 Well welcome everyone, I'm relatively new to the think-take world but we're actually going to start on time at 8.30 usually my military days we start five minutes early was on time and now five minutes early here is 50 minutes early so but anyhow my name is Rick Ozzie Nelson and I'm director of the Homeland Security Encounter Terrorism Program here at the Center for Strategic and International Studies and we are absolutely thrilled about this conference and we're thrilled to have Shmendra here to to kick off this event which is their key event and the recrafting or the redrafting of their national strategy for the information sharing environment. We have a very very aggressive agenda today with two different two different sections but before I get into details I want to thank everyone for coming again it's a very robust, robust audience here in a very heavy in government, a lot of industry folks and even some folks from Capitol Hill so we're very very excited to see that and we even have C-SPAN 2 I think is here which is we were joking earlier it's like the dodgeball quote where they said ESPN-Ocho but if those of you have ever seen that movie but no we're happy to have C-SPAN here. I would like to first we are a non-profit at CSIS so that means we know we need help to have events like this and I really want to thank our sponsor for this information series events that we've had we had the Tom O'Reilly event a week ago we're going to have Sean Joyce and Kira Demine and Bob Mockney in the future and that's IBM and I want to thank Alan Heath and Dan Prieto for their continued support here for allowing us to do this so thank you IBM for that. To go over the plan of the day here as we used to have in the Navy days plan of the day we're going to have the first part of this event is on the record for those of you in the media we obviously are taping this this is being filmed tape viewed live so feel free to take notes and quote and do what you want and that'll be Chimendra's marks and then after that we're going to go into a panel of government officials that also is on the record and you should it will be taped and played live and you should feel feel free to quote from that. However after those events we're going to have three off the record panels and that's for specific purpose. One of the things that we're trying to do here is to create an environment and this is Dr. Hamry's vision that CSIS can facilitate and add value not just pontificate endlessly about things but actually add value to the government process and what I want to do is create an environment where people in the room especially those from government and industry can speak freely without having to be concerned about being quoted at a context and we can have an open and honest dialogue that Chimendra and his team can use to formulate the upcoming strategy so folks say well strategies are always disconnected from the real world this is an opportunity we have to connect our comments and our thoughts to that strategy so it's very important that we adhere to that off the record form and I apologize for being a little preachy about that but sometimes everyone listens. After Chimendra's remarks we're going to do a question and answer a very robust question and answer I'll moderate it's important that you state a question no statements and answers there'll be questions and answers only and I will and I will be ruling with an iron fist so before I turn it over to Chimendra I'm gonna go ahead and just give you know a brief introduction of him obviously we're thrilled to have him here he's the program manager for the information sharing environment he was appointed and a lot of people don't know that about PMISC it's in a presidentially appointed position by President Obama in July and he has I love this charter his charter is government-wide authority to plan oversee the growth of and manage the use of the ISC I'm sure that there was a long line to get this job it's a very challenging task but I think that we've at least I have from my perspective seen some significant progress in the last few months with with Chimendra there at least a more open and more robust dialogue which is obviously absolutely critical to making this work you know prior to this job he was the serve as a federal chief architect in OMB where he focused on issues surrounding interoperability across networks and databases and he also has extensive experience in the private sector in fact he's trained as an engineer so unlike myself who's just trained to fly helicopters and and write and talk Chimendra actually understands the technology behind this and and as a design stuff like this and that engineering background obviously is something that's critically important to developing this ISC architecture so would everyone just go ahead and welcome join me in welcoming Chimendra Paul. Good morning thank you Ozzie for the kind introduction I'm grateful to CSIS for hosting the event today this is a wonderful forum which will allow us to explore the opportunities and challenges around building beyond the foundation accelerating the delivery of the information sharing environment including clarifying its scope and mission the target vision towards which we are building together and how we measure the creative value our high calling is to support our mission partners the federal state and local tribal and territorial agencies and our partners internationally and in the private sector to protect the American people and enhance our national security through the use of information thank you to our sponsors today we're grateful that you're supporting CSIS in continuing to shine a light on information sharing there's a great lineup and speakers and moderators today I'm very excited about this it's great event Ozzie has come together and I appreciate all of them taking the time and all of you taking the time to participate in this dialogue now my communications team asked me to shamelessly promote the ISC community website so get at your pens it's a triple w that is the information sharing environment is e.gov it's a great resource for folks who want to dig a little deeper and participate in the dialogue while they're not here physically and for you all to get a little bit more additional information and stay connected to the dialogue while you're at the site triple w that is e.gov be sure to sign up for email alerts so before I get into the meat of my remarks today let me walk you through the structure of my presentation as Ozzie described on an engineer by training I was an enterprise architect at the department of justice and the office of management of budget my old colleague Jeff Cook sitting here in the front line at times like this I feel a need to stay current in my functional domain so so please please bear with me a little amount of use a little e a parlance to describe my remarks this morning first I'll spend a little time looking at back at how we got here we in ea speak we call that the as is next I'm going to walk you through what we're hearing from thought leaders like yourself mission partners in the agency state local tribal territorial we call that the to be we're going to talk and sketch out a straw man that we hope to refine today and in future dialogues eventually to be reflected in the national strategy then I'm an outline for you some really hard questions I need help answering these are the questions the GAO gave us just a little while ago just just just getting a big hello I think there's some colleagues from the GAO here in the yeah hey there you are back there good now they are hard questions but and they're but they're not the ones I'm gonna present today there's a different set of hard questions so in a remaining time we'll move to questions and answers you don't often find engineers behind podiums addressing large crowds on c-span to you'll find us in dark offices at odd hours noodling over whiteboards on hard technical problems or out in the field working to understand customer requirements and delivering solutions as an engineer my approach to solving hard problems is rooted in an appreciation of first principles diving headfirst into the details of the challenge and then lifting up to solve the problem this is the approach I'm bringing to building beyond the foundation accelerating the delivery of the information sharing environment one more sidebar the ISE is a is a somewhat abstract abstract topic people have a hard time getting their heads around what exactly is that ISE it's useful to set a mental model I like to think about concrete examples so I'm gonna give you four to help process what you are gonna hear today number one a law enforcement officer is part of a routine traffic stop queries the National Crime Information Center or NCIC and is notified to contact the terrorist screening center to evaluate a potential match against the terrorist watch list number two an intelligence analyst using the National Library of Intelligence or the a space platform to collaboratively collaboratively develop new counterterrorism intelligence products with fellow analysts across the ISE three Coast Guard personnel working on the gulf recent Gulf oil spill using the Department of Homeland Security's Homeland Security Information Network in FEMA's web emergency operating center the same assets to be leveraged in both man made and natural disasters finally a local law enforcement analyst and an FBI intelligence analyst co-located at a state fusion center working prison radicalization issues both developing finished intelligence products as well as supporting specific FBI joint terrorism task force investigations back to the main part of my remarks first up is outline how we got here as an engineer I make a concerted effort to stay away from authorities discussions but after five years in Washington in three months as p.m. I've learned to start with authorities and mandate in 2004 the 9-11 Commission delivered their report the Commission prescribed the need to transform government and brought to light multiple challenges around connecting the dots as an aside I'm not a big fan of that term because it oversimplifies the challenges that face us as a community it does not provide a good frame for working through many of the legitimate policy concerns we're facing and is not so helpful with the so-called information overload problem the 9-11 Commission proposed an information to be shared horizontally across networks that transcend individual agencies the Commission call for a decentralized network model which would allow agencies to own their own databases but enable databases to be searchable across agency lines it recognized by moving to a data-centric I repeat a data-centric model the new framework would have to be established to control access to the data not the individual network systems or databases the Commission call for a government-wide effort to address the legal policy and technical issues that would arise from this type of system the idea was to have someone looking across all the agencies creating a trusted information network to facilitate the sharing of terrorism related information excuse me this recommendation amongst several others was adopted from the 2003 Markle report creating a trusted information network for Homeland Security I know because I reread the report for the third time this summer at the beach now we have some folks from Markle in the audience and many of you participated in the the Markle Task Force it's a very very good piece of work this concept as well as federated entity management decentralized information privacy protections extensibility to state local tribal and territorial partners and a focus on prevention a focus on prevention were incorporated into the intelligence reform and terrorism prevention act of 2004 or IR TPA they called it can you give me a drum roll please the information sharing environment yeah the Congress agreed with the 9-11 Commission that horizontal integration required government-wide authority so they created the role of program manager to plan for oversee the agency-based build out and manage the information sharing environment and granted that role government-wide authority the PMIC was told to work across five core communities intelligence defense foreign affairs law enforcement and Homeland Security to enable the effective sharing of terrorism related information the recognition that this effort has to have horizontal capabilities lay as much in the understandings and implications of the technical challenges which are substantial but not the main event it's the legal policy cultural and organizational hurdles which need to be overcome for progress subsequently the implementing the recommendations of the 9-11 Commission Act of 2007 amended IR TPA to expand the scope of the ISE to include Homeland Security and WMD information the 9-11 Act also enhance the authorities of the PMI ISE in two two important ways first it enhanced the ability to issue government-wide standards procedures guidelines instructions and functional standards and second it mandated that we identify and resolve with our mission partners information sharing disputes many refer to this as the honest broker function okay I'm done channeling my inner policy wonk pause for a second now for the second part of the as is what's been done to date a strong foundation has been built and I'm going to describe a number of steps we've taken together as a government in 2005 the presidential guidelines directed the ISE to leverage existing systems to the maximum extent possible and directed the common information sharing standards be developed I need to pause here and emphasize the implications of these requirements it's essential to understand that the ISE is owned and operated by mission partners federal state local tribal and territorial agencies our partners in the private sector and internationally we as the PM ISE we don't build anything we're not operational our role is to help agencies find common mission equities to help them implement functional and technical standards and to drive resolution of policy issues the actual point of implementation the heavy lift is with the agencies they're the engines that deliver the ISE they're the stars of the show the guidelines also directed us to address the proliferation of sensitive but unclassified in mark markings develop a framework for privacy civil liberties and civil rights protections and develop approach to share with state local tribal and territorial partners much of this work was captured in the 2007 national strategy for information sharing and then subsequent ISE annual reports you can find those on our website triple w dot ISE dot gov I want to highlight four areas first up privacy and civil liberties the ISE is envisioned as a trusted partnership between all levels of government and the private sector in order to participate in the ISE the law requires that federal departments and agencies and our non-federal partners have privacy protections at least as comprehensive as the ISE guidelines next CUI or controlled and classified information the new CUI framework will standardize more than 100 unique markings currently used for sensitive and unclassified information these are the markings you see on talking on top of documents around town fo you for official use only OUO official use only les law enforcement sensitive and others of course you only see those markings of your government employee the standardization will be a critical step towards removing barriers to information sharing that wasn't a joke Ozzy next we developed the ISE architecture driven methodology to connect the diverse systems and distributed systems across the ISE now I'm not going to get into that here in detail but I am available for command performances on the architecture finally common information sharing standards that document the rules conditions guidelines and characteristics of business processes production methods and products supporting information sharing the program was successfully used to standardize suspicious activity reporting more on that later there are so many other critical foundation blocks to the ISE some examples are performance measures identity management access controls information assurance performance measures culture training you can find the rest of the story at the ISE community website beyond the ISE's foundational enablers much work has been done to enable ISE core capabilities in the areas of sharing with state local tribal territorial partners to develop the common framework we work closely with our stakeholders in particular I'd like to acknowledge a lot of our stakeholders in the you know the part in the non-federal arena we worked with a lot of individuals and organizations I'm going to miss someone but I want to try to highlight our partners we work with the criminal intelligence coordinating council known as the CICC great organization was foundational to our work with fusion centers and suspicious activity reporting the global justice information sharing initiative just as an aside when I came into justice five years ago the way I made myself relevant was partnering with the state and local through billable great organization national governor's association governor's homeland security advisors council international associations chiefs of police major city chiefs association national sheriff's association national association of state cio's chief information officers national association of counties owners and operators of critical infrastructure and many many many others open government in action the result was a series of recommendations to enhance the sharing of terrorism information across all levels of government in the private sector one highlight of the work is the establishment of a robust network of state and major urban area fusion centers dhs department of Homeland Security is the executive agent with the lead on this part of the framework fusion centers are the critical nodes that connect state local tribal and territorial partners with the information sharing environment through these fusion centers state major urban areas will be able to one receive classified non classified federal information including sensitive time urgent alerts warnings and notifications to conduct risk assessments understanding potential threats vulnerabilities and consequences based on their specific areas of operation three further disseminate critical information to state local tribal and territorial partners and private sector entities within their jurisdiction and fourth gather interpret and disseminate state and local level information to other localities states and the federal government more about this later it's best manifested through the understood through the suspicious activity reporting initiative the fusion centers will operate these capabilities within a scope of privacy policies currently 26 fusion centers have approved privacy policies in operation up from 22 last month last month these policies are at least as comprehensive as the isd privacy guidelines with dhs's leadership we have solid momentum across the states to get the rest done in the coming year the framework just described is laid out in great and useful detail in the 2007 national strategy for information sharing the appendix of the strategy defines these roles and responsibilities and it's in the process of being implemented Bart Johnson dhs principal undersecretary for intelligence and analysis is leading these efforts on behalf of dhs secretary napolitano and undersecretary Wagner Bart has an incredible perspective on these matters having spent most of his career with the new york state police culminating in the commanding the upstate new york state regional fusion center and just as he was getting it humming the feds hired him away so Bart's a friend he's participating in the panel immediately following my talk we have also seen significant information sharing improvements within individual agencies many of these are documented in the annual report many more are out there waiting to be celebrated i'd like to highlight two examples from the intelligence community that incidentally my office had little direct involvement in accomplishing that's the nice thing about being government-wide right i get to you know seriously a core part of my responsibility is identifying integrating and extending best practices across the isd this is a kind of a soft a soft power there's no authority that's specific to this but actually it's very very powerful I learned that lesson when I was at the department of justice working the national information exchange model and then at OMB as the federal chief architect the most significant invisible change in terrorism related information sharing was the establishment of the national counter terrorism center our nctc russ travers is also going to speak on the opening panel he's nctc's equivalent of a chief knowledge officer russ is a respected leader in our community he was recognized as a galileo award finalist this year for a slot leadership on information sharing further the intelligence community has led information integration by implementing intelligence community directive or icd 501 discovery and dissemination retrieval of information this policy promotes responsible information sharing by distinguishing between discovery and dissemination retrieval it's based on a little technical meta-tagging it's a really good best practice and something that has potential to look and be used more broadly before we turn our attention to the future there's one last element of the isd strategy to round out the as is and it's important to highlight because it helps make the isd that much more real and that much more meaningful in response to the 2007 national strategy we convened several federal agencies law enforcement organizations local police departments and others to develop a unified activity around a unified process around suspicious activity reporting or SAR this unified process builds on what law enforcement has been doing for years gathering information regarding behaviors and incidents associated with criminal activity and establishes a standardized process whereby that information can be shared among agencies to help detect and prevent terrorism related activity tamarali who presented here at CSIS a couple weeks back spoke at length about what is now the nationwide suspicious activity reporting initiative or NSI Tom is a friend and someone I'm privileged to call him enter in March of this year the attorney general announced the establishment of a program office at the Department of Justice Bureau of Justice assistance to facilitate the implementation of NSI across all levels of government and named tamarali the director Tom's charge is to roll out the NSI nationwide while ensuring that privacy civil rights and civil liberties are strengthened you may be familiar with NSI due to secretary Napolitano see something say something campaign this is the public awareness component of NSI the NSI is one of our most significant accomplishments to date and an example of the ISC in action an interrelated set of harmonized policies mission processes and systems which leverage ISC core capabilities and enablers to empower the men and women on the front line to share and access the information they need to keep our country safe and I have late breaking news so I'm gonna I'm gonna make a little news today little news but it's important and it's good the FBI is already well integrated into the NSI solution last week the FBI extended their integration to improve sharing of SARS suspicious activity reports generated from their field work what's noteworthy here and slowly technical is that these SARS while unclassified are being worked and contained in in FBI's classified systems and databases it's a great example of being data-centric in our sharing and sharing federal data with other levels of government these SARS are being shared with the fusion centers state and local fusion centers through the NSI which brings us to the to be part of my presentation today and the purpose of this forum my office is leading the process with mission partners of developing the national information sharing environment strategy this includes subsuming the 2007 national strategy for information sharing and bringing forward the foundational pieces of the document as it relates to information sharing with state local tribal and territorial partners we are working with our mission partners to conduct deep dive conversations we also want to include thought leaders outside of government so we're here today and engaging in a process to do that this discovery process will assist us in developing a target vision and supporting strategies to build beyond the foundation and accelerate the delivery of the information sharing environment to set the stage for the speakers and dialogue we'll be having for the rest of the day I'd like to briefly describe three ideas the first idea the president's national security strategy calls for a whole of government approach to build national capacity based on applying and integrating the efforts of all agencies with a national security mission to effectively support whole of government our working hypothesis is that the ISE must one empower the frontline with the information they need to do their jobs to deliver data-centric capabilities that support reuse third strengthen privacy civil liberties and civil rights protections fourth align with technology and information management trends and finally leverage standards based innovation to make the ISE work we need to focus on data sharing it discovering it protecting it fusing it and reusing it we need a data centric approach in alignment with the original mandate for the ISE I also highlighted standards based innovation we can dramatically improve price performance increase agility decrease risk and accelerate deployment of the ISE by effectively working with our partners in industry this is such a critical aspect of what we need to do to deliver and I'm anxious to have that conversation and we have a technology panel later today I'm looking forward to that okay the second idea the opening panel is focused on opening the aperture to the totality of terrorism related information sharing is directed by law there are several aspects of the expanding aperture idea in the past we've advanced initiatives in the federal to state and local information sharing space the 2007 national strategy does an excellent job laying out roles and responsibilities in this regard building from our foundation we want to enhance and extend partnerships across all five communities defense intelligence law enforcement home and security foreign affairs I'm looking forward to hearing from today's speakers as well as members of the audience on this topic also the ISE mission partners rarely have the ability to segregate their terrorism related activities or their terrorist related act information mission partners ask us for complete solutions it's a reasonable and right request such needs need to be factored into our strategy going forward finally the third idea is the role of sourcing integrating and sharing best practices on the road to transformation for example our core standards framework the national information exchange model is used well beyond the national security space another example is the potential to scale ICD 501 type meta tagging and discovery schemes more broadly we're looking for feedback and discussion are these the right ideas what refinements are necessary and what's the best way to clarify the target vision and enable incremental progress this last point is so critical we need to be working in an incremental way while we're building towards the future we need to make making changes that deliver value every day this brings us to the last part of my remarks today we're in the home stretch stay with me we need your help to better understand the landscape so that the ISE assists our mission partners in delivering the comprehensive and inclusive solutions they to the issues they face daily in addition to reacting to the ideas I just highlighted here are a few questions for the speakers and participants in today's conference to consider so this is good get out your pens there'll be a test we'll collect the papers at the end right Ozzie what are the best practices to be replicated across mission partners what best practices should we be looking at what's the best way to enable discovery how do we balance data aggregation with decentralized NSI type architectures is it possible for there to be a single architecture across the entire ISE or do we need to take a heterogeneous approach a core issue in my mind with authorized use is not the technology it's the variability in the policies and the lack of consistent precise semantics for expressing those policies how do we get past that issue are there successful examples that we can model on and and build from around embedding legal restrictions and policies at scale and across domains how do we leverage open government type ideas to accelerate planning and delivery of the ISE how do we incent and celebrate progress and spreading adoption of best practices is there a role for challenges what are the concrete immediate steps that can be taken to accelerate change this year and finally what are the measures and metrics we should adopt across the ISE to measure the value we create together well thank you for listening to my remarks I hope I kept my inner geek in check I've set the scene to allow us to talk about the future what the ISE needs to be to support the counterterrorism mission and building beyond the foundation how do we accelerate delivery of the information sharing environment I welcome your questions remarks and commentary thank you very much well thank you Schmender we appreciate those remarks it's a little bit my reflection on your remarks is a little bit of a change of pace having been kind of in the policy world for probably a bit too long than I should have in my naval career but getting some remarks from an engineer there was actually substance in there and uh and I'm not used to that no it was great I was like wow we're actually getting facts and details and a plan and wow how refreshing and then you also gave us homework which is good so those of you that thought you were just going to get a free lunch and just listen um you didn't read the false my vibrant that's open government in action so we are going to take those questions and we are going to try to address those for you another reminder to everyone here before we go into the questions in addition to see to c-span here we also our live webcast in this on our website there's a link at www.ise.gov as well and this will be available for download on iTunes in the future if you want to go back over Schmender's very and I mean this Schmender very substantive remarks it's very refreshing that we actually I think people like to rope their sleeves and actually tackle problems as opposed to just talking in the theory of things so we appreciate that we're going to go ahead and go into questions and answers we have because this is webcast we ask that you please well microphones coming around please state your name and your affiliation if you have one so we can understand the context of the question and Schmender's going to answer it but I get to ask the first one that's the that's the big thing I get out of this is the first question and you know I just reading your speech and reading some information you sent in advance and just some of the stuff that we've done with ISC in the recent months I'm struck by your charter in many ways it's very similar in my good friend Russ is back here former colleague at NCTC similar to the charter that NCTC had where you had control of nothing but responsibility for a lot responsibility for coordination and sometimes limited ability to compel so I guess I would I would ask you Schmender what what do you see is maybe your your one or two just limits you to greatest challenges facing you in in this new position that that you have this PMISC thanks Ozzy can folks hear me do I need to pull this up a little closer okay there we go you know you're right about the nature of the the the challenge of the information sharing environment it's inherently a horizontal horizontal problem it reminds me of my time at OMB I was in the office of e-government and IT there but internally we call it the office of horizontal government it's kind of a core challenge it's working horizontally in a vertical world and that's you know that's the heart of it I think frankly it's where there's the greatest opportunity for innovation in in how we think about government services and you know most of a lot of our challenge and counter terrorism is a core example counterterrorism inherently is a cross-boundary cross-domain problem it's national and scope lots of different folks have to come together out of different disciplines different organizations how do you work across boundaries that's uh you know that's uh you know really the cutting edge I think of of public service and and you know I'm just honored to be in a place to to work on that problem yeah and I and I found my time extraordinarily rewarding at NCT at NCTC just because of what you described so that that's great and I have to look forward to it okay we'll go ahead and go to questions who wants to go with the second question any from the audience gentleman the blue shirt back there please hi my name is Harvard Shikoff I'm the chair of the American Bar Association Standing Committee on Law and National Security so my question is very simple do you see any particular laws that have to be changed in order for you to be successful so that's a that's a great question do I see any laws that need to be changed I can answer that a couple of ways one is in terms of the authorities of my office and the mandate that the law gives to the the PMISC and the authorities I think we're we're all set that way it's uh from my perspective a matter of mainly execution of bringing together mission partners finding the common mission equity and execution is the you know the core challenges core challenges I face there are gating policy issues that have uh that are out there right this is uh this is almost like the the old analogy you're draining the swamp and you see some stumps you see rocks old boot right and you drain the water a little bit more and you see some more and so you got to work those issues so so I think you know in terms of that side of the equation there's uh you know always opportunities perhaps to to look at the the you know the legal and policy frameworks but I that's not where I'm at right now I I'm I'm you know in terms of the authorities of the office we're all we're all fine and for those of you that you know we're going to stay for just a couple of the panels and then leave I would encourage you to stay for the last panel because that's the one in civil liberties and civil rights which is sure uh to be an exciting and interesting discussion one of the reasons why we stuck it near the end okay next question next question uh the gentleman up here in the blue suit I can't say that in DC blue suit right sir steve kent steve kentrell office of global maritime and air intelligence integration director of national intelligence um we're a partner with you but one of the more interesting things I found is recently out on a trip other than being asked why I followed you to the same location was another uh location where the comment was made that as we tackle this problem set and we look at all of our interagency state tribal local and other partners uh one of the individuals I was discussing this with compared it to the NATO of America he said because we all speak different languages we come from different cultures for example you made reference to the significant activity report and of course if we take that acronym of SAR the helicopter pilot sees it as search and rescue synthetic aperture radar special access required again using the same terms but meaning completely different things I was wondering if you could reflect on what you've seen in the short time you've been in the office sure thanks steve yes steve is uh steve is a partner and um working on uh airspace domain awareness and other other uh domain awareness type initiatives uh this this issue and the the the term we use when I'm with my my architecture buddies is uh semantic interoperability and you've provided a great explanation of what exactly that that means um it's where we started frankly when going back we're winding the clock five years ago the isc was standing up I was over at the department of justice leading something called the national information exchange model a heart of which was you know creating this sort of between different functional domains so you know somebody's working in the coast guard and homeland security and has a certain definition for SAR right or you're in the military and have a certain definition for SAR or you know you're in the finance domain looking at financial SARs right they use exactly the same definition for bank secrecy act suspicious activity reporting that there's a way to you know map those terms so that you could translate and you wouldn't use the same thing so that two people communicating if they're in different domains in different organizations the message meant the same thing on both sides of that communication so we've actually come a far away in terms of the theory of how to do that and the practice of how to do that um you know and uh uh by using more formal methods as as you know we we've done with the name and then actually reflecting those and functional standards business process standards and I'd even go a step further working with our partners in industry one of the examples is uh the suspicious activity reporting so it's got the standards that are based on that Rosetta's own type concept in the national information exchange model and now industry is actually implementing it a couple of major vendors sell a fusion center in a box offering that's compliant with that right so that uh you know we're getting the benefits of standardization in terms of you know the acquisition really that's so critical right that uh think about the front line uh you know a first responder has a radio they just want to be able to press a button they don't want to worry about the complexities right and that's kind of our challenge one reason the space is so complex is that we have to deliver it in a in a compelling way to the front line where we mask that complexity so yeah it is a core challenge is one we've been working on for some time uh next question the gentleman the blue shirt the middle there please hi uh Scott quick with the senate judiciary committee i want to follow up on harvey's question um because the civil liberties panel doesn't have anyone from the government on it have you or anyone else in the government asked every agency to compile a list or identify the specific privacy laws that are impacted on the information sharing environment in other words do we have a baseline from which we can assess whether or not there are any laws that needs to be changed do we have that compiled across the federal linear agency i have some uh colleagues in the office and the audience here from uh that are that are a little bit more conversant on the specifics there so if if one of you wants to help out that's that's great let me answer the question this way we have been working on privacy guidelines for quite some times the information sharing environment privacy guidelines and through that process we've been working with chief privacy officers across the isc participating agencies so through that process you know we've developed the privacy guidelines and then agencies now are implementing privacy policies and have implemented privacy policies that are as comprehensive as our privacy guidelines so i can maybe follow up with you okay alex do you want to yeah i'm alex joel and i'm the civil liberties protection officer for the director of national intelligence and i work very closely with chimendra implementing those privacy guidelines throughout the throughout the government i chair a privacy committee that oversees the implementation one of the provisions in the privacy guidelines is for those privacy officers if they identify particularly laws or policies that might need to be changed to float those up so we do have a process in place to identify them we have not yet though gathered a list of any kind like that but we have a process in place to do so it's very difficult at times and that's not to happen to this panel but to get someone from the government to talk about crcl it's a very challenging thing to to do but a good point on the panel as well we'll take that for future reference okay next question are there any more questions um well i have another question you know chimendra again in substance in your speech you talked about some things for the future and you asked us some questions and gave us some homework to do today but i guess i would ask back to you what in in your vision what does isc look like a year from now what does it look like five years from now what it looked like 20 years from now i mean what would you what do you want to accomplish and what do you see so that's a that's a good question and we have several initiatives underway that are are bearing fruit so let me let me describe those um you know i see bart johnson in the back he's on the on the panel immediately following he's leading a process where we're doing the baseline capability assessment across the 72 fusion centers and that report should be coming out shortly we've identified certain critical operating capabilities and we expect that those operating capabilities will get get mitigated so we have a robust measured infrastructure of the state and local fusion centers looking across things like privacy protections or the ability to receive classified information or you know some of the other critical operating capabilities i described earlier so that's kind of one thing in the next year is substantial progress on the network of um of state and major urban area fusion centers the nationwide SAR initiative earlier this summer secretary napolitano kicked off to see something say something campaign that by all accounts has been well received and we're ramping up the nationwide SAR initiative across the country will have i believe the majority of states actually integrated into the the the initiative and there's lots of anecdotal evidence and measured information it tells us that it's making a difference um a big initiative in our office has been interconnection of the so-called sbu sensitive and unclassified networks this is a you know been a core refrain from law enforcement homeland security first responder types state and local types that the different federal networks don't interoperate as well as they should so we're seeing that interoperability and we've delivered a lot of capabilities over the last little while documented in the annual report and over the next year we'll see simplified sign-on right so you don't have all the different passwords it's easier to get access a law enforcement officer coming to leo can get to databases on you know the homeland security information network and so forth and so on um so those are just some examples of uh of incremental progress we're driving um you know longer term i think uh i'm i'm going to defer that i'll come back and answer that question if you'll you'll have me but i want to defer that because i'm really hoping to hear from the audience about about where uh where we think we we we want to go i i i would say that i i think within five years the the the idea that we're data centric is uh i think a a a reality more than it's kind of a future speaking of a data centric i'd love to hear some of the industry experts in the room talk about and address some of the terms you know mega tagging and other things that is me as an engineer don't fool understand in the nsi type architecture so um that's a good dialogue we have as well i think we had a question right here though good morning christine it's an asterisk from the homeland security and defense business council i i don't admire your job i think you have a tremendous amount of work to do just to figure out how we can share information currently but to follow on to your question about the future um how is social mapping or um almost off offensive data collection playing into the future of the isc i think right now we're we're collecting information we collect a tremendous amount of information and sorting that and sharing that is certainly our first priority but going forward to to kind of face tomorrow's battle how are we using kind of the social networking and mapping tools that are being developed um so so a great example of using uh the web2o type technology is the a space application inside the um the intelligence community it's a wiki collaboration platform that's uh very useful for different intelligence analysts to be able to collaborate and securely share information so you know our our charge is yes it's information sharing but it's also collaboration around information so you know there's the unstructured information and the social sort of thing so i think that's a a critical part of the information sharing environment is effective social media integration um and you know the a space is a great example of that great any additional questions anyone else oh yes sir right in front here wait for the microphone i'm sorry peter sharthman mitre corporation uh one one perception uh of the problem uh faced by international security generally is that there is a very high ratio of noise to signal in all this data we're collecting could you address a little bit how the various initiatives that will promote interoperability and both at the the bits and bytes level and at the semantic level would also help the problem of extracting the necessary signals from the abundant noise yeah that's a that's a great question the question is how do we raise the signal and decrease the noise and this is part of the reason why the the connecting the dots metaphor is not so useful because it doesn't really get to the quality of the dots right and uh you know and establish best practice around information management is working upstream trying to you know at the point of collection getting the data and it's clean impossible format and then also the the different tagging seems how you describe the data meta tagging is data about data but descriptors around the actual data you collect so that the extent that that that that tagging is well designed right so it supports downstream um comparison and uh so a great example is with this suspicious activity reporting initiative that i talked about earlier a key part of the work was getting all the different communities to agree on standard codeless for describing behavior based activity or you call it a car you call it a vehicle right and so no no we're gonna we're gonna call it a car right and things like that so that's those are some of the examples for how we uh we we think about about that issue but it's the core issue um you know it's about sharing and discovery of information but discovery only works if the information is described in consistent ways from the point of view of the person who's trying to discover right the information comes from different domains so there's that standardization issue you know fusion only works if you're able to correlate data right but then that implies a certain high level of quality so you're you're exactly right that the data quality issue is a is a core issue and needs to be engineered into the solution it it can't be dealt with as an afterthought yes ma'am right front here hi adrian le point csis i've got a question that relates to the discovery issue at one point at least they may be in 2007 when i was more familiar with what your office was doing uh attribute-based access was the mechanism to determine who would be able to discover as opposed to access information is that still the approach and if so how is it going if not what approach are you taking so the question is uh attribute-based access control so how do we you know make sure that somebody that's accessing the data has the proper authorization to you know access that data some refer to that as authorized use um it's uh it's the right idea you know attribute and role-based access control the the the challenge comes in that the the you know the policies to describe do you have access the right to access this information some of those policies are information assurance policies some might be a u.s. persons rule some might be you know a variety of other rules that are coming out of different domains different agencies that are described potentially in different ways that would make it difficult to automate the evaluation of those rules to make a judgment you know in in real time right so this goes to the issue of you know looking across the different policies there's a degree of harmonization that may need to occur so that the policies are described in consistent ways so then those policies then can be automated in a consistent way across the isc so that's uh the technology it works it's it's it's it's established but doing it at scale and across these different domains right that becomes the hard issue we actually did a pilot um with nist uh over the last year and i think we described them in our annual report uh and the hard part of the pilot wasn't the technology that's all you know that all works pretty well it was the effort taken to take you know text based policies that weren't written with an eye towards automation and then turning them into you know rules and then is that actually a valid expression of that policy that'll satisfy you know legal and uh decision makers right and in some ways this is similar to the journey that we went through as a country and with digital signatures now we accept digital signatures but it took a long time for you know the the you know the legal and cultural to catch up with the technology the technology was ready for digital signatures well in advance of the widebred based market market support so i see it as an analogy you know our challenge is to try to accelerate that you know by by working with our partners in the policy community and and elsewhere cool yes microphones come from behind you hi i'm wendy walch from the navel postgraduate school and you just mentioned the word cultural and you had mentioned it in your talk as well what um are you finding as far as looking at the issues of trust and culture and how can we build that in our information exchange environments thank you so much for asking about culture and trust these are core core issues um it's uh you know one of the things that i i've found so refreshing in my time in public service is that there is a commitment to sharing um and i've seen that commitment grow in the last five years that i've i've been working in it in the federal government and looking across you know mission partners um you know there's there's a commitment to sharing it becomes difficult dealing with the legitimate policy issues right that sort of get in the way sometimes or you know the the need to express these policy issues and negotiate them because they're we're coming at the policy same issue from different domains and and things like that now so i see the a lot of sharing i i think that the from a cultural perspective the we're ready to take that next step to go from you know need to share to need to share well right and this comes to the ideas like establishing a learning culture having metrics around how we share to help inform operational management activity uh so so one of the ideas that we're trying to pursue interested in pursuing as part of the national strategy here is what does it mean to have a learning culture around sharing how do we make sure that we have more cross-cutting metrics that are shared across agencies on consimilar uh capabilities technically enable capabilities or mission processes you know a simple example is i talked about the spu networks interoperability initiative so we want to make sure that we can count the number of users in an spu network whether it's fbis leo dhs is his and dni's intel link or doj's grant funded state-owned risk net in a consistent way right so we can see how many users do you have sounds like it's pretty simple right but it's actually gets complex to make sure that you're counting in the same way counting is you know because you want to be precise about it you got to do the confliction of duplicates and things like that then you want to say okay i want to measure how often these networks are used and used you know how many of those uses to somebody access a database and another network again these are pretty simple metrics but it gets slightly complicated when you want to have the same precise measure coming from different organizations and entities so you can roll it up collecting those kinds of measures gives feedback right feedback that can drive changes in a data data driven way right so that helps you with this idea of a learning culture and and uh so we're looking at other opportunities to explore that learning culture idea sir hi i'm bruce walker from north of grumman uh it occurs to me in the con in the in the conversation that we've talked about discovery we've talked about trust and sharing environments but there's another use for the word discovery in the legal community and i just i wonder whether this horizontal integration that you talk about is potentially subject to a court order or some other change in our legal system that pierces the veil so to speak and opens this all up to examination for discovery and support of somebody's defense and i i don't know if you all have have thought through the unintended consequences of the application of technology at that level but it seems to me that we may be exposed here in a way that that would be very hard to fix once it's once the door is open so the question is about discovery um yeah that's a really good good question i people are aware of that issue so there is an awareness of of the issue and you know that it manifests itself in a lot of different ways but there is an awareness of that issue uh you know one of the aspects of the information sharing environment that was called for in law and is important to providing confidence to people that policies whether they're policies around strengthening privacy civil liberties and civil rights or policies around information assurance or other other information sharing policies are effectively implemented is a audit and capabilities right so making sure that different activity across the information sharing environment is is logged in a in a in a high integrity way that is consistent across different participants in the isc so that you can look across and understand what's going on and and understand that the policies and stuff are being being followed so now we're starting to get to the good questions um any other questions from the audience other questions um schmender again with this the reason why we're doing this again is is and these are great questions I think these are the questions that isc wants us to address instead of building the strategy in a vacuum in in their government offices they're coming to the to us uh the public you know the industry the government people that have to work with some different departmental agencies the the professional organizations state and local governments and saying give us get at what are the questions we need to answer in this strategy um and what are some of the concerns that we need to um to take into account and I think it's critical uh I think it's very important so again we need to keep that in mind that we are we are doing a job here today for for the isc team and trying to help them out and to get these very good critical issues addressed in there um any additional questions all right Dan the PMI you talked about as an enabler and you talked about getting to the point in the future where you really do have best practices can you sort of envision the point though where the PMI does get to that place where it doesn't just give broad guidance that you shall protect civil liberties for example or you but it actually gets to the how it starts recommending best practices for example for encryption or for uh anonymization or for data retention across what are very disparate organizations when does it get to the point if ever of actually doing a little more of the how in terms of how it tells other groups to do things so the the question is when do we get to the how and the answer is we're we're doing that today actually um you know we we do that at the you know at the at the business process level I mean the when I we use the word functional standard of functional standards of business process standard in exchange so with the suspicious activity reporting there's a certain business process that's uh that's mandated in terms of what the SAR looks like to generate a SAR and to share it um we're doing it in terms of technical standards and we call them segment architectures but they're a set of standards around interoperability for the the SBU networks and you know for other initiatives and similar similar kinds of things um so I think we're doing it now and I see us being more prescriptive in the future right that's the power of standards based innovation right one of the core challenges we have is when you look across the ISE it's a it's a huge space lots of different participants federal agencies state local tribal and territorial governments the private sector it's a huge space um to the extent that we can help standardize some at the exchange right not the internal processes but the exchange so that people can mesh what they're doing and then we can work with our partners in industry right to say here's a standard here's an interface standard that's at the business process the technical level right it allows our industry partners to start to bake those those capabilities into their products and services and make them more accessible um you know a great example when you think about state and local governments there's there's 18,000 police departments in this country we're inherently a very federated decentralized from a law enforcement perspective you get past the the the major cities you know the the very big forces and it gets to be very challenging for small mid-sized police departments to effectively integrate into the ISE because they can't invest in customized solutions they need to have solutions that are basically standards based um so that's you know part of what we what we want to do is to become increasingly prescriptive not in a vacuum but with our mission partners right it's really critical we're not out in front we're bringing them together common mission equities but coming to agreement and then and then leveraging industry so that you know and working with industry so that we can bring those kinds of solutions to you know to bear okay great any other questions okay well before we uh we thank Schmender we'll um we'll take a short break and we'll reconvene here at 945 but i'd like to to note that this is Schmender's first major speech as the PM ISE I think he said a high bar with so much substance in this speech and I hope it continues in that trend because it's very useful for those of us that are trying to to help get our arms around this so let's uh let's give Schmender a warm round of applause please