Webinar presenters Katherine Escobar, Michael Phillips, Paul Wormeli, and Kate Silhol answered a number of your questions after their presentation, Empowering Information Sharing: The Rise of NIEM. Here are just a few of their responses.
Audience Question: Is Mexico being included in the international part of this?
Paul Wormeli: They have been, and it’s not necessarily as strong as we’d like, but they have been involved. There was a joint effort created between Canada, the US, and Mexico, involving the CIOs of all three countries to develop information exchanges about stolen vehicles that were based on the involvement of all three countries and coming up with a NIEM conformant standard. That pilot project was undertaken and there was support for it. I don’t think it’s really been continued as it should. Katherine, do you have anything to add about Mexico?
Katherine Escobar: The approach is to reach out to Mexico’s Chief Information Officer (CIO) as well as counterparts in the United States and Canada to explore areas of cooperation. Each country has formerly established NIEM exchanges, and both Mexico and Canada initiatives are expected to advance and grow as evidenced by the recent stand-up of the NIEM International Human Services Domain under Canadian stewardship. Canada is looking to enhance and elaborate on NIEM exchanges in partnership with Mexico, and we are working toward making NIEM more approachable globally to non-English speaking communities by offering NIEM in French and possibly Spanish as first steps. While we continue due diligence in advancing internationalization, we are headed in that direction.
Paul Wormeli: And I know that there’s strong interest from the operational folks and law enforcement in all three countries to have that tripartite information exchange in place, not just for vehicles, but for weapons, and even bullets.
Audience Question: Would you recommend using NIEM to help gather data from multiple agencies into a statewide central reporting data warehouse?
Paul Wormeli: Absolutely. Yes. That’s been done by a number of states for various purposes. When the FBI started to build out its NIBRS reporting requirements, and implement the standards, they included all the NIBRS data components into NIEM, and then built an IEPD to have a standard for the states to meet and submit data to the FBI. But many states have created a NIEM conformant exchange where local agencies report their NIBRS data to the state. And that makes a whole lot of sense. The FBI was a little slow to adopt XML, but now they’ve done that so it’s easy for the states to create a tailored IEPD for agencies within their state, and then make the modifications to forward that onto the FBI. So, that’s absolutely a strong way to do this, and a very useful way to save a lot of money. If the state agrees to lead the way in creating a standard like that within states, it saves a ton of money on the part of local law enforcement and having to tailor responses to multiple different formats.
Michael Phillips: I’ve seen recently that you’re starting to see some alternatives. There’s pushback on the central sub-region. That, through gateways, you know that you put in front of, say, 50 different systems. And then you can do a query that says, “Give me this information about Joe Blow.” And it sends the query out to all those systems, in the NIEM format, and they respond and send it back in real-time. And you get a real-time result. You know, now it may not be as quick as if you had one central database, but we have seen some success in that. If you’ve got appropriate bandwidth, it is possible.
Audience Question: Are you aware of any open-source or vendor-developed cyber threat intelligence sharing platforms that have developed NIEM-based transaction adapters or integrations?
Paul Wormeli: I don’t have a good answer to that, Kathryn, do you?
Katherine Escobar: Currently, no open-source or vendor-developed cyber threat intelligence sharing platforms are operational that have developed NIEM-based transaction adapters or integrations; however, Department of Homeland Security (DHS) under the auspices of the Cyber and Infrastructure Security Agency (CISA) is currently sponsoring such developmental efforts. Through grant funding, DHS CISA has solicited organizations to build just such cyber reporting exchanges for incident reporting. The following points-of-contact can provide specifics on these initiatives:
- Juan Gonzalez (CISA), firstname.lastname@example.org
- Stacy Wright (Cybercrime Support Network) email@example.com
Additionally, NIEM Cyber Domain under CISA stewardship continues to advocate NIEM cyber initiatives broadly including those focused at state, local, tribal and territorial constituencies.
Paul Wormeli: This is being done under the auspices of the cyber domain for NIEM which is run by the DHS CISA organization, and they’re very eager to respond to the needs of state and local governments. So, the more we can express those requirements back to the CISA to really determine what’s most useful to state and local, tribal, territorial levels, the sooner we’ll get answers to those kinds of things. So, I encourage you to write to Katherine or Mike and I, submit your needs, and we’ll follow up and see what kind of programmatic responses are possible.
Audience Question: Where and how does NIEM fit in from a software development standpoint? Is it only relevant once we start coding or should it be part of the requirements and analysis?
Katherine Escobar: NIEM fits squarely within the requirements and analysis phase of software development projects both in terms of framing and assessing use cases and the overall value proposition for the project as well as determining technical features to support acceptance and subsequently design decision tradeoffs. NIEM considerations are key for the interoperability between any two entities. While its utility is demonstrated intra-agency, it is particularly useful for inter and intra exchanges within and between large Federal departments such as DoD and DHS, the interagency, international stakeholders, and state, local, tribal, and territorial partners. As described previously, NIEM mitigates the N squared problem when communicating between multiple, unique agencies through standardization.
If during the requirements phase stakeholders can agree to a common syntax and semantics for information exchanges, economies in terms of cost, risk mitigation, and efficiency are realized in the programing phase.
As a contemporary example, Nlets frequently employs focus groups in their requirements and analysis processes to determine what types of data are required to support a particular exchange.
NIEM offers opportunities for Information Exchange Package Documentation (IEPD)/Message Specification re-use. Before starting with a blank sheet in developing a new NIEM specification, consider whether an existing specification can be exploited or adapted to satisfy requirements. For example, if the GTF NIEM standard satisfies requirements in the area of criminal history, then re-using the specification simplifies development considerations.
Audience Question: Does the NIEM human services community include hospitals and care facilities? —- is a problem for law enforcement?
Katherine Escobar: The major focus of the NIEM U.S. Human Services Domain under Health and Human Services (HHS) stewardship is centered on children, family, and youth services. The Children’s Bureau works with state and local agencies to develop programs that focus on preventing abuse of children in troubled families, protecting children from abuse, and finding permanent placements for those who cannot safely return to their homes. Going back to 2009, HHS Children’s Bureau identified the need for data exchanges between courts and child welfare agencies. NIEM provides a comprehensive framework for structuring the data exchanges so that each state can begin with a template, rather than having to start from a blank slate. Another implementation assists interstate child adoptions and supporting administration and paperwork.
In September 2021, NIEM established the International Human Services Domain under Canadian stewardship. So gradually, NIEM’s footprint in the Human Services arena is expanding.
NIEM is exploring greater partnership into the health side of HHS. Domains such as justice, screening, and emergency management are finding a greater need to standardize how they handle healthcare elements and information. NIEM is not trying to replace or duplicate existing standards such as Health Level 7 (HL7). Instead, NIEM can be a complement. So where, for instance, in the law enforcement or justice arena, where specific health standards may be lacking, organizations could use NIEM in complement with HL7 to create those standards.
If there are parties interested in building a use case around that scenario, NIEM can help you build out message specifications to implement exchanges.
Most recently, the Veteran’s Administration is looking to augment NIEM in its health space as well.
So, if you have a specific use case, let’s talk.
Paul Wormeli: There are actually two domains that really apply to your question. Technically, there is a health domain that the CIO for the Department of Health and Human Services agreed to support, and the Human Services domain, also, from HHS, and they haven’t been as active as we would all like to see in the last few years. But there are data elements in the NIEM model that describe the medical and health care, as well as human services issues, and there are IEPDs that have been written, particularly in human services, as Kathryn mentioned, the NIECE IEPD. But they are certainly interested in expanding on that. And that’s one that, as Kathryn said, we’d really like to see some pilots go forward to improve that.
Audience Question: How are updates to the model handled? Will we need to keep updating our interfaces as NIEM releases new versions?
Katherine Escobar: It is not necessary to upgrade interfaces each time NIEM releases an update. If for example, an organization builds an email exchange in version 3.0, that exchange can continue to function without implementing the next release. However, if you intend to add additional functionality, NIEM encourages the implementation of the current release.
For instance, as we move into the new and future meta-model versions of NIEM, and you want to leverage supported new technology, like AI, or overlay ontological representations of the model, then you should consider updating. But otherwise, you can retain an earlier version to support your existing exchange.
The NIEM Business Architecture Committee (NBAC) works together along with the domain stewards to manage Core and unique domain content. Each domain is responsible for its organization and the content therein. As part of the release process, domains, the NBAC, and developers for a team which conducts a review and harmonization of existing and new/ proposed model content. If new content is identified for a domain or NIEM core, it would be submitted for consideration during harmonization. The harmonization team would examine the request and adjudicate any conflicts. There are over 13,000 elements in the model, and it’s continuing to grow as we bring on new domains and adopters.
Audience Question: Do you have any tips or recommendations on referencing NIEM for DOJ COPS Office grants and other federal grants for innovation?
Paul Wormeli: Yes, there has been some language that was used by DOJ and DHS requiring that you use NIEM if you’re going to be applying for a grant that involves information sharing. Those are special conditions that were still there. But I think as a tip since DOJ and DHS were both heavily involved in the origins of NIEM, committing to use NIEM as a tool in the development of your information sharing components in your get you a more favorable view of your application.
Click Here to Watch a Recording of Empowering Information Sharing: The Rise of NIEM.