The Wages of Information Sharing Sin
What is worse than the Federal government having actionable confidential information that it doesn't share with state and local governments, even though that information could assist them? How about sharing that information only to turn around and find that someone has taken it and leaked it to the press? It is hard to imagine a better way to stop the flow of useful information from the Federal government.
Published by The Lawfare Institute
in Cooperation With
What is worse than the Federal government having actionable confidential information that it doesn't share with state and local governments, even though that information could assist them? How about sharing that information only to turn around and find that someone has taken it and leaked it to the press? It is hard to imagine a better way to stop the flow of useful information from the Federal government.
The Traffic Light Protocol (TLP) is a low-grade "classification" system that US-CERT uses for the distribution of information relating to potential cyber vulnerabilities. It formally applies to CUI (Controlled Unclassified Information) of the sort that is sometimes also called FOUO (or For Official Use Only). It isn't secret -- but it relates to internal government operations that, for any number of reasons, the originators of the information might want to avoid the public disclosure of. Within TLP there is a color system of Red/Amber/Green and White -- only the last of which is for completely public dissemination. Agreement to abide by TLP restrictions lies at the foundation of the public-private partnership for cybersecurity information sharing. The concept is so widely agreed upon that TLP is also used "by public- and private-sector organizations within Australia, Canada, Finland, France, Germany, Hungary, Italy, Japan, Netherlands, New Zealand, Norway, Sweden, Switzerland, and the United Kingdom."
The TLP:AMBER designation is used "when information requires support to be effectively acted upon, but carries risks to privacy, reputation, or operations if shared outside of the organizations involved." Accordingly, those sharing AMBER information require the recipient to agree to "only share TLP: AMBER information with members of their own organization who need to know, and only as widely as necessary to act on that information."
So ... how destructive is it that the FBI's TLP:AMBER alert on potential hacking of election data bases is now public? In this particular instance, maybe not so much. And perhaps this particular topic is one that is of especial concern to the public and ought to have been treated in a more transparent manner. But in the long run, the violation of this sort of trust agreement lies at the core of the Federal government's unwillingness to share with State and Local authorities ... and, the long-term consequences of this disclosure can only be bad.