Info sharing stumbles on poor planning

A lack of clear strategies and concepts of operation is one of the major barriers holding up progress in information-sharing within homeland security, Martin Smith, director of information sharing for the Homeland Security Department's Office of the Chief Information Officer, writes in a new report.

Smith's commentary, titled, "Ten Barriers to Information Sharing," is included in a two-part report on information-sharing, from government and justice perspectives, published March 29 by the National Association of State Chief Information Officers. The report is available at www.nascio.org.

Basic lack of definition and clarity on many levels is a strong hindrance to advancing information sharing, Smith said, who describes at least 10 obstacles that must be overcome.

"Before making major IT investments, we need an overall strategy or concept of operations that describes how individual projects will fit into a consistent process framework and how that framework supports a strategic goal," Smith said. "We cannot hold up all investment until we have re-engineered every process, but we should make it a priority to invest in defining and documenting processes critical to homeland security."

Smith said homeland security agencies are struggling with defining a balance between sharing too much information, and too little.

"How close or far are we from the 'correct' balance between sharing and restricting access? Can we quantify or at least clearly articulate the costs of sharing versus not sharing? How do officials now making these decisions on a daily basis define the correct balance, in general or even in a specific case?" are some of the questions Smith asks in the report.

Smith also identifies additional barriers, including a lack of catalogs of existing information collections, lack of clear criteria for information-holders to make decisions about sharing, lack of performance baselines and a lack of incentives for individuals and organizations to share information.

In addition, there is difficulty in ascertaining "'real' business rules," or rules established by law or established business reasons, versus common practice, or "tribal knowledge," in a workplace. Documenting the necessary business rules is a huge task and is hampering the ability to quickly establish new rules that meet the requirements, Smith wrote.

Furthermore, Smith also points out specific problems with quickly extracting "unclassified, actionable information from classified sources," as well as the difficulties of ensuring appropriate levels of secure access to information throughout the lifecycle of that information.

"Digital rights management is an existing technology for ensuring business rules accompany the content of information exchanges. Further iteration of this technology would be a federated identity management system," Smith said.

The report said Smith's opinions are his own and do not necessarily represent the opinion of the homeland security department.