Information Sharing

"FBI CIO: Culture inhibits info sharing" article in Federal Computer Week, by Wade-Hahn Chan about the FBI's reticence regarding sharing information. Chan quotes the FBI CIO regarding "...the intelligence community isn't used to the concept of sharing information and therefore worries about security leaks."

Sharing of information is a very tricky subject...and is tied to a number of interesting issues (these are only a few):

what are the technical requirements for an information sharing solution?
--> keeping bad guys out
--> keeping viruses and malware off the network
--> preventing inadvertant loss of classified data, either due to insiders or due to data leaks
who will be sharing the information?
--> how trustworthy is the network of the partner you are sharing your classified info with?
--> if you share info, what needs to be filtered out, so that they get "actionable" data but not the "crown jewels"
what types of information is being shared?
--> Does the receiving organization, country, company need to have this information or just parts of the information?
--> Can the information being shared lead to a "mosaic effect", where seeming trivial bits of information shared today, can be linked to other trivial bits of information shared yesterday or tomorrow, to allow the partner to infer too much?

Sharing information is not as easy as it might sound.


No comments: