of offenders under community corrections supervision.
  • At a strategic level, seek to ensure that civil rights, privacy rights, and cybersecurity protections are built into technology developments, standards, policies, and procedures from the beginning. For intelligent agents that support decisionmaking, research how to ensure the quality of data used to make the decision, and how decisionmakers should use the agents' recommendations. Conduct research to advise on common attributes for policies, procedures, and required protective technologies for sensors related to the Internet of Things.

Source: John S. HollywoodDulani WoodsRichard SilberglittBrian A. Jackson, RAND Research Report, 2015, http://www.rand.org/pubs/research_reports/RR928.html

Tags:  criminal justice  cybersecurity  IoT  NIJ  RAND  Standards Coordinating Council 

Share |
PermalinkComments (0)
 

A Different Cyber Perspective at InfoSec World 2015

Posted By Steve Ambrosini, Thursday, May 14, 2015
Updated: Monday, May 11, 2015

A few weeks ago I attended InfoSec World 2015. The IJIS Institute is an association partner of the event and this was our first visit to this annual conference and expo. It is put on by the MIS Training Institute (MISTI).

InfoSec World 2015 was a great experience and it provided a different perspective on the very large topic of cybersecurity that we are used to seeing at the IJIS Institute events. The conference is focused on the perspectives of technologists and Certified Information Systems Security Officers (CISSO) in the quest for cybersecurity. I am more accustomed to hearing discussions about front end access to systems and Identity Management (ICAM) issues versus the deep technology dives at InfoSec. It was a refreshing change of pace to look at this topic from another angle.

Two quick thoughts regarding InfoSec World 2015:

  • There was a lot of discussion at the event about understanding the vulnerability contours in the world of open source, and how pervasive and continuously growing the use of open source is even with known vulnerabilities. Some of the environments that we might consider the most secure are still using open source components with known vulnerabilities. As open source is essential and obviously here to stay, the path forward looks like the same path one might use to eat an elephant…focusing on one bite at a time by bolstering the immediate lines of defense with operating system component patches.
  • The term incident response, as in cyber incident response, was thrown around a lot at this conference. Assistant Special Agent in Charge Ari M. Baranoff, U. S. Secret Service/Criminal Investigative Division, gave a fantastic keynote address on organized cybercrime, and stepped through the cyber incident response steps of investigation, arrest, and prosecution. It struck me that the world of law enforcement/criminal justice incident response and cyber incident response are not as different as you might think at first glance. I recently heard about companies using the Incident Command System, borrowed from the fire service, to manage cyber incident response. What things can law enforcement/public safety and cyber crime fighters learn from one another about incident response?

It was a great time to immerse myself in this cybersecurity perspective at InfoSec World 2015 considering that the IJIS Institute, through the Standards Coordinating Council, is getting more and more involved in the defense against cyber attacks through the development of standards for sharing cyber incident information. Stay tuned to the IJIS Factor blog for more on the SCC and Executive Order 13691 on Promoting Private Sector Cybersecurity Information Sharing.

Tags:  cybersecurity  ICAM  information sharing  standards coordinating council 

Share |
PermalinkComments (0)