UNCLASSIFIED Challenges Lessons Learned and Opportunities from a

UNCLASSIFIED Challenges, Lessons Learned, and Opportunities from a Decade of Terrorism-Related Information Sharing Kshemendra Paul Program Manager, Information Sharing Environment UNCLASSIFIED

AGENDA • My Journey • Bottom Line Up Front (BLUF) • Nationwide Challenges • ISE Scope & Governance • Nationwide Successes • Big Idea: Terrorism-related Information Interoperability • Big Idea: Information Sharing & Safeguarding Core Interoperability Framework • Current State of ISE • Project Interoperability & Playbook • Standards Coordinating Council • How to Leverage our Work for Your Benefit 2

B R I T I S H M U S E U M, MARCH 2013 3

BLUF • Challenges ◦ Network-centricity, or going horizontal in a vertical world ◦ Culture & boundaries as impediments to collaboration & info sharing ◦ Immature frameworks, architectures, standards • Lessons Learned ◦ Multi-disciplinary, open, iterative approach w/ terrorism-related focus drove progress ◦ Bottom-up, persistent pressure can transform government ◦ Pooling authorities and coordinating based on common requirements • Opportunities ◦ Distributed & decentralized yet coordinated government operations ◦ ISE is a successful model for “networked, virtualized, open government” ◦ Dual (Multi) use capabilities; mission agnostic frameworks 4

NATIONWIDE CHALLENGES Evolving & Converging Threats & Risks Collaboration Imperative Strengthening Safeguarding Enterprise Data Management 300+ million 78 Fusion Centers People NCIJTF ▫ CJIS ▫ FIGs ▫ JTTFs ▫ JRIGs ▫ TSC 6 RISS Centers Agencies 1. 2 million Firefighters 250, 000 911 Operators 2. 2 million State * Numbers are estimates Do. D Nlets DHS NCTC JCAT Air Domain I&A ▫ ICE ▫ CBP ▫ TSA ▫ DNDO ▫ NPPD Maritime Security Officers 18 CI/KR Sectors 28 HIDTAs FBI 750, 000+ 18, 000 LE Officers National Approaches to Interoperability Common Operating Models Consistent, Transparent & Federated Policies Interoperable Capabilities & Shared Services Domain DOJ ATF ▫ DEA ▫ USMS ▫ OJP Protection of Privacy, Civil Rights, and Civil Liberties 5

rs International e n Private Sector rt a P Tribal n Local sio State is M Federal Frontline • Investigators • Analysts • Operators Communities Law Enforcement Defense Intelligence Homeland Security Terrorism WMD Homeland Security ISE SCOPE Information Sharing Environment (ISE) Diplomacy Information Technology Industry 6

GOVERNANCE 7

NATIONWIDE SUCCESSES • Frameworks and Standards for Responsible Information Sharing ◦ ◦ ◦ Institutionalized ISE Enterprise Architecture Framework via Project Interoperability International standards alignment and ICT Industry involvement via the Standards Coordinating Council Recognized leadership with assured information interoperability Simplified sign-on, “no wrong door” approach touching over 500 K registered FSLTTPS end users Basis for government-wide domain awareness initiatives including but not limited to Maritime • Terrorism-Related Collaboration in Domestic Nexus of National Security & Public Safety ◦ ◦ Mature National Network of Fusion Centers – the domestic information and intelligence sharing platform Alignment between and among field-based intelligence and information sharing entities Suspicious activity reporting; deconfliction; request for information; alerts, warnings, notifications Scaling to public safety federated ICAM with First. Net and Next Gen 911 • Policy, Governance, Performance, & Planning ◦ ◦ Reasonable implementation and ongoing evolution of capabilities of 2007 NSIS and 2012 NSISS Privacy polices in-place, implemented, audited, and improved across ISE stakeholders Support to USG D/As to mature capabilities and address GAO, IG, and other findings Integration of non-federal stakeholders into ISE processes and procedures • Stakeholder Engagement, Advocacy, Workforce, & Culture Change ◦ ◦ Premier advocate for responsible information including dissemination of knowledge and best practices Processes for identifying requirements and gaps, and working with partners Training materials targeting and delivered to policy, mission management, and frontline personnel Supporting stakeholders, individually and as organizations, to embrace responsible information sharing 8

TERRORISM - RELATED INFORMATION INTEROPERABILITY Counter Terrorism Dual Use Capabilities Mission Agnostic Resources ü Network Centric ü Data Access & Discovery 9

IS&S CORE INTEROPERABILITY F R A M E W O R K( I C I F ) V I S I O N SBU National Defense Tip-off ISE ISE Member Federal ISE Critical Infrastructure Geospatial Industrial Base ISE Member State/ Regional Intelligence Community ISE Member Shari ng Fusion Center 2 Inter Federation COI Mission Interest Cyber Defense Fusion Center 1 SP Intel Analyst Tactical Project COI Narcotics Takedown Project Money-laundering Investigation Deconflictio n 10

STATE SUMMIT 11

C U R R E N T S T A T EO F I S E • 15 States engaged in ISE implementation – State Summit • Federal agencies have adopted some ISE components • Mission focused ISE development (NJ Opioid ISE) • New assertion based architecture (ICIF under development) • Project Interoperability 2. 0 being constructed • NGA Follow-up • Ten “Priorities for Action” 12

PROJECT INTEROPERABILITY • An integrated set of missionagnostic documentation and technical resources that: • Facilitate operational integration of the ICIF • Advocate standards & technologies most likely to achieve compatibility, performance, and scalability desired in an ISE • Bootstrap ISE owners in building, growing, and optimizing their ISEs Models Templates Guidance Standards ICIF Training Reference Architectures 13

PROJECT INTEROPERABILITY COMPONENTS Project Interoperability 2. 0 ISE Core Interoperability Framework (ICIF) Outreach and Engagement ISE Technical Assistance ISE Integration Library Supporting Standards USERS SAVE TIME AND MONEY in aligning their architectures and establishing ISEs; barriers to entry fall REDUCES IMPLEMENTATION RISK by making available interoperability examples, a common vocabulary, etc. SCALING TRUST by moving to federated, standard, and automated enforcement of policy assertions at both the technical and policy levels in an everchanging ecosystem 14

PROJECT INTEROPERABILITY R E S O U R C E S( F Y 1 6 - 1 8 ) Marketing & Outreach Resources ISE Website Technical Assistance Resources IS&S Playbook ICIF Assertion Framework SCC Website Assertion Framework Technical Spec ICIF Standards, Guidelines, Assertion Definitions Security TDs and TIPs Policy, Governance and Operational Procedures ICIF Governance ISE Value Proposition Cyber I/O Roadmap Executive Guide to Info Sharing Scenarios & Use Cases Assertion Authoring and Publishing Capability Privacy TDs and TIPs ICIF Policies & Procedures ICIF Implementation Guidance (Planner’s Guide) Assertion-Based Agreement Capability RESTful ICAM TDs and TIPs ISE Policy Complete & Approved (CT & I/O) CONOPS I 2 F & CPF Assertions Capability Model To Be Developed Executive Training Implementer & Assessor Training Assertion Assessor Capability ISE TIPs ISE Integration Resource Library Templates ISE Technical Assistance and Training Directory Architecture Alignment Guidelines UML Profile Assertion Operational Infrastructure UML Model Standard Lexicon Threat and Risk Model Domain Reference Models (DARA, GIRA, etc. ) ICIF Overview Under Development 15

IS&S PLAYBOOK • Play 1 – Understand what people need • Play 2 – Gather the stakeholders • Play 3 – Develop the concept of operations • Play 4 – Identify and get support from critical sponsors • Play 5 – Identify existing capabilities and gaps • Play 6 – Identify and select relevant standards • Play 7 – Create a data management policy • Play 8 – Assemble the implementation team • Play 9 – Acquire needed resources • Play 10 – Manage implementation • Play 11 – Automate testing and demonstrate success • Play 12 – Deploy the IS&S environment • Play 13 – Measure and report the impact • Play 14 – Share your experiences • Play 15 – Maximize responsible data transparency • Play 16 – Make it scalable and sustainable 16

ALIGNING KNOWLEDGE RESOURCES IS&S Mission Communities Executives, Mid-level Managers, and Implementers Project Interoperability 2. 0 ICIF Concept Bo. K ISE Knowledge Management 17

STANDARDS COORDINATING COUNCIL www. standardscoordination. org 18

HOW TO LEVERAGE OUR EFFORTS Ø Visit the SCC and ISE websites Ø Use the IS&S Playbook and referenced resources Ø Engage via existing membership with SCC members Ø Explore your association or organization joining the SCC Ø Join an SCC working group standardscoordination. org ise. gov 19

V I S I T I S E. G O V @shareandprotect 20