Information sharing is still tough, even within departments
- By William Jackson
- Oct 22, 2003
The exchange of information between the Defense and Homeland Security departments is essential to national security, but the departments still are struggling to share information within their organizations, speakers said at the Federal Information Assurance Conference at the University of Maryland.
The different military services are separated by the same shortcomings that keep police, fire and other emergency response agencies from communicating over radio systems, said Daniel G. Wolf, director of information assurance for the National Security Agency.
"The communications devices the military has been using in Operation Iraqi Freedom have similar limitations," Wolf said. "Critical information is not flowing."
Communications difficulties have persisted through the more than 50 years since DOD was formed, Wolf said, and conditions within the newly-created DHS are worse. These departments are not alone, he said. "The interoperability issues extend to every part of government."
One key to enabling information sharing is common policies for information assurance. Jean Schaffer, NSA's director of the Common Criteria Evaluation and Validation Scheme body, said DHS is considering implementing at least some DOD policies for its departmentwide enterprise system, now in the planning stages.
DHS probably will follow DOD's lead in requiring Common Criteria certification for all information assurance technology, not just that installed on national security systems. DOD implemented that policy last year.
DOD is expected to release its policy for wireless networking, 8100.bb, by mid-November, said Linda Carr of the Office of the Secretary of Defense. The policy originally was scheduled for release in June, but has been delayed during its approval process.
The policy will apply to all wireless devices. It is expected to require mutual authentication between clients and access points; Federal Information Processing Standard 140-2 validation for data encryption products, and use of IP security if FIPS validated products are not available; screening for unauthorized wireless devices; and use of open standards.
William Jackson is a Maryland-based freelance writer.