SBU: Sensitive But Unclassified


The next panel is on "Sensitive but Unclassified (SBU): Agency Network Partnerships" by Miles Matthews (DoJ) and Leonard Starling (DISA). The Global Justice Information Sharing Initiative has buy-in from eight Cabinet members and brings together four separate non-classified information systems using by law enforcement agencies at the Federal, state, and local level. The technology is simple: VPNs and closed networks. The goal is to have single sign-on and a common encryption system. The applications are similarly simple: email, chat, mailing lists, newsgroups (NNTP), and websites. Governance is through a set of cross-certification agreements.

The system connects LEO, RISS.NET, OSIS, and OpenNet along with two other smaller, non-IP networks. LEO (Law Enforcement Online) is the FBI system. RISS.NET is a local and state system. OSIS is the Open Source Information System, an intelligence community VPN. I think "open source" in this context refers to access to unclassified information. OpenNet is a State Department system for SBU information. One of the neat features is a 50 million record database of visa application data. The only requirement for connectivity is Internet connectivity and access to the VPN. The network allows anyone on the network to create newsgroups for specific topics. The groups might be long-lived or event-centered.

In the integrated system. Filing a query to RISS.NET, for example, will return pointers to other resources on all four systems that are relevant. Single sign-on allows the user to use resources on all four system to gather intelligence, communicate with other interested parties, and create special interest groups about an investigation.

This is a great example of how single sign-on can facilitate cooperative data exchange and increase an individual's reach. The primary means of integration in this system was to integrate the user databases for the four system so that the users are linked in email, chat, mailing lists, and newsgroups. The other component was a means of telling users about resources available to them on other systems. This isn't done with a general purpose web page, but in a personalized way as the result set for specific queries.