USA — Cybersecurity Must Balance ‘Need to Know’ and ‘Need to Share’

WASHINGTON, Dec. 9, 2010 — Com­man­ders in the field under­stand the advan­tage that comes from shar­ing intel­li­gence and infor­ma­tion and they do not want to give up that capa­bil­i­ty, the deputy assis­tant sec­re­tary of defense for cyber and space pol­i­cy said in an inter­view here today.
Robert J. But­ler said shar­ing infor­ma­tion with­in the mil­i­tary, with coali­tion part­ners and even with out­side agen­cies will con­tin­ue, but there will be more con­trols placed on the infor­ma­tion.

The Wik­iLeaks post­ing of stolen clas­si­fied infor­ma­tion has high­light­ed the ten­sion between the strat­e­gy of “share to win” and the neces­si­ty to enforce “need to know.” Share to win refers to the idea of get­ting infor­ma­tion and intel­li­gence out to the per­son­nel who need it.

“Com­man­ders in the field rec­og­nize … it’s real­ly about coali­tion war-fight­ing, and it’s about shar­ing infor­ma­tion with part­ners,” But­ler said. This is true whether the mil­i­tary is involved in human­i­tar­i­an oper­a­tions or warfight­ing.

Shar­ing infor­ma­tion can range from the intel­li­gence and infor­ma­tion shar­ing the Unit­ed States has with tra­di­tion­al mil­i­tary allies to non-gov­ern­men­tal agen­cies. “They are part of the fight, they are part of the recipe for suc­cess,” But­ler said.

Need to know is the short­hand for how the depart­ment thinks about secu­ri­ty, But­ler said. “It’s about how infor­ma­tion is shared, who has the infor­ma­tion, for what pur­pos­es and for what peri­od of time,” he said.

But­ler does not see share to win and need to know as mutu­al­ly exclu­sive. “We need to share infor­ma­tion to win and we also have to be con­scious of the need to know,” he said. Afghanistan is an exam­ple of both con­cepts. There are 48 coun­tries in the coali­tion under NATO’s Inter­na­tion­al Secu­ri­ty Assis­tance Force. The Unit­ed States has the largest num­ber of troops in the coun­try and the largest intel­li­gence/in­for­ma­tion-shar­ing net­work. “We share infor­ma­tion at dif­fer­ent lev­els, based on the need,” But­ler said.

Infor­ma­tion shar­ing net­works range from local to nation­al in Afghanistan, he said. All are gov­erned by poli­cies that seek to bal­ance share to win with need to know. “Based on our agree­ments with coun­tries and their mech­a­nisms for how they con­trol infor­ma­tion, we look for ways we can bridge account­abil­i­ty with­in their work­force and com­man­ders with what we’re doing,” But­ler said. “In Afghanistan, where we have a joint task force and we’re work­ing on com­mon objec­tives, it’s clear what infor­ma­tion needs are. Those needs are trans­mit­ted down to sub­or­di­nate units and those will include coali­tion part­ners with infor­ma­tion require­ments that need to be sat­is­fied.

“We need to link the effects we want to achieve with an infor­ma­tion-shar­ing approach,” he added. The future will be more of the same, But­ler said. “What I see hap­pen­ing is an absolute recog­ni­tion that we have to share infor­ma­tion, and at the same time rec­og­niz­ing an increas­ing chal­lenge from the cyber threat,” he said.

DOD is tak­ing near-term steps to address that threat. Some of those steps include exam­in­ing the con­tent on the net­works and exam­in­ing the tac­tics, tech­niques and pro­ce­dures used. “A broad­er and longer-term per­spec­tive is an edu­ca­tion pro­gram –- one that helps them under­stand what clas­si­fi­ca­tion means, how infor­ma­tion is clas­si­fied,” he said. “Beyond the clas­si­fi­ca­tion scheme, who has access to infor­ma­tion?”

But­ler also spoke about role-based access. “You have this posi­tion, you have this mis­sion, and we expect your access to stay open through this time,” he said. “There are re-vis­it deci­sion points and there is account­abil­i­ty up the chain [of com­mand].

“There are also ways to look for anom­alies,” But­ler con­tin­ued, “so if some­thing hap­pens and we expect this indi­vid­ual to have access to this infor­ma­tion and that per­son is look­ing at some­thing else, that should set off a flag to look at the sit­u­a­tion. There may be a per­fect­ly valid rea­son for the anom­aly. But it could be anoth­er Wik­iLeaks sit­u­a­tion.” DOD is clos­ing the win­dow against poten­tial threats and poten­tial adver­saries, But­ler said, through tech­ni­cal retro-fit­ting, and through edu­ca­tion­al and account­abil­i­ty pro­grams. “This is part and par­cel of what it means to be a sol­diers, sailor, air­man or Marine in the field pro­tect­ing your­self, your com­rades and your entire oper­a­tion,” he said.

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

More news and arti­cles can be found on Face­book and Twit­ter.

Fol­low on Face­book and/or on Twit­ter