For decades, the United States has wrestled with the dual challenge of classified data leaks and the need to swiftly share sensitive data with those who have a legitimate need to know. As recently detailed in the Washington Post by David Ignatius, and in the New York Times by former NSA General Counsel Glenn Gerstell, the problem remains front and center.
As U.S. government officials during 9-11, we both observed firsthand how intelligence reporting has become a conundrum: Either we strictly curtail data transmissions to prevent leaks, or we share that data more broadly across silos within government to prevent harm to our nation and our troops. Our experience in 9-11 demonstrated the costs of too little information sharing. The high-profile Discord Leaks illustrate the damage caused when information access gets granted too broadly, where someone with legitimate credentials (but without a need to know) accesses sensitive data that's subsequently leaked.
The solution to this conundrum lies in transitioning our information governance to zero-trust and data-centric security (DCS) controls.
Zero-trust assumes that no devices, users, or networks are automatically trusted, and that users are verified before being granted access to specific resources. This approach helps to reduce attack surface and minimize the risk of insider threats and unauthorized access to data. DCS prioritizes protecting the data itself rather than just the perimeter of the network. This approach entails encrypting sensitive data, controlling access to it, and monitoring its usage to detect any suspicious activity.
Combining these two security approaches creates a more resilient system that enables efficient information sharing on a need-to-know basis, simultaneously protecting national secrets against evolving threats.
The need for zero-trust combined with data-centric security
Embracing zero-trust security practices alone will not solve our country’s information sharing conundrum. Why? Because protecting sensitive information that we possess internally is very different from protecting sensitive data that we must share externally with coalition partners.
DCS needs to become tightly aligned with zero-trust security to enhance its outcome. DCS prevents data leakage and fosters data sharing by enabling the dynamic, real-time control of sensitive information based on specific attributes like clearance level, job function, and location. A critical element of DCS, attribute-based access control (ABAC), ensures that only those with a legitimate need-to-know can access sensitive information.
Furthermore, the adoption of open standards such as the Trusted Data Format (TDF) can further enhance our DCS capabilities. TDF, an open standard for secure encapsulation of sensitive data, lets organizations maintain control over access and usage while ensuring the integrity and confidentiality of their information. Together, DCS, ABAC, and TDF can create a granular yet dynamic approach to information sharing, fostering collaboration without compromising security.
Making real-world progress
DCS and ABAC are effectively being implemented today within DOD, facilitating secure collaboration between DOD Combatant Commands (COCOMs) and mission partners such as the U.K. Ministry of Defense and Australia.
For example, the Bold Quest exercises, run by the U.S. government and coalition partners, are designed to enhance interoperability, communication, and data sharing among global partners. DCS ensures sensitive information gets accessed only by individuals with the appropriate clearance level and a legitimate need to know. These successes demonstrate the potential of DCS to protect classified data broadly across the DOD, the intelligence community, and the defense industrial base.
Where we go from here
With the underlying technology validated, the U.S. government must take the following measures:
- Step-up zero-trust deployments with DCS. The White House Federal CIO and DOD CIO must prioritize the implementation of ABAC, open standards, and TDF benefits in the follow-up to broader zero-trust and other strategies already codified. Current zero-trust efforts are insufficient.
- Embrace accepted standards. The White House should promote efforts such as the National Institute of Standards and Technology's (NIST) working group on data-centric security and classification to drive unified data tagging standards across government and industry.
- Encourage public-private sector collaboration. The federal government should encourage collaboration between the public and private sectors to develop and implement DCS solutions that incorporate ABAC and TDF, guided by the NIST working group's expertise.
- Actively promote DCS integration. Government tech leaders should focus on the integration of DCS into the tools used daily by individuals with access to classified information, with a focus on interoperability and open standards. These products are available to deploy today, so agencies don’t have to wait: They can reduce risk starting now.
Our call to action is clear: Government agencies, private-sector organizations, and stakeholders must come together and focus investment in areas where we can move rapidly to solve the clear and present problem. Together, we can not only embrace zero-trust security controls to protect data that we possess – but we can also embrace DCS controls to protect sensitive information shared with colleagues and partners.
Michael Chertoff, co-founder and executive chairman of the Chertoff Group; John Ackerly, co-founder and CEO, Virtru
Chertoff was Secretary of Homeland Security from 2005-2009; Ackerly served as lead technology policy advisor at the White House National Economic Council and was the Policy and Strategic Planning Director at the Department of Commerce. Both men served during the administration of President George W. Bush.
