Tampa tests software to spot security risks

City of Tampa, Fla.

Tampa, Fla., could serve as a model for how municipalities can better protect critical physical and information assets while sharing emergency and threat analysis information with states and the federal government.

The city, with a population of more than 300,000, is home to a major tourist attraction and draws more than 2 million visitors a year. It has the seventh largest port in the nation. MacDill Air Force Base, which houses U.S. Central Command and U.S. Special Operations Command, is next door. And Crystal River Nuclear Plant lies just to the north.

Although information sharing with utility, port authority, Air Force and other officials improved after the Sept. 11, 2001, terrorist attacks, Tampa still lacked a basic risk management plan to maximize protection of its physical assets, said Bennie Holder, a former Tampa police chief who retired this fall.

"We did not have a centralized database where we could go to and pull up a critical infrastructure that we thought perhaps needed to be looked at in case of a terrorist threat," he said.

Tampa officials scoured the landscape for available technologies that assess potential threats and manage assets. Their search led them in late 2001 to a product called Site Profiler, which Digital Sandbox Inc. was in the early stages of developing. Federal agencies were planning to test the software program with other public-sector organizations, most notably the Port Authority of New York and New Jersey, but not with cities.

During discussions with officials at the Justice Department, Tampa officials submitted a proposal to become a test bed for the technology and one year ago was awarded $300,000 to test it.

"I think Tampa has, fortunately or unfortunately, everything that you can look for if you wanted to see how you can set up a defense, so to speak, against terrorism," Holder said.

Founded in 1998 with an initial $5 million investment from the Defense Department, Digital Sandbox of Reston, Va., has put five years of research and development into its product. In addition to the Port Authority, New Jersey state police and some federal agencies are testing or using the system. The company plans to market the product to the commercial sector early next year.

Bryan Ware, the company's chief executive officer and director of technology, said the system links disparate and real-time information from various sources for a holistic, and somewhat predictive, strategy on potential risks. It also allows municipalities or agencies to select countermeasures, develop plans and monitor their readiness.

"It's one thing to know what your problems are; it's another thing to suggest or implement an executable solution," he said. "The general concept for information sharing is, 'Let's connect all these people and exchange all this information they have.' Hypothetically, if that happened, you'd have so much information, you just can't read it."

The system's underlying algorithms and analytics help determine the highest threats, most critical assets and most vulnerable assets by continuously analyzing data from multiple sources.

Anthony Beverina, Digital Sandbox's chief operating officer, said the system provides officials with the ability to explore what-if scenarios on risk mitigation options and also develop more structured plans to respond to increasing threat levels.

Although there are no standards for measuring risks, Site Profiler accounts for different terminologies to describe threats and vulnerabilities, Ware said. The result is greater awareness and operational readiness for stakeholders.

"We put the right information in front of executives so they can make the right decisions," he said.

Richard Jacques, a senior program manager with Justice, said the Homeland Security Department's Office for Domestic Preparedness, to which he's been detailed, is evaluating Site Profiler at the Port Authority. Authority officials began training with the software this fall.

"When you have an infrastructure such as that of a port, where you have airports, commuter train systems, shipping, bridges and tunnels, and so forth, they are obviously potential targets for critical incidents," he said. "Basically, our interest is finding technology that can enable an organization, such as a port authority, to examine their assets from the standpoint of risk and vulnerability. In other words, which of these assets are most likely to have the greatest likelihood of an attack?"

Various data sources will feed information into the system, enabling the port authority to look at its existing resources to better focus attention on the proper security and responses.

In evaluating various technologies, officials will provide an impartial review of capabilities and report their findings. In general, evaluation criteria include interfacing with existing legacy systems; amount of user training required; installation, maintenance and upgrade costs; and interoperability, among other things, said Jacques, who added that the agency is planning to evaluate similar software systems, too.

***

Site profiling

Digital Sandbox Inc.'s Site Profiler risk management software suite has three components:

* Assessor — Software that enables assessment teams to capture information and data to analyze risks to facilities.

* Enterprise Server — A Web-based system that gives emergency and operations managers a holistic view of their security information. Users can mine data generated by assessment teams, enter and distribute threat information, and track historical incidents.

* Blast Effects Model — A tool that creates 3-D models of facilities or cities, including buildings, areas and natural features. Assessors can use tools that simulate the impact of blasts and weapons of mass destruction to analyze threat scenarios.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group