Automating Cooperation
When Hurricane Katrina knocked out electrical power across the Gulf region, telecommunications companies used gas generators to power telephone switches and kept the communication system online. They also hired private contractors to fuel the generators.
Not everyone cooperated, however. In one incident along the Louisiana coast, a Texas National Guardsman stopped a tanker headed down an access road toward a telephone switch and asked for identification. The driver produced his license and a letter from the Governor of Louisiana authorizing access. The Guardsman, probably inexperienced, thought for a moment and said, “I’m from Texas. The Governor of Louisiana is not my Governor. I will not let you pass. Please turn your vehicle around.”
Michael Butler directed the Access Card Office at the Department of Defense (DoD) and assisted the General Services Administration (GSA) for six months as government-wide implementation manager of the federal Personal Identity Verification (PIV) card program. As an expert on identity management and ID cards, Butler recently told a panel discussing Homeland Security Presidential Directive (HSPD)-12 about a group of physicians sent from the Department of Veterans Affairs (VA) to Louisiana to help in the aftermath of Katrina. Lacking credentials acceptable to the hospitals, the government physicians were denied access.
Such incidents highlight sticking points in the security wall that federal, state and local governments have been erecting since Sept. 11. In many cases (though surely not in all cases), the inability of people from diverse organizations to cooperate produces these sticking points.
However, properly conceived and implemented security technologies can overcome these problems and foster cooperation. Today, improved access control technologies, communications systems, mass notification networks and other technologies are solving a host of problems by enabling cooperation among diverse public and private groups.
Halt, who goes there?
On Sept. 11, a high-ranking Pentagon official whose office was located offsite was called back to the Pentagon to help out. On his way into the parking lot, he was stopped by the highway patrol and turned back. The patrolman could not validate the official’s Pentagon identification.
Presumably, today’s PIV cards would have prevented that problem. The official would have been enrolled in the system, which would also enable the card to grant access through all appropriate doors.
But what about the truck driver trying to refuel telephone switch power generators in Louisiana? And how about the VA doctors denied access to Louisiana hospitals? In one case, a public official — the Guardsman — denied access to a privately employed truck driver. In the other, a private institution — the hospital — denied access to employees of the federal government sent to help.
Why can’t truck drivers and other private citizens carry PIV cards? Why can’t hospitals and other private organizations install readers designed to fit the federal government’s Federal Information Processing Standard (FIPS) 201?
They can.
“People working on the HSPD-12 card project made an interesting discovery,” says Roger Roehr, manager of government vertical markets for Tyco Fire and Security in Boca Raton, Fla. “In the past, we always associated cards with privileges. But now we think of the card or credential as an assertion of identity.”
Moreover, credentials issued according to the FIPS 201 standards designed for PIV cards can very likely be trusted. By trusting the system behind the card, it becomes reasonable to issue privileges on the card.
Then, if a contracting company hired to refuel generators powering telephone switches issued FIPS 201 credentials to its truck drivers, the company could also arrange to grant access privileges to drivers. The National Guardsman would carry a handheld reader tied to a system that contains the privileges granted to the driver’s card, and silly arguments about whose governor takes precedence would not occur.
At the private hospital in Louisiana, card readers tied into a system that has recorded privileges for doctors arriving from other locations to help out would admit the VA doctors.
In short, today’s FIPS 201 standards and technology can foster widespread cooperation between public and private entities dealing with Homeland security emergencies.
FIPS 201 for video cameras and monitors
In the not too distant future, FIPS 201 standards may also tie together electronic devices from different systems. “The stars are lining up for video surveillance systems to share (remote) cameras and monitors,” Roehr says.
When a new U.S. President is inaugurated, (for example) the inaugural parade follows a certain route through Washington, D.C. Along the route, a number of commercial office buildings have mounted cameras on the outside of their buildings. The Washington, D.C., police may also have mounted cameras on public facilities to keep an eye on traffic.
The U.S. Secret Service, which is responsible for protecting the President, may soon be able to tap into the cameras operated by different commercial organizations as well as the cameras owned by the local police.
The first star has already lined up. Digital video makes it possible to connect digital cameras to the Internet to transmit video signals. The second star to line up will be an emerging technology called IPv.6. Currently, the Internet employs a communication standard designated as IPv.4. The problem with IPv.4 is that it cannot provide enough Internet addresses for all of the devices connected to the Internet. Many devices, including desktop computers and cameras, have private addresses that are good only inside of a company firewall. When data from these devices passes through the firewall, the URL changes to one that designates the entire network. This can make it difficult for a remote system to locate a camera inside a firewall. IPv.6 will solve the problem. Under IPv.6, Internet addresses will be long enough to accommodate every device in the world that needs its own Internet address.
“When that happens, I will be able to hang cameras with IPv.6 addresses on the side of my building and set up rules that will control how remote monitoring systems must identify and authenticate themselves to cameras,” Roehr says. “This turns the HSPD-12 idea around to authenticate electronic devices instead of people.”
When a federal agency issues credentials to employees, the agency follows a set of procedures that include a complete background check. Because reasonable people can trust the quality of that background check, other federal agencies will trust the credentials given to employees under the FIPS 201 system.
Roehr’s idea is to credential devices in the same way, by conducting a background check on this device, at this Internet address, in this location. Given a positive report, the device — say a desktop computer in the Secret Service security center — receives a credential that accompanies any data transmitted by the computer.
At the other end, the owners of cameras mounted on the outside of commercial buildings along the President’s route might sign up to allow the authorities to tap into their cameras when public safety demands it. Those cameras would be set up to grant access privileges from computers carrying trusted credentials.
The Secret Service would be able to monitor the inaugural parade route. The Washington, D.C., police department would be able to keep an eye on a demonstration. The fire department would be able to evaluate an incident and determine what kind of equipment it will need.
One more star will have to line up before the system will work efficiently. “Video uses a lot of bandwidth,” Roehr says. “Regularly transmitting a lot of video to the police department or other agency will tie up lines.”
The answer to that problem, continues Roehr, is already emerging in the form of microprocessor chips embedded with video analytics software. These chips plug into digital cameras, evaluate video, identify events such as a fire or a fight, alert the appropriate police or fire monitoring system and transmit a few seconds of video. Whoever is monitoring the system can request more video if necessary and decide what to do.
Emerging video technology will also promote private-public cooperation.
Cooperating communications systems
Incompatible communications systems prevented fire, police and other first responders from cooperating as much as possible on Sept. 11. As a consequence of those problems, Sprint-Nextel formed an Emergency Response Team (ERT) in the summer of 2002. “We contributed to the recovery efforts on 9/11, but we believed that we could have been more effective with a more organized approach,” says Matthew Foosaner, director of Sprint-Nextel’s ERT. The ERT stands ready to re-establish a communication network that has suffered a massive failure.
Four hours after Hurricane Katrina passed through New Orleans, Foosaner and his ERT had landed in Baton Rouge, La., and began building what became “Sprint City,” a command center installation that provided its own 400-kW power station, showers, restrooms, a mess hall, a medical installation, WiFi communications, 5,000 gallons of fuel, functional access control technology and leased helicopters. Sprint City’s population grew to about 350 people.
Katrina is the only natural disaster in U.S. history that caused a catastrophic failure of all critical infrastructures, including communications. When the New Orleans Police Department lost its land/mobile radio system, the Sprint-Nextel ERT deployed wireless phones and Satellite-based Cell-On-Light-Truck (SatCOLT) equipment, which provided the police with interoperable, tactical communications. The SatCOLT trucks stood in for damaged transmission infrastructure by bouncing signals off of satellites to reach unaffected cell and radio transmission lines.
Overall, the ERT equipped 7,600 first responders from more than 75 federal, state and local governments with interoperable handheld devices.
For example, the California Highway Patrol (CHP) sent 150 troopers in 150 CHP cars to assist in the rescue and recovery efforts. Their services were so desperately needed that they didn’t have time to set up their own land/mobile communications system. “We deployed 150 wireless communications devices, which enabled them to literally roll directly into the recovery operations and coordinate their efforts with other first responders,” Foosaner says.
The ERT also provided interoperable communications gear for secondary responders called in to dispose of trash and to rebuild energy, water, sewer, road and other infrastructures, helping private companies perform important public assignments.
Emergency public notification communications
The Federal Emergency Management Agency (FEMA) and Sandia National Laboratories of Albuquerque, N.M., and Livermore, Calif., are designing and testing a pilot alert and warning system they hope will improve on the current Emergency Alert System (EAS). Known as the Integrated Public Alert and Warning System (IPAWS), the system is being tested in several states on the Gulf Coast during this year’s hurricane season.
While EAS delivers audio-only messages over radio and television, IPAWS can send alerts by voice, text, e-mail, and video to virtually anyone anywhere, including those with disabilities or who do not speak English. FEMA’s aim is to deliver targeted alerts and warnings to more communications devices so everyone that needs to be can stay informed any time disaster strikes.
Sandia is working with emergency management staff in Alabama, Louisiana, Mississippi and New Mexico to understand specific message-targeting capabilities and needs, and various public alert and warning communication options for multiple communities of interest across federal, state, local and tribal organizations.
Among the innovations offered by IPAWS will be geo-targeting, the ability to alert precisely defined geographic areas. “There are technologies that enable geo-locating down to an individual cell tower,” says Ron Glaser, program manager for IPAWS at Sandia. “Your cell phone would ring, perhaps with a special tone, and you would receive a text message.”
According to Glaser, to receive cell phone, e-mail and pager alerts, members of the public must, at least for now, opt-in by signing up at a Web site and specifying the kinds of alerts they would like to receive.
By and large, the responsibility for emergency alerts lies with state and local governments. In the case of a national disaster, the President has the authority to bypass the states and warn the public, but if the emergency doesn’t rise to that level, the state and local governments must handle the alerts. Sandia and FEMA are creating the technical architecture for the system so that state and local systems will interoperate and communicate with federal agencies as needed. Once the architecture is established, the federal government will identify equipment that will interoperate across the national emergency alert network.
The new IPAWS system will include the deployment of an enhanced Web Alert and Relay Network (WARN) that provides emergency operations staffs with collaboration tools, public access Web sites and alert and warning notification facilities. WARN also includes an Emergency Telephone Notification (ETN) component that automatically calls all residents in a selected geographic area. A Deaf and Hard-of-Hearing Notification System (DHNS) that provides information to the hearing impaired using American Sign Language videos can be sent across the Internet and transmitted wirelessly to personal communication devices.
Millions of people employed by thousands of organizations contribute to the nation’s Homeland security endeavors. Access control, communications, mass notification and other security technologies are evolving to enable the cooperation such massive undertakings require.