The Future of Secure Information SharingMark Kagan
August 14, 2007
2©2007 Government Insights, an IDC Company. All rights reserved.
Key Information Sharing Technology Trends
Horizontal Fusion Initiative
Identity Management and Authentication
Multi-Level Security
Secure Information Sharing Architecture (SISA)
Service Oriented Architecture (SOA)
Wikis and Blogs
3©2007 Government Insights, an IDC Company. All rights reserved.
The Leader: DIA
The Defense Intelligence Agency believes that true interoperability must occur at the data level, instead of the system level
DIA is building an SOA with a set of common data standards that will use Web services, Extensible Markup Language (XML), metadata tagging and other tools that should ease collaboration
DIA is not looking for any technology silver bullets — much of what it is doing
involves IT best practices and data tagging that will allow information
movement back and forth
DIA is not looking for any technology silver bullets — much of what it is doing
involves IT best practices and data tagging that will allow information
movement back and forth
4©2007 Government Insights, an IDC Company. All rights reserved.
Operation Ivy Bells
In a joint NSA-U.S. Navy operation beginning in 1971, U.S. submarines tapped into the undersea telephone cable that connected the Soviet submarine base at Petropavlovsk on the Kamchatka Peninsula to the Soviet Pacific Fleet headquarters on the mainland at Vladivostok
An example of “secure information sharing” until 1980, when NSA analyst
Ronald Pelton walked into the Soviet embassy in
Washington, DC
An example of “secure information sharing” until 1980, when NSA analyst
Ronald Pelton walked into the Soviet embassy in
Washington, DC
5©2007 Government Insights, an IDC Company. All rights reserved.
Information Sharing: Reality (Part I)
Gen. Curtis LeMay
Gen. Buck Turgidson
6©2007 Government Insights, an IDC Company. All rights reserved.
Information Sharing: Reality (Part II)
7©2007 Government Insights, an IDC Company. All rights reserved.
Information Sharing: Reality (Part III)
Which one is secure?
Information Organization
8©2007 Government Insights, an IDC Company. All rights reserved.
Information Sharing? What Information?
What’s the difference between
Sunnis and Shi’ites?
9©2007 Government Insights, an IDC Company. All rights reserved.
Intelligence Sharing? Part I
“Stuff happens.”
“Freedom's untidy and free people are free to make
mistakes and commit crimes and do bad things.”
10©2007 Government Insights, an IDC Company. All rights reserved.
Intelligence Sharing? Part II
A commander from 3rd Infantry Division observed after Operation Iraqi Freedom (OIF): “I had perfect situational awareness. What I lacked was cultural awareness. I knew where every enemy tank was dug in on the outskirts of Tallil. Only problem was, my soldiers had to fight fanatics charging on foot or in pickups and firing AK47s and RPGs. Great technical intelligence…. Wrong enemy.”
The U.S. Army did not begin to provide Middle East cultural awareness training until the spring of 2006 — three years after OIF — and only for troops who were going to be deployed in Iraq,
not for troops already there
The U.S. Army did not begin to provide Middle East cultural awareness training until the spring of 2006 — three years after OIF — and only for troops who were going to be deployed in Iraq,
not for troops already there
11©2007 Government Insights, an IDC Company. All rights reserved.
Stovepipes, Silos and Barriers
Bureaucratic
Institutional
Organizational
Psychological
Technology
Information
Cultural
Gorillas in the Stovepipes
Legacy Systemsand
Legacy Thinking
Legacy Systemsand
Legacy Thinking
BIOPTIC DNA
12©2007 Government Insights, an IDC Company. All rights reserved.
“The intelligence communitydoes not exist
except asa figment of
Congressional imagination”
— A very senior intelligence official
Source: U.S. News & World Report, August 2, 2004Source: U.S. News & World Report, August 2, 2004
13©2007 Government Insights, an IDC Company. All rights reserved.
Intellectual Property?
“The creators of intelligence tend to regard it as ‘intellectual property’ and don’t want to
share it. This information — even though you created it — really belongs to the nation…
and you really ought to share it.”
“Everyone agrees with this,but in practice,
the story is different”
Lt. Gen. Robert J. Elder, Commander, 8th Air Force and U.S. Air Force Cyber Command(Air Force Magazine, August 2007)
14©2007 Government Insights, an IDC Company. All rights reserved.
Information Sharing or…?
* Coined by Gen. Tom Hobbins, Commander, U.S. Air Forces Europe
KnowledgeManagementKnowledge
Management
KnowledgeCentricity*
KnowledgeCentricity*
ORORInformation
SharingInformation
SharingXXNew Term Needed?
Too Many People Don’t Want to Share
15©2007 Government Insights, an IDC Company. All rights reserved.
Requirements
Too much information
Gatekeepers
Different ways of doing things
Comfort levels – ease of use
Workload
Value to users
Pain points
How does this help me to do my job better, more easily?
“Need to Know”versus
“Need to Share”Rewards vs. Punishments:
For sharingFor not sharing
“Need to Know”versus
“Need to Share”Rewards vs. Punishments:
For sharingFor not sharing
16©2007 Government Insights, an IDC Company. All rights reserved.
Management and Technology
Implementation of new technologies– Often done on top of existing processes, procedures, and
practices
Change management and business process reengineering — like security — must be an integral part of the solution and the architecture, not just a bolt-on– Includes the bureaucratic, institutional, organizational,
psychological, and cultural changes
Risk management and cost-benefit analyses
Budget cycles vs. technology cycles
Policy, Standards, TrainingPolicy, Standards, Training
17©2007 Government Insights, an IDC Company. All rights reserved.
Change Management: Part I
“Delivering the Powerof Information:
Transforming theNational Defense Team”
David M. WennergrenDeputy Assistant
Secretary of Defense(Information Management
and Technology)and DoD Deputy
Chief Information Officer
18©2007 Government Insights, an IDC Company. All rights reserved.
Change Management: Part II
“Delivering the Powerof Information:
Transforming theNational Defense Team”
David M. WennergrenDeputy Assistant
Secretary of Defense(Information Management
and Technology)and DoD Deputy
Chief Information Officer
19©2007 Government Insights, an IDC Company. All rights reserved.
Summary
Technology is “easy” — people are hard
Solutions, not technologies
Mission-critical goals, not organization-critical goals
Change or eliminate processes, procedures, and practices to enable information sharing/knowledge management/knowledge centricity
Technology and change management/BPR must be integral parts of the solution from the ground up
Policy, policy, policy
Standards, standards, standards
Training, training, training
BIOPTIC DNA (Bureaucratic – Institutional – Organizational – Psychological – Technology – Information – Cultural)
20©2007 Government Insights, an IDC Company. All rights reserved.
A Last Word… Or Three
21©2007 Government Insights, an IDC Company. All rights reserved.
The Reality of GovernmentTechnology Programs
Government officials and contractors
consistently underestimate:– Costs– Complexity– Obstacles– Time
Government officials and contractors
consistently:– Over-promise– Under-deliver
Appliesto new
technologies
Appliesto new
technologies
50% of thecost is often spenton the last 10% of
performance
50% of thecost is often spenton the last 10% of
performance
22©2007 Government Insights, an IDC Company. All rights reserved.
Scotty’s RuleAlways tell them it’s going to take twice as long as you think it will
because then they’ll think you’re a miracle worker when you do it in half
the time
23©2007 Government Insights, an IDC Company. All rights reserved.
Questions?