Safety In Sharing
As the investigation of the terrorist attacks continues, government agencies strive to share information.
By Rick Whiting and Eric Chabrow
informationweek.com
When Tom Ridge steps in as the country's new security czar this week, he'll bring a reputation for understanding the role that IT plays in collaboration among government agencies. That experience could prove crucial because the war on terrorism will depend heavily on improved data sharing among federal and state agencies not accustomed to working together so closely. It's an IT challenge that has urgent implications.
As the investigation into the Sept. 11 attacks on the World Trade Center and the Pentagon continues, the FBI, the U.S. Customs Service, the Immigration and Naturalization Service, the CIA, the National Security Agency, and other law-enforcement and intelligence agencies are trying to share information on an unprecedented scale. Like many businesses that have struggled to integrate information systems from multiple departments, government agencies face a formidable task. "There's an enormous amount of intelligence being gathered out there," Tim Caruso, the FBI's deputy director for counterterrorism, told a congressional hearing on security last week.
Part of the challenge is that dozens, or perhaps even hundreds, of databases are involved, running on a variety of computer and software platforms. Only some of the systems are interconnected. "It's an age-old problem with a new urgency," says Richard Winter, president of the Winter Corp., a database-consulting firm that works with several federal agencies. "It will take significant action at very high levels of government to bring [data sharing] about."
The objective of the newly formed Office of Homeland Security, which Ridge heads, involves coordinating antiterrorist measures among federal, state, and local agencies, but it's unclear to what extent that includes technology initiatives. Mark Forman, associate director of IT and E-government at the Office of Management and Budget, anticipates working closely with Ridge. "When all the IT initiatives are laid out in front of the governor," he says, "he'll see a tremendous business-architecture issue."
Officials from the FBI, the CIA, and several other federal agencies were unavailable for comment last week. But other government and industry sources say data sharing among agencies has been limited. "There was the uncomfortable feeling that the sharing of information was imperfect, at best," says John Spotila, administrator of information and regulatory affairs in the Office of Management and Budget in the Clinton administration and now chief operating officer at GTSI Corp., a marketer of computer systems to government agencies.
While working for the government, Spotila was responsible for coordinating IT policies, such as information security and capital planning, among federal agencies. Law-enforcement agencies shared information case by case through the exchange of paper records or diskettes. "But I wouldn't say there was any linking of databases, no ongoing, real-time links," he says.
That's not to say that agency-to-agency connections don't exist. Since 1994, the CIA, the NSA, the Defense Intelligence Agency, and other intelligence organizations have shared data using the Secret Internet Protocol Router Network, managed by the military. But the network is closed to domestic law-enforcement agencies such as the FBI and the Secret Service.
CIA director George Tenet foreshadowed the problem in February when speaking before the Senate Select Committee on Intelligence. "We need to act like a modern corporation in digitizing information," Tenet was quoted as saying in Federal Computer Week. "The communications backbone for the national security infrastructure is something no one pays attention to. The truth is, we don't have the bandwidth we need, and we don't move data in pipes the way we need to." Tenet said the CIA needed to take greater advantage of the Internet and other IT tools to "enhance collaboration and the flow of information to move information faster than we ever have before."
The intelligence gaps among law-enforcement agencies became obvious in the aftermath of the terrorist attacks. Two of the suspected hijackers, for example, reportedly were on an INS watch list. But that information never found its way to the Federal Aviation Administration or commercial airlines.
Legislators, the Bush administration, and various federal agencies are drafting proposals to remedy the situation. But efforts to break down IT barriers among federal agencies face numerous challenges. In some cases, laws prohibit agencies from sharing data. The FBI, for example, can't share with the CIA information obtained during domestic criminal investigations without a special court order. The Bush administration's antiterrorism legislation, proposed by Attorney General John Ashcroft, would eliminate some of those restrictions. And Sen. Dianne Feinstein, D-Calif., has proposed that the INS's foreign-student tracking system be integrated with watch-list databases maintained by Customs, the FBI, and the State Department.
Complicating matters further is the need to maintain system security and protect civil liberties. "The information is sensitive, and the concern is that you don't want sensitive information about people being passed around without limits," says Mikal Condon, staff counsel with the Electronic Privacy Information Center, an advocacy group.
Ridge has shown an ability to work through these kinds of problems (see Homeland Security Czar Sees IT As Key Enabler informationweek.com. As governor of Pennsylvania, he championed the formation of the state's Justice Network, known as JNet, which links data from various state law-enforcement agencies and could serve as a model for collaboration at the national level. To build it, Ridge called upon the state police, probation department, parole board, corrections and transportation departments, and the court administration office.
JNet gives participating agencies Web access to a database of nearly 600,000 images of criminal suspects to aid in identification. Driver's license photos also are available. Each agency specifies the type of records it maintains, and if one wants access to certain records, the agencies involved work it out. JNet's governing board, made up of the chief executives from 14 agencies and departments, tries to resolve any disagreements.
In his new role, Ridge faces organizational and policy challenges, as well as hard-to-solve technical issues. Database consultant Winter compares it to the kind of "very challenging data-warehouse problem" that large businesses frequently wrestle with. The Department of Defense and the NSA, for example, use NCR Corp.'s Teradata database, while the INS's fingerprint system runs on Oracle.
Data warehouses in the business world usually contain highly structured, quantitative data such as sales figures, but information within law-enforcement and intelligence-agency databases is frequently in the form of unstructured reports written in formats that may be incompatible with those of other agencies. "There's a whole ecosystem built around every database," says Philip Agre, a UCLA associate professor of information studies. "You can't just set up a bridge between two networks to share data." Any attempt to construct one massive database to be shared across agencies "would be a nightmare that would take years," he says.
An example of the kind of effort involved: The FBI stores imprints from all 10 fingers of convicted felons, while the INS collects only those from the index fingers of undocumented immigrants. A project to link those two databases, begun last year, is expected to take five years and cost $200 million.
Other database-integration efforts hold promise. There's renewed interest in expanding the use of Intelink, an 8-year-old intranet used by analysts in various intelligence agencies to share information, as a data-integration platform. About 50,000 people have top-secret clearance to Intelink, and another 250,000 users have more limited access.
Late last month, National Security Adviser Condoleezza Rice proposed using Genoa, a peer-to-peer computing network funded by the Defense Advanced Research Projects Administration, as a vehicle for interagency data sharing, says John Pescatore, a Gartner Internet security analyst. Created in 1996 to let defense contractors exchange information among themselves and with defense agencies on classified projects, Genoa's use has expanded to let high-level intelligence officials meet online and share information.
The FBI is in the second year of a three-year project called Trilogy to upgrade data networks, desktop PCs, and user applications. Implementation costs for fiscal 2002 are budgeted at $142.4 million. In testimony before the Senate Judiciary Committee on July 18, Bob Dies, assistant director of the FBI's information-resources division, acknowledged that efforts needed to go further. "We need to provide our investigative teams collaborative tools, better communications with other law-enforcement agencies, and the means to know the collective experiences of the whole FBI."
The Bush administration proposal calls for the creation of an agency within the Transportation Department to integrate data from law-enforcement and intelligence agencies with data collected by airlines and airports, including employee background checks and passenger-identification information. And the INS wants to require that airlines submit passenger information to the agency before letting people board international flights. INS commissioner James Ziglar, testifying last week before a Senate appropriations subcommittee, said data will be made "widely available to law-enforcement agencies, enhancing the ability to identify potential threats prior to departure from or arrival in the United States."
The states also need to be involved, says Wendy Rayner, CIO for New Jersey. Rayner is working with Pennsylvania CIO Charles Gerhards on a proposal for IT initiatives to implement at the federal level. The person they plan to approach: Tom Ridge. |
