Steve Grewal, the Education Department's chief information security officer, joined Federal News Radio on March 6, 2014, for an online chat.
Grewal answered questions about his agency's new security operations center (SOC), the cyber workforce, and challenges with security at the agency. View an archived version of the chat.
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Ask the CIO
Agencies get specific instructions to improve information sharing, safeguarding
Thursday - 1/16/2014, 2:07pm EST
Agencies now have roadmap to ensure they safely and securely share information.
The Information Sharing Environment and the White House recently released the Strategic Implementation Plan for the President's National Strategy for Information Sharing and Safeguarding. The plan details 16 initiatives that span federal, state, local and tribal governments as well as private sector and international partners.
"Each of those priority objectives has a more detailed implementation plan that is agency based. This has been an agency-led process that we rolled up into the strategic implementation plan," said Kshemendra Paul, the program manager of the ISE, in an exclusive interview with Federal News Radio. "We wanted to do that and release it here about a year after the original strategy came out to be able to demonstrate the progress in planning, and also, this is more than just a plan, it reflects ongoing activity governed primarily by the Information Sharing and Access Policy Committee that I co-chair with the National Security Staff, but also reflecting work of the Senior Steering Committee on Information Sharing and Safeguarding, the federal CIO Council and other bodies into this space."
President Barack Obama released the National Strategy for Information Sharing in the wake of two major information breaches — WikiLeaks and Edward Snowden. Over the last year, the ISE and the White House led the interagency effort to develop an implementation plan, focusing on short and long term milestones for each of the 16 initiatives that represent the whole of government approach to information sharing and safeguarding.
The implementation plan is another in a long list of memos and executive orders from the Obama administration. Over the last five years, the White House has given agencies instructions for how to protect against insider threats, to cybersecurity information sharing to how best to share classified data among agencies.
For agencies, by agencies
What this implementation plan does is bring many of those efforts together in a more coordinated and collaborative fashion.
"We have about 20 subcommittees and working groups where the bulk of this work happens," Paul said. "We also are cross-latched with Senior Steering Committee for Information Sharing and safeguarding that is co-chaired by NSS Michael Daniel and OMB's Lisa Schlosser. They are doing a lot of work post-WikiLeaks on improving things like identity access management and things like that. That's reflected in the strategic implementation plan," Paul said. "We are cross-latched with the federal CIO Council and some of the work they are doing. An example of that is the Federal Identity, Credential and Access Management (FICAM) framework, baseline interoperability capabilities and the centerpiece for that is the National Information Exchange Model (NIEM) and broad base used for that."
The ISE's role is one of planning and coordination support for these subcommittees under the Information Sharing and Access Policy Committee.
Paul said of the 16 initiatives, the first five are the most important:
- Information sharing agreements
- Data tagging
- Identity credentialing and access management
Paul said many of these top five, and most of the 16, areas will provide short- term benefits. He said the initiatives are around data tagging and baseline interoperabilities.
"We are all about interoperability at the information level, semantic interoperability, network interoperability and business process interoperability," he said. "So one of the things we have been working with our agency partners now for some time and it will come to fruition in the next six months is something called the ISE Interoperability Framework. It's an update for the old enterprise architecture framework this office had published in the past."
Paul said the framework will create and promote interoperable standards for these capabilities.
"Two exciting things that will happen in the next month-in-a-half are we will be doing a tabletop exercise to demonstrate the use of this framework, a tabletop exercise aimed at planning out architecture and capabilities," he said. "People do operational tabletops, but this is a system development tabletop. To my knowledge, this is the first time something like has ever been done. We are doing this with the Maritime Domain Awareness community. We are looking forward to hearing back the results and we are going to integrate that into the interoperability framework to make sure it's usable and not shelfware."
Paul said part of what they are looking for out of the tabletop exercise is how easy is it to deliver interoperable capabilities in the Maritime Domain Awareness Community of Interest. He said that includes deciding whether the participants are aligning information sharing capabilities, policy frameworks, standards and requirements.