Is It Possible to Both Share and Protect Sensitive Data?
By Scott Dunderdale and Stan Tyliszczak
Cyberthreats to the nation’s critical infrastructure make it tempting to lock down buildings, networks and data, thus, limiting access to mitigate risks. However, completely restricting data access can impede mission-critical communication.
The Defense Department must be able to communicate critical intelligence across agencies and geographic boundaries quickly and securely.
Deputy Defense Chief Information Officer David Wennergren said in a February 2010 interview that two top priorities are information sharing and information security. In the past, the Pentagon treated these issues as two separate disciplines. But Wennergren noted that today, information sharing and information security must be managed together.
Information assurance is used to ensure the availability, integrity, authentication, confidentiality and non-repudiation of information systems and critical data, both classified and unclassified
Information assurance is fundamentally about protecting information. Where “walled gardens” and information silos might have been acceptable in the past, today’s missions require sharing information across dynamic and cross-functional organizations. More sophisticated techniques are needed to provide mission assurance while still maintaining necessary information assurance.
Protection begins with evaluating the sensitivity of the data. It is imperative to determine which parties can access information, whether that information is law enforcement data or classified national security intelligence. Policies and procedures, as well as technology solutions — from CAC (common access cards) to secure ID tokens to biometric scans and other tools — verify access for authorized individuals and keep others out.
Information integrity is another component of the information assurance approach. Beyond information access, users need to know that the information is accurate and unaltered. Data that is corrupted can seriously impede an agency’s ability to meet its mission, whether that is national defense or public safety. Technology tools can monitor and audit who is accessing data, how long they are accessing it and whether they are editing it, intentionally or unintentionally. The monitoring and the associated audit logs support forensic analysis and law enforcement activities.
A third element of information assurance is network security. Network security is not just about keeping bad actors out; it is about enabling information sharing across, within and among U.S. agencies and mission partners. Skilled systems analysts use technology solutions to monitor networks 24/7, where they watch for unusual patterns. Completely locking down devices containing secure information or, in some cases, opening a trail leading back to the cyberattacker are achievable in the case of a security breach.
Often, agencies believe that the best protection is to put all of their valuable information in a “walled” environment. The challenge, then, is allowing access to that information. Many entities build virtual fortresses that house packages of sensitive data.
In the intelligence and defense sectors, sharing legitimate information while simultaneously denying unauthorized access is a delicate balance. New initiatives, such as the Intelligence Community Information Integration Program (ICI2P), have lowered technological and policy barriers that formerly prevented intelligence analysts from sharing information and accessing all available data.
Individuals with varying clearance levels need access to information simultaneously. Authorized access needs to be quick and seamless. Many systems incorporate “multi-level security” capabilities, which permits simultaneous access by users with different security clearances. It also allows higher-cleared individuals to easily share sanitized documents with lower clearance individuals.
Further, multi-level security can leverage virtualization software, allowing a user to view multiple security domains simultaneously on a single display. So-called “high assurance platforms” provide a secure computing environment that can host multiple domains.
Defending sensitive network assets means securing communication and computing devices that interface with local, deployed, strategic and tactical networks. Multi-level and cross-domain computing safeguards information while optimizing the ability to access information from multiple sources. Securing communications devices with data-in-transit and data-at-rest encryption allow immediate access to mission-critical information to authorized parties without opening the door to external threats.
While collaborative information sharing tools continually advance to offer improved security measures, collaboration solutions should mirror the high levels of reliability and information assurance that missions require. Adopting ITIL (Information Technology Infrastructure Library) practices will help ensure that operational processes meet the reliability standards that the missions require. It will also help ensure that agencies stay within mandated security regulations. Investing in work force training, in both ITIL and information assurance disciplines, and automated service management tools will ensure proper support of demanding mission requirements.
Cordoning off network and data in order to protect national interests is no longer a viable solution. Controlling access to sensitive data, ensuring information integrity, protecting the network and enabling collaboration will make it possible to share intelligence across agencies and with coalition partners.
Scott Dunderdale is director of information assurance strategic planning at General Dynamics C4 Systems. Stan Tyliszczak is senior director of technology integration at General Dynamics Information Technology.