Information Resources in Defense

A large defense organization is 24-7 interconnected with with various public and private organizations in sectors such as agriculture, food, water, health care, emergency services, defense industries, telecommunications, energy, transportation, banking and finance, postal, shipping, education, security, police and naturally defense components for land, sea and air.

The Cyberspace or the Global Information Grid is their nervous system, which is composed of hundreds of thousands of interconnected computers, servers, routers, switches, and fiber optic cables that allows critical infrastructures to be interconnected.

On the inside of this nervous system flows data- and information that are essential to operate weapon systems and to deliver adapted services. The quality of products and services are directly related to defense organizations ability to seek/find, capture, aggregate, fusion, adapt to user needs, manage, maintain, protect and share/exchange huge amounts of data and information in a very short time. In order to do all these things one must understand the structure, definitions, and content of data and information resources.

Focusing on something abstract as information is very hard. But as we are listening to our customer, we find out that their problems can be summarized to:

• Users does not trust information systems to be safe, they are uncertain of the quality of data and not sure if there is other relevant information elsewhere. They don't know if they have enough information, and on the same time users are overwhelmed of too much information. They are not sure if they will violate intellectual property rights, and has no idea on their own information responsibilities. They have problems with tracking data and information to its sources and no idea of how the information is classified, etc..
• The Chief Information Officer usually governs the use and development of Information Technologies and Information Systems through policies, strategies and plans. There are very few that has actually done an "information inventory", identifying the actual information resources that the organization is responsible for and their status. If you wonder, try to figure out how many registers exists for people-information (could be staff, salary, training, health care, customers, contractors, address-book, etc.) in your organization.!?
• It takes to much time and effort to build awareness and the needed funding for creating information related solutions. CIO organizations doesn't have that time. It's much easier and faster to get funding from developing and implementing new ground-breaking technical solutions.

But, there are a deep understanding within Defenses on the importance of information. Many of the new initiatives/programs/buzzwords usually has something to do with Information, like Info… Superiority, -Operations, -Warfare, -Quality Mgmt, -Assurance, -Security, -Safety, -Integrity, -Resource Mgmt, -Processes, -Migration, -Forensics, -Products & Services, -Models/Standards, -Architectures, -Fusion, -Integration, -Consolidation, -Classification, -Insurance, etc.

So, many initiatives and programs claims to have a genuine interest in information, but usually they are interested in using information to deliver a certain function, product or service. Their focus is more dedicated towards changing processes, creating new information systems, updating applications and migrating technology. This is fine, it’s great and it will help the Government with many things, but it does not solve the information problem.

Some program have had the mission to drive the IRM-issue forward and to foster tangible information solutions, like Continuous Acquisition and Logistics Support (CALS), Global Information Grid (GIG), Defense Information Infrastructure (DII) Common Operating Environment (COE), Net-Centric Data (& Information) Strategy, Enterprise Integrated Data Environment (EIDE), Focused Logistics Enterprise (FLE), Information Superiority and the Network Centric Initiatives, and many more.

The program (that we are aware of), which is closest to recognize information as a strategic resource is the commendable Net-Centric Data Strategy (NCDS), but that program has little impact on other information resources than those needed for Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR). The risk is great that NCDS will just cover the subset of enterprise-, people-, product- and geographical information needed for C4ISR.

The Net centric environment indicates that data and information will be communicated and shared with all the public and private institutions that were mentioned in the beginning, so this isn’t just a Defense problem. International standards must be used to enable the interoperability, management and security of all basic information resources.

Being Information Superior in the future, means that one must capture, interpret and utilize information faster and more efficient than ones competitors. This can only be done if the information is so well understood so it can be processed automatically. Everyone can transmit information at the speed of light, but only those who can go from information capture to a final decision at "no time", are truly information superior. The name of game in the future is automation.

What do we need to do? Understanding and improving on the quality of our data and information resources are essential. This can be a long and tedious effort, but it is well spent resources. A quality assured information resource, is something that builds trust, security and good-will. When information is well defined, then rules and triggers can be defined to handle automated processing. The first areas to be processed are quality control, updates, security checks, constraints, contextual controls, structural relations, authenticity and traceability.

Before that, Defenses must influence current IT/IS programs to re-focus some of their efforts on data- and information related problems. Funding must be secured for the Defense Information Governance, aiming for all services to have access to trusted, quality assured, secure and adapted data- and information resources.

Defenses can based on these resources create trusted and automated services (Service Oriented Architectures can't function without shared information), and they can in a controlled way share data- and information resources (interoperability) with users, partners, allies, contractors and vendors. Defenses will reduce risks (managing risk by managing information), reduce lead-times, increase quality in products and services, reduce costs, increase trustworthiness, confidence and reliance and increase the ability to learn from experiences and to predict future outcomes.

What is an Information Asset?

Information can be regarded as an Asset when it is used by an organization and adds value.

The information should be available and adaptable to changing user needs regardless of why, how, where and when it was originally created and independent of what, how, where and when it was intended to be used.

Information Assets contribute and add to an organizations value, due to careful management, storage, improvement, updates, changes, sharing and reuse over time. Information becomes an economical valuable asset because of the collected economical value it contributes with over time is higher then the costs for creation and life cycle management. Information Assets are different from other assets since information-assets don’t lose value or disappear when it is used.

By theory, an Information Asset can be used by any number of times, by any number of users, without losing in value. On the other hand, Information Assets can loose their values extremely fast. If information has no meaning or use, or if it's not actual, updated, accurate, or if it's not delivered in time, or if we can't trust the information anymore - then it has little value.

Information Assets are strategic when they fulfill strategic needs. Certain information is of strategic importance for an organization. A commercial company should have access to all information on their products and customers; government organizations must have information on legislation, economy, intelligence, geography, etc. An organization’s strategic information can be analyzed by looking at the interactions between the functions within the organization and external parties.

Information Assets can be measured, controlled and managed by using and creating adapted metrics from information dimensions such as:

• Source related dimensions; objectivity, factual, accuracy and consistency
• User dimensions; timeliness, completeness, value added, semantics, accessibility and understandability
• Maintainer dimensions; syntax, structure, representation, portability, uniqueness, security

Information Assets must be properly identified as important enterprise resources, and included in the accounting procedures, such as financial and annual reports. Managing and annually report on corporate information assets are today required for government and industry enterprises by various legislation and trade regulation, such as:

• Publicly traded companies must adhere to the Generally Accepted Accounting Principles (GAAP), and the Sarbanes-Oxley Act (SOX) related regulations and commensurate controls. Companies are committed to integrity in the reporting to shareholders and the prevention of insider trading. Corporations are committed to protect the privacy of personnel related information and they strive for individual accountability with information assets.
• Government organizations must abide to national legislation and regulation. For US federal (state and local) agencies must all abide to the Clinger-Cohen Act, to introduce an IT and Information Governance. The Federal Information Security Management Act, or FISMA requires federal agency compliance with information security best practices by mandating that federal security executives must follow stringent accountability measures. Under FISMA, the Office of Management & Budget is charged with setting policies, standards and guidelines for every agency's information security.

Proactive Law, an information issue.!?

This is an excerpt from the article "Proactive Law – and the Importance of Data and Information Resources", written by me for the University of Stockholm in 2005/2006.

Proactive Law is based on the notion of “do the right things first”. We should use computers to understand the mass of laws, rules and regulations, associated stipulations and dependencies.

Computers should also be used to understand my personal information that describes my needs and actions, and by combining the personal information with the current laws, be able to draw the best conclusions and provide me with recommendations, to “do the right things first”.

In a world where more and more functions will be handled by computers, Proactive Law will prove to be one of the best ways to enhance our quality of living. Proactive Law will introduce a new sense of justice among average citizens and build up a new trust in the rule of law.

Is this possible to do? This paper will address the problem area, and the opportunities we are facing. Proactive Law as it is presented here can naturally be done in less or even more advanced versions. A probable strategic development and implementation of Proactive Law might start with the current situation of managing paper and the need to turn it into something compatible with computer language, in accordance with the following changes:

1. Current laws, rules and regulations need to be cleaned up, quality-assured, digitized, simplified, translated and made available so average citizens can understand and act in accordance with the desired Legal Knowledge. This includes changes, where we will go from managing paper/documents to computer-interpreted rules and information objects.
2. Information on citizens needs to be integrated, quality-assured and managed. This will lead to a better understanding of the citizen’s current needs and activities, so authorities can support and aid with adapted services. This is a huge paradigm shift, which includes moving bits and pieces of data and information that is scattered around the government and integrating them into one comprehensive information resource.
3. Protecting citizens’ rights to privacy is essential for Proactive Law to become a success story. Instead of having numerous government organizations responsible for bits and pieces of data and information, which is a nightmare to manage, we should assign the overall ownership of his/her information to the individual citizen. Local municipalities would then assist and help citizens manage the integrated and quality-assured citizen information (see #2 above).
4. Absolute identification of physical and legal individuals is a fundamental pre-requisite in order to know which authority or person needs to be connected to which individual. Ensuring the identification allows us to entrust our tools such as information technologies and communication networks. This includes changes, where we will go from identification of computers and other equipment to identification of people.

So, what can be achieved if we now have access to legal knowledge, citizen information and we can handle personal integrity and security problems and we have identification of individuals? Let’s just browse through some future scenarios:

1. I am at my desk and through my computer I am connected to my friend Thomas. I don’t know his current pager number, phone number (home, hotel, work, etc., fax number, e-mail address, post address or mobile phone number, but I know his name and perhaps his personal-ID. Thomas can travel the globe and can assign his ID to a multitude of gadgets. As soon as he borrows a cell phone, his ID will be assigned to that number. In this manner, Thomas as a person will always be reached. If he is not attached to anything, then I can leave voice, text or video messages, that will be activated as soon as he attaches his ID to any communication gadget.
2. I have received notification from my new employer in Denmark that I am employed, and welcomed to start work on Monday 0900. Proactive Law systems will automatically update my CV with this new information, and they will guide the taxation authorities to update my tax-record and the rules for my IRS-report, like rules for deductible travel between Sweden-Denmark. Updated information will also be transmitted to my employer. The Social Security Agency will update its records and send information to Denmark that my Social Security will now be covered by the Danish Authorities. My Bank in Sweden is sending me a trusted e-mail, and asks if I would like to connect to my new employer, so salary can automatically be transferred.
3. I am writing a contract with an international supplier/contractor. During the process I am continually updated through the Proactive Law system on our corporate clauses and on international and national laws, rules and regulations, which will help me formulate the contract. The Proactive Law system guides me also through the maze of import rules, customs documentation, money transfer, accounting, etc.
4. I am a local chief for the Emergency Trauma Team, and I am guided by the Proactive Law system on how to receive reliable and trusted information on patients, their blood types, allergies, current medication or medical treatment, insurance coverage, language, next of kin and other information. Here the Proactive Law system will function as a security-portal, in order to abide by information security regulations to protect citizen’s individual integrity.
5. I’m going to buy a new car, and the regulated “paperwork” is managed through the Proactive Law systems. The national car-register will automatically be updated, and if I am buying a vehicle that is restricted in some way, then the appropriate “forms” will be managed. I can be connected to the local car dealer for follow-up services, and bank connections are handled.

To conclude: Information resources grow in importance and influence all areas and require multi-disciplinary support. The legal community is challenged with the possibilities of a “new renaissance” by being the driving force by changing the focus from IT to information, and should express the need to migrate the current legacy data- and information resources that enable Proactive Law services to support our citizens. The legal community should also be an advocate for an International Infrastructure for secure and trusted identification.

Remember – data and information is power, for those who can find/access, understand and make use of it. The legal community should also be concerned about how these new “resources” are managed and used. The quality of services and decisions are directly related to the quality of information.