Automating Cooperation

Aug 1, 2007 12:00 PM, By Michael Fickes

When Hurricane Katrina knocked out electrical power across the Gulf region, telecommunications companies used gas generators to power telephone switches and kept the communication system online. They also hired private contractors to fuel the generators.

Not everyone cooperated, however. In one incident along the Louisiana coast, a Texas National Guardsman stopped a tanker headed down an access road toward a telephone switch and asked for identification. The driver produced his license and a letter from the Governor of Louisiana authorizing access. The Guardsman, probably inexperienced, thought for a moment and said, “I'm from Texas. The Governor of Louisiana is not my Governor. I will not let you pass. Please turn your vehicle around.”

Michael Butler directed the Access Card Office at the Department of Defense (DoD) and assisted the General Services Administration (GSA) for six months as government-wide implementation manager of the federal Personal Identity Verification (PIV) card program. As an expert on identity management and ID cards, Butler recently told a panel discussing Homeland Security Presidential Directive (HSPD)-12 about a group of physicians sent from the Department of Veterans Affairs (VA) to Louisiana to help in the aftermath of Katrina. Lacking credentials acceptable to the hospitals, the government physicians were denied access.

Such incidents highlight sticking points in the security wall that federal, state and local governments have been erecting since Sept. 11. In many cases (though surely not in all cases), the inability of people from diverse organizations to cooperate produces these sticking points.

However, properly conceived and implemented security technologies can overcome these problems and foster cooperation. Today, improved access control technologies, communications systems, mass notification networks and other technologies are solving a host of problems by enabling cooperation among diverse public and private groups.

Halt, who goes there?

On Sept. 11, a high-ranking Pentagon official whose office was located offsite was called back to the Pentagon to help out. On his way into the parking lot, he was stopped by the highway patrol and turned back. The patrolman could not validate the official's Pentagon identification.

Presumably, today's PIV cards would have prevented that problem. The official would have been enrolled in the system, which would also enable the card to grant access through all appropriate doors.

But what about the truck driver trying to refuel telephone switch power generators in Louisiana? And how about the VA doctors denied access to Louisiana hospitals? In one case, a public official — the Guardsman — denied access to a privately employed truck driver. In the other, a private institution — the hospital — denied access to employees of the federal government sent to help.

Why can't truck drivers and other private citizens carry PIV cards? Why can't hospitals and other private organizations install readers designed to fit the federal government's Federal Information Processing Standard (FIPS) 201?

They can.

“People working on the HSPD-12 card project made an interesting discovery,” says Roger Roehr, manager of government vertical markets for Tyco Fire and Security in Boca Raton, Fla. “In the past, we always associated cards with privileges. But now we think of the card or credential as an assertion of identity.”

Moreover, credentials issued according to the FIPS 201 standards designed for PIV cards can very likely be trusted. By trusting the system behind the card, it becomes reasonable to issue privileges on the card.

Then, if a contracting company hired to refuel generators powering telephone switches issued FIPS 201 credentials to its truck drivers, the company could also arrange to grant access privileges to drivers. The National Guardsman would carry a handheld reader tied to a system that contains the privileges granted to the driver's card, and silly arguments about whose governor takes precedence would not occur.

At the private hospital in Louisiana, card readers tied into a system that has recorded privileges for doctors arriving from other locations to help out would admit the VA doctors.

In short, today's FIPS 201 standards and technology can foster widespread cooperation between public and private entities dealing with Homeland security emergencies.

FIPS 201 for video cameras and monitors

In the not too distant future, FIPS 201 standards may also tie together electronic devices from different systems. “The stars are lining up for video surveillance systems to share (remote) cameras and monitors,” Roehr says.

When a new U.S. President is inaugurated, (for example) the inaugural parade follows a certain route through Washington, D.C. Along the route, a number of commercial office buildings have mounted cameras on the outside of their buildings. The Washington, D.C., police may also have mounted cameras on public facilities to keep an eye on traffic.

The U.S. Secret Service, which is responsible for protecting the President, may soon be able to tap into the cameras operated by different commercial organizations as well as the cameras owned by the local police.

The first star has already lined up. Digital video makes it possible to connect digital cameras to the Internet to transmit video signals. The second star to line up will be an emerging technology called IPv.6. Currently, the Internet employs a communication standard designated as IPv.4. The problem with IPv.4 is that it cannot provide enough Internet addresses for all of the devices connected to the Internet. Many devices, including desktop computers and cameras, have private addresses that are good only inside of a company firewall. When data from these devices passes through the firewall, the URL changes to one that designates the entire network. This can make it difficult for a remote system to locate a camera inside a firewall. IPv.6 will solve the problem. Under IPv.6, Internet addresses will be long enough to accommodate every device in the world that needs its own Internet address.

“When that happens, I will be able to hang cameras with IPv.6 addresses on the side of my building and set up rules that will control how remote monitoring systems must identify and authenticate themselves to cameras,” Roehr says. “This turns the HSPD-12 idea around to authenticate electronic devices instead of people.”

When a federal agency issues credentials to employees, the agency follows a set of procedures that include a complete background check. Because reasonable people can trust the quality of that background check, other federal agencies will trust the credentials given to employees under the FIPS 201 system.

Roehr's idea is to credential devices in the same way, by conducting a background check on this device, at this Internet address, in this location. Given a positive report, the device — say a desktop computer in the Secret Service security center — receives a credential that accompanies any data transmitted by the computer.

At the other end, the owners of cameras mounted on the outside of commercial buildings along the President's route might sign up to allow the authorities to tap into their cameras when public safety demands it. Those cameras would be set up to grant access privileges from computers carrying trusted credentials.

The Secret Service would be able to monitor the inaugural parade route. The Washington, D.C., police department would be able to keep an eye on a demonstration. The fire department would be able to evaluate an incident and determine what kind of equipment it will need.

One more star will have to line up before the system will work efficiently. “Video uses a lot of bandwidth,” Roehr says. “Regularly transmitting a lot of video to the police department or other agency will tie up lines.”

The answer to that problem, continues Roehr, is already emerging in the form of microprocessor chips embedded with video analytics software. These chips plug into digital cameras, evaluate video, identify events such as a fire or a fight, alert the appropriate police or fire monitoring system and transmit a few seconds of video. Whoever is monitoring the system can request more video if necessary and decide what to do.

Emerging video technology will also promote private-public cooperation.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

Story Missing Your Link?

• Unexpected Crisis Spark Opening of Georgia Training Facility
• New Technology Facilitates Planning For Active Hurricane Season
• Iris Readers Speed Travelers Through Security