Security key to DHS' initiative to share information with foreign nations
But exchanging data to stop terrorist attacks doesn't always involve network databases, some experts say.
An agreement between the Homeland Security Department and Israel is the latest in a series of international partnerships to improve aviation security through information sharing, but some experts warn DHS must ensure sensitive data is not easily accessed.
Secretary Janet Napolitano announced on Tuesday that DHS has signed a memorandum of understanding with Israel on Tuesday to enhance information sharing on civil aviation security incidents and to ensure coordination between the two countries in response to potential acts of terrorism and other public safety emergencies.
"The real-time exchange of information with our international partners is critical to our efforts to enhance overall global aviation security," Napolitano said in a released statement.
The agreement with Israel, which was at least partially inspired by the Christmas Day terrorist bombing attempt, follows similar partnerships with members of the European Union.
Although details of the memo can't be discussed, a DHS spokesman said Napolitano noted in February at the International Conference of Data Protection and Privacy Commissioners in Madrid that maintaining strong privacy protections was an essential part of the United States' commitment to international partnerships in aviation security.
Privacy is not the only threat that DHS and international partners must consider as they enhance information sharing, according to Tom Kellermann, vice president of security awareness at Core Security Technologies and former senior data risk management specialist for the World Bank treasury security team.
"Nonstate actors and terrorist groups are mobilizing in cyberspace," he said. "The virtual arms bazaar of hacking capabilities forces the United States and Israel to implement true defense in depth strategies" that include penetration testing of applications that feed data to international partners, two-factor authentication and techniques to verify the identity of anyone accessing network applications, and enhanced dynamic forensics for identifying potential intruders.
Any assumption that information exchanged between the United States and international partners involves such network-to-network connections is inaccurate, said Dale Meyerrose, vice president of cyber and information assurance at Harris Corp. and former chief information officer for the Office of the Director of National Intelligence during the Bush administration.
"We've been exchanging information with Israel since 1948," when the country gained independence from Palestine, he said. "With every country, we had a way of exchanging all kinds of information -- whether military or diplomatic -- in a protected fashion, and I'm quite sure DHS will do the same in this case. This is a positive step; we want [governments] to enhance their abilities to pass stuff back and forth. But to make the leap of logic that says, 'We'll share information, so you'll look at our databases,' is too broad of an assumption."
Alan Balutis, director of the business solutions group at Cisco Systems and a former chief information officer at the Commerce Department, agreed many techniques for information exchange are likely under way: "Wouldn't you assume much of this is going on now but without public knowledge? That said, we have already seen evidence of European hesitancy over U.S. information policies and demands."
NEXT STORY: Army Wants You to Develop Apps