Tuesday, November 28, 2017
A recent roundtable of government leaders and stakeholders discussed success factors for sharing threat information within and across borders.

The IBM Center for the Business of Government hosted a recent Roundtable discussion with current and former government leaders and stakeholders about integrating and analyzing data within and across governments across the Atlantic to improve threat prediction and prevention. This initial discussion focused on how the U.S. Department of Homeland Security (DHS) information sharing enterprise can have greatest impact and interaction with partners. 

Major themes of this robust discussion revolved around data requirements and gathering, data analysis, and dissemination challenges across the homeland security enterprise; and how addressing these challenges will help DHS, the European Union (EU), and related stakeholders understand common operational needs. Roundtable attendees addressed achievable outcomes for DHS and other stakeholders, the expertise within government needed to develop and maintain solutions, and external links needed to ensure successful implementation. 

The insights shared at the Roundtable will inform a final report of recommendations and action items for governments to consider. We are privileged to collaborate in these discussion and on this report with former US Ambassador to NATO Douglas Lute, now affiliated with the Harvard Kennedy School Belfer Center; former DHS Undersecretary Francis Taylor, now affiliated with the Center for Strategic and International Studies; and former DHS Deputy Undersecretary for Management Chris Cummiskey, now affiliated with the Homeland Security and Defense Business Council.

Highlights

The Roundtable focused on five main issues, outlined below – each topic is framed by a question for discussion, and then key points made in the session.

 

A Human Challenge

Deficits in trust about data integrity often exist between the providers and end-users. DHS and other agencies work with multiple information sharing networks, some of which lie dormant due to the inability of platform operators to have a trusted relationship with intended end-users. Successful platforms typically allow a degree of ownership by end-user coalitions, who push use and sharing of information from a top down and bottom up approach. A key example of this is the state, local, territorial, tribal stakeholder and FBI field office use of the DHS Homeland Security Information Network (HSIN); HSIN has had also some impact in catalyzing department-wide advances.

How can DHS work with other agencies and homeland security partner nations and states to incentivize collective actions across practitioner networks, building on effective practices such as those demonstrated by the HSIN model?

  • Different levels of government have different perspectives about and processes for information sharing, which call for flexible approaches in implementation in order to build trust within and across borders.
  • Moving information from “human speed to machine speed” presents a challenge for governments, both within and across borders — international partnerships can drive actions that promote real-time exchange.
  • Increasing collaboration among nations yields greater insights for threat intelligence and response – such collaboration requires increased transparency, which builds trust among partners.
  • Current operators of government information programs may not support change that disrupts current processes – leaders can set forth incentives to develop a new culture of information sharing. Proper alignment of these incentives is especially important given perspectives of the future workforce, which will increasingly include millennials who generally have less concern with exchanging data online -- and will benefit from and contribute to recruitment and training on effective information sharing.

 

How Technology Can Improve Data Analytics

The current lack of interoperability and data integrity across existing information sharing platforms, and the disconnected and decentralized nature of data across the homeland security enterprise, negatively affects the government’s ability to assess trends and conduct deep, real-time, and predictive analysis. DHS has more than 900 different data stores, making it difficult to develop a data framework that enables unity of data correlation effort. Artificial Intelligence (AI) and cognitive platforms can bring data integrity and interoperability up to adequate standards to improve the speed to intelligence between raw data and correlated results.

How can analytics, including those based on AI, help governments to predict and prevent threats more accurately and timely? 

  • A key idea centers around translating data – leveraging analytics to assess information, create business intelligence, marry it up with other kinds of data, and then use rapid and secure technology channels to send actionable information back out to front-line operators.
  • Technology can facilitate sharing simple information, replacing the large volume of basic queries with a data driven information sharing system and allowing humans to engage in higher order analysis and interpretation.
  • Artificial intelligence can enable more interactive participation by analysts with external data sources and extant data sets. Cognitive-based identity management can leverage AI and machine learning to ensure appropriate and secure access to databases by analysts working across systems and around the world.
  • A tech-powered information sharing model would start with a question, confirm the basis and reason for the question via real-time contextual review of relevant data, query the appropriate sources, and return an answer with less potential for human error and greater enhancement of human analysis.

 

Bureaucratic Considerations

Bureaucratic and structural challenges affect the management and development of the information sharing enterprise. Oversight of homeland security data management, sharing and use is uneven and fragmented, presenting undue risks for important challenges in leveraging data inside of DHS and sharing information across agencies in the broader homeland security enterprise. Within DHS, different information sharing and data standards among components pose a challenge for consistency and interoperability across data sets, a scenario reinforced by the fact that all seven components fall under different Congressional oversight. A former DHS leader recently observed that DHS has "all the data it needs to do the homeland intelligence mission in DHS, but (its) components have not made sharing a high enough priority." And across agencies, given the predicate of collection resting in US Person data, co-mingling with data collected for intelligence purposes cannot occur absent a terrorist nexus – though the establishment of a National Intelligence Manager (NIM) for the Western Hemisphere and the Homeland is a step to build on.

What structural reforms can help to promote more effective information sharing that enables rapid action in the face of emerging threats?

  • Overcoming bureaucracy should not wait for a crisis – responses in the heat of the moment often create more layers instead of fixing underlying inefficiencies. Governments should learn lessons from past events to take a longer view of how best to organize for effective sharing.
  • Leaders can ensure that their teams have permission to collaborate quickly and effectively in spite of organizational hurdles, making executive sponsorship a key element of translating data into action.
  • Overclassification of cyber threat information and intelligence creates challenges in information access and sharing. Wherever feasible and appropriate, transparency can foster quicker access and sharing of information; where classification is needed, SOPs could be established to create a norm for release of unclassified versions that can be shared.

 

The Influence of Industry and Private Sector Partners

Challenges within government may create a need for external stimuli to promote a path toward improvement. Industry and private sector partners can demonstrate how private sector data integrity and sharing standards could encourage much needed reforms. Lessons can be learned from Passenger Name Records/Advance Passenger Information (PNR/API) information sharing activity, and how the airline industry’s partnership with government positively influenced data standards. Multinational corporations could possibly use a similar approach to promote transatlantic consistency for information sharing, security and privacy, and data integrity.

What actions can private sector partners take to promote responsible, secure, and cost-effective exchange of information across borders?

 

  • An overwhelming abundance of open-source information and public data is generated and analyzed in private data networks.
  • In some areas, such as cybersecurity and critical infrastructure protection, the private sector has more accurate and timely information and shares it more effectively than government.
  • Important civil rights, civil liberties, and privacy protections and polices in government have also been seen as hindering information sharing, relative to the private sector that has fewer law and policy constraints. As technology enables faster exchange of personal information across government and industry, all parties should continue to develop proper boundaries that promote public-private partnerships and target bad actors while protecting individually identifiable data.
  • Government should work with industry to demonstrate the value of collaboration and the benefits of data sharing in order for public-private partnerships to function effectively. This should include involving and incorporating the private sector around information sharing policy and technical initiatives.

 

Next Steps -- The US and European Experience: Lessons to be Shared

The US, EU and NATO member states face similar challenges with information sharing and data integrity. Yet Europe has seen some success regarding data interoperability, trials of progress with information sharing among law enforcement, and data sharing agreements. While gaps remain in intra-EU information sharing, it has committed to a multi-year interoperability program to improve cooperation across multiple homeland security systems. Much can be learned from future US-EU-NATO exchanges and partnerships. The next steps in this discussion will focus on cross-pollinating U.S. and E.U. experiences and directly engaging practitioners. 

 

Image courtesy of photoraidz at FreeDigitalPhotos.net