Paul Hubbard Portfolio Manager, Border and Transportation Security Information Sharing: Barriers and Solutions Sept 9 Workshop Summary Presented to Armed.

Slides:

Advertisements

Similar presentations

Presentation by May Ikeora 6th June 2013

Advertisements

Defence R&D Canada R et D pour la défense Canada Major Events Coordinated Security Solutions Public Security Science and Technology Symposium bridging.

1 Title Goes Here Canadas Maritime Security Threats and Responses.

ICT PSP Infoday Luxembourg Call 2011 – 2.4 eLearning ICT-PSP Call Objective eLearning Marc Röder Infso E6/eContent and Safer Internet Luxembourg,

Module 5 Assessment, Intake, Supervision and Case Management.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

EUROPEAN INTEGRATED MARITIME SURVEILLANCE

Canadian Coast Guard Safety First, Service Always A National Institution in Service for Canadians May 5, 2003.

Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.

SECURITY RESEARCH SEVENTH FRAMEWORK PROGRAMME Mark Stroud Home Office Scientific Development Branch UK Security Programme Committee Member.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

#CPACONGRESS E3: Strengthening integrity in a complex environment Hawari Badri FCPA Assistant Secretary, Department of Immigration and Border Protection.

Managing Data – The key to keeping our borders safe Wayne Phillips, National Security Director Microsoft Corporation.

1 Whole of Government Approaches to Sovereignty & Security in the Arctic: The Canadian Coast Guard’s Perspective Mr. E. Wade Spurrell Director General,

Towards a framework for integrated cross-border law enforcement initiatives Based on the Consultation Paper circulated to CACOLE in July 2008 by Public.

Beyond the Border Integrated Cargo Security Strategy Canada – United States Transportation Border Working Group Detroit, Michigan April , 2013.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

Chapter 5: Asset Classification

Securing Corporate & Documents Richard Elphick Titus Labs.

Capability Cliff Notes Series PHEP Capability 6—Information Sharing What Is It And How Will We Measure It?

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

NIS Directive and NIS Platform

Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Urbanization as a Social Determinant of Health Marilyn Rice, MA, MPH, CHES Senior Advisor in Health Promotion Coordinator, Urban Health & Health Determinants.

Overview Summary from Africa and ASEAN assistance Dr. Peter Pembleton, UNIDO.

A Common Immigration Policy for Europe Principles, actions and tools June 2008.

IntelliDrive Policy and Institutional Issues Research Valerie Briggs Team Lead, Knowledge Transfer and Policy, ITS Joint Program Office, RITA May 4, 2010.

1 Freedom of Information (Scotland) Act 2002 A strategic view.

Implementing Shared Inspection Management Systems Insights from recent WBG research John R. Wille WBG Investment Climate Advisory Services Amman, Jordan.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Enabling Environments for Clean Energy Technology Transfer Michael Gerbis President The Delphi Group.

State Alliance for e-Health Conference Meeting January 26, 2007.

Canada Border Services Agency Update Presentation to: Transportation Border Working Group Bellingham, Washington June 7, 2006.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

State HIE Program Chris Muir Program Manager for Western/Mid-western States.

APAN Group Owner Training. APAN Groups Overview FOUO PII Other types Information Categories Aggregate data impacts OPSEC Group Owner Responsibilities.

Technology Needs Assessment Presentation for Los Fresnos HS

REvitalizing networks and New Emphasis in Transfer: preventing and facing early school leaving by sharing solutions and tools 1st Transnational Workshop.

Towards a Virtual Institute for Research into eGovernment Prof. Zahir Irani & Dr Tony Elliman Information Systems Evaluation and Integration Group School.

Piemonte Workshop 1 11 September 2006 Paolo Salieri European Commission DG ENTR-H4 Security research in FP7.

The Canada Border Services Agency and Coordinated Border Management Regional Conference of Customs Directors General, April 22-25, 2012.

Enhancing Partnerships in Support of the Maritime Sector: An Overview of Transport Canada Initiatives 20 th CMC Towboat Conference May 25, 2013.

Risk and Crisis Management Building OECD Principles on Country Crisis Management.

1 FTA Research Programs Ronald Hynes Acting Associate Administrator for Research, Demonstration, and Innovation April 17, 2007.

Work Group 3 Outbrief: (Governance Innovation for Security and Development) Peacekeeping and Stability Operations Training and Education Workshop 2014.

Dr. Shane Renwick, DVM, MSc, A/Director, Animal Health Science Division, Canadian Food Inspection Agency CAHLN, UCVM June 8, 2010 Foresight for Canadian.

Canada Border Services Agency Transportation Border Working Group (TBWG) April , 2010 Boston, Mass. CBSA OTTAWA UPDATE.

Information Security IBK3IBV01 College 3 Paul J. Cornelisse.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

1 Power to the Edge Agility Focus and Convergence Adapting C2 to the 21 st Century presented to the Focus, Agility and Convergence Team Inaugural Meeting.

Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.

CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.

3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid

Page 1 Advance Interdepartmental Reporting Initiative (AIRI) Transborder Working Group Data Workshop Dearborn, MI June 3-5, 2008 Transborder Working Group.

Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

Canada Border Services Agency Update Transportation Border Working Group Niagara Falls, Ontario October 24, 2006.

UNDERSTANDING INFORMATION MANAGEMENT (IM) WITHIN THE FEDERAL GOVERNMENT.

Differences between customs brokers and customs carriers Differences between customs brokers and customs carriers Baku, April 8, 2016 TAIEX Workshop on.

1 CDC Health Information Exchange (HIE) Accelerating State-wide Public Health Situational Awareness in New York Through Health Information Exchanges August.

November 19, 2002 – Congress passed the Homeland Security Act of 2002, creating a new cabinet-level agency DHS activated in early 2003 Original Mission.

Economics of Policing Shared Forward Agenda Economics of Policing Shared Forward Agenda.

Update from the Faster Payments Task Force

The National Network of

Trafficking in Persons (TIP)

House Select Committee on School Safety - Infrastructure and Security Subcommittee Recommendations Charles A. Quagliato, Division of Legislative Services.

1-A) How would Arctic science benefit from an improved GIS?

Migration Health - Canada and the RCM

Presentation transcript:

Paul Hubbard Portfolio Manager, Border and Transportation Security Information Sharing: Barriers and Solutions Sept 9 Workshop Summary Presented to Armed Forces Communication and Electronics Association, Oct 7, 2014

Capability Gap around the Exchange of Sensitive Information CSSP motivation for working in this space: a recurring request from partners to fund a solution to: “controlled cross-agency information sharing to enable … Examples: Exploiting sources of data (“Big Data”) for targeting at the border while respecting privacy legislation. Sharing real-time Critical Infrastructure status with EMOs during emergencies – without allowing unfettered access to commercially sensitive information. Sharing vessel details (cargo, destination etc) without revealing personal information (crew names). Sharing stolen vehicle VIN data with foreign authorities without sharing names of owners. Enabling surveillance of Emergency Room data to detect syndromes without divulging personal medical records.

Challenge of Domestic Military Support: Marine Security Operations Centre Department of National Defence Responsibility in MSOC: Produce timely situational awareness in the GL - MSOC Area of Responsibility (AOR) by building a Recognized Maritime Picture (RMP) ISSUE: Without addressing information sharing, legislation and security clearances, all of which have a direct impact on collaboration, it will be more difficult for the GL MSOC to achieve its outcomes.

Workshop Sept. 9 Summary Full day workshop with participants from provincial EMOs, RCMP, CBSA, Justice Canada, Privacy Commissioner, Public Safety and CSS. Explored 5 use cases, found common barriers and status of project team solutions. Workshop Outcomes: Shared emerging solutions between project teams. Identified common aspects for future S&T investment.

Information Exchange “Barriers” Privacy Secrecy Policy Technology Culture

Privacy ‘Personal Information’: s. 3 of the Privacy Act “information about an identifiable individual that is recorded in any form” Subject to certain exclusions Contextual The four part test: Necessity, Effectiveness Proportionality, Minimization Beware Data Aggregation Federal Office of the Privacy Commissioner of Canada => Privacy Impact Assessments

Secrecy DND classifies sensitive information for national security, and to protect sources and capabilities Classifications do not match across organizations: Protected A, B, C and Secret, TS For Official Use Only (FUOU) emerging from US “Law Enforcement Sensitive” Non-sensitive data elements often embedded with sensitive information (like object level marking on docs) In public security, what is sensitive changes dynamically.

Policy When appropriate legislation exists, it is an enabler, example: Sec. 7 and 8, Privacy Act: classified/designated national security information may be shared with an appropriate department/agency based on: Need-to-know, which means the need for someone to access and know information in order to perform his/her duties, and Right to know, which means the legal authority, including the appropriate security clearance, to access classified information. Many organizations have their own policy and Standard Operating Procedure IT security policies inhibit direct connection by external users (air gap networks ‘to be safe’)

Technology Our workshop concluded that technology is NOT a barrier to information sharing. Multi-Level security solutions exist but there is a challenge to improve their efficiency. Data-centric solutions exist that may weaken the need for an air gap. One known weakness: Solutions that adapt to changes in sensitivity level

Culture Culture of Caution around privacy. As Canadians, we tend to be over-cautious on this, when in fact the impact assessment may permit the sharing. Well-functioning information exchange is often personality based (trust), so personnel change can close a path.

Aspects of the solution – Advice to Stakeholders Consider privacy early in projects: Privacy by Design Use the Privacy Impact Assessment to determine limits of what can be exchanged Exploit data standards, use of the National Information Exchange Model (NIEM) Combine Data-centric approaches with network protection Beware the Risks and efficacy in anonymizing data “enough meta-data and you don`t need the content”

Way Forward for CSSP Goal: Enhance success ratio of transitioning CSSP investments (which can be limited by info sharing issues) We need to support sharing and exploit best practices, avoid “one-offs”, promote data standards and a library of standard implementations Key Initiatives at CSSP: MASAS: Multi-Agency Situational Awareness System implements a single hub-and-spoke solution SAMSON: Secure Access Management for Secure Operational Networks demonstrates a data-centric solution integrated with existing corporate applications

Paul Hubbard Portfolio Manager, Border and Transportation Security Information Sharing: Barriers and Solutions Sept 9 Workshop Summary Presented to Armed Forces Communication and Electronics Association, Oct 7, 2014 Thank you and Questions