Time for a new look at security

Federal security certification and accreditation policies don’t reflect modern networked environments and impede new mandates to share intelligence information, according to intelligence community experts who say they plan to streamline their security procedures.

Beginning this summer, the Office of the Director of National Intelligence (ODNI) will collaborate with other federal, business and academic partners to re-engineer certification and accreditation, said Dale Meyerrose, associate director of national intelligence and chief information officer at ODNI. Many aspects of security certification and accreditation, particularly when applied to intelligence systems, date from a pre-network, pre-Internet era, Meyerrose said.

He added that the federal government also needs a strategy for sharing intelligence information. Agencies should think big, start small and grow their information-sharing capabilities quickly, he said. And they should create an information-sharing cycle that every organization follows.

The processes that federal agencies use to meet mandatory security requirements need updating because they simply take too long to complete, said Daniel Kent, director of systems engineering for Cisco Systems’ federal sales organization.

Kent and Meyerrose spoke March 28 in Washington, D.C., as members of a panel organized by the Flyzik Group, Federal News Radio and Trezza Media Group.

The FBI and other organizations struggle with certification and accreditation procedures, said Zalmai Azmi, the FBI’s CIO. The bureau will work with the Justice Department and ODNI to streamline those procedures and develop uniform standards for all departments, Azmi said. Guidance from ODNI will be crucial, he added.

The federal government also needs to make greater progress on sharing intelligence information, the panel members said. Business leaders are frustrated that discussions about sharing information have produced few implementations since the 2001 terrorist attacks, said Greg Baroni, president of Unisys’ Global Public Sector. “I feel like there has been a loss of urgency.”

Azmi said federal classification policies have impeded information sharing. The government should review whether its information is overclassified, he said.

The FBI has reviewed its data and will share some of it with state and local partners through a regional data exchange program that the bureau is developing, he added.

Most security experts agree that information sharing won’t improve unless it becomes a priority. “Determining priorities in this business is something we all have to work at, and I don’t think we’re there yet,” said Carter Morris, director of information sharing and knowledge management at the Homeland Security Department.