The end of the beginning
- By Dibya Sarkar
- Dec 05, 2004
The technology available for strengthening homeland security may very well be turning a corner in terms of scope and sophistication. That's what George Foresman and a number of other experts in the field believe.
Foresman, who is Virginia's top homeland security official, said that since Sept. 11, 2001, government officials nationwide have focused on "low-hanging fruit," such as tools to connect existing databases or quick fixes such as adding more video cameras to monitor secure areas. But now they are starting to look at the entire security landscape.
As "Winston Churchill said in , it may not be the beginning of the end, but it may very well be the end of the beginning," Foresman said. "I think we're getting to the end of the first phase, which is kind of America's visceral reaction to the events of Sept. 11 and what we need to do in the aftermath."
Officials in the federal government and, to a greater degree, at the state level are stepping back, taking a deep breath and looking at the big picture, he said. In essence, Foresman, whose title is assistant to the governor for commonwealth preparedness, is talking about architectural plans to prioritize what government officials need to do to bolster the country's defense against terrorism.
In the three years since the terrorist attacks, many security needs remain along borders, at airports and seaports, and for critical infrastructure. Law enforcement officials and emergency responders are receiving more training, and leaders are calling for better information sharing. Consequently, reliance on technology — such as surveillance cameras, environmental sensors, integrated databases, emergency messaging, and interoperable communications — has been heavy.
However, government officials must narrow their focus and concentrate on the scenarios that have the highest probability of occurring, experts say. Despite limited personnel, funds and other resources, a few critical issues must be addressed during the next year, they say.
Intelligence reform, better computerized analysis capabilities and the use of systems to exchange relevant and timely emergency data among federal, state and local law enforcement officials, public safety workers and intelligence agents have emerged as critical issues.
Interoperable communications — emergency responders' ability to talk with one another during crises — also continues to be a top priority. In addition, some analysts say that the need for better communication and interaction with the public about what to do during an emergency has been overlooked.
Other priorities include improving cybersecurity, more widespread use of biometrics, improved procurement vehicles for homeland security needs, more public- and private-sector technology research, and more first responder funding. However, some experts say technology will not help unless government officials first reform their management practices and processes to forge better relationships among agencies and individuals.
Intelligence and information sharing
Last summer, members of the National Commission on Terrorist Attacks Upon the United States, better known as the 9-11 Commission, ended their investigation into the 2001 attacks, concluding that the intelligence community must be overhauled to deal with new terrorism threats. It's an issue that dominated discussions in Washington, D.C., through the fall months.
"The ability to anticipate and prevent acts of terrorism is the No. 1 priority," said Stephen Millett, manager of the Battelle Memorial Institute's technology forecasts. "There's a huge IT infrastructure for intelligence and security. I think we're making stabs at it, but I see so much more that can be done."
Tom Cowper, a staff inspector for the New York State Police, said if homeland security is to be taken seriously, data-mining applications such as the Defense Advanced Research Projects Agency's controversial Terrorism Information Awareness program are needed. TIA, which was originally called Total Information Awareness, was envisioned as a way to anticipate potential terrorist attacks by analyzing patterns from a massive and wide-ranging database of electronic information.
Data-mining applications are "designed to take a bunch of disparate information and help you make decisions on it and draw conclusions from it and see where the patterns are," Cowper said.
Millett said data mining isn't the complete answer. Battelle researchers are exploring computer modeling and simulation, which Millett calls computational counterterrorism, as a way to get better information.
"We think that if we have a basic understanding of the terrorist organizations and how they work, we could model the elements and their interrelationships and come up with a prototype forecasting system," Millett said. "And then the modeling would lead us to ask the right questions to get the right intelligence and the predictions, which I expect to be very coarse and not very good at the outset. [It] will teach us to get smarter about who the terrorists are and how they behave."
In the same vein, Ernst Volgenau, founder and chief executive officer of SRA International, said data mining and text mining that takes advantage of publicly available news and information, as well as Web services-based technology for information dissemination, might be useful for tracking known and suspected terrorists.
Volgenau described a pyramid structure with the most dangerous terrorists at the apex. Subsequent layers would contain information on suspected terrorists all the way down to the base, which would hold data on people who have some tenuous ties to terrorists. He pointed to the Terrorist Screening Center — a federal initiative to consolidate a dozen watch lists and share them among authorized officials — as the best example of the use of data-mining technologies. But he envisions a more decentralized approach to gathering information, rather than a TIA-type system.
For example, an intelligence agent might pick up information through the news media about an individual in Pakistan who is advocating violence. U.S. intelligence officials would try to amass more information about him through open literature but would also use agents in the field to gather data on him.
"I think you could do a good job with computers in terms of processing all that stuff and thereby addressing the data glut problem that everybody's concerned about: being awash in data," Volgenau said.
Civil libertarians and privacy advocates may be right to raise flags about TIA-type systems, Cowper said, acknowledging that a lot of care will be needed to use this technology in ways that don't violate civil rights. But the protests of such groups have stifled development in data-mining technology, he added.
"You've got to be able to bring civil libertarians in and say, 'Look this is what we're trying to do and this is why,'" he said. "And I don't see a lot of dialogue there. I see a lot of push by homeland security folks and police to buy and have certain technologies, and I see a lot of civil libertarians opposing those things, and I don't see any collaboration between the two camps to try and come to an agreement on how we need to go forward."
Problems with radio communications between New York City police officers and firefighters contributed to the deaths of hundreds of first responders on Sept. 11, 2001. Since then, wireless communications interoperability — both voice and data — has emerged as a national issue.
Kay Goss, senior adviser for homeland security, business continuity and emergency management services at EDS, said it remains everybody's priority.
Goss, a former associate director for national preparedness training and exercises at the Federal Emergency Management Agency during the Clinton administration, said money is being pooled in many states, such as Colorado and Arkansas, to ensure statewide interoperability.
Most public safety radio systems are outdated and should be upgraded or replaced, but interoperability is a complicated issue at the technical and human levels, Cowper said.
"Up until the last 10 years or so, there hasn't been real priority for anybody to communicate outside their own agency," he said. "But increasingly in the Information Age, we have realized that it's critical that we communicate not only internally but externally as well."
New York officials also are deploying a statewide network that includes local officials, but such projects are usually expensive and take a long time to become fully operational. In the interim, numerous emerging technologies are being used to improve communications. A 2-year-old federal initiative called Safecom is also helping officials coordinate nationwide interoperability efforts.
For example, Maryland officials are investing federal funds into developing a statewide voice communications architecture that links various frequency bands through an audio interface or patching technology, said Dennis Schrader, Maryland's homeland security director.
"What we're really trying to do is find a way of cost-effectively doing this without having to spend a gazillion dollars," he said.
Meanwhile, numerous agency officials are exploring a promising technology called mesh networking, a communications system in which portable nodes dynamically form a wireless network without the need of fixed equipment. This helps make the network more resilient by eliminating any central point of failure.
Emergency tech not just for extraordinary events
Often the focus on homeland security technologies has been on how they will be used to respond to catastrophic events, but the fact is they also can provide benefits for managing day-to-day emergencies. This view increasingly shapes the strategies for how government officials will deploy and use the solutions.
For example, Goss said EDS has deployed a virtual emergency operations system that is used by the city of Anaheim, Calif., with electronic mapping applications, Global Positioning System technology, traffic video feeds and plume modeling.
"If you're the city manager and you're awakened at 3 in the morning, you don't have to go down and activate the emergency operations center and make sure all the computers are working and call everybody to come in," she said. "You can get the information right there on your laptop [computer]. Wherever you are is where the emergency operations center can start operating."
Similarly, Schrader said Maryland officials are linking all of the state's emergency operations centers through a product called WebEOC, developed by Emergency Services Integrators. They also are collaborating with Towson University, near Baltimore, to develop the Emergency Management Mapping Application.
W. David Stephenson, a homeland security consultant who also writes a Web log on the subject, said government officials need to better communicate and interact with the public. He calls the federal Ready.gov program a disgrace. Ready.gov is a federal Web site that provides tips on what to do in the event of a terrorist attack. Stephenson believes a better idea is an emergency broadcast system that would deliver messages to wireless phones, personal digital assistants and laptop computers to help direct the public during an emergency.
"The recipe for mass panic is a feeling of real danger," he said. "If you put more information and power into the hands of the public, then it's going to reduce that chance of panic and also means [the public would] actually be valuable adjuncts to government rather than a problem."
Foresman said too little attention has been paid to cyber threats as a whole. He said the threat of a conventional attack coupled with a cyber event "remains a very real possibility." More local and state governments are sharpening their attention on the cybersecurity issue, he said.
"If you take those [computer communications] systems out and they become inoperable, what we lack in this country ...is [an understanding of] who's talking to what, who's sharing it with who," Foresman said. "Everybody's so focused on the technology they don't know what the architecture is."
On a different front, Dennis Pelehach, principal of consulting at Federal Sources, said Homeland Security Department officials should implement a comprehensive IT procurement contract so the department's 22 agencies can acquire products and services quickly and effectively. Articulating an overall strategy of where officials intend to lead the department is also important as DHS continues to evolve.
Priorities for 2005 and beyond
According to the homeland security experts in government and industry contacted for this story, the government's most important priorities for 2005 include:
Intelligence/information sharing via secure networks.
Use of data mining, modeling and simulation to predict terrorist acts.
An integrated terrorist watch list, including information about individuals with ties to known terrorists.
Interoperable wireless communications for voice and data.
Virtual and interconnected emergency operations centers.
More surveillance technologies, including sensors, unmanned aerial vehicles and cameras.
Wider use of biometric technologies for identification and verification.
Proactively pushing emergency information to the public through wireless phones and other handheld devices.
Use of Extensible Markup Language to help facilitate information sharing.
Instant messaging and other real-time communications.
Use of radio frequency identification tags on shipping containers.
Public/private funding for technology research.
More first responder funding.
Comprehensive information technology procurement vehicle that will enable the 22 agencies in the Homeland Security Department to quickly and efficiently buy goods and services.
Opportunities for small businesses to showcase niche technologies.