5 VIEWS, 1 GOAL
Homeland security starts with situational awareness. What is happening along the nation’s borders, in its ports and airports, on its highways and in its atmosphere? What should local, state and federal responders move on right now?
Government Security asked five Homeland security experts to discuss the role of technology in Homeland security, how today’s threats are guiding the use of technology, and research and development priorities.
In the commentary that follows, each panelist stresses the fundamental importance of using technology to acquire, organize and present data to communicate situational awareness.
What is the role of technology in Homeland security? What role should it play?
Admiral Stone: The role of technology is to provide domain awareness — a comprehensive operational picture of what is taking place. Domain awareness is critical — whether you are talking about keeping nuclear weapons out of the United States, securing the borders, keeping explosives out of air cargo, or other programs designed to prevent and deter terrorist activity.
Doug Lemon: I would add that one of technology’s key roles in Homeland security is to improve decision-making. To do this, we need arrays of sensors that collect information from the physical world and from the electronic world. And we need to put all of this information into context so that people can make faster, better decisions.
Peter Boriskin: The role of technology is focused on interoperability and availability. Take the FIPS 201 program, for example. One of the main drivers is to have a single, unified identity verification process and identification credential that interoperates across all government institutions. In terms of availability, it is important to be able to mine the wealth of data that we have access to in ways that reveal important information.
Bruce Walker: One of the biggest challenges faced by Homeland security today involves dealing with threats that no longer attach to nation-states. Instead, they attach to individuals or organizations sponsored by nation-states that have little control over what these people or groups do. Technology is fundamental to our defense against these kinds of threats. It provides information that we can use to prevent and protect against acts of terror. Failing prevention, technology can enable more comprehensive reactions by first responders.
Is there a need to raise government awareness of the benefits of technology?
John Sabo: I think there is a general awareness of the benefits of technology at the Department of Homeland Security (DHS) and in other departments. A better question might be: Is there a need to raise awareness of how to use technology better? Yes. I think we need to focus on the question of how to integrate technology to enable us to share information. Right now, we are trying to integrate technology across dozens of stovepipes. A recent Government Accountability Office (GAO) report lists approximately 36 government information sharing networks related to Homeland security. Stovepipes do not work, and integrating these systems is important to moving ahead technologically.
Lemon: At the federal level, there is a keen awareness of the benefits of technology. DHS, for example, created an entire directorate devoted to supporting science and technology. But as you move through state, regional and local levels of government, you find that people are more concerned with getting their day-to-day jobs done. And there is a serious disconnect between national and local organizations. First responders and others working on the ground need to be made aware of what technology can make possible, while the people managing technological research and development at the federal level need a better awareness of what is needed by state and local groups.
Stone: Most senior government leaders realize that technology is the end-game for Homeland security. That said, the question becomes one of selecting the best and most appropriate technology. Here, I think the challenge for government lies in generating better requirements for private industry. In other words, our awareness of the possibilities of technology is too low. For example, the Transportation Security Administration has requested an explosive portal that puffs air and detects explosive residue on people moving through checkpoints. Industry is designing and building these puffers. But where are the requirements for the checkpoint of the future? Do we want a backscatter machine also? Is there a single portal that can do a variety of jobs? How can we integrate all of these checkpoint technologies? We need to think more comprehensively about what we want technological systems to do.
Hurricane Katrina exposed serious weaknesses in the United States’ emergency response capabilities. What does this say about the status of Homeland security today?
Walker: Katrina delivered a painful reminder that DHS has multiple missions and legacy agency responsibilities. The lessons from this event suggest the need to focus on furthering our preparation and response capabilities in relation to the NIMS (National Incident Management System), which is an organizational plan describing how we can coordinate a response. If you do not exercise a plan like NIMS, when it comes time to use it, you will have communications confusion, overlap and uncoordinated business processes. To some degree, that is what happened during Katrina. But it is also important to factor in the enormity of the disaster created by Katrina. It strained federal, state and local resources well past the breaking point.
Sabo: I think that DHS Secretary Michael Chertoff has the right idea for the department. He wants to build a risk-based model that will facilitate better responses. This means that you evaluate assets in terms of vulnerabilities and threats. We will develop security designs based on the nature of different assets and their importance, their vulnerabilities, the threats and the consequences of successful attacks. We will do this in the physical world and the cyber world and put money against the priorities.
How have Homeland security threats and vulnerabilities evolved over the past few years? Name a vulnerability or threat and discuss the implications for security technology.
Stone: For me, the number one threat is nuclear. The catastrophic damage of a nuclear attack is of great concern for all of us, and we need to be running a full-court press to figure out ways to prevent such an attack. This means investing heavily in intelligence to make sure that we know where nuclear materials are around the world. It also means developing land border sensors that can detect nuclear materials. It means putting existing active and passive technology to use in tracking cargo containers shipped by air, sea and ground. I think that, by far and away, is our number one priority.
Boriskin: I agree. If you really want to scare yourself, check out news reports of missing materials in the former Soviet Union. The technology need is to be able to detect or determine the presence of weapons of mass destruction, whether they are radiological, biological or chemical agents. At the same time, I think we also have to work to improve security systems. Access control and video management technology are two outward-facing technologies that must be better secured to ensure physical security. By the same token, the access control systems server is a server that resides on the IT (information technology) network, as does the NVR (network video recorder). Securing these devices is a form of protection for the larger corporate and government network.
Walker: I would like to mention biological threats. Technology requirements in this area present an entirely different kind of problem. Most of the components required to build biological agents have perfectly legal applications. While we work to secure borders against different kinds of risks, borders do not define the risk of biological attacks. That risk can arise from inside as well as outside the borders, making the technology challenge of monitoring sources of supply for both equipment and materials much more difficult.
Sabo: I will take cyber-threats. Data indicates an increase in the number of cyber-attacks in recent years — along with increasing response costs. We are seeing everything from breached databases to denial-of-service attacks. We have also seen a lot more social engineering attacks such as phishing. Our networks are growing more complex, interrelated and difficult to protect. We see more dependence on physical security by IT systems. We see converging telecommunications systems and IT systems. From a security point of view, we need to think more aggressively about managing virus, Trojan horse and denial-of-service attacks because of the vulnerabilities in these converging systems.
Lemon: Let me add that security is a dynamic problem. If you make airports more difficult to penetrate — as we have — then you must expect terrorists to look somewhere else for an opportunity. By remaining alert to and acting on the movement from existing threats to newer threats is how we can protect ourselves. From this point of view, our long-term strategy is to drive terrorists to fewer and fewer opportunities, while making the consequences of a successful attack as small as possible.
What are the limits of technology? What should we not expect technology to do?
Sabo: Technology does what people cannot do. For example, you may have an array of sensors collecting data from critical infrastructures. Maybe 100 million real-time events are flowing into your system from millions of collectors. People cannot cut through that clutter, but technology can. In the end, however, a human being must make judgments about what actions to take. So you use technology to a point. Then human resources take over.
Walker: I would add that technology deployed without a clear policy does not work. You cannot expect technology to provide compelling solutions like information sharing or supply chain security without clear objectives from users and policy makers. A failure to state objectives clearly leads to stovepipes and limits our ability to respond and recover — which is a problem that we are kind of bound up in today.
Boriskin: I do not know if this is a technological limit, but I would say that homogeneity is a weakness of technological systems. Think about the fact that most computer operating systems are one of three flavors: Windows, Linux or some other variation of Unix, and Mac OS. A virus that affects one Windows server affects all Windows servers. Part of hardening systems involves designing them with heterogeneous technologies. For example, you can buy your host-based firewall from one manufacturer and a network-based firewall from another. The same vulnerability that knocks out the network firewall will not work on the host firewall. An attacker will have to come up with different ways to get through each one.
How should we prioritize technology initiatives? What do you believe to be the three most important technological tools that we should be working to develop?
Lemon: Well-designed security systems are layered, and I would suggest taking a layered approach to research and development. We should put a lot of effort into early warning systems that keep bad things from ever getting started. Since we do not live in a perfect world, we will also have to prevent and protect against actual attacks. Can we stop a person or material at the border or the airport? If we do not stop the attack, can we respond and recover? We need to research technologies for each of these three layers: early warning, prevent and protect, and respond and recover.
Stone: Ten years ago, the Department of Defense (DoD) prioritized spending this way: First came platforms such as ships or aircraft; second, DoD invested in radars, sonars and other sensors; and the third priority was networks. Today, the Department has reversed this list of priorities. Sensors still ranks at number two, but networks come first now. We are taking advantage of the power of sensors by integrating them into focused networks of cameras, radars, sonars, infrared sensors, motion detectors and other kinds of detectors aimed at nuclear, biological and chemical threats. I think we should be doing the same thing in Homeland security: investing first in networks and second in sensors.
Boriskin: I would suggest moving sensors up to the same level as networks. I think my top priority would be investing in data connectivity and infrastructure. With the right infrastructure and the right interoperability, you could get to all the other things you are trying to do in Homeland security. My second priority would be to enhance our ability to use data connectivity with data mining and data analysis technology. Finally, we need to spend on data security. After having done all this great work, how do you make sure that it is safe?
Sabo: I think we can improve the tools we already have in key areas. One is situational awareness, real-time security management. We have information coming from DoD systems, NSA (National Security Agency) systems and other government systems at all levels of government. We also have data coming out of private industry systems. We need to use technologies that combine this data appropriately to provide meaningful situational awareness that enables people to act. Second, I think we need to focus on building trust systems among private, state, local and federal organizations.
Walker: My number-one priority would be getting integrated command and control infrastructure with interoperable communications for the federal, state, local and tribal management communities. This is the only way to make efficient and effective use of resources. Second, I would establish the pervasive use of biometrics among first responders. I believe we need these kinds of standards for credentials for every person who will participate in exercises or events. Finally, I would spend on the development of integrated surveillance systems and automated sensor technologies, focused on layered defense of our borders. Building fences and hiring more border patrol agents will take time. And no matter what, the United States needs technology as a force multiplier to respond to threats along the borders.
MEET THE GOVERNMENT SECURITY ROUNDTABLE PANEL
Doug Lemon is leader of the Homeland Security Initiative at Pacific Northwest National Laboratory in Richland, Wash. Lemon holds a doctorate in physics from Utah State University and has spent his entire career at Pacific Northwest. The laboratory’s Homeland Security Initiative is now in its fourth year.
Peter Boriskin is director of product management for access control with Lexington, Mass.-based Tyco Fire and Security. Trained in network security, threat assessment and response, Boriskin has worked in technology fields for more than 10 years and in security for seven years.
Bruce Walker is director of Homeland Security for Los Angeles-based Northrop Grumman Corp. An information technology executive with 26 years of experience, Walker’s Homeland security experience includes enterprise programs, such as the Homeland Secure Data Network, MAXHR and TEAMS.
John Sabo, CISSP, is director, security and privacy initiatives for CA (formerly Computer Associates). Sabo also serves on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. He is a member of the Information Security and Privacy Advisory Board managed by the National Institute of Standards and Technology, and he is vice president of the Information Technology-Information Sharing and Analysis Center (IT-ISAC).
Admiral David Stone (retired) is currently a member of the advisory board of Vidient Systems Inc., a video analytics company based in Sunnyvale, Calif. Former Rear Admiral Stone retired in 2002 after 28 years of service with the U.S. Navy. From 2002 to 2005, he served as an assistant secretary of Homeland Security for the Transportation Security Administration.