Coalition has specs for secure data-sharing

A coalition of IT vendors, government agencies and academic institutions today released specifications for a system that could help federal, state and local governments share sensitive homeland security data.

The Open Specification for Sensitive Information Sharing is an attempt by the Regional Alliances for Infrastructure and Network Security to bridge current stovepiped communications systems.

"It's easy to get interoperability from a single vendor," RAINS chairman Charles Jennings said. "This is our attempt to build a multivendor, interoperable solution for secure information sharing."

The specs are based on the RAINS-Net network that now links 911 call centers with first responders and other emergency personnel in parts of the Pacific Northwest. Jennings said the specifications will continue to develop as the group identifies user needs.

RAINS-Net grew out of a program that began in 2002 to field a prototype regional emergency response network. The organization, originally called Oregon RAINS, was a business development group founded in the wake of the Sept. 11, 2001, attacks. It promoted homeland security applications from Oregon companies.

But RAINS has since expanded its mission and has participants that represent more than 60 companies, six research universities, critical-infrastructure providers and state agencies. The organization deployed RAINS-Net last year.

The specifications are build on Web services. Extensible Markup Language schema are applied to data extracted from incoming calls at computer-aided dispatch centers. Data passes over a secure network to three RAINS-Net operation centers and from there is distributed as alerts and information streams to appropriate parties.

Alerts can be received via PCs, personal digital assistants or cellular phones; databases of training and reference material also are available.

RAINS will operate a central Universal Description, Discovery and Integration registry for all participating parties in the network. The goal is to create a standards-based infrastructure that will operate with existing community communications systems. Standards specified include XML, Common Alert Protocol, Web Services-Security, WS-Security Policy, WS-Trust and Security Assertion Markup Language.

Although RAINS has been cooperating with the federal government, Jennings said interest from the Homeland Security Department has been inconsistent.

"There are some parts of DHS that have been very interested and supporting," he said. But, "we've had more activity with the Defense Department than with DHS. We are hopeful we will have more support from DHS in the time to come."

DOD will deploy in June the RAINS-Net model for the Joint Warrior Interoperability Demonstration. The antiterrorism technology exercise will involve more than 70 countries and all branches of the armed forces.

William Jackson writes for Government Computer News magazine.