A pair of former U.S. government executives told a gathering in Washington, D.C., Wednesday that data sharing among agencies responsible for any aspect of antiterrorism must become a top priority following the Sept. 11 attacks.
And, they added, it must be done correctly.
Sandy Berger, National Security Advisor to President Clinton from 1993 to 1996, and James Woolsey, director of the U.S. Central Intelligence Agency (CIA) from 1993 to 1995, both spoke at the eGovernment Integration and National Security conference, hosted by integration software maker webMethods Inc.
The point of the gathering was to examine agency data-sharing on both a technological and a functional level. The conference revealed that integrating the disparate government databases and applications will be relatively easy, compared to the complex task of modifying policy to allow for secure information flow.
The problem goes beyond the basic politics of agencies protecting their turfs and budgets to issues such as statutory restrictions that forbid some information sharing between, for example, domestic law enforcement and the domestic intelligence community, said Berger, who is currently chairman of strategy consulting firm Stonebridge International in Washington, D.C.
Then there are security and civil liberty issues, particularly when it comes to organizations like the CIA sharing information, he said. And integrating all of these systems will no doubt require hefty investments by the agencies.
“These are all policy problems that we have to work our way through one by one,” he said, adding that these issues are not insurmountable and should be addressed immediately. “It seems to me that beyond the military and airport security, the first dollar I would spend if I were Tom Ridge would be on data integration.” Tom Ridge, former governor of Pennsylvania, is the director of the newly created U.S. Office of Homeland Security that is tasked with coordinating antiterrorism efforts among government bodies.
Data sharing among agencies must be accompanied by strict access controls, said Woolsey, who is now a partner at law firm Shea & Gardner in Washington, D.C. If a government-only system – such as the proposed GovNet network that would not be connected to the Internet – is created to store all information that anyone in the public sector can access, security would go out the window, he said.
“The problem is not everyone in the government is guaranteed to be on our side,” Woolsey said, pointing to former FBI agent Robert Hanssen who was convicted earlier this year of selling secrets to Soviet and Russian intelligence. Whatever system the government comes up with “has to solve the problem of security and (granting only) need-to-know access.”
It’s not just government technology systems that need revamping in the wake of the terrorist attacks, Berger added; greater information security measures need to be taken across the board.
“These (terrorists) will go to the most vulnerable parts of our system,” he said, which first were U.S. airports and now, with the rash of anthrax attacks being sent through the U.S. post, the mail system. “Cyber security is still a soft seam in our system.”
Despite the fact that the Internet “performed wonderfully” on Sept. 11, the Nimda virus that circulated shortly after the attacks proved that security needs to be increased, said Phillip Merrick, chairman and CEO of webMethods. “Nimda showed that there is a high degree of vulnerability,” he said.
When the Internet was first created, no one thought to fortify it against nefarious attacks, Woolsey said. “We’ve deployed networks that are interrelated…but no one gave a single thought to someone interfering with them intentionally,” he said. “The assumptions were we didn’t have to worry about vulnerability.”
Now that the threat of future terrorist attacks is clear and present, everything has changed, he said. “The world we knew in the 1990s is absolutely, totally, and completely gone with the wind.”