CDMO will make you a believer
Intel sharing office demands system definitions, needs justifications.
- By Wilson P. Dizard III
- Mar 21, 2007
An interagency bureau that is winnowing some 800 systems for shifting data among classification levels and domains is forcing program managers to analyze their system connections and justify their special needs.
The Unified Cross Domain Management Office (CDMO) is creating a baseline set of about 14 data gatekeepers, formerly known as high assurance guards, as a core group of cross domain solutions (CDSs) to be used by both the intelligence community and the Pentagon.
'I have yet to meet a program manager who was using a system to connect two disparate domains [who could explain the need to transfer specific information for specific purposes in detail],' said Edward Bryant, the office's chief technical director, who spoke yesterday at the FOSE trade show in Washington, sponsored by the 1005 Government Information Group.
CDMO staff members ask program managers who oversee existing cross domain solutions how their systems provide compelling advantages over the filters that the office already has anointed as members of its preferred baseline list, Bryant said. If the proffered systems don't offer additional useful functions, they don't make the list of baseline cross domain solutions, he added.
The office has defined 20 sets of data that flow across CDSs. As yet, none of the approved information filters addresses the problem of sharing streaming data, according to Bryant.
Awareness of the importance of the CDMOs work is trickling deeper through the intelligence community and the Pentagon, Bryant told an attentive audience. 'More [program managers] are coming in [offering their CDSs for approval] and saying, 'We didn't know you were serious.''
The CDMO does not set policies for reshaping the use of the information sharing systems, but gains its authority from Director of National Intelligence Office CIO Dale Meyerrose and Pentagon CIO John Grimes, Bryant said. Meyerrose and Grimes gave CDMO officials approval to implement their plans last year. Earlier Pentagon plans to achieve similar goals via a cross domain solution working group achieved some interagency coordination but foundered because they lacked high level authority, Bryant said.
The office for rationalizing the government's crazy quilt of secret data sharing systems has focused so far on Defense Department and intelligence community CDSs. Almost all of the specialized information sharing solutions operate in the intelligence and Pentagon arenas, Bryant said.
The congressionally mandated Information Sharing Environment (ISE) program included three tasks for the CDMO in its program plan that President George W. Bush approved, Bryant said.
'Gee, I wish they had talked to us before they [assigned those three tasks],' he said. One of the tasks already has been completed, he added.
'We are starting to bring in the ISE, and the Homeland Security Department is knocking on the door,' Bryant said. The CDMO has worked with the Coast Guard, a DHS component, in the guard's capacity as an intelligence community organization, he said.
The interagency organization does not plan to bring foreign defense and intelligence agencies into its planning operations, even those as closely allied as its British, Australian, Canadian and New Zealand counterparts, Bryant said. 'Once you bring one [foreign] country in, I don't see how you can keep others out,' he explained.
The CDMO consists of four divisions, Bryant said:
- Policy and plans
- Lifecycle risk management
- Resources and strategies and
- Community outreach.
'Everything is being done as a community,' Bryant said, adding that the CDMO's staff, drawn from several agencies, speaks as representatives of the intelligence and Pentagon world as a whole when they represent their office.
Bryant described how, when dealing with one system that turned out to have its roots in U.S. Army technology and procedures, he brought in a CDMO member with an Army background to help shape the decision-making process. Bryant suggested that he himself had joined the CDMO from the Defense Intelligence Agency.
The CDSs the office deals with take at least three forms, Bryant said. Some permit file transfers, others are e-mail systems and some allow chat functions.
'We have a multilevel chat system [in the group of baseline CDSs],' Bryant said. The chat system allows simultaneous 'conversations' to occur at different levels of security on the same server.
Federal intelligence classification systems take the shape of classification 'fabrics' at different levels, such as secret, top secret, and other above, an intelligence specialist said. Within those levels, intelligence and military officials have built dozens of compartments, some of which are connected, the official said. Some of the CDSs link one or more compartments to, say, other compartments or groups of compartments that can represent participants representing other agencies, the official explained.
A complicating factor in the drive to bring harmony to the world of CDSs and the overlapping standards for certifying and accrediting systems is the continuing project to align the varying approaches that the Pentagon, the intelligence community and the civilian agencies use to handle classified data, sources said.
The Pentagon relies on the Defense Information Assurance Certification and Accreditation Program's standards for the process, intelligence systems specialists at FOSE explained. The intelligence community has used the CIA's Director of Central Intelligence Directive 6/3 for certification and accreditation procedures, while civilian agencies have used the comparable National Institute of Standards and Technology 800-series standards for certification and accreditation.
However, various Pentagon agencies'such as the National Security Agency, the National Geospatial-Intelligence Agency and the National Reconnaissance Office'have appended additional notes to the basic DoD certification and accreditation process.
The CIO Office of the Director of National Intelligence Office is working with the Pentagon's CIO office to harmonize the certification and accreditation rules, in a process that is nearing completion. A parallel process for aligning the Pentagon and intelligence community policies for CDS data sharing will begin this summer, intelligence community sources said.
As the CDS development process evolves, the information sharing technology increasingly will be delivered as a service rather than as individual systems, intelligence officials said.
Intelligence community officials have planned a Cross Domain Management Workshop in San Diego on June 5-7.
Until cross domain technology and policy develops and gains consistency, 'We tend to overbuild [the systems] because we don't know whether [a particular feature] will solve that problem,' Bryant said.