Archives

Categories

intelligence center

01.08.2013 Budget, fusion center, homeland security intelligence, Information sharing, intelligence, intelligence center, Performance Measures, Strategy, Uncategorized Comments Off on DHS Fusion Center Assessment Report is out…How’d we do?

DHS Fusion Center Assessment Report is out…How’d we do?

2012 National Fusion Center Assessment Report (cover) 2The Department of Homeland Security (DHS) released its 2012 National Network of Fusion Centers Assessment Report and the results are encouraging. DHS reported that (overall) fusion centers improved their capability scores by 11 points over the 2011 assessment report card. Summary findings, based on Critical Operating Capabilities (COCs):

COC 1 – Receive

  • All fusion centers (77 or 100%) have access to federally sponsored Sensitive But Unclassified (SBU) information sharing systems.
  • Every fusion center (77 or 100%) has at least one person cleared to access Secret information, but regular staff turnover means that fusion centers will continue to request new clearances (approximately 500 new clearance requests in the next 12 months).
  • A significant number of fusion centers have on-site access to classified information sharing systems (66 or 85.7%).
  • Fusion center use of the DHS Secret Internet Protocol Router Network (SIPRNet) Whitelist (Whitelist) is limited (41 or 53.2%).

COC2 – Analyze

  • Fusion centers are highly involved in assessing threat and risk for their area of responsibility (AOR) (72 or 93.5%).
  • Fusion centers are obtaining and using customer feedback on their analytic products (structured feedback: 65 or 84.4%).
  • Analytic production plans are used widely across the National Network (60 or 77.9%).
  • Critical infrastructure protection capabilities continue to expand across the National Network (75 or 97.4%).

COC 3 – Disseminate

  • Despite progress since 2011, less than half (35 or 45.5%) of the National Network have a process in place to verify that customers are receiving their products.
  • Fusion centers are increasingly designating a single, primary information sharing system (72 or 93.5%), but Homeland Security Information Network (HSIN) Intel is not frequently cited (23 or 29.9%) as the primary system for unclassified communication between fusion centers.

COC 4 – Gather

  • The number of fusion centers that have developed Standing Information Needs (SINs) has increased (59 or 76.6%), but continued attention to SINs development is necessary.
  • The National Network has a robust request for information (RFI) management capability (69 or 89.6%).
  • A significant percentage of the National Network are involved in the Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI), in particular in providing line officers with information on the behaviors identified in the Information Sharing Environment (ISE)-SAR Functional Standard (SAR line officer training: 66 or 85.7%).

DHS has identified three areas for improving fision center capabilities:

  1. Use Standing Information Needs (SINs) as the foundation of a customer-driven fusion process:
    Fusion centers need to have a process for a) deriving and cataloguing regional and federal information and intelligence needs SINs , and b) actively tagging/associating these SINs with the information and intelligence products they produce.
  2. Document key business processes and ensure consistent access to training:
    High turnover in critical fusion center staff positions is going to be the norm, for a number of reasons – staff rotations, augmentation, contract renewals, promotions, etc. Fusion Center Directors must plan for this “churn” by taking the time to a) document the center’s core business processes, b) keep SOPs and policies up to date, and c) develop training and other performance support tools to minimize the impact of staff turnover on center operations.
  3. Implement organizational planning and evaluation processes to continuously improve fusion center operations:
    Fusion centers should clearly develop and communicate their center’s mission, goals, and objectives by developing a strategic plan, and using that plan as a tool to measure its performance. The strategic plan and periodic performance reports should help to communicate how investments in the fusion center result in tangible results, and b) help to drive annual budget requests to sustain or enhance current center capabilities.

I see gaps in these areas in my own work with fusion centers…unfortunately, many fusion centers are so busy with operational activities, that developing SOPs, training, strategic plans, etc., ends up on the back burner.

One other area, not directly addressed by the DHS assessment process is the development of an effective plan and roadmap for building an IT infrastructure that supports the four COCs. This too gets relegated to the back burner. In some cases, IT is addressed, but in a piecemeal fashion – Fusion Center Directors should elevate the need for an integrated IT plan, one developed from Fusion Center business processes and describes three key areas.

Suggested Components of a Fusion Center IT Strategy

  • Information and Intelligence exchanges – what information, data, and intelligence comes-in and goes-out of the Fusion Center?
  • What functional capabilities does the Fusion Center have now and which systems deliver those capabilities? (as-is)
  • What NEW functional capabilities does the Fusion Center need, and how will the center procure them? (to-be)
  • How much money does the Fusion Center need to a) sustain current capabilities and b) to implement the new capabilities?

Feel free to reach out to me if your center would like to discuss enhancing your operational and/or IT planning capability.

r/Chuck

 

30.07.2009 Analysis, CJIS, data sharing, fusion center, intelligence center, Law enforcement information sharing, public safety 1 Comment

Portal-mania: They’re reproducing like bunnies, but they ain’t as cute

I had a conversation with a fusion center director yesterday about portals that really drove home a feeling I had about the recent plethora (read: boatload) of portals that the average analyst person supporting public safety and homeland security has to login to in order to do their jobs. 

I’m paraphrasing a bit, but he basically indicated that the state, local, and private sector organizations in his state told him that they “DO NOT want to have to log into multiple portals” to stay informed about criminal and terrorism threats to their state’s  infrastructure.” 

When you take a closer look at the “Portal-mania” that exists, it seems that every agency and multiple programs within a single agency has to have their own portal for accessing the information and analytic tools that agency or program provides; here’s a quick list of ones I am familar with, (feel free to email me the names of others you know about):

  1. DHS HSIN State and Local Community of Interest (SLIC)
  2. DHS Lessons Learned Information Sharing (LLIS)
  3. DHS Automated Critical Asset Management System (ACAMS)
  4. DOJ Regional Data Exchange (R-DEx)
  5. DOJ National Data Exchange (N-DEx)
  6. DOJ eGuardian
  7. DOJ Law Enforcement Online (LEO)
  8. DOJ InfraGard
  9. DOJ National Sex Offender Public Website (NSOPW)
  10. DOJ National Criminal Intelligence Resource Center (NCIRC)
  11. DOJ Regional information Sharing System (RISS)
  12. Private Sector CyberCop
  13. [State] Criminal Justice Information System (CJIS)
  14. …add to this Department of the Treasury, Department of Transportation, and other federal agency portals
  15. …and about three-dozen other databases and private sector websites

This is nutz! Dedicated portals are so 1990’s…we should be able to use the same technology I used to create this website and blog (WordPress and four different plug-in widgets) to make information and advanced analytic capabilities available to Fusion Centers and other public safety users.  I would like to challenge the agencies and programs listed above to make the information and capabilities they offer available  through widgets, web-parts, and gadgets that Fusion Centers and other intelligence/information sharing users can integrate into THEIR portal of choice. 

Whether it’s SharePoint, Oracle, or IBM Websphere, state, local, or private sector organizations should be able to pick and integrate into THEIR selected portal environment from the portal list above the information and capabilities that they need to do their job–they should not have to access the multiple, stovepiped portals as they do today.

I’d like to know what you think about this…Thanks..r/Chuck Georgo

13.07.2009 data sharing, fusion center, Information sharing, intelligence center, Law enforcement information sharing, Uncategorized Comments Off on Microsoft Fusion Core Solution: For pain relief, take two webparts and call me in the morning

Microsoft Fusion Core Solution: For pain relief, take two webparts and call me in the morning

I don’t usually plug any specific software, but I felt compelled to tell you about something I have been working with Microsoft on for about  the last eight months–it’s called the Fusion Core Solution (FCS). What’s different about this project is that FCS isn’t just another application, it is an effort by Microsoft to help fusion centers do more with the many applications they currently own or have plans to invest in. First a bit of background.

Whether you like the idea of a fusion center or not, they are here to stay. At last count, there were about 70 of them, and DHS recently spoke of helping to get even more going.  At their core, I believe a fusion center is responsible for doing three basic things: 

  1. Accepting and vetting reports of unusual behavior (criminal or terrorism related);
  2. Providing intelligence support to major case and tactical law enforcement operations; and
  3. Proactively supporting federal, state, and local homeland security and community safety objectives. 

To do this well, the majority of fusion centers in operation today are required to rely on an assortment of manual processes, a patchwork of incompatible software applications, and dozens of disparate information sources. Walk into the typical fusion center today and you’ll probably find that an analyst answering the phone has to enter the request for their services into one application for management purposes, enter the same information into a second application for sharing purposes, then has to manually bring up and login to anywhere from 5-15 different data sources to search for information related to the service request, then has to open up at least one or more applications to write up  and package up the requested response, and then, more than likely, has to either manually fax it to whomever asked for the information or call them back on the telephone to give them the answer–a pretty painful and tedious way to work.

Today though, Microsoft announced release of a project that I have been helping them to develop for quite some time–the Fusion Core Solution.  Microsoft hopes, through use of Office, SharePoint and ESRI’s ArcGIS to help ease the pain described above.  The FCS uses SharePoint as a horizontal integration and workflow management platform to help an analyst go from taking in a fusion center service request, to searching for information, to analyzing that information, to producing the intelligence product without having to leave the SharePoint environment at all.

At a non-technical level, the FCS will enable fusion centers to do a couple of pretty cool things:

  1. Provides a common look and feel across multiple analytic tools and business processes.
  2. Greatly reduces the number of user names and passwords analyst must remember.
  3. Organizes requests for fusion center services, and tracks progress of fusion center work.
  4. Helps to better document and comply with 28 CFR Part 23, CUI and PCII requirements.
  5. Provides multiple analyst-to-analyst and fusion center-to-fusion center collaboration tools
  6. Helps to keep track of fusion center and extended staff capabilities and availability.

From a technical perspective, FCS fully supports NIEM conformant information exchanges and establishes a framework for supporting the service-oriented principles of the Justice Reference Architecture (JRA) as it applies to information and data sharing.

In a nutshell, “Fusion Core Solution is for a Fusion Center what Microsoft Windows is to a personal computer“–you can think of FCS as the “operating system” for a Fusion Center.

For more info, check out the Fusion Core Solution website, or email me.

r/Chuck

Added 8/4/2009: Click HERE to see Joe Rozek, Microsoft’s Executive Director of Homeland Security, and Former Senior Director for Domestic Counterterrorism at The White House Office of Homeland Security talk about Fusion Core Solution

15.03.2009 data sharing, intelligence center, privacy, security, security threats, Technology Comments Off on Beware of geeks bearing free online apps…is your privacy at risk?

Beware of geeks bearing free online apps…is your privacy at risk?

If you’re like most folks, you stopped reading the “fine print” terms and conditions on free online appliactions like Google Apps, Windows Live, Zoho, and MySpace. I did too, until today. I caught an article  on NetworkWorld.com today entitled “Privacy groups rip Google’s targeted advertising plan” that described how privacy advocates are concerned about Google’s foray into the world of behavioral targeting in its DoubleClick advertising business.  So, that got me curious…what can Google (and others) do with your personal data, files, etc?

I did a quick check of four online appliactions that I use–Zoho, Windows Live, MySpace and Google Apps–here’s what I found.

  1. ZoHo’s terms of use states:We store and maintain files, documents, to-do lists, emails and other data stored in your Account at our facilities in the United States or any other country. Use of Zoho Services signifies your consent to such transfer of your data outside of your country.  In order to prevent loss of data due to errors or system failures, we also keep backup copies of data including the contents of your Account. Hence your files and data may remain on our servers even after deletion or termination of your Account.”
  2. Windows Live had a different twist:
    Microsoft does not claim ownership of the materials you provide to Microsoft (including feedback and suggestions) or post, upload, input or submit to any Services or its associated services for review by the general public, or by the members of any public or private community, (each a “Submission” and collectively “Submissions”).  However, by posting, uploading, inputting, providing or submitting (“Posting”) your Submission you are granting Microsoft, its affiliated companies and necessary sublicensees permission to use your Submission in connection with the operation of their Internet businesses (including, without limitation, all Microsoft Services), including, without limitation, the license rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; to publish your name in connection with your Submission; and the right to sublicense such rights to any supplier of the Services.”
  3. MySpace pretty much mirrors Microsoft’s terms:
    After posting your Content to the MySpace Services, you continue to retain any such rights that you may have in your Content, subject to the limited license herein. By displaying or publishing (“posting”) any Content on or through the MySpace Services, you hereby grant to MySpace a limited license to use, modify, delete from, add to, publicly perform, publicly display, reproduce, and distribute such Content solely on or through the MySpace Services, including without limitation distributing part or all of the MySpace Website in any media formats and through any media channels, except Content marked “private” will not be distributed outside the MySpace Website.”
  4. Google had the best (or worst) of all worlds: It’s Privacy Policy statesGoogle processes personal information on our servers in the United States of America and in other countries. In some cases, we process personal information on a server outside your own country. We may process personal information to provide our own services. In some cases, we may process personal information on behalf of and according to the instructions of a third party, such as our advertising partners.”It’s Google Apps terms of service statesInformation collected by Google may be stored and processed in the United States or any other country in which Google or its agents maintain facilities.”It’s general terms of service statesYou retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services..You agree that this licence includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this licence shall permit Google to take these actions. You confirm and warrant to Google that you have all the rights, power and authority necessary to grant the above licence.”

So, what’s the moral to this story?  Three things…

  1. Take the time to read the fine print; make yourself and others aware of the privacy and terms of service conditions for these and other (free or fee-based) online appliacations;
  2. If your federal, state or law enforcement agency, fusion center, or other government agency are using any of these services, make sure you have written policies about what can and cannot be posted, stored, or shared through these services; and
  3. Assume anything you do post or share will a) make its way outside of the United States and b) reused in some way for marketing or advertising purposes.

Play it safe; don’t assume your information posted to these services will remain private. Remember, once out, that privacy genie will be nearly impossible to get back in the bottle.

As always, your thoughts and comments are welcomed…r/Chuck

09.03.2009 data sharing, fusion center, Information sharing, intelligence center, law enforcement, privacy, Processes, security 1 Comment

Intelligence Fusion Centers: A threat to personal privacy? Not if they can answer "yes" to these 10 questions.

Time Magazine just released “Fusion Centers: Giving Cops Too Much Information?” – another article in a long line of articles and papers published over the last few years by many organizations describing how fusion centers are a threat to our personal privacy.  In the article, they quote the ACLU as saying that

“The lack of proper legal limits on the new fusion centers not only threatens to undermine fundamental American values, but also threatens to turn them into wasteful and misdirected bureaucracies that, like our federal security agencies before 9/11, won’t succeed in their ultimate mission of stopping terrorism and other crime”

While I disagree with their assertion that “legal limits” are the answer (we already have lots of laws governing the protection of personal privacy and civil liberties), I do think that more can be done by fusion center directors to prove to groups such as the ACLU that they are in-fact operating in a lawful and proper manner.

To help a fusion center director determine their level of lawful operation, I’ve prepared the following ten question quiz.  This quiz is meant to be criterion based, meaning that ALL ten questions must be answered “yes” to pass the test; any “no” answer puts that fusion center at risk for criticism or legal action.

Fusion Center Privacy and Security Quiz

  1. Is every fusion center analyst and officer instructed to comply with that fusion center’s documented policy regarding what information can and cannot be collected, stored, and shared with other agencies?
  2. Does the fusion center employ a documented process to establish validated requirements for intelligence collection operations, based on documented public safety concerns?
  3. Does the fusion center document specific criminal predicate for every piece of intelligence information it collects and retains from open source, confidential informant, or public venues?
  4. Is collected intelligence marked to indicate source and content reliability of that information?
  5. Is all collected intelligence retained in a centralized system with robust capabilities for enforcing federal, state or municipal intelligence retention policies?
  6. Does that same system provide the means to control and document all disseminations of collected intelligence (electronic, voice, paper, fax, etc.)?
  7. Does the fusion center regularly review retained intelligence with the purpose of documenting reasons for continued retention or purging of outdated or unnecessary intelligence (as appropriate) per standing retention policies?
  8. Does the fusion center director provide hands-on executive oversight of the intelligence review process, to include establishment of approved intelligence retention criteria?
  9. Are there formally documented, and enforced consequences for any analyst or officer that violates standing fusion center intelligence collection or dissemination policies?
  10. Finally, does the fusion center Director actively promote transparency of its lawful operations to  external stakeholders, privacy advocates, and community leaders?

Together, these ten points form a nice set of “Factors for Transparency” that any fusion center director can use to proactively demonstrate to groups like the ACLU that they are operating their fusion center in a lawful and proper manner. 

As always, your thoughts and comments are welcomed…r/Chuck