Reason To Share

Politics and pride have for decades kept the U.S. intelligence community from communicating effectively within and across divisions. They may still, as the bill to create a national intelligence director who would oversee the government's spy agencies and their budgets now is stalled in Congress over some members' concerns that it would undermine the Pentagon's authority on intelligence issues. President Bush says he's determined to revive the bill, which was spurred on by the 9/11 Commission's July report exposing the intelligence failures that contributed to the success of the terrorist attacks.

Technology solutions to the problem are so much simpler than the rough-and-tumble of Washington politics. The networking and security technology to improve intra- and interagency data sharing has existed for years, IT managers in the intelligence community say. Acknowledging that the risks of not sharing data are greater than the potential security risks of connecting networks, some of them are moving forward with IT efforts, even in the absence of a clear mandate.

"There's always a balance between security and sharing, and the intelligence community has generally fallen on the side of security in the past," says Ryan Durante of the Department of Defense Intelligence Information System IT staff. That mind-set has been changing, he says. As program manager of the Trusted Workstation initiative, Durante and his team of IT professionals at the U.S. Air Force Research Laboratory, which manages the Intelligence Information System IT infrastructure, are deploying a system to make it easier for Defense Department intelligence analysts to view data across multiple classified and unclassified networks from a single desktop and share that information appropriately.

U.S. Air Force Research Laboratory is working with Trusted Computer Solutions Inc., a provider of secure data-sharing software, and Sun Microsystems, which is providing its diskless Sun Ray desktops and Solaris Common Desktop Environment to act as the user interface. Led by CIO Michael Pflueger, Intelligence Information System is deploying a fleet of desktops that lets analysts view data from as many as 13 separate networks from a single desktop on a single screen, and even drag and drop documents and data from one network to another. Previously, analysts had to log on to separate systems to access each network. The U.S. Air Force Research Laboratory had never been able to convince security-conscious policy makers that the new setup could be implemented without compromising security, but that changed in the wake of the 9/11 Commission's report. "The big push coming out of 9/11 was information sharing," Durante says.

Now analysts simply plug an identification card or some other type of smart card into a Sun Ray system, and they can view data from any network they're authorized to access, Durante says. Without the proper access card, user name, and password, a Sun Ray is unusable. Trusted Computer Solutions' SecureOffice Trusted Workstation thin-client software, which scans for viruses, also monitors keywords within documents and ensures that data that shouldn't be moved from one network to another isn't. The word "frequency" in a document, for example, generally indicates that a file contains sensitive communications data that mustn't be copied from its current domain. That said, even documents residing on secret, classified, and top-secret networks contain unclassified data that analysts can easily push out to other intelligence analysts and operatives as warranted, Durante says.Additionally, SecureOffice's TCS Trusted Relabeler application enforces Defense's policy that any document must be reviewed twice before it's moved from one network domain to another. It routes documents to authorized individuals to gain their approval before a data transfer between networks takes place.

The Trusted Workstation combination of thin client and software has been deployed or is being tested at several of the Defense Department's nine Combatant Commands, including the Pacific Command, Joint Forces Command, European Command, Central Command, and Northern Command. Two others, the Strategic and Transportation commands, are scheduled to begin using the technology during the first quarter of 2005. The National Security Administration and the CIA also have expressed interest, Durante says.

The U.S. Air Force Research Laboratory's goal is to transition 20% of its desktops, which number between 25,000 and 30,000, to its Trusted Workstation program by Sept. 30, the end of the government's fiscal 2005 year, and have 80% online by the end of fiscal year 2007.Trusted Workstations are expected to improve data sharing with U.S. allies as well. Pacific Command is the only Combatant Command sharing data with allied countries via Trusted Workstations, with the rest of the commands expected to exploit this capability next year. "International data sharing with allies exists, but it's not done very well at this point," Durante says. The Intelligence Information System typically maintains a separate network for each of its allies, and data has to be classified correctly so it's shared only with the appropriate allies.

Several companies are competing to deliver integrated data searching to analysts across various domains for data that's classified at different levels. "The goal is to create one desktop for accessing multiple classified and unclassified networks," says retired Maj. Gen. Howard Mitchell, CIO for thin-client maker Arrowhead Global Solutions Inc. and former director of operations for the U.S. Space Command. (The company didn't compete for the Department of Defense contract.) Arrowhead's Nytor thin clients use smart-card technology to authenticate user identification, just like Sun Ray systems. Its systems include Citrix MetaFrame presentation servers, Microsoft's public-key-infrastructure software, hardened Windows XP Embedded operating system, X.509 digital certificates, and VPN connections and are designed to appeal to government agencies that prefer Windows on the desktop. Citrix MetaFrame lets clients running Windows-based user interfaces interact with back-end Unix environments.

What hasn't happened yet is the ability to search all networks simultaneously through a single interface. That's true as well for The Homeland Secure Data Network, which was built by Northrop Grumman Corp. for the Department of Homeland Security and links with secure networks at other agencies, including the departments of Justice, State, and Energy. That network is based on multiprotocol label switching that tags data and lets administrators set up logical networks that can have different security levels (see "A Network Of Networks," April 19).At the FBI, IT pros are working with Visual Analytics Inc., a provider of information-sharing software and services, to build a portal to improve intelligence-data visibility. The main thrust of the FBI's data-sharing effort is to launch by September its Multi-Information Sharing Initiative, which will let FBI satellite offices share information with each other and with other law-enforcement agencies. The FBI MISI is built upon Visual Analytics' Digital Information Gateway, which provides search and retrieval of data from multiple databases, documents, Web sites, and E-mails simultaneously, and VisuaLinks, a graphical-analysis tool used to discover patterns, trends, and hidden networks within this data.

The ability of each office and agency to manage its own data could help ensure MISI's success, because no one is giving up ownership of the information they've worked hard to collect, says Dave O'Connor, Visual Analytics' president and chief technology officer. "The data also is always timely because it remains at the source."

Other programs, such as Total Information Awareness and the Multistate Antiterrorism Information Exchange, or Matrix, project, called for agencies to turn over data to a central database. "A lot of people are worried about giving up control, but the more you make your data available, the more central you become to investigative work," Visual Analytics CEO Chris Westphal says. The FBI declined to comment on its project.

Where data-sharing efforts may proceed from here now depends a lot on government policy makers. The technology is ready, but given the current political climate, the question is, how far will they go?

Illustration by Michael Morgenstern

Continue to the sidebar: "In Real Time: Videoconferencing Fosters Communication"