DHS signs Name Record Agreement with EU

The Department of Homeland Security announced on July 26 that it had signed an agreement with the European Union that will allow the continued use of Passenger Name Record (PNR) data as a screening tool for detecting potentialy dangerous transatlantic travelers. "PNR data is a proven resource for connecting the dots associated with terrorist activity and serious transnational crime," Michael Chertoff, Secretary of Homeland Security, said in a statement. "Our frontline personnel did not have this tool on September 11th. Investigations after the attacks showed that PNR data would have, within a matter of moments, helped to identify many of the 19 hijackers by linking their methods of payment, phone numbers and seat assignments. I commend my European counterparts for their leadership and dedication to reaching an agreement that will protect our respective citizens and safeguard their privacy for the next seven years."
(Chertoff's complete statement; PNR Agreement in .pdf format)

Chertoff Speaks on Port Security

Michael Chertoff, Secretary of Homeland Security, presented a speech outlining Port Security in the 21st Century on July 20 in Los Angeles. Chertoff spoke at the University of Southern California's Center for Risk and Economic Analysis of Terrorism Events (CREATE), which was the first DHS Center of Excellence established after 9/11. Speech topics included: the Three Principles of Port Security; Managing Risk Overseas; Strategy for Securing the International Suppply Chain; and Security Measures for Small Boats.
(Chertoff's complete prepared remarks; USC CREATE Web site)

NASCIO provides disaster recovery checklist

The National Association of State Chief Information Officers (NASCIO) urges state CIOs to engage in disaster recovery planning, execution, and testing to reduce the risk of system and service unavailability. IT Disaster Recovery and Business Continuity Tool-kit: Planning for the Next Disaster includes checklists to use before, during, and after a disaster and brainstorming worksheets to help cope with an IT crisis and help make the business case for disaster recovery and business continuity activities.

The six checklists are:

1. Strategic and Business Planning Responsibilities
2. Top Steps States Need to Take to Solidify Public/Private Partnerships Ahead of Crises
3. How do you make the Business Case on the Need for Redundancy?
4. General IT Infrastructure and Services
5. Tactical Role of CIOs for Recovery During a Disaster
6. Tactical Role of CIOs for Recovery After a Disaster Occurs

(NASCIO toolkit in .pdf format; NASCIO Web site)

Homeland Protection SIG Survey

In effort to serve its members as effectively as possible, the Homeland Protection SIG invites you to complete this survey and share your thoughts on its activities and initiatives.
(IAC Homeland Protection SIG survey)

Talks continue on massive security bill

House and Senate lawmakers and their aides will continue behind-the-scenes negotiations this week on legislation implementing unfulfilled recommendations of the 9/11 Commission, after failing to wrap up work last week during a public conference. Lawmakers still need to resolve a handful of outstanding issues, such as which federal agency will manage grants for transportation security, how to help local governments buy interoperable communications equipment, and whether a provision will be included that gives people immunity if they are sued for reporting on suspicious activity around transportation networks.
(Government Executive story; U.S. Senate Committee on Homeland Security & Governmental Affairs Web site)

FRAC card featured at Summer Breeze

The departments of Defense and Homeland Security are making sure first responders are never again stopped a mile from the Pentagon and forced to walk to a disaster. That is what happened to one key federal anti-terrorism official after the terrorist attacks of Sept. 11, 2001. A Virginia State trooper stopped the official as he was trying to fulfill on-site responsibilities at the Pentagon. “He had to walk the rest of the way,” Craig Wilson, a smartcard expert with the Department of Homeland Security, said on July 20. Officials are hoping to minimize such difficulties through the use of a First Responder Authentication Credentials (FRAC) identification card, which was a key component in the July 19 Summer Breeze Exercise. The FRAC card is encoded with critical data that lets commanders at the scene authenticate the responder’s credentials using a wireless handheld device.
(Federal Computer Week story; DHS FRAC Web site)

Prevention and Protection Committee Meeting July 23rd

Dear Homeland Protection SIG Members,

You are invited to attend the next Prevention and Protection Committee Meeting. The Prevention and Protection Committee is under the Homeland Protection SIG. The meeting details and agenda are below.

Date: Monday, July 23rd 3:30pm

Location: Advanced Technology Systems
7915 Jones Branch Drive
McLean, VA 22102

Call-in #: 1-877-760-2043 Pass code: 942123

Contact for Meeting: Bob Mahoney
Director, Business Development
(703) 506-8229 x-7226 (Office)
(301) 461-7322 (Cell)
bmahoney@atsva.com

Register: http://actgov.org/eventsregistration


Agenda

Introductions
S&T Directorate Update
Report on Blog/Wiki Activity and View Blog
Committee direction
Mission Statement - Updates?
Port Security
Suggestions - New Work products
Government speakers for future meetings
Speaker Series?
General Discussions
Bob Mahoney – Chair
Kandy Nardini – Co-Chair

Gutierrez, Chertoff Announce Nearly $1B in First Responder Communications Grants Funds

Public Safety Interoperable Communications (PSIC) Allocations
Fact Sheet: Public Safety Interoperable Communications Grant Program
U.S. Commerce Secretary Carlos M. Gutierrez and U.S. Homeland Security (DHS) Secretary Michael Chertoff announced today $968 million Public Safety Interoperable Communications (PSIC) Grants to help state and local first responders improve public safety communications and coordination during a natural or man-made disaster.
The PSIC grant program will assist public safety agencies in the acquisition, deployment, and training of interoperable communications systems to enhance interoperable communications of voice, data, and/or video signals. Also, released today are the grant guidance and application kits. Applications are due in 30 days, and grants will be awarded by September 30, 2007, as required by the Call Home Act of 2006. The U.S. Congress authorized $1 billion to establish the PSIC program as a one-time, formula-based, matching grant program in the Deficit Reduction Act of 2005. The program will fast track awards to all 50 states, the District of Columbia, and U.S. territories.
“When disaster strikes, first responders must have the tools to communicate,” said Secretary Gutierrez. “Under this streamlined program, states will be given grants to use technology that will make our cities and states safer.”
“Achieving interoperable communications is a major priority for our department and should be a priority for every community across our nation,” said Homeland Security Secretary Michael Chertoff. “These grants will help states and cities purchase equipment, conduct training and exercises, and develop effective interoperable communications plans to get this important job done.”
(DHS press release; DHS PSIC Funding allocation list; DOC PSIC Web site; DHS Grants by State; Washington Post story; Washington Technology story)

Interoperability Continuum

The Interoperability Continuum serves as a framework for local, tribal, state, and Federal emergency response agencies as they plan and implement interoperability solutions. The Continuum depicts the five critical elements necessary to implement a sophisticated interoperability solution. These elements include governance, standard operating procedures, technology, training and exercises, and usage of interoperable communications. To download a copy of this tool, visit http://www.safecomprogram.gov/.

Lawmakers question SBInet delays

The first nine towers of the Homeland Security Department’s Secure Border Initiative Network surveillance system missed a June 13 deadline for initiating operation due to a radar problem, according to House lawmakers monitoring the high-profile project.Live operation of the first 28-mile section in Arizona, dubbed Project 28, also is expected to be delayed beyond a second deadline of June 20 due to problems with electronically integrating the nine towers, Reps. Bennie Thompson (D-Miss.) and Loretta Sanchez (D-Calif.) wrote in a letter today to DHS Secretary Michael Chertoff. The towers are equipped with radar, cameras and communication networks that must be linked to function as a system.
(Federal Computer Week story; DHS SBI Web site)

States move warily on Real ID

Having aired their concerns about cost and policy implications, many state officials now seem resigned to the Real ID Act, which requires states to issue driver’s licenses that conform to new federal standards. Many states are preparing for the new requirements and hiring systems integrators rather than waiting for the Homeland Security Department to release final technical standards. Even as Real ID looms, most states are focused on upgrading their DMV systems and are only beginning to think about interoperability with other states, said Gregg Kreizman, research director for security issues at Gartner. Some states might opt to go beyond the requirements and add encryption, biometrics or radio frequency identification technology. Many experts say DHS has missed an opportunity to push for adoption of those technologies.
(Federal Computer Week story; DHS Real ID Proposed Guidelines)

Biometrics enter DHS exit system

The Homeland Security Department, under pressure from lawmakers, will proceed immediately with a plan to use biometric screening procedures at airports to verify the identities of foreign visitors leaving the United States. After telling Congress in March that a biometric exit program was not feasible, DHS announced May 7 that it would require foreigners exiting the country from airports to verify their identities via 10-fingerprint scans. DHS will work with commercial air carriers to establish the program. DHS’ U.S. Visitor and Immigrant Status Indicator Technology program, which manages entry and exit security, has conducted an experimental biometric exit program at 14 major airports during the past three years.
(Federal Computer Week story; DHS US VISIT Web site)

DICE rolls out joint interoperability exercises

For the modern Army, setting up a local computer network in a forward area is just as important as pitching tents and hauling in supplies. With that in mind, Defense Department Interoperability Communications Exercises (DICE) are conducted to certify systems for joint interoperability. Starting in 2008, the Joint Interoperability Test Command will hold the exercises three times a year to accommodate the growing need for joint interoperability certifications, assessments and training.
(Washington Technology story; DICE Web site)

Residents protest SBInet towers

The new 98-foot tower installed in the first section of the Homeland Security Department’s SBInet surveillance system is not on the border: It is 11 miles north, just outside Arivaca, Ariz. Residents of the small high-desert community — Arivaca is not an incorporated town — demanded at a May 15 meeting with DHS and Boeing Co. to know why they were asked to host the tower. Arivaca is one of the first communities in which residents are protesting the border system, but it is not likely to be the only one. The aggressive schedule to build the surveillance system on the southern U.S. border is beginning to cause friction with homeowners in Arizona, New Mexico and Texas.
(Washington Technology story; DHS SBI Web site)

First responders line up for grants

This summer, Florida’s first responders might get better networking capabilities, Virginia’s might buy extra police and fire radios, and California’s might obtain six more incident command communications vehicles. State and local officials nationwide are preparing their wish lists for spending a new $1 billion federal grant fund to be made available within weeks for public safety emergency communications needs. Under terms Congress set last year, all of the money must be awarded by Sept. 30.
(Washington Technology story; CapWIN public safety grants Web site)

Emergency alert system triple play

The public address system for the 4077th unit on TV’s “M*A*S*H” was enough to alert all personnel that wounded soldiers were arriving. In the real world, a more far-reaching system is needed to alert people in an emergency. Some situations require that officials notify thousands of people quickly using computers, handheld devices, phones or loudspeakers. However, combining the three alerting capabilities — PA system, network and phones — can present a challenge.
(Washington Technology story; Air Force Air Education and Training Command Web site)

DHS information-sharing in a rut?

The Homeland Security Department’s chief information-sharing network is stuck in a rut. But it still might succeed if the department can strengthen it as a unique platform for intelligence and cooperation, according to experts reviewing the programs. In the future, that might best be done if DHS focuses on building the strong points of its faltering Homeland Security Information Network by offering robust private-sector critical infrastructure intelligence, delivering unique information and capabilities related to the national incident management system and the national common operating picture and providing fresh intelligence from DHS’ agents, experts said.
(Washington Technology story; DHS Information Sharing & Analysis Web site)

ID programs at fork in the road

The State and Homeland Security departments are poised to take major steps forward on biometric identification card technology, but the paths ahead for each of two concurrent programs appear dramatically different. State now is awaiting proposals from vendors to provide equipment to manufacture the People Access Security Service card, sometimes referred to as passport-lite. The technology issues surrounding the PASS card have proven to be no less contentious than the underlying policy requirement that citizens returning to the country show secure biometric identification, such as a passport or PASS card. DHS’ Citizenship and Immigration Services has issued a statement of objectives that sets out its requirements as part of its acquisition process for a broad overhaul of the agency’s technology for manufacturing various kinds of credentials — most of them used as visas and identification at borders and to prove eligibility for employment.
(Government Computer News story; DHS Citizenship and Immigrations Services Web site)

Information exchange model at the next level

The National Information Exchange Model has gotten its first upgrade. Version 2 should be released by the end of this month, and the final beta is available on the NIEM site. “There are literally thousands of changes. It’s a major extension,” said Paul Wormeli, executive director of the Integrated Justice Information Systems Institute, a Justice Department-funded nonprofit that supports the NIEM program management office. “We’ve gone through a beta stage where we got a lot of good comments from people, and we’re feeling now that this is [a] pretty solid release.” The large Extensible Markup Language schema, overseen by the Homeland Security and Justice departments, provides a common language for federal, state and local agencies to share information on natural disasters, terrorist attacks and other crises. Each piece of agency data is tagged by a particular NIEM name so it can easily be identified by systems outside the one where it originated.
(Government Computer News story; NIEM Web site; Value of NIEM in .pdf format)

TSA rolls dice on risk model

Sometimes, useful homeland security information technology can arise in unexpected places. For example, the Transportation Security Administration is looking to a computer-dependent design method used in airframe manufacturing as a template for evaluating air travel risks. TSA, a Homeland Security Department agency, has recently announced plans to enter into a no-fee agreement with Boeing, under which the company would build a Risk Management Assessment Tool, or RMAT, for the commercial aviation system using what’s known as the Monte Carlo model.
(Government Computer News story; TSA Web site)

CRS report: Fusion centers off track

Anti-terrorism information-sharing and analysis is taking a back seat to criminal intelligence at the more than 40 state intelligence fusion centers, according to a new report from the Congressional Research Service. State governors created the centers, and the Homeland Security Department provides part of the funding. Their purpose is to fuse federal, state and local intelligence against terrorism, but CRS found the fusion centers have gravitated more toward collecting and analyzing criminal intelligence and all-hazards intelligence. The service found few indications that the centers have been making efforts to become aware of terrorist plans and foil attacks. “While many of the centers have prevention of attacks as a high priority, little ‘true fusion,’ or analysis of disparate data sources, identification of intelligence gaps and pro-active collection of intelligence against those gaps, which could contribute to prevention, is occurring,” wrote CRS researchers in the report, “Fusion Centers: Issues and Options for Congress.”
(Government Computer News story; Congressional Research Service Web site; Complete document in .pdf format)

DHS endures Capitol Hill hearings

If there is an upside to the grilling Homeland Security Department Chief Information Officer Scott Charbo endured from lawmakers at a House hearing a couple weeks ago, hopefully it will be a growing realization on Capitol Hill that it’s going to take more than a raft of policies to keep up with the mounting risk of cyberattacks on government networks. Rep. Jim Langevin (D-R.I.), chairman of the Homeland Security Committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, took Charbo to task for the “systemic and pervasive” problems found in DHS’ approach to information technology security, based on a recent Government Accountability Office investigation. It is hard to not share the congressman’s “shock and disappointment” to learn that DHS, the agency charged with defending the country against cyberattacks, reported 844 cybersecurity failures in its systems in fiscal 2005 and 2006. Charbo’s explanations — that the incidents didn’t mean systems were compromised, ongoing consolidation and upgrade projects are addressing many of the vulnerabilities, and IT security spending remains on par with industry standards — offered little reassurance.
(Government Computer News story)

Pragmatism at DHS

Few of the information technology challenges facing the Homeland Security Department are more important to its goal of streamlining systems and sharing information than developing a rational set of technical standards for its vast array of systems. More than four years after the department’s creation, DHS is still playing catch-up. But there is an emerging recognition at DHS of flexible and complex approaches to standards as a viable alternative to widespread consolidation.
(Government Computer News Special Report: DHS still playing catch-up; Standards key to making cross-agency programs work; No standard way to develop a standard; Getting first responders on the same wavelength; IT challenges meet at the border; The Credential Conundrum)

DHS wants its network to network

The Homeland Security Department is planning a technical makeover to get its Homeland Security Information Network into the data-sharing game. HSIN took shape about four years ago but has drawn criticism for its disconnected relationship with similar systems. Department officials plan to pursue the HSIN technology shake-up in tandem with policy and organizational changes designed to harmonize their network’s technological development with its users’ needs. The revamp is intended to mesh DHS’ homegrown network with other law enforcement and intelligence information-sharing systems, parts of which HSIN duplicates.
(Government Computer News Story; HSIN timeline; DHS HSIN Web site)

July 6, 2007: Larry Martines is resigning as the Nevada Homeland Security Adviser after six months in the job

According to the Sun: Martines has not released a reason for his resignation. One homeland security official would say only that Martines is leaving for personal reasons. Additionally, there has been a division between Gov. Jim Gibbons and law enforcement officials about the best site for the state's primary intelligence operation. Martines has been the state's Homeland Security Director since January, 2007.

Radar delays Project 28 launch

The first nine towers of the Homeland Security Department’s Secure Border Initiative Network surveillance system missed a June 13 deadline for initiating operation due to a radar problem, according to House lawmakers monitoring the high-profile project.

Live operation of the first 28-mile section in Arizona, dubbed Project 28, also is expected to be delayed beyond a second deadline of June 20 due to problems with electronically integrating the nine towers, Reps. Bennie Thompson (D-Miss.) and Loretta Sanchez (D-Calif.) wrote in a letter today to Homeland Security Secretary Michael Chertoff. The towers are strung with radars, cameras and communication networks that must be linked to function as a system.

Thompson, who chairs the House Homeland Security Committee, and Sanchez, chair of the Border, Maritime and Global Counterrorism Subcommittee, said they should have been warned of the anticipated delays in the SBInet system going live prior to a June 7 congressional hearing on the project.

“It is difficult to believe that with problems of this magnitude, delays were not foreseeable at the June 7 hearing, which occurred less than a week prior to the date Project 28 was scheduled to be operational,” their letter to Chertoff states.

“The Department’s failure to be forthcoming and the repeatedly slipping project deadlines not only impede Congress’ ability to provide appropriate oversight of the SBInet program, but also undermine the Department's credibility with respect to this initiative,” Thompson and Sanchez wrote.

Representatives of DHS, SBInet prime contractor Boeing Co. and SBInet program directors testified at the June 7 hearing on progress with Project 28. However, no mention was made of potential delays with Project 28 at that time, Thompson and Sanchez contend.

Thompson said he was informed of the pending delay by a phone call from a DHS official on June 8. Thompson and Sanchez said it is unacceptable that the information was disclosed after the hearing.

The House Homeland Security Committee was informed of the second likely delay in SBInet’s first nine towers on June 15, the letter states.