Not all problems are IT-related, experts say

When Vance Hitch took over as CIO at the U.S. Department of Justice 18 months ago, he found a variety of applications running on different systems that were hampered by little or no integration.

But when it comes to information sharing and building a security program, such technical challenges can often be the easy part, said Hitch and other experts.

“Strategic information sharing is about assembling disparate data,” Hitch said at the United Nations Global InfoSec Conference here Thursday. However, one of the key lessons that Hitch has taken away from the experience of his department and others is that prior to Sept. 11, 2001, there was no common vocabulary throughout the dozens of federal agencies that have a primary role in homeland security and counterterrorism. In addition to a lack of common terminology, the homeland security effort has at times suffered from “conflicting mandates (and) imperatives,” he said.

Ken Watson, president of the Partnership for Critical Infrastructure Security, a private-sector organization consisting of security coordinators and primary points of contact for each critical sector of the economy, agrees that finding commonalities among infrastructure sectors can be a challenge, but it’s necessary.

“All of these sectors are using different vocabularies and languages, and they have different alert levels,” Watson said. “The railroads are different from electric power, which is different from DHS (the Department of Homeland Security), which is different from IT.”

In an attempt to bridge the terminology gap, one of the first things his organization did was develop a list of terms that are used in the different sectors. However, when it was complete, the list contained more than 6,000 terms, Watson said.

“Phase two of the project will be to create a thesaurus that will translate what an event in one sector means in another,” Watson said. “The third phase will actually be the toughest, and that will be to get people to agree on terms and reduce the number.”

The challenge and the goal, said Hitch, is to continue to move rapidly toward an enterprise architecture that eliminates “organizational stovepipes” and transforms those stovepipes into “secure, task-based communities of interest.”

However, that may prove more difficult for the DHS in the short term than previously believed. “One need look no further than the National Infrastructure Protection Center in the DHS and the InfraGard (program) in the FBI for an example of competing interests,” said the president of a regional InfraGard chapter.

The FBI established InfraGard chapters, or local information-sharing partnerships between the FBI and local businesses, in each of the 56 FBI field offices throughout the country. However, according to the InfraGard chapter president, who requested anonymity, the DHS in Washington makes a document called the Daily Open Source Report available to anyone on the Internet, while the FBI and its InfraGard program maintains the Open Source Report on a secure Web site that requires use of a virtual private network to access the report.

“I suspect it may be symptomatic of bigger problems regarding information sharing,” said the InfraGard source. “There was a bit of a tug of war between DHS and Department of Justice over the InfraGard program. DHS wanted InfraGard to transfer into DHS along with (the National Infrastructure Protection Center), but (the Justice Department) managed to keep the program (in the FBI).”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now