Above all, people working in the military intelligence and other national security situations get things done when they collaborate. Full collaboration requires a sharing of data in multiple forms, and that’s, of course, where the challenge always comes in.
Despite good intentions, everyone in a work group, unit, mission or even bureau, usually doesn’t have all the same level of clearance. Some may be working in a SCIF. Others may be at home teleworking. And sometimes collaborators are from different nations.
Agencies must balance all of these needs and still get their missions done.
Bill Anderson, the principal product manager at Mattermost, said generally speaking, collaboration is easy until an organization applies specific rule sets to the people and the data.
These rule sets range from the straightforward laws and regulations like the Federal Records Act or the Privacy Act to more complex requirements around document markings like controlled unclassified information (CUI) or secret or top secret.
“We think about a common architecture and what administrative rights exist. What happens when you’re collaborating in a channel, and it’s IL4 or 5 so it’s not critical, but somebody posts something in that channel that comes from a higher classification level. Well, a good collaboration platform thinks about stuff like that,” Anderson said on Federal Insights: Secure Collaboration. “It thinks about the ability to have the user’s flag it and go, ‘I don’t think that should be there.’ They can have it quarantined and removed right away, and have a record of who actually was in the channel that saw it, so that the security folks can come through and mitigate any potential problems. Then somebody on the security side can look at the document and say whether or not it’s classified or even allowed in the channel. So even within a single organization, what starts as a simple question actually becomes complex pretty quickly.”
Identity management underpins the platform
For all of these complexities that can come into place, security tools that use zero trust principles, especially attribute based access control (ABAC) become key capabilities to make secure information sharing happen.
Anderson said platforms must use open application programming interfaces (APIs) and other open architecture concepts to easily interoperate to perform low-level authentication verifications with Active Directory.
“You don’t have to manually replicate a set of rules because if you try to manually replicate anything, it doesn’t scale. It takes too much work, and people just don’t keep it up to date. So instead, the idea is do it once have an authoritative source in one place where it makes sense, and then propagate that through the use SAML groups to define rules for access,” he said. “Then, you use lightweight directory access protocol (LDAP) to update credentials as they change.”
Anderson said Mattermost recently helped out the Air Force’s Air Mobility Command with their logistics operations through the Platform One service.
He said airmen had to communicate around everything from inbound and outbound flights to the weather forecast to cargo deliveries to diplomatic requirements.
“All of that has to come together to make a decision. They used our structured processes, our collaboration and the security, which of course is tantamount,” he said. “They did a really big collaboration exercise with allies, called Mobility Garden. It’s a recurring readiness exercise. They had United States, UK, Canada, Australia, New Zealand, France and Japan so about 15,000 people taking place in the Pacific, which is in just an enormous physical area. What they were doing was integrating with all those allied forces to do airlift, aerial refueling, aeromedical evaluation, humanitarian disaster assistance exercises. It’s largely unscripted and that’s intentional, so that they can then figure out how their tools work, and how their people prefer to work.”
Metrics for success
The exercise also helped the Air Force and allies test their tools in a degraded operating environment.
Anderson said there also was a lot of document sharing where data security was a top priority.
The Air Force looked at several metrics to measure the success of the collaboration and sharing.
“The first one was did it work? Did the exercise meet its overall goals? Yes, it was an extremely satisfactory exercise. Could we actually allow the airmen and our allies to interoperate and communicate? That’s the big one,” he said. “Then we refined the metrics and asked what was the throughput and how many messages could we handle per second? That sort of thing is not information that we’re allowed to share because of the sensitivity of the actual operations.”
Going forward, Anderson said the integration of artificial intelligence capabilities into the collaboration platform will help agencies make decisions faster based on better data from more sources.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
