Best Collaboration and Information Sharing

Fusion Center Empowers Utah’s Crime Stoppers, Utah Department of Public Safety, Statewide Information & Analysis Center

The Utah Statewide Information & Analysis Center (SIAC), managed by the Utah Department of Public Safety, is a public safety partnership collaboration with all of the state’s law enforcement and public safety agencies to collect, analyze and disseminate intelligence appropriately for enhanced protection of Utah’s citizens, communities and critical infrastructure. As the state’s intelligence fusion (terrorism and response) center, SIAC replaced a legacy system that lacked effective data management practices and included manual, duplicative efforts. SIAC implemented a new set of technologies which utilized existing assets, integrated domain-specific applications, and improved business processes for information collection and management, and analysis and information sharing with Utah’s 29 county Sheriff’s Offices, 180 law enforcement agencies, and more than 26 specialized task forces.

Fusion Core Solution is an open and extensible information sharing and analysis product, based on the National Information Exchange Model (NIEM) and Information Sharing Environment-Suspicious Activity Reporting (ISE-SAR) Functional Standard, developed to help municipal, county, regional, state, and federal intelligence and fusion centers improve operations through workflow management, information sharing, and geospatial intelligence technologies. For more information about Fusion Core Solution see http://www.microsoft.com/fusion

In the report, they published the results of their fifth annual study on the costs of data breaches for U.S.-based companies. They surveyed 45 companies represnting 15 various industry sectors–significant contributors were financial, retail, services and healthcare companies.

Numbers-wise, the companies they interviewed lost between 5,000 and 101,000 records, at a cost range between $750,000 and $31 million.

What was really interesting was that the average per-record cost of the loss was determined to be $204.00–and how many records does your law enforcement/public safety agency hold?

Some factors they considered in computing the cost of the breach included:

• Direct costs - communications costs, investigations and forensics costs and legal costs
• Indirect costs - lost business, public relations, and new customer acquisition costs

The report also lists a number of causes for the data breaches, such as:

• 82% of all breaches involved organizations that had experienced more than one data breach
• 42% of all breaches studied involved errors made by a third party
• 36% of all breaches studied involved lost, misplaced or stolen laptops or other mobile computing devices
• 24% of all breaches studied involved some sort of criminal or other malicious attack or act (as opposed to mere negligence).

You can download the full report here: http://www.encryptionreports.com/download/Ponemon_COB_2009_US.pdf

Thoughts and comments welcomed…r/Chuck

A few concerns I have include:

1. None of the Data.gov principles in the CONOP address the “real-world effects” we hope to achieve through data.gov–from an operational programs perspective. All seven principles in the CONOP address “internal” activities (means). We need to address success in terms of what citizens will realize through the Data.gov effort.

2. The entire Data.gov effort appears to be driven out of context from any government performance planning and evaluation process. Shouldn’t the need for data transparency be driven by specific strategic management questions?  Where are the links to the President’s Management Agenda? Agency strategic plans?

3. There are more than 200 Congressional Committees with varying degrees of oversight of over a similar number of agencies in the Executive Branch. How will Data.gov impact Congress’ efforts to monitor (oversee) agency performance? What will happen when there is a disparity between a) what an agency says it’s doing, b) what oversight committee(s) say they are doing, and c) how the public views that agency’s performance based on data posted on Data.gov?

4. Transparency, Participation and Collaboration (TPC) are the buzz words of the month, but what does that really mean?  The opening sentence of the CONOP states “Data.gov is a flagship Administration initiative intended to allow the public to easily find, access, understand, and use data that are generated by the Federal government.” Do we really expect the general public to access and analyze the data at Data.gov? If so, do we really understand how the public will want to see/access the information? More importantly, are we (agencies) fully prepared to digest and respond to received public feedback?

5. Who will pay the agencies to support data transparency? Do we really understand the burden involved in achieving open government? The last thing federal agencies need is another unfunded mandate.

6. Finally, how do we know the data that’s made accessible via Data.gov is good data (correct)? The GPRA required OIG review and certification of agency data published in annual performance reports. What can we expect in the way of quality from near-real-time access to agency performance data? Will we require the same data quality process for data feeds posted on Data.gov? Will agencies be funded to do it right? 

I provide similar commentary on this issue and an analysis of the recent Executive Order in a December 17th blog posting here: http://www.nowheretohide.org/2009/12/17/open-government-directive-another-ambiguous-unfunded-and-edental-mandate/

Don’t get me wrong, I am all for open government, but let’s do it right. Let’s give the techies a couple of days off and let’s take a good hard look at the non-technical issues that could really hurt this effort if they’re not properly addressed.

Your comments and thoughts welcomed.

Thanks…r/Chuck

1. We fully understand why we want it and are clear about what we are really asking for;
2. We understand the burden involved in achieving open government and that we fund the agencies to do it right;
3. We are clear about the performance questions that we want the [transparent] data to answer;
4. We have an understanding for how the public will want to see/access the information; and
5. We are fully prepared to digest and respond to received public feedback .

After reading the 3,185 words of the Office of Management and Budget (OMB) Open Government Directive (with attachment), I am very sorry to report that IMO none of the five critiera (conditions) listed above have been met by the language contained in the document. From what I read:

• It would appear that no one in the approval chain asked any hard questions about the language–much of the language used is very vague and leaves a lot of room for interpretation (or misinterpretation);
• There is no mention of how agencies will be funded to build the capacity to meet the additional workload that the requirements of the memorandum are certain to cause.
• The focus of the document to “get agency data on the web” and “solicit (direct) public feedback” appears to be totally out of context of any other strategic management, performance assessment, or planning framework.  This appears to ba an end-run around other oversight committees and organizations, like Congress. Will Federal agencies be able to deal with direct feedback from hundreds or thousands of citizens? I am reminded of the old adage “be careful what you ask for”…;
• The document tells agencies to “publish information online in an open format that can be retrieved, downloaded, indexed, and searched by commonly used web search applications;” however, this can be satisfied in many ways–.txt, .csv, .doc, .pdf, .html,.xml, etc.–some formats will make it very cumbersome for the “public” to view, analyze and understand the data.
• Finally, the memorandum sets what I believe to be some very unrealistic expectations from both a performance and timeline perspective. For example, how can agencies be expected to review and respond to public input from the web when these same agencies are already overwhelmed with their current day-to-day tasks?

Here are a couple examples to ponder:

On Page 2 – “To increase accountability, promote informed participation by the public, and create economic opportunity, each agency shall take prompt steps to expand access to information by making it available online in open formats”

• Nowhere in the memorandum are the terms “accountability” or “informed participation” defined
• What does “create economic opportunity” really mean?
• It would appear that this mandate circumvents established management processes for holding Federal agencies accountable for efficient and effective performance? (OMB,GAO, Congress)

On Page 3 – “Each agency shall respond to public input received on its Open Government Webpage on a regular basis…Each agency with a significant pending backlog of outstanding Freedom of Information requests shall take steps to reduce any such backlog by ten percent each year.”

• What do the mean by “respond to public feedback on a regular basis?”
• All feedback? Some feedback?
• What does “regular basis” mean? Within 24 hours? Weekly? Annually?

If we really want Federal agencies to be more “open” with their data and information, we must be willing to commit the effort required to:

What are your thoughts and comments on this issue?

Thanks…r/Chuck

1. Resist the urge to see information sharing as an outcome. Information sharing is a means to an end, not the end itself. Each federal agency, every state and regional fusion center, and all law enforcement intelligence units should have a clear set of information requirements, questions if you will, that information sharing and the intelligence process should work to answer–hold agencies accountable for having clear and valid requirements. This has been a common practice in the intelligence community for decades and should be a practice for all information sharing elements.
2. Build clear accountability into the information sharing process. Every federal agency, fusion center and law enforcement agency should have one person, preferably an impassioned, well-respected leader, that can ensure that their agencies requirements are  well documented and communicated horizontally across federal boundaries and vertically to local, state, and municipal agencies, and (where applicable) private sector organizations.
3. Establish clear linkage of information sharing to agency operational performance measures. Just as staffing, information technology, facilities, and utilities are seen as strategic resources in a performance-based budget, information sharing must be seen as a resource to be strategically used to help an agency achieve its mission. When measuring the success of information sharing, focus on the extent to which it helped achieve agency goals–just as counting cases in law enforcement is a misleading way to judge public safety success, counting RFIs, records shared, SARs submitted is not a good way to gauge information sharing success–successful information sharing can only be measured through the extent to which it helps agencies (at all levels) achieve their operational goals.
4. Discourage agencies from using stovepiped portals for information sharing. All shareable data should be available as a “service” for consumer agencies to ingest into their systems and not through a dedicated portal that users will need a discrete login to access. You can read my previous “Portal-mania” blog post for more detail here, but all federal agencies should be required to make their data accessible through National information Exchange Model (NIEM) based web services. This will enable consumer agencies to integrate multiple data streams into their workflow and will reduce the number of websites and portals analysts are required to access to perform their work.
5. Give the same amount of attention to what is shared and how it is shared. Over the last few years, a significant amount of effort has gone into how information is shared at the expense of understanding the depth and breadth of information actually being shared. Many regional and national information sharing efforts still only contain basic levels of information, or worse are just pointer systems that require additional human effort to gain access to the actual record. Encourage agencies to communicate to each other what specific information is being shared, and what is not being shared, and help everyone understand the consequences of their decisions.
6. Encourage maximum use of NIEM and the Information Exchange Package Descriptions (IEPD) contained it its clearinghouse. NIEM has emerged as the dictionary of shareable data elements. When you string together sets of these data elements to satisfy a specific business need, an IEPD is born. The NIEM IEPD clearinghouse contains more than 150 IEPDs, many of which apply to national security, law enforcement and public safety missions. While many federal agencies have pledged their support of NIEM, more effort is needed to ensure that they first seek to use IEPDs already contained in the clearinghouse and do not develop one-off IEPDs designed to meet very narrow applications.
7. Finally, foster a culture of transparency to help communicate an appreciation of personal civil rights and civil liberties.  All information sharing and intelligence operations should engage in proactive efforts to help alleviate any fears that individual privacy and liberties are violated by any of the actions taken by those agencies. In my September 3, 2009 blog posting I list ten questions a fusion center director should ask of their own intelligence operations. I’d like to offer up these questions as a beginning framework for any information sharing or intelligence operation. They also serve as a good framework for evaluating the extent to which information sharing and intelligence operations are in fact seriously working to do the right thing.

In closing, I hope you can see how these seven points help to frame how you might structure a results oriented evaluation of information sharing across our federal agencies and with our state and regional fusion center, and private sector partners. Taken together you will be able to report the extent to which agencies have:

• Documented their information sharing requirements – what needs to be shared;
• Someone who can be directly held accountable for effective and proper information sharing;
• Linked their need for information to specific operational goals and strategies;
• Implemented mechanisms that makes it easy for other agencies to access their information;
• Ensured that they are sharing the right information (most meaningful) information;
• Taken advantage of NIEM as a way to save money and expedite information sharing; and
• Taken measures to proactively diffuse public (and media) perceptions of information misuse.

I wish you well in your new role as Senior Director for Information Sharing Policy.

Regards,

Chuck Georgo
chuck@nowheretohide.org

Whether you like the idea of a fusion center or not, they are here to stay. At last count, there were about 70 of them, and DHS recently spoke of helping to get even more going.  At their core, I believe a fusion center is responsible for doing three basic things: 

1. Accepting and vetting reports of unusual behavior (criminal or terrorism related);
2. Providing intelligence support to major case and tactical law enforcement operations; and
3. Proactively supporting federal, state, and local homeland security and community safety objectives. 

To do this well, the majority of fusion centers in operation today are required to rely on an assortment of manual processes, a patchwork of incompatible software applications, and dozens of disparate information sources. Walk into the typical fusion center today and you’ll probably find that an analyst answering the phone has to enter the request for their services into one application for management purposes, enter the same information into a second application for sharing purposes, then has to manually bring up and login to anywhere from 5-15 different data sources to search for information related to the service request, then has to open up at least one or more applications to write up  and package up the requested response, and then, more than likely, has to either manually fax it to whomever asked for the information or call them back on the telephone to give them the answer–a pretty painful and tedious way to work.

Today though, Microsoft announced release of a project that I have been helping them to develop for quite some time–the Fusion Core Solution.  Microsoft hopes, through use of Office, SharePoint and ESRI’s ArcGIS to help ease the pain described above.  The FCS uses SharePoint as a horizontal integration and workflow management platform to help an analyst go from taking in a fusion center service request, to searching for information, to analyzing that information, to producing the intelligence product without having to leave the SharePoint environment at all.

At a non-technical level, the FCS will enable fusion centers to do a couple of pretty cool things:

1. Provides a common look and feel across multiple analytic tools and business processes.
2. Greatly reduces the number of user names and passwords analyst must remember.
3. Organizes requests for fusion center services, and tracks progress of fusion center work.
4. Helps to better document and comply with 28 CFR Part 23, CUI and PCII requirements.
5. Provides multiple analyst-to-analyst and fusion center-to-fusion center collaboration tools
6. Helps to keep track of fusion center and extended staff capabilities and availability.

From a technical perspective, FCS fully supports NIEM conformant information exchanges and establishes a framework for supporting the service-oriented principles of the Justice Reference Architecture (JRA) as it applies to information and data sharing.

In a nutshell, “Fusion Core Solution is for a Fusion Center what Microsoft Windows is to a personal computer“–you can think of FCS as the “operating system” for a Fusion Center.

For more info, check out the Fusion Core Solution website, or email me.

r/Chuck

Added 8/4/2009: Click HERE to see Joe Rozek, Microsoft’s Executive Director of Homeland Security, and Former Senior Director for Domestic Counterterrorism at The White House Office of Homeland Security talk about Fusion Core Solution

It’s no secret, the National Information Exchange Model (NIEM) is a huge success.  Not only has it been embraced horizontally and vertically for law enforcement information sharing at all levels of government, but it is now spreading internationally.  A check of the it.ojp.gov website lists more than 150 justice-related Information Exchange Package Documentation (IEPD) based on NIEM–it’s been adopted by N-DEX, ISE-SAR, NCIC, IJIS PMIX, NCSC, OLLEISN, and many other CAD and RMS projects. 

For at least the last four years, Search.org has been maintaining the Justice Information Exchange Model (JIEM) developed by Search.org.  JIEM documents more than 15,000 justice information exchanges across  9 justice processes, 75 justice events, that affect 27 different justice agencies. 

So if JIEM establishes the required information exchanges required in the conduct of justice system business activities, and NIEM defines the syntactic and semantic model for the data elements within those justice information exchanges…then…

Wouldn’t it make sense for JIEM exchanges to call-out specific NIEM IEPDs?

And vice-versa, wouldn’t it make sense for NIEM IEPDs to identify the specific JIEM exchanges they correspond to?

Here’s a diagram that illustrates this…

Let me know what you think..

r/Chuck

chuck@nowheretohide.org - www.nowheretohide.org

If you haven’t heard about the Department of Health and Human Services Federal Health Architecure and CONNECT project, I suggest you pop over to this website where documentation for version 2.0 of the software resides:

http://www.connectopensource.org/display/NHINR2/Release+2.0+Home

CONNECT is an open source software gateway that connects public and private health orgaizations to the National Health Information Network.  Think of it like a giant peer-to-peer N-DEx, but with an open source “front-porch” that drops into each agency and extracts the data from back-end systems.

I’ll be doing more investigation into the CONNECT project to see if we can adapt it for law enforcement information sharing use–the closest thing to this on the LEIS side is the FINDER project in orlando, FL.

as always, comments and thoughts welcomed.

r/Chuck

chuck@nowheretohide.org - www.nowheretohide.org

While I disagree with their assertion that “legal limits” are the answer (we already have lots of laws governing the protection of personal privacy and civil liberties), I do think that more can be done by fusion center directors to prove to groups such as the ACLU that they are in-fact operating in a lawful and proper manner.

To help a fusion center director determine their level of lawful operation, I’ve prepared the following ten question quiz.  This quiz is meant to be criterion based, meaning that ALL ten questions must be answered “yes” to pass the test; any “no” answer puts that fusion center at risk for criticism or legal action.

Fusion Center Privacy and Security Quiz

1. Is every fusion center analyst and officer instructed to comply with that fusion center’s documented policy regarding what information can and cannot be collected, stored, and shared with other agencies?
2. Does the fusion center employ a documented process to establish validated requirements for intelligence collection operations, based on documented public safety concerns?
3. Does the fusion center document specific criminal predicate for every piece of intelligence information it collects and retains from open source, confidential informant, or public venues?
4. Is collected intelligence marked to indicate source and content reliability of that information?
5. Is all collected intelligence retained in a centralized system with robust capabilities for enforcing federal, state or municipal intelligence retention policies?
6. Does that same system provide the means to control and document all disseminations of collected intelligence (electronic, voice, paper, fax, etc.)?
7. Does the fusion center regularly review retained intelligence with the purpose of documenting reasons for continued retention or purging of outdated or unnecessary intelligence (as appropriate) per standing retention policies?
8. Does the fusion center director provide hands-on executive oversight of the intelligence review process, to include establishment of approved intelligence retention criteria?
9. Are there formally documented, and enforced consequences for any analyst or officer that violates standing fusion center intelligence collection or dissemination policies?
10. Finally, does the fusion center Director actively promote transparency of its lawful operations to  external stakeholders, privacy advocates, and community leaders?

Together, these ten points form a nice set of “Factors for Transparency” that any fusion center director can use to proactively demonstrate to groups like the ACLU that they are operating their fusion center in a lawful and proper manner. 

As always, your thoughts and comments are welcomed…r/Chuck

While we eagerly wait to see how our 44th President translates these memorable election mottos into tangible projects for rebuilding our nation’s infrastructure, one colleague of mine, Charles Jennings, CEO of Swan island Networks stepped up and laid out eleven very forward leaning “shovel-ready” ideas for investing in America’s “virtual” infrastructure.  Below I point out three of Charles’ ideas that have a direct impact on law enforcement and public safety,; and include some personal thoughts.

- National Information Exchange Model (NIEM) – Let’s speed-up development and implementation of NIEM; this is critical for expediting law enforcement and homeland security information sharing programs such as N-DEx, LInX, ISE-SAR, and others.

- Rural Broadband – While this is good for our ecomomy, it’s VERY good for small rural law enforcement agencies, many of which who still do not have decent internet access.

- State/Local/Tribal Clouds – While this is good for agencies of any size, this will (again) benefit the smaller law enforcement agencies who don’t have the time, expertise, or resources to be in the “IT” business; shared-services using in-the-cloud strategies can bring advanced capabilitis to these agencies very quickly.

You can see Charles’ paper in its entirety here –> http://www.swanisland.net/solutions/Shovel-Ready.pdf

As always, your thoughts and comments are welcomed…r/Chuck