Site menu:

Archives

Information Security and Access in the Electronic Environment

by on April 12, 2011


Background

Individuals generating or working with classified information are required to obey established procedures for accessing, annotating, handling, and safeguarding that information.  The system is managed much as it was before the advent of digital communication.  Protocols governing these transactions were developed at the beginning of the Cold War and reflect the paper-based world in which they were created.

The electronic environment has radically changed how classified information is created and transmitted.  Secure networks make it possible to exchange information readily between agencies.  Innovations have revolutionized information sharing among agencies, but these advances have also made the system more susceptible to unauthorized disclosures, as the Wikileaks incidents have demonstrated.

While technology has transformed the way classified information is generated and transmitted, the classification system itself largely operates as it always has.  Many of the policies currently in place for managing classified information represent 20th century approaches to 21st century problems.  For example, current policy requires visible classification markings on records created digitally or made available online but makes no provision for the standardized electronic tagging of this information.

In this digital age, classification and access provisions must be as understandable by a computer system as they are by a human.  Yet, today’s methods for managing and monitoring access to classified materials do not acknowledge this reality.  Clearances remain agency-centric, burdensome to renew, and cumbersome to transfer between agencies.  Conversely, an individual’s access to a classified network is based on ill-defined determinations of “need-to-know” and granted on a mostly system-wide basis.  For both clearance and access, the antiquated design does not reflect an individual user’s needs and purposes.  Accessibility is complex when it needs to be simple and simple when it needs to be complex.  In recent years, the evolution of the Government’s internal business practices has exacerbated these issues and highlighted the need for reform.

Changing the System

Advances in the electronic environment have increased demands on the classification system, and new technology also offers the means to improve the methods by which classified information is managed.  Coupled with reforms to the clearance process, adopting new methods for curating digital information records could significantly improve classification management.

As we have previously detailed, metadata can describe and label electronic records so that they are easier to retrieve, analyze, manage, and process.  The benefits of comprehensive metadata standards are not limited to records management, but also offer the opportunity to enhance information security by providing sophisticated means to tailor and audit access.

Metadata for information stored on classified networks can limit access only for those with appropriate credentials. Credentials can be changed to include or exclude individuals as policies and sensitivities change.  This approach can ensure all authorized users access to basic categories of information while compartmenting access to more sensitive items, not requiring an entirely separate network for highly sensitive information.  For new records derived from multiple sources, the classification and disclosure policies of the source information can transfer to the new record through underlying metadata and prevent unauthorized access.  The automated imprinting of e-records with background information in their metadata would act as a digital bibliography or provenance to aid eventual declassification review.

Metadata can also be used to monitor and audit activity on classified networks.  Records can be imprinted with transactional metadata showing their access history.  By tracking patterns of use, security managers will be able to use metadata to identify insider threats, in the same way the credit card industry detects fraud.   Capturing a record’s modification history will aid future researchers, who will be able to see how national security policymakers used the information in their analyses and deliberations.

The adoption of this credential-oriented approach would eliminate some of the shortcomings of the existing clearance process.  Under this new system, when individuals receive their initial security clearances, they would be assigned unique, permanent identifiers, akin to Social Security numbers.  These identifiers would be granted and maintained by a single government entity.  Once a cleared individual begins work, her identifiers would be assigned access credentials based on her specific responsibilities and work environment.  When a user accesses or modifies classified records, his identifiers would be automatically appended to that record’s metadata.  Clearance identifiers would follow an individual’s transfers to another office or agency, receipt of new government contracts, or transition back into federal service after working elsewhere, and agencies would grant them new accesses as appropriate.  By eliminating the need for entirely new security investigations at every juncture, this process would save resources, increase efficiency, centralize the clearance process, and improve national security.

Implementing These and Other Changes

Various questions regarding these and other changes to the classification system would need to be addressed:

  • Would proposed changes to the system be improved if accompanied by changes to the number of classification levels?
  • Would proposed changes to the system be improved if definitions of secrecy and risk were redefined?  If so, what should those new definitions be?
  • What entity or entities would manage a streamlined classified network?  A unified clearance system?
  • How should oversight of the classification system change to match the realities of the electronic environment?
  • Should a metadata registry be maintained? How might its requirements be enforced and by whom?
  • Should classification decisions be monitored and audited for compliance and consistency at the onset by an enforcement entity?

Comments

JD April 13, 2011 at 4:35 am

This is the disconnect between academics and reality. First of all, people slug out data (memos,email, etc) free of any metatdata or consistent tags, and that’s not going to change anytime soon. Second, identity and access management by a “single agency” is not ever going to happen. A) there will never be a single idenity manager for the feds – that’s not only a bit too much big brother, but you would need a huge organization to map credentials to access and data; and B) it would require all departments to coordinate staff and duty changes with yet another agency – and the Feds can’t even tell you how many people work in an organization, not to mention what they do or what information they need.
There is NO mapping of data need to job requirement in the Government (or anywhere, actually) – the data is a cloud and the users are a cloud, and they intersect across an administratively (not technically) defined boundary and interface.

It’s a nice dream, but imposes far more organization on the system and data (and people) that is going to exist.

Harry Cooper April 19, 2011 at 7:01 pm

JD has certainly captured the problem with getting government to do anything remotely smart as suggested in the piece posted by Mr. Faga. The problem of government using 20th century technology to solve 21st century problems is actually more significant than Mr. Faga’s piece suggests. We are facing an eventual information train wreck and if bureaucrats in Washington continue to behave as JD articulately describes, we’re doomed.

The bulleted questions and propositions at the end are precisely what the PIDB needs to recommend to our leaders. The PIDB has been given a grand bully pulpit and this BLOG should help illustrate to them that many of the ideas here are showing a way toward real change.

We absolutely need sweeping change in our classification system. We must get out a clean sheet of paper and design classification for the 21st century. Reducing the levels, expanding access, using automation to help rather than hinder access, and taking full advantage of metadata is only a start.

Its not a small task and without robust Congressional support it will never happen. With talk of reducing the deficit (which means cuts in government spending), the challenge is even greater. JD has certainly characterized the problem correctly. We need both policy changes and resources. A single comprehensive metadata standard is complex and will require reconfiguration of literally 1000s of systems; centralized management of identities and access profiles requires a large staff, a highly secure system, and a means to manage changes to profiles of millions of people in real time (we can’t have users waiting for 3 months for their profile to be changed). To get this done the effort will have to be legislatively mandated and funded for success.

Mr. Faga and other members of the PIDB, you’ve got a tough row to hoe to get this done. You certainly have my support.

John Prados May 23, 2011 at 12:13 pm

Metadata is an important management tool and can serve as a basis for reforming the secrecy system into the future. But in dealing with our accumulated flood of secret material I think it more important simply to deal with the records than to delay progress in order to superimpose another level of data on top of the records themselves. I have suggested concrete applications for metadata in my comments on Commissioner Briick’s paper.

Archives

Links:

Subscribe to Email Updates