NOWHERETOHIDE.ORG

Video Analysis/Analytics: Can we use it to detect criminal behaviors and activities?

I just found this report published by the National Criminal Justice Reference Service (NCJRS). Developed by Nils Krahnstoever, General Electric (GE) Global Research, it describes the development of a wide range of intelligent video capabilities relevant to law enforcement and corrections, and describes features of video surveillance that can help to enable early detection and possibly prevention of crimal incidents.

The study also points out, in a number of places, limitations of the technology, based on response activities and envronmental factors. it’s worth a read, here is the table of contents; you can read the document here Automated Detection and Prevention of Disorderly and Criminal Activities:

 Table of Contents

• 1 Abstract
• 2 Executive Summar
• 2.1 Data Collection
• 2.2 Crime Detection and Prevention
• 2.3 System Evaluation and Feedback
• 2.4 Law Enforcement Relevance and Impact
• 2.5 Dissemination of Research Results
• 2.6 Next Steps
• 3 Introduction
• 4 Data Sets and Data Collections 17
• 4.1 GE Global Research Collection
• 4.2 Airport and “Behave” Data
• 4.3 Mock Prison Riot Data
• 4.3.1 Venue
• 4.3.2 Installation
• 4.3.3 Camera Views
• 4.3.4 Calibration
• 5 Motion and Crowd Pattern Analysis 25
• 5.1 Multi-camera Multi-target Tracking
• 5.2 Detection and Tracking of Motion Groups
• 5.3 Counting and Crowd Detection
• 5.4 Simple Group-Level Events
• 5.5 Group Interaction Model
• 5.6 Group Formation and Dispersion
• 5.7 Agitation and Fighting
• 5.8 Advanced Aggression Detection
• 5.8.1 Feature Tracking
• 5.8.2 Motion Analysis
• 5.8.3 Motion Classification and Clustering
• 5.8.4 Results
• 6 Identity Management
• 6.1 PTZ Camera Control
• 6.1.1 Introduction
• 6.1.2 Related Work
• 6.1.3 Experiments
• 6.1.4 Discussions
• 6.2 Identity Maintenance
• 7 Social Network Estimation
• 7.1 Introduction
• 7.2 Experiments
• 7.3 Conclusions
• 8 Data Collection and System Testing at Mock Prison Riot 2009
• 8.1 Collection and Testing Approach
• 8.2 IRB Approval
• 8.3 Collected Video Data
• 8.4 Mock Prison Riot Detection and Tracking
• 8.5 PTZ Control
• 8.6 Behavior and Event Recognition
• 8.6.1 Meeting / Approaching / Contraband Exchange
• 8.6.2 Aggression Detection
• 8.6.3 Fast Movement
• 8.6.4 Distinct Group Detection
• 8.6.5 Flanking Detection
• 8.7 Performance Evaluation
• 8.7.1 Sequence “Utah Leader Attack” (Nr. 00)
• 8.7.2 Sequence “Utah Leader Attack 2” (Nr. 01)
• 8.7.3 Sequence “Gang Killing other Gang” (Nr. 02)
• 8.7.4 Sequence “Gang Killing other Gang 2” (Nr. 03)
• 8.7.5 Sequence “Gang Killing other Gang 3 – Unrehearsed” (Nr. 04)
• 8.7.6 Sequence “Aborted Attack” (Nr. 05)
• 8.7.7 Sequence “Aborted Attack 2” (Nr. 06)
• 8.7.8 Sequence “Gang Argument – Prisoners get attacked” (Nr. 07)
• 8.7.9 Sequence “Gang Initiation” (Nr. 08)
• 8.7.10 Sequence “Contraband Exchange” (Nr. 09)
• 8.7.11 Sequence “Multiple Contraband Exchange” (Nr. 10)
• 8.7.12 Sequence “Contraband with Fight” (Nr. 11)
• 8.7.13 Sequence “Blended Transaction” (Nr. 12)
• 8.7.14 Sequence “Shanking followed by Leaving” (Nr. 13)
• 8.7.15 Sequence “Gang Hanging Out Followed By Several Fights” (Nr. 14)
• 8.7.16 Sequence “Fight Followed by Guards Leading Offender Off” (Nr. 15)
• 8.7.17 Sequence “Fight Followed by Guards Leading Offender Off” (Nr. 16)
• 8.7.18 Sequence “Contraband – Officer Notices” (Nr. 17)
• 8.7.19 Sequence “Argument Between Gangs – Officer Assault” (Nr. 18)
• 8.7.20 Sequence “Contraband exchange followed by guard searching inmates” (Nr. 19)
• 8.7.21 Sequence “Prisoner being attacked and guard intervening” (Nr. 20)
• 8.7.22 Sequence “Fight breaking out between gang members and officers breaking it up” (Nr. 21)
• 8.7.23 Sequence “Fight between gangs. Guards breaking fight up” (Nr. 22)
• 8.7.24 Sequence “Fight between gangs. Guards breaking fight up” (Nr. 23)
• 8.7.25 Sequence “Gangs fighting. Guards breaking fight up.” (Nr. 24)
• A Public Dissemination
• B Reviews and Meetings
• B.1 Technical Working Group Meeting
• B.2 Kick-Off Meeting at NIJ
• B.3 Sensor and Surveillance Center of Excellence Visit
• B.4 2008 Technologies for Critical Incident Preparedness Expo (TCIP)
• B.5 Mock Prison Riot 2009
• B.6 IEEE Conference on Computer Vision 2009
• C Mock Prison Riot Data
• C.1 Data Recorded while Processing
• C.2 Sequences Processed in Detail
• C.3 Data Recorded without Processing
• D Techinical Details of the PTZ Camera Control
• D.1 Problem Formulation
• D.2 Objective Function
• D.2.1 Quality Measures
• D.2.2 Quality Objective
• D.2.3 Temporal Quality Decay
• D.3 Optimization
• D.3.1 Asynchronous Optimization
• D.3.2 Combinatorial Search
• E Techinical Details of Social Network Analysis 110
• E.1 Building Social Network
• E.1.1 Face-to-Track Association via Graph-Cut
• E.2 Discovering Community Structure via Modularity-Cut
• E.2.1 Dividing into Two Social Groups
• E.2.2 Dividing into Multiple Social Groups
• E.2.3 Eigen-Leaders

New Scrum Guide Posted: Gone are the Chickens and Pigs

Scrum is a process framework that has been used to manage complex product development since the early 1990s. It’s a framework within which you can employ various processes and techniques for developing software products. The authors, Ken Schwaber and Jeff Sutherland, just relased an updated guide to implementing Scrum; you can get a copy of it by clicking here–> Scrum Guide 2011 ,or on the picture.

A good comparison of the differences between the 2010 version and the 2011 version was done by Charles Bradley and I recommend you go to his blog by clicking HERE to read it.

Steve Porter, of www.Scrum.org describes one aspect of Scrum – the Chickens and the Pigs – that is gone…

Enjoy…r/Chuck

Facebook Privacy Settings: U.S. Navy Recommendations

Received this from a friend today…some good information about Facebook privacy and how to set your Facebook privacy settings…

Facebook Privacy Settings-USN-2011

Security, Privacy, and Innovative Law Enforcement Information Sharing: Covering the bases

So it’s no great revelation that public safety has benefited greatly from public private partnerships, and I’m cool with that, especially when we are dealing with technology that saves lives. However, a press release hit my email inbox today that made me think of the risks to security and privacy when we implement innovative technologies.

Before I get into the story it, let me be v-e-r-y clear…I am NOT here to debate the effectiveness or morality of red-light/speed enforcement systems, nor am I here to cast dispersions on any of the organizations involved in the press release…this blog posting is strictly about using the Gatso press release to emphasize a point about security and privacy - when we engage in innovative law enforcement technology solutions, we need to take extra care to adequately address the security and privacy of personally identifiable information.

Here’s the press release from Gatso-USA:

GATSO USA Forms Unique, Strategic Partnership with Nlets

Earlier this month, GATSO USA was approved as a strategic partner by the Board of Directors of the National Law Enforcement Telecommunications System (Nlets). Nlets is….general narrative about NLETS was deleted. The approval of GATSO is an exciting first for the photo-enforcement industry.

Nlets will be hosting GATSO’s back office and server operations within the Nlets infrastructure. GATSO will have access to registered owner information for all 50 states plus additional provinces in Canada. The strategic relationship has been described as a “win-win” for both organizations.

From Nlets’ perspective, there are key benefits to providing GATSO with hosted service. Most importantly, it virtually guarantees personal data security. Due to this extra step of storing personal data behind the DMV walls of Nlets, the public can be assured that security breaches — such as the recent incident with PlayStation users — are avoided.

From GATSO’s perspective, hosting the system with Nlets will provide a ruggedized, robust connection to comprehensive registered owner information — without the security issues faced by other vendors in this industry. Nlets was created over 40 years ago…more stuff about NLETS was deleted).

The main points I took away from this press release were:

1. Nlets is going to host the back-end server technology that GATSO needs to look up vehicle registration information of red-light runners;
2. Gatso is going to have access to vehicle registration information for all vehicles/owners in ALL 50 states in the U.S. and (some) provinces in Canada; and
3. And, because it’s behind Nlets firewalls, security is not an issue.

Again, please don’t call me a party-pooper as I am a huge advocate for finding innovative ways to use technology to make law enforcement’s job easier. However, I am also painfully aware (as many of you are) of the many security and privacy related missteps that have happened over the last few years with technology efforts that meant well, but didn’t do enough to make sure that they covered the bases for security and privacy matters. These efforts either had accidental leakage of personal information, left holes in their security posture that enables direct attacks, or created opportunities for nefarious evil-doers with legitimate access to use that access to sensitive information for other than honorable purposes.

After I read the press release, I thought that it would be a good case-study for the topic of this blog - it involved innovative use of technolgy for law enforcement, a psuedo-government agency (Nlets), two foreign-owned private companies, and LOTS of PII sharing - some might even say it had all the makings of a Will Smith movie.

To help set the stage, here are a few facts I found online:

• Gatso-USA is a foreign company, registered in New York State, operating out of Delaware; its parent company is a Dutch company, GATSOmeter BVGatso.
• Gatso does not appear to vet all of the red-light/speed violations itself; it uses another company – Redflex Traffic Systems to help with that (Redflex is not mentioned in the press release).
• Redflex seems to be a U.S. company, but it has a (foreign) parent company based in South Melbourne, Australia.
• Finally, there are no-sworn officers involved in violation processing. Red-light/speed enforcement cameras are not operated by law enforcement agencies; they outsource that to Gatso, who installs and operates the systems for local jurisdictions (with Redflex) for free, (Gatso/Redflex is given a piece of the fine for each violation).

There are no real surprises here either; there are many foreign companies that provide good law enforcement technologies to jurisdications across the U.S., and outsourcing traffic violations is not new…BUT what is new here is that a sort-of-government agency (Nlets), has now provided two civilian companies (with foreign connections) access to Personally Identifiable Information (PII) (vehicle registrations) for the entire U.S. and parts of Canada…should we be worried?

Maybe; maybe not. Here are nine questions I would ask:

1. Personnel Security: Will Nlets have a documented process to vet the U.S. and overseas Gatso and Redflex staff who will have access to this information through direct or VPN access to Nlets systems?
2. Data Security: Will Gatso or Redflex maintain working/test copies of any of the registration information outside of the Nlets firewall? If so, are there documented ways to make sure this information is protected outside the firewall?
3. Data Access: Will Gatso/Redflex have access to the entire registration record? or, will access be limited to certain fields?
4. Code Security: Will any of the code development or code maintenance be done overseas in the Netherlands or Australia? If so, will all developers be vetted?
5. Network Security: Will overseas developers/site suport staff have access to the data behind Nlets firewalls? What extra precautions will be taken to protect Nltes systems/networks from abuse/attack?
6. Code Security: Will Nlets conduct any security testing on code loaded on the servers behind their firewalls?
7. Stakeholder Support: Have all 50 U.S. states, and provinces in Canada, been made aware of this new information sharing relationship? Do they understand all of the nuances of the relationship? And, are they satisfied that their constituents personal information will be protected?
8. Audit/Logging: Will all queries to vehicle registration information logged? Is someone checking the logs? How will Nlets know if abuses of authorized access are taking place?
9. Public Acceptance: How do states inform their constituents that their personal vehicle registration information is being made available to foreign owned company? Will they care?

How these questions are answered will determine whether or not we should worry…

Did I miss any other important questions?

Beyond this particular press release and blog posting, I suggest that you consider asking these kinds of questions whenever your agency is considering opening/connecting its data systems to outside organizations or private companies—it may just prevent your agency from becoming a headline on tonights news, like St. Louis –> St. Louis Police Department computer hacked in cyber-attack .

The bottom-line is that whenever you take advantage of opportunities to apply innovative technologies to public safety, make sure that you cover ALL the bases to protect your sensitve data and PII from leakage, direct attacks, or misuse and abuse.

As always, your thoughts and comments are welcome.

r/Chuck

Eastern Maryland: Free “State of-the-Threats for the Hospitality “Industry”

A free InfraGard Maryland training seminar:

Date and Time: Monday, October 4, 2010, 8:30am-1:00pm in Ocean City

Location: Holiday Inn, Oceanfront @ 67th Street, 6600 Coastal Hwy., Ocean City, MD 21842

AN AUTHORITATIVE “NEED_TO_KNOW” ON THE STATE-OF-THE-THREATS MATRIX FOR THE HOSPITALITY INDUSTRY – with Lessons Learned from Mumbai & BEYOND

Jointly presented by the Federal Bureau of Investigation (FBI) and InfraGard’s Maryland Chapter, with the U.S. Department of Homeland Security (DHS), the Maryland Coordination & Analysis Center (MCAC) and Eastern Maryland Regional Information Center.

Speakers

Major General Kalugin, The former Chief of KGB Foreign Counter-Intelligence whose job it was to penetrate all hostile intelligence and security forces worldwide. Now one of Russia’s “Most Wanted,” General Kalugin just celebrated his 7th year as a U.S. Citizen. He is the ultimate insider, whose fascinating autobiography, SPYMASTER*, documents secrets from his 32-year career.

Carl D. “Dave” Dalton, Former 29-year veteran LAPD, a sought-after source in the Security Industry for executive protection, high-profile/high-risk event security, emergency & disaster preparedness, Mr. Dalton has weathered unimaginable events: from the LA 1984 Summer Olympics and first-ever Papal visit in 1987, to the 1992 LA Riots; the Northridge Earthquake; firestorms, floods, and mudslides; epic structural fires; and major crime scenes. Heavily involved in the community in various key Security & Emergency Preparedness roles, he was personally invited by the Government of the People’s Republic of China to help prepare the Chinese National Police and Military to provide security for the 2008 Beijing Summer Olympics.

Darryl Kramer, Public-Private Sector Partnership Coordinator, Department of Homeland Security’s Office of Intelligence & Analysis. Mr. Kramer draws on a deeply informed and credentialed background in military and other sectors to bring a substantial breadth of understanding and resourcefulness in speaking to a State of the Threats Briefing and overview of the DHS Public-Private Sector partnering program – how it works, & how businesses can benefit.

Registration & Attendance: This invaluable event is FREE to Attend

REGISTER NOW at http://secureeastmd.eventbrite.com

Economic Espionage: Spies, damn spies, and the real threat (Part 2 of 2)

In Part 1 I spoke about the many threats to your organizations innovations and intellectual property and described two of the five key strategies I came up with to help you prevent loss. In Part 2 I provide you with the three remaining strategies.

 3. Trust, but Verify

Develop a “people risk model” for your business. One that is designed for your specific industry, shaped for your specific technologies, and can address the specific threats you face. Use this model to screen employees, subcontractors, vendors, visitors, and others you engage. You should pay particular attention to subcontractors; be sure to flow-down all of your security protocols to their employees, subcontractors, vendors, etc.

Interesting side note:  Chi Mak, who was arrested in 2005 for stealing and sharing Naval submarine propulsion technology to China, worked as an engineer for Power Paragon, a subcontractor to L-3 Communications, who was in-fact a subcontractor to Lockheed Martin.

Additionally, you should join your local InfraGard program and develop a close relationship with your local FBI field office. If you are involved in national security, defense, or homeland security technologies or projects, you should ask the FBI for a focused threat briefing for your sector. you should also share suspicious incidents, unsolicited emails, strange purchase orders for products, etc., with them. Finally, don’t be afraid to ask the FBI to help screen foreign visitor to sensitive facilities BEFORE those visitors actually arrive on your doorstep.

4. Use the Velvet Rope and Black Cloth

I know this probably goes without saying, but i’ll say it anyway–implement and enforce physical and computer security measures–I cannot tell you how many times I’ve visited facilities only to find the loading dock door propped open for smokers or visitors wandering the halls clearly displaying “Escort Required” badges. It’s also a good idea to do periodic walk throughs of your facilities, with a twist–think like the threat. As you walk the halls, stop and r3ad stuff on the walls, look in trash cans, pay close attention to what you can see through open doors. Also, sit in the cafeteria for a while and listen–what are employees talking about while they have their 10am coffee? Lunchtime?

You can help to prevent threats from getting what they are looking for if you sanitize those bulletin boards and use “velvet ropes” to block off areas they shouldn’t be allowed to wander around. In my early days at NSA we used black cloth to cover our desks and bulletin boards when uncleared visitors came into our spaces; it sounds simplistic, but it was effective. Finally, be sure to sensitize smokers and others about not leaving those back doors propped open. if you use “Escort Required” badges, make sure your people challenge visitors they see walking the halls without an escort.

5. Educate, Communicate and Reward

In the end, you must rely heavily on your employees to protect your organization’s projects and intellectual property–they are really your first and best line of defense.  The best gates, guards, and firewalls won’t protect you very well if your staff doesn’t remain vigilant to the threats that these measures were put in place to protect against. The best advice I can give you for enlisting and sustaining your staff’s attention to prevent economic espionage against your organization can be boiled down to two axioms:

1. What gets measured, gets done; and
2. Reward the behavior you want repeated.

Establish simple and easy to implement measurement systems for the protection of your organizations projects and intellectual property. Hold project mangers accountable through regular evaluation of ongoing projects; publish the results of your findings publicly so everyone can see where the organization stands with respect to protecting against threats.  Finally, publicly reward individuals, teams, and other parts of your organization for finding and fixing vulnerabilities or for actively practicing good personnel and information system security practices–rather than just punishing poor performance, be sure to actively reward GOOD performance; you’ll be surprised how effective this strategy can be.

Summary

In May, 2008, the Special Agent in Charge of the Pittsburgh FBI Division was quoted as saying “America has no friends when it comes to the research that gives its companies, universities and government a competitive edge. Countries all over the world – including friends and allies – would like to have that research, and they would love to get it for free.” I hope, through this article, I’ve opened some eyes a bit wider to better see and understand a) the threats they face from foreign (and domestic) sources, and b) some simple things they can do to better protect themselves from the threats.

In summary, here’s a review of recommendations:

At the Executive level:

• Develop prioritized list of company programs and projects (3 piles)
• Engages in process to regularly review and update list with executive team
• Working relationship with FBI office for classified/sensitive defense projects

For each project:

• Proactive effort to fully understand the threat
• Formal assessment of program/project vulnerabilities
• Documented mitigation strategy to address identified risks
• Screen employees, subs, and vendors with access to pile #1 programs
• Ask FBI office to screen at-risk visitors/foreign delegations in advance of visit

On a regular basis

• Hold cognizant staff accountable for knowing the domain
• Enforce physical and computer security measures – periodically test
• Measure what’s important and reward the behavior you want repeated

Remember…

1. Ask the right questions;
2. Do the math;
3. Trust, but verify;
4. Use the velvet rope and black cloth; and
5. Educate, communicate and reward.

As always, comments and thoughts are welcome.

Chuck Georgo, chuck@nowheretohide.org

Chuck has served as a strategic planner, business analyst, and technologist for the National Security Agency, Federal Bureau of Investigation, Department of Homeland Security, Naval Criminal Investigative Service, Naval Security Group, Illinois State Police, and many other public and private sector organizations. He helped these agencies to develop meaningful strategies, to implement innovative technologies, and to assess their success towards achievement of desired public safety and homeland security results. He currently serves as Executive Director for NOWHERETOHIDE.ORG, First Vice president of the InfraGard Maryland Members Alliance, and Chairman, IJIS Institute Security and Privacy Committee.

It’s 2pm on Sunday: Do you know where your data is?

It seems the Los Alamos National Laboratory (LANL)  is  in the news again. Just when you’d think they addressed the vulnerabilities that Wen Ho Lee exploited back in 1999 (Lee has his own Wikipedia page now), they got slammed again in 2006 when local police found a thumb-drive with classified information on it at local residence involved in a local narcotics investigation.  Well now the U.S. Government Accountability Office (GAO) just release an audit report of LANL that reported:

LANL has implemented measures to enhance its information security controls, but significant weaknesses remain in protecting the confidentiality, integrity, and availability of information stored on and transmitted over its classified computer network. The laboratory’s classified computer network had vulnerabilities in several critical areas, including (1) uniquely identifying and authenticating the identity of users, (2) authorizing user access, (3) encrypting classified information, (4) monitoring and auditing compliance with security policies, and (5) maintaining software configuration assurance.

While LANL got slammed for losing information on its  ”classified” network…what about all of the unclassified information that’s floating around out there? I feel it is just as important to make sure all of the sensitive but unclassified case information, organization proprietary information, or intelligence data that contains Personally Identifiable Information (PII) is protected as well–would you want to be the person explaining to their boss what data was just lost on that USB drive you left at the airport restaurant?

While I was at the International Association of Chiefs of Police Conference in Denver last month, I ran across a security item that really caught my eye–it was a standard, run of the mill 4GB USB thumb drive, but this one was unique–it had a built in PIN keypad, encrypted all data with AES encryption, and you didn’t have to plug it in to the computer first before unlocking it.  I got to thinking…if every law enforcement officer and intelligence analyst who had a legal, bonafied reason for copying sensitive data  onto portable media like CD-ROMs, SD cards, or unsecured thumb drives had one of these, they could sleep better at night knowing that the information on the thumb drive wouldn’t be compromised if it were lost or stolen, or than an unauthorized person who happend to get access to the drive couldn’t stick it in their computer and access the information it holds.

The item is called the Classified Secure Flash Drive. It’s a 4GB thumb drive with a built in 5-key keypad for entering a 1-10 digit PIN.  There is NO software required on the desktop/laptop to create or enter the PIN and all data on it is secured with 256 bit AES encryption. Those of you who know me know that I do not want to become another big IT vendor; however, I have decided to make these (and other innovative, niche technologies) available to agencies through NOWHERETOHIDE.ORG.  For Federal agencies; the manufacturer has developed a FIPS 140-2 compliant version with a built in 10-key keypad; they are in the midst of the validation process now.

Microsoft Fusion Core Solution: For pain relief, take two webparts and call me in the morning

I don’t usually plug any specific software, but I felt compelled to tell you about something I have been working with Microsoft on for about  the last eight months–it’s called the Fusion Core Solution (FCS). What’s different about this project is that FCS isn’t just another application, it is an effort by Microsoft to help fusion centers do more with the many applications they currently own or have plans to invest in. First a bit of background.

Whether you like the idea of a fusion center or not, they are here to stay. At last count, there were about 70 of them, and DHS recently spoke of helping to get even more going.  At their core, I believe a fusion center is responsible for doing three basic things: 

1. Accepting and vetting reports of unusual behavior (criminal or terrorism related);
2. Providing intelligence support to major case and tactical law enforcement operations; and
3. Proactively supporting federal, state, and local homeland security and community safety objectives. 

To do this well, the majority of fusion centers in operation today are required to rely on an assortment of manual processes, a patchwork of incompatible software applications, and dozens of disparate information sources. Walk into the typical fusion center today and you’ll probably find that an analyst answering the phone has to enter the request for their services into one application for management purposes, enter the same information into a second application for sharing purposes, then has to manually bring up and login to anywhere from 5-15 different data sources to search for information related to the service request, then has to open up at least one or more applications to write up  and package up the requested response, and then, more than likely, has to either manually fax it to whomever asked for the information or call them back on the telephone to give them the answer–a pretty painful and tedious way to work.

Today though, Microsoft announced release of a project that I have been helping them to develop for quite some time–the Fusion Core Solution.  Microsoft hopes, through use of Office, SharePoint and ESRI’s ArcGIS to help ease the pain described above.  The FCS uses SharePoint as a horizontal integration and workflow management platform to help an analyst go from taking in a fusion center service request, to searching for information, to analyzing that information, to producing the intelligence product without having to leave the SharePoint environment at all.

At a non-technical level, the FCS will enable fusion centers to do a couple of pretty cool things:

1. Provides a common look and feel across multiple analytic tools and business processes.
2. Greatly reduces the number of user names and passwords analyst must remember.
3. Organizes requests for fusion center services, and tracks progress of fusion center work.
4. Helps to better document and comply with 28 CFR Part 23, CUI and PCII requirements.
5. Provides multiple analyst-to-analyst and fusion center-to-fusion center collaboration tools
6. Helps to keep track of fusion center and extended staff capabilities and availability.

From a technical perspective, FCS fully supports NIEM conformant information exchanges and establishes a framework for supporting the service-oriented principles of the Justice Reference Architecture (JRA) as it applies to information and data sharing.

In a nutshell, “Fusion Core Solution is for a Fusion Center what Microsoft Windows is to a personal computer“–you can think of FCS as the “operating system” for a Fusion Center.

For more info, check out the Fusion Core Solution website, or email me.

r/Chuck

Added 8/4/2009: Click HERE to see Joe Rozek, Microsoft’s Executive Director of Homeland Security, and Former Senior Director for Domestic Counterterrorism at The White House Office of Homeland Security talk about Fusion Core Solution

Health Info Sharing Beating LE to the Punch

If you haven’t heard about the Department of Health and Human Services Federal Health Architecure and CONNECT project, I suggest you pop over to this website where documentation for version 2.0 of the software resides:

http://www.connectopensource.org/display/NHINR2/Release+2.0+Home

CONNECT is an open source software gateway that connects public and private health orgaizations to the National Health Information Network.  Think of it like a giant peer-to-peer N-DEx, but with an open source “front-porch” that drops into each agency and extracts the data from back-end systems.

I’ll be doing more investigation into the CONNECT project to see if we can adapt it for law enforcement information sharing use–the closest thing to this on the LEIS side is the FINDER project in orlando, FL.

as always, comments and thoughts welcomed.

r/Chuck

chuck@nowheretohide.org - www.nowheretohide.org

What Gets Measured Gets Done…Using Evaluation to Drive Law Enforcmement Information Sharing

Tom Peters liked to say “what gets measured gets done.”  The Office of Management and Budget (OMB) took this advice to heart when they started the federal Performance Assessment Rating Tool (PART) (http://www.whitehouse.gov/omb/part/) to assess and improve federal program performance so that the Federal government can achieve better results. PART includes a set of criteria in the form of questions that helps an evaluator to identify a program’s strengths and weaknesses to inform funding and management decisions aimed at making the program more effective.

I think we can take a lesson from Tom and the OMB and begin using a formal framework for evaluating the level of implementation and real-world results of the many Law Enforcement Information Sharing projects around the nation.  Not for any punitive purposes, but as a proactive way to ensure that the energy, resources, and political will continues long enough to see these projects achieve what their architects originally envisioned. 

I would like to propose that the evaluation framework be based on six “Standards for Law Enforcement Information Sharing” that every LEIS project should strive to comply with; they include:

1. Active Executive Engagement in LEIS Governance and Decision-Making;

2. Robust Privacy and Security Policy and Active Compliance Oversight;

3. Public Safety Priorities Drive Utilization Through Full Integration into Daily Operations;

4. Access and Fusion of the Full Breadth and Depth of Regional Data (law enforcement related);

5. Wide Range of Technical Capabilities to Support Public Safety Business Processes; and

6. Stable Base of Sustainment Funding for Operational and Technical Infrastructure Support.

My next step is to develop scoring criteria for each of these standards; three to five per standard, something simple and easy for project managers and stakeholders to use as a tool to help get LEIS “done.”

I would like to what you think of these standards and if you would like to help me develop the evaluation tool itself…r/Chuck

Chuck Georgo
chuck@nowheretohide.org
www.nowheretohide.org