Link to the home page.
Print from PDF version
 

The Joint Task Force (JTF) Model

Introduction

It is often appropriate to combat a common threat by assembling a joint task force. The joint task force is typically made up of specialists from a wide variety of justice organizations within single or multiple jurisdictions. This model is represented conceptually in Figure 3-1.

Figure 3-1: The Joint Task Force Model

The task force model simplifies some of the problems associated with securely sharing information. The member specialists can be “cleared into” the task force by verifying that they meet predefined security background requirements. The task force members can define appropriate security rules independently from participant organizations. Within the operation of the task force, there is no strong need to accommodate the security practices established by each of the member organizations or to find a way to build “electronic trust” between the organizations. Instead, each participant organization must comply with the security policies and practices defined for the task force by the founding members.

However, there are many unique security challenges that typically accompany providing secure information sharing in the JTF model. In many cases, the task force is assembled rapidly, uses ad hoc facilities, and has limited access to information security expertise. Further, the task force needs a written security policy that accommodates the restrictions placed on information that is funneled into the task force from outside sources.

The flow of information in and out of the task force involves:

Information from member databases—Task force members will bring information or access to information from their home organizations. For example, if an agent from a federal agency participates in a law enforcement task force, he will have access to information in case files that may be pertinent to the investigation at hand. It is the responsibility of the individual task force members to ensure that the security policies governing any information that they contribute are enforced, since the task force uses that information. In addition, the task force may wish to provide computing facilities to store and access information and make it generally available to all task force members. These facilities must adhere to the policies defined by the original owners of the source information.

Information from private, state, and national law enforcement information repositories—The task force may establish its own access to centralized repositories, such as the National Crime Information Center (NCIC), Integrated Automated Fingerprint Identification System (IAFIS), and LexisNexis, to support research and analysis activities. Many of these repositories have detailed information security practices governing the access and use of their data resources. The task force security policy must accommodate the practices required by government and private information repositories to which it provides access.

Intelligence information exchange with local law enforcement groups—Information in local databases spanning a very diverse set of sources, such as police, fire, motor vehicle, utility, and tax records, may be required by the task force. The task force must honor the use policies established by each of the information owners. Often the security policies associated with locally owned and maintained information may not be as well-defined as those for national level databases. In some cases, security and use restrictions for this type of information will be driven by privacy concerns.

The objectives of the task force information security policies and practices will be to protect these information flows, as well as maintain the security and integrity of the data stored on task force computing systems.

Security Guidelines for the Joint Task Force (JTF) Model

Security can be a critical success factor in the mission of a task force. Information leaks and misinformation in a law enforcement task force, for example, can undermine otherwise well-planned and well-executed investigations and operations. The focus of the guidelines in this section is to create as secure an information systems environment as possible to support the task force mission.

Figure 3-2: Security Practices to Support Information Flow Into the Joint Task Force Model overviews some of the security practices and mechanisms that apply to the joint task force information sharing model. At the center of the task force information systems environment is a computer system dedicated to task force use. This system generally includes a “server,” providing database storage facilities, task force user PC workstations, and a local area network connecting the components and providing communications functions. Further, there may be workstations that are not connected directly to the task force server but provide access to external databases. Finally, there may be connectivity provided to public networks, such as the Internet, to further support communications, research, and analysis.

Figure 3-2: Security Practices to Support Information Flow Into the Joint Task Force Model

Figure 3-2 includes several security features that are geared towards secure information sharing among task force participants.

  • The LAN is wired, not wireless—Wireless network technologies such as “WiFi” provide a very convenient local area networking mechanism, particularly for the quickly assembled systems common in joint task force initiatives. Unfortunately, the level of security offered by current wireless products is typically not suitable for protecting justice information. It is too easy for unauthorized PC workstations to connect to the JTF network. In some cases, it is possible for PC workstations or laptops that are located outside of the physical boundaries of the JTF “data center” to access the WiFi networks. Encryption mechanisms used in WiFi networks typically do not have rigorous enough protocols to adequately protect shared justice information in this environment.
  • Laptops are not permitted to connect to the LAN—The JTF is typically a very dynamic environment. While some task force participants will prefer to work with laptop computers because of their inherent mobility, the laptop provides too easy a path for information to leave the confines of the JTF data center and increases the risk of access by individuals.
  • The connection between the server and the outside world is protected by a firewall and, in some cases, an IDS—The JTF server will likely need to provide access to external systems. If the external systems reside on private networks, the interface to the private network should be protected by a firewall so that information message traffic into and out of the JTF can be carefully monitored. If the external systems reside on public networks, such as the Internet, there is greater risk of exposure and potential for unauthorized access to the task force database. In that situation, the JTF information system managers should consider employing an IDS to monitor patterns of message traffic into and out of the JTF and further mitigate the risk of information system compromise.
  • There is an “air gap” between restricted/classified external information systems and the JTF server—There may be task force participants that can contribute intelligence and research information from classified or restricted access information systems external to the task force itself. It may be necessary to keep the PC workstations used to access such information physically isolated from the remainder of the JTF internal network. The specific requirements for handling access to restricted/classified network access will generally be governed by published policy for the specific network.
  • Virus and worm protection is carefully managed—Because individuals from different organizations man the task force, its computer systems are more susceptible to viruses and worms brought in from outside sources. All JTF PC workstations and servers should be loaded with virus protection software that is regularly updated. The information system manager(s) that administer the task force computer systems should periodically verify that workstations and servers are up to date with the appropriate software security patches. There are automated tools that can scan a network and report on the status of security patches in server and workstation software to help automate this important job.
  • Participants should be aware of the task force security policies—As new participants join the task force, they should be briefed on the policies and procedures for handling and safeguarding task force information.

Joint Task Force Disciplines

Identification and Authentication

The expected life cycle of the JTF will impact the mechanism and level of rigor that can be applied to identification and authentication—the procedures used to gain access to the task force databases and other information resources. In situations where the task force has a short-term mission (i.e., weeks or months) and staff changes rapidly, it may be difficult to manage I&A procedures that are any more complex than username and password. In this case, JTF computer systems should be programmed to accept only strong passwords (see Section 2-1, Something You Know—Passwords).

Task forces that have long-term missions can consider more rigorous authentication methods, such as the addition of a hardware token or biometric identifier.

Authorization and Access Control

In a large, long-term task force, a RBAC model may be appropriate. A role-based model would include predefined access privileges for groups such as sworn officers, intelligence analysts, federal agents, and district attorneys. Defining an appropriate set of roles makes it easier to add and delete new members and their privileges.

In some cases, the task force mission is better served by granting to a wide range of participants the flexibility to look at all of the collected JTF information. This situation results in there being a much smaller set of roles, perhaps only two: system administrator and user. An authorization policy in which there is a reduced number of roles places more responsibility on the task force participants to understand the sensitivity level of each piece of information and the appropriate handling thereof.

Security Auditing

The guidelines provided in Section 3-3 need to be altered to accommodate the JTF model. The typical short duration and the somewhat volatile population of participants make the use of security auditing difficult and less practical to implement. Realizing that security audits will often not be put in place, sponsors of the joint task force must pay particular attention in setting up security procedures and processes that are effective and easy to implement.

Intrusion Detection Systems

JTF models commonly start out as single networks, with one or more attached servers that house data that is available only to task force members. The need for intrusion detection should be based upon the sensitivity of the information being processed and retained.

More often than not, joint task force operations are quickly assembled to accomplish defined tasks over an established period of time or until special funding is exhausted. It is not unusual for all JTF members to be sworn personnel with limited knowledge of proper security practices. Task force budgets are seldom adequate to fund information systems personnel, and members are sometimes reluctant to involve nonsworn personnel, especially when data is highly sensitive.

It is not uncommon to have sensitive data on task force servers without the benefit of being protected by anything more than limited physical security. Basic security safeguards such as passwords, encryption, authentication, firewalls, and data backups are often not included. Intrusion detection, which today is not commonly included among the safeguards for criminal justice systems, would be a rare find in JTF configurations.

JTF participants often find that they are reentering information that is available (housed) in other systems or that they need access to information from other systems. These realizations can lead to requests for connectivity to other systems or asking trusted individuals to download needed information and manually transport it to JTF facilities. Both of these situations can place highly sensitive data at extreme risk.

JTF operations should not attempt to automate sensitive data without proper security safeguards being in place, such as intrusion detection. The necessary safeguards need to be determined by qualified information systems professionals.

Data Classification

The JTF should create a security policy that includes procedures for handling sensitive or critical information. Information collected by the JTF should be labeled as it comes in to indicate the appropriate confidentiality, integrity, and/or availability levels. As task force members and local law enforcement utilize the information, they will be made aware of the required security policies and procedures for the information, as indicated by the classification levels.

Since the JTF is made up of individuals from a wide variety of home organizations, each with different information classification rules, it is the responsibility of the members to ensure that any information they contribute from their home organization receives the appropriate security classification in the JTF.

Physical Security

The JTF should assemble in a location suited to providing the maximum physical security for information and equipment. If the task force has an established command post, measures should be taken to provide for security of information and equipment that will remain at the command post for the term of the joint task force. Measures should include, but not be limited to, building entrance security and room security.

Measures should be taken to secure information and equipment. Documents and electronic information brought to the task force by participating justice organizations and information generated by the joint task force should be secure from intrusion, damage, theft, and misuse. Measures should also be taken to properly dispose of sensitive information. Secure information can be obtained in a low-tech manner by someone simply going through trash for discarded paperwork.

The final physical measure should include protection against physical intrusion. With a joint task force, it is likely that numerous people unfamiliar with each other may flow in and out of the task force. Security measures should be taken to ensure that persons accessing task force information have been approved by a central command authority. There is also the potential for authorized task force members to be precluded from access to certain information unrelated to their particular assignment. All task force members should be on guard against masquerading or impersonation, which can occur when an intruder obtains a false identity by obtaining a task force user ID. Someone may be misled about the identity of the party he is communicating with for the purpose of obtaining sensitive information.

Critical Incident Response

The critical incident response deployment within a task force involves a shared responsibility among the participating agencies to protect the information resources of the task force entity. The establishment of a plan should involve training and coordination between participating agencies as part of their memorandum of understanding.

Many task forces adopt the security requirement of a single host agency by mutual agreement. Task forces should train task force members in the critical incident response protocols and procedures of the host agency, as well as additional familiarization with the host agency structure, lines of communication, and organization.

Local agencies within a general geographic area should prepare for the cooperative plan and review their response as a general practice. Many task force operations are ad hoc in nature and must be set up quickly in response to a developing crime problem. In this environment, the task force will need to adopt a preexisting plan because they will not have the time or opportunity to develop one once the task force is formed and activated. The lack of such a capability while in the midst of a high-profile task force investigation could have disastrous effects if the information resources of the task forces are compromised.

Disaster Recovery and Business Continuity

Since a JTF is often very short-lived, only the basic disaster recovery procedures may be needed, such as computer backups and designation of an alternate work site.

Public Access, Privacy, and Confidentiality

The JTF must create a security policy that includes procedures for handling information subject to privacy laws. Information collected by the JTF must be labeled as it comes in to indicate its privacy requirements, such as obtaining the subject’s consent before disclosure outside the justice system. As task force members and local law enforcement personnel utilize the information, they will be aware of the restrictions in use and dissemination and the required security safeguards for the information indicated by the label.