The Future of Secure Information SharingMark Kagan

August 14, 2007

2©2007 Government Insights, an IDC Company. All rights reserved.

Key Information Sharing Technology Trends

Horizontal Fusion Initiative

Identity Management and Authentication

Multi-Level Security

Secure Information Sharing Architecture (SISA)

Service Oriented Architecture (SOA)

Wikis and Blogs

3©2007 Government Insights, an IDC Company. All rights reserved.

The Leader: DIA

The Defense Intelligence Agency believes that true interoperability must occur at the data level, instead of the system level

DIA is building an SOA with a set of common data standards that will use Web services, Extensible Markup Language (XML), metadata tagging and other tools that should ease collaboration

DIA is not looking for any technology silver bullets — much of what it is doing

involves IT best practices and data tagging that will allow information

movement back and forth

DIA is not looking for any technology silver bullets — much of what it is doing

involves IT best practices and data tagging that will allow information

movement back and forth

4©2007 Government Insights, an IDC Company. All rights reserved.

Operation Ivy Bells

In a joint NSA-U.S. Navy operation beginning in 1971, U.S. submarines tapped into the undersea telephone cable that connected the Soviet submarine base at Petropavlovsk on the Kamchatka Peninsula to the Soviet Pacific Fleet headquarters on the mainland at Vladivostok

An example of “secure information sharing” until 1980, when NSA analyst

Ronald Pelton walked into the Soviet embassy in

Washington, DC

An example of “secure information sharing” until 1980, when NSA analyst

Ronald Pelton walked into the Soviet embassy in

Washington, DC

5©2007 Government Insights, an IDC Company. All rights reserved.

Information Sharing: Reality (Part I)

Gen. Curtis LeMay

Gen. Buck Turgidson

6©2007 Government Insights, an IDC Company. All rights reserved.

Information Sharing: Reality (Part II)

7©2007 Government Insights, an IDC Company. All rights reserved.

Information Sharing: Reality (Part III)

Which one is secure?

Information Organization

8©2007 Government Insights, an IDC Company. All rights reserved.

Information Sharing? What Information?

What’s the difference between

Sunnis and Shi’ites?

9©2007 Government Insights, an IDC Company. All rights reserved.

Intelligence Sharing? Part I

“Stuff happens.”

“Freedom's untidy and free people are free to make

mistakes and commit crimes and do bad things.”

10©2007 Government Insights, an IDC Company. All rights reserved.

Intelligence Sharing? Part II

A commander from 3rd Infantry Division observed after Operation Iraqi Freedom (OIF): “I had perfect situational awareness. What I lacked was cultural awareness. I knew where every enemy tank was dug in on the outskirts of Tallil. Only problem was, my soldiers had to fight fanatics charging on foot or in pickups and firing AK47s and RPGs. Great technical intelligence…. Wrong enemy.”

The U.S. Army did not begin to provide Middle East cultural awareness training until the spring of 2006 — three years after OIF — and only for troops who were going to be deployed in Iraq,

not for troops already there

The U.S. Army did not begin to provide Middle East cultural awareness training until the spring of 2006 — three years after OIF — and only for troops who were going to be deployed in Iraq,

not for troops already there

11©2007 Government Insights, an IDC Company. All rights reserved.

Stovepipes, Silos and Barriers

Bureaucratic

Institutional

Organizational

Psychological

Technology

Information

Cultural

Gorillas in the Stovepipes

Legacy Systemsand

Legacy Thinking

Legacy Systemsand

Legacy Thinking

BIOPTIC DNA

12©2007 Government Insights, an IDC Company. All rights reserved.

“The intelligence communitydoes not exist

except asa figment of

Congressional imagination”

— A very senior intelligence official

Source: U.S. News & World Report, August 2, 2004Source: U.S. News & World Report, August 2, 2004

13©2007 Government Insights, an IDC Company. All rights reserved.

Intellectual Property?

“The creators of intelligence tend to regard it as ‘intellectual property’ and don’t want to

share it. This information — even though you created it — really belongs to the nation…

and you really ought to share it.”

“Everyone agrees with this,but in practice,

the story is different”

Lt. Gen. Robert J. Elder, Commander, 8th Air Force and U.S. Air Force Cyber Command(Air Force Magazine, August 2007)

14©2007 Government Insights, an IDC Company. All rights reserved.

Information Sharing or…?

* Coined by Gen. Tom Hobbins, Commander, U.S. Air Forces Europe

KnowledgeManagementKnowledge

Management

KnowledgeCentricity*

KnowledgeCentricity*

ORORInformation

SharingInformation

SharingXXNew Term Needed?

Too Many People Don’t Want to Share

15©2007 Government Insights, an IDC Company. All rights reserved.

Requirements

Too much information

Gatekeepers

Different ways of doing things

Comfort levels – ease of use

Workload

Value to users

Pain points

How does this help me to do my job better, more easily?

“Need to Know”versus

“Need to Share”Rewards vs. Punishments:

For sharingFor not sharing

“Need to Know”versus

“Need to Share”Rewards vs. Punishments:

For sharingFor not sharing

16©2007 Government Insights, an IDC Company. All rights reserved.

Management and Technology

Implementation of new technologies– Often done on top of existing processes, procedures, and

practices

Change management and business process reengineering — like security — must be an integral part of the solution and the architecture, not just a bolt-on– Includes the bureaucratic, institutional, organizational,

psychological, and cultural changes

Risk management and cost-benefit analyses

Budget cycles vs. technology cycles

Policy, Standards, TrainingPolicy, Standards, Training

17©2007 Government Insights, an IDC Company. All rights reserved.

Change Management: Part I

“Delivering the Powerof Information:

Transforming theNational Defense Team”

David M. WennergrenDeputy Assistant

Secretary of Defense(Information Management

and Technology)and DoD Deputy

Chief Information Officer

18©2007 Government Insights, an IDC Company. All rights reserved.

Change Management: Part II

“Delivering the Powerof Information:

Transforming theNational Defense Team”

David M. WennergrenDeputy Assistant

Secretary of Defense(Information Management

and Technology)and DoD Deputy

Chief Information Officer

19©2007 Government Insights, an IDC Company. All rights reserved.

Summary

Technology is “easy” — people are hard

Solutions, not technologies

Mission-critical goals, not organization-critical goals

Change or eliminate processes, procedures, and practices to enable information sharing/knowledge management/knowledge centricity

Technology and change management/BPR must be integral parts of the solution from the ground up

Policy, policy, policy

Standards, standards, standards

Training, training, training

BIOPTIC DNA (Bureaucratic – Institutional – Organizational – Psychological – Technology – Information – Cultural)

20©2007 Government Insights, an IDC Company. All rights reserved.

A Last Word… Or Three

21©2007 Government Insights, an IDC Company. All rights reserved.

The Reality of GovernmentTechnology Programs

Government officials and contractors

consistently underestimate:– Costs– Complexity– Obstacles– Time

Government officials and contractors

consistently:– Over-promise– Under-deliver

Appliesto new

technologies

Appliesto new

technologies

50% of thecost is often spenton the last 10% of

performance

50% of thecost is often spenton the last 10% of

performance

22©2007 Government Insights, an IDC Company. All rights reserved.

Scotty’s RuleAlways tell them it’s going to take twice as long as you think it will

because then they’ll think you’re a miracle worker when you do it in half

the time

23©2007 Government Insights, an IDC Company. All rights reserved.

Questions?