civil information awareness program (ciap) linking federal, state and local law enforcement within a...
TRANSCRIPT
Civil Information Awareness Program (CIAP)
Linking Federal, State and Local Law Enforcement within a Total Information Awareness Grid
CIAP OverviewEmphasis on Local level, all source information fusion center focused on deriving HLS related actionable knowledge Conduct Critical Infrastructure Vulnerability Analysis and Threat AssessmentsTrack Indications and Early Warning of Threat ActivitiesProvide on-going net-assessment and Threat Situation AwarenessCollaboration Link between Federal & State Information Centers and local LEA
Full Spectrum Analysis and Production*Vulnerabilities *Indications and Warning *Situation Awareness
Requirements
“Through joint planning, clear communication, comprehensive coordination, mutual aid at all levels and increased information sharing, America ’s first responders can be trained and equipped to save lives in the event of a terrorist attack. President Bush, Securing the Homeland, Strengthening the Nation, 2002
Intelligence sharing capability is the number one requirement of law enforcement agencies. NIJ Sponsored Survey of Law Enforcement Agencies
…need an information sharing capability Association of Police Chiefs report to DoJ
“the nation’s law enforcement community needs to be a team…focused on predictive intelligence.” Attorney General John Ashcroft
Establishment of new DHS…has identified a requirement for local level intelligence fusion centers as part of national strategy
Critical Infrastructure Vulnerability Assessment Local level Information Coordination and Dissemination Centers
The Technology Needed to Share Information is Already Here
Emphasis on Local level, all source information fusion center focused on deriving HLS related
actionable knowledge
Convert nebulous data to knowledge and actionable options
Data
OpenSource
Information Knowledge
Products:Planning Tools
AdvisoriesAlerts
Bulletins
What’s happening Context DecisionSupport
All Source Reporting
Local Operational Area
FederalInfo
Products
Citizen
Field Ops
CIAP Ops Center
Process: Conduct Critical Infrastructure Vulnerability Analysis and Threat Assessments
Local Database of Potential Target and Likely Threats used to Derive an Indications and Warning Process
Identify Potential Targets
Site surveys
Define the site’s characterizations
Evaluate the site’s physical security posture
Evaluate Threats and Prepare Threat Models
Correlate Threat to Vulnerabilities
Define Indications and Early Warning Criteria
Prepare Rapid Response Reference Products
Process: Track Indications and Early Warning of Threat Activities
Identify activities that provide evidence indicating the development of a potential incident
Define Specific Information Requirements (SIR)
Define Named Areas of Interest NAI
Correlate SIR, NAI with Reporting Source
Open Reporting Channels using Information Awareness (IA) Net
Plot, Record, Correlate and Assess Incoming Reports employing IA Database and Geospatial Information System (GIS) Display
NAI
Process: Provide on-going net-assessment and Threat Situation Awareness
Response Personnel Constant Awareness of Threat Situation
Conduct Detailed, Multi-Disciplined Assessment of Reports by comparing to Threat Models
Actual Situation Assessment Compared to Predicted Events
Identify Deviations and Update Assessment
Disseminate Alerts, Advisories or Bulletins as Appropriate
Update Rapid Response References as Appropriate
Explosives
Chem
BIO
RDD
HAZMATCyber
Technologies
CIAP Portal Applications Incident Management GIS Reporting Chat Video
VTCVirtual EOCSan Diego Enterprise Portal
GIS Work Flow Engine Advanced Terabyte Search Engine
San Diego State University Vis LabCAL IT2 Infrastructure
End State: Collaboration Link between Federal & State Information Centers and local LEA
IA IA NetNet
IA IA NetNet
National Information Awareness Grid that Emphasizes Local Requirements
FederalInformation
Center
Local CIAP
State Information
Centers
•Information Products Archive in Document Library•Imagery Archive•Collaboration Tools for Chat and VTC•Surveillance Video over TCP/IP•Voice over TCP/IP•Incident Management Application•Real-Time Reporting•Report Forms and GIS Mapping
Proof of Concept
Domestic Emergency Response Information Service (DERIS) March, 2002
Burning Man, August, 2002
Super Bowl XXXVII, January, 2003 Vulnerability Analysis and Threat
Assessment Concept Active Citizen Program Indications and Warning/Situation
Awareness Concept
Domestic Emergency Response Information Service (DERIS)
Demonstrated feasibility of portal based approach for LEA crisis response
Implements National Institute for Urban Search and Rescue standards for eXtreme Information Infrastructure (XII)
Prototype a common operational picture and provide real-time C2 for Joint Civil-Military Operations
LEA from Chicago, San Diego and Los Angeles utilized collaboration portal within context of a potential terrorist attack
Burning Man Event
Burning Man Event held annuallySpontaneous community of 25,000 people gathering to explore social phenomena CIAP involvement
Established robust collaboration network in an austere environment Employed DERIS portal tools as primary means for receiving, archiving and disseminating
emergency management essential elements of information Over four day period, implemented complex cultural analysis focused on the dynamics of
an emergent community Social Structure (caste, tribal, warlord) Religion, Ethnic Groups Evolving Economic Structure and Status Political structure and stability Language and Dialect Reaction to intervening forces Location and identification of key social facilities, etc Implications Terrain and Weather
Developed Reach-back technique to interface with San Diego State University Sociology Lab and San Diego Data Processing Center’s GIS applications
Provided Situation Awareness Products describing community profile in real time Integrated products and tools within 3-D virtual Emergency Operations Center Employ advanced visualization techniques
Super Bowl XXXVII (Future) Phase IExercise and Evaluation Support
Special Event Readiness Level IISan Diego Police requested support from Federal Office for Domestic Preparedness (ODP)CIAP participation…Review Local Vulnerability Analysis and Threat Assessments as basis for Tabletop and Functional Exercises
Identify potential critical infrastructure targets and target systems Conduct site surveys, Define the site’s functional, physical and
environmental characterizations, Evaluate the site’s physical security posture
Define the most likely and most dangerous threat, and Develop threat attack models and correlate with potential target vulnerabilities
Facilitate “Gaming” of Threat problem against Security Posture Provide recommendations for security, indications and warning, response
and mitigation resources
Target SitesTarget Sites
Target SitesSan DiegoTarget Site
Surveys
Target Folders
AreaThreat
Assessment
Target FoldersTarget Folders
Target FoldersAnalysis
San DiegoThreat
EvaluationAnalysis
Threat Integration Exercises and Gaming
SituationTemplates
Site SpecificReports
Anchored toDOD, ODP, SDNL
Standards
Threats Models Developed using
DOD, ODP, SDNLStandards
Graphic snapshotsOf Potential
Threat ElementsCourse of Action
Related to SpecificSites
SituationTemplatesSituation
TemplatesSituationTemplates
Text based, but supported by amplifying images, plans, diagrams and maps
Text based, butsupported by amplifying images, plans, diagrams and maps
•Orientation Graphic•Site Characteristics Graphics•Site Findings Graphic
•Doctrinal templates•Potential Threat Element Profile*Image*Description*Existence, Capability, History, Intentions matrix*Assessment -targets they may see attractive
Graphics and terrain model based.
•Sit-Temp roughs for gaming•Terrain Model •Refined Sit Temp Quad Chart*Site Findings Graphic Extract*PTE image and description*Template of attack COA*Recommendations & I&W
1.
2.
3.
SiteSurvey
Facility XReport
Site SpecificReportsCollect Data per Playbook
Orientation graphic *Basic Site info Table*Working inward, identify KOCCOA elements*Potential Hazards*Amplifying data tables
Site Characteristics graphics could take many forms but will illustrate Information collected on:*Operational Conditions, *Building Structure,*Intermodal links and Systemic Impact,*Procedures,*Equipment and Information*Historic Analysis,*Consequence and Severity Analysis
*Security System Effectiveness
Review Orientation and Characteristics Graphics and identify vulnerabilities. DOD, ODP and SDNL protocols and evaluation checklists are used in conjunction with these graphics to key in on main limitations and opportunities provided by the lay of the land.
Site Findings Graphic will combine critical components of Orientation and Characteristic Graphics to Illustrate key analytical points that need to be brought to the customer’s attention. This will be a single graphic And will provide the basis for gaming during threat integration phase.
Target Folder provides description of findings in narrative format
DOD, ODP, SDNL Vulnerability Analysis Protocols
Collect and Report
Initial Production
Vulnerability Analysis Playbook
Analysis
Final Production
Information and ProductRefinement Process
1San DiegoTarget Site
Surveys
AreaThreat
Assessment
San DiegoThreat
Evaluation
Threat Database
*Image*Description*Existence, Capability, History, Intentions matrix*Assessment -targets they may see attractive
Information and ProductRefinement Process
Collect and Report
Initial Production
Analysis
Final Production
•Detail Research•Interaction with LEA
Report
Threats Models Developed using DOD, ODP, SDNL Standards
Threat Model Graphics –Doctrinal Templates Illustrate how PTE conducts attacks
PTE Quad Charts provide a snapshot of PTE And the Potential targets attractive to the group
Evaluate PTE using DOD, ODP, SDNL Standards
Correlate PTE Models to Target Site Findings Graphic to determine which sites fit PTE profile
2San Diego
ThreatEvaluation
Information and ProductRefinement Process
Initial Production
Detailed Analysis
Final Production
*Site Finding Graphic Extract*PTE image and description*Template of attack COA*Recommendations & I&W
Table Top Exercise Series to refine Situation Templates and Help Security Personnel identify gas in their resources and procedures
Evaluate and refine Situation Templates based on results of Gaming. Evaluate gaming and define I&W
Situation Templates are a graphic illustration of how a PTE would attack a specific target. Situation Templates are developed for each attack scenario for each target site. Initial Situation Templates illustrate R&S activity, C2 Activity, Infiltration Activity and Attack Activity.
During Threat Integration’s initial production, Situation Templates are based on an analysis and need to be refined through exercises and gaming.
Terrain Models facilitate exercises by providing true scale representation of target site.
Situation Template Quad Charts illustrate ML and MD attack scenarios
SME Evaluation
3Threat Integration
Active Citizen Concept
A Critical Component to CIAP
Data
OpenSource
Information Knowledge
Products:Planning Tools
AdvisoriesAlerts
Bulletins
What’s happening Context DecisionSupport
All Source Reporting
Local Operational Area
FederalInfo
Products
ActiveCitizen
Field Ops
CIAP Ops Center
Active Citizen Program
Active Citizen Program leverages the eyes and ears of the community to assist law enforcement
Main Concept:Community based approach to empowering citizens as partners with law enforcement in the effort to protect their neighborhoods and communities.
Issues:*Events of Sept 11th and subsequent investigations reveal that the terrorists easily integrated into American communities.
*Americans are not aware of what indicators to look for.
*No program currently exists to educate the American public about things to look for in pre-attack environments
*No processes or programs exist to motivate Americans to inform law enforcement officials of suspicious activity.
*Most terrorists will infiltrate into ethnically-friendly lower/middle class economic communities.
*Most ethnic communities are suspicious of or non-cooperative with law enforcement programs.
*Existing community-based programs are not compatible
with the terrorist modus operandi.
Active Citizen Program
Active Citizen Program leverages theeyes and ears
of the community to assist law enforcement
Components:1. Organizational and Operational Structure
*ActCit Coordination Center *Cadre of trained citizen volunteers
2. Reporting Context*Provide citizens with specific
information reporting requirements
3. Reporting Infrastructure*Internet based reporting portal*Hotline Phone Bank*Does not replace 911!
4. Information Fusion*Validate*Coalesce*Archive
5. Dissemination to Law Enforcement
NeighborhoodActCitTeams
ActCitCoordination
CenterCoordination Center
is not a law enforcement entity
Active Citizen ProgramPilot Implementation:
Small Scale Sample Implementation During Pilot
Establish Coordination Center*Space in County EOC or SDSU Viz lab*Broadband, Telephone and VTCEstablish Cadre Sample for initial implementation*Link with SDPD COPS program *Link with Sheriffs Neighborhood WatchReporting Architecture*PDA, Cell Phone, Wireless Service*Block marshal conceptTrain and ExerciseImplement
Pulling the CIAP Pieces Together
Vulnerability Analysis + Threat Assessment + Active Citizen
Indications and Warning
Situation Awareness
Super Bowl XXXVII (Future) Phase IIEstablish CIAP Center is support of San Diego Multi-Agency
Command (MAC)
Stand up CIAP Center to provide real-time information reporting and all source fusion in support of indications and warning and situation awareness for Super Bowl security
LEADOC
SDEOC
MILSD
MACSDPDDOC
SDSODOC
LATEW
CATICOHS
Super BowlCIAP
Center
Reports
CIAP Portal
18 Cities in SDCounty
Full ServiceVTC
CATIC-California Anti-Terrorism Information Center
IAIANetNet
IAIANetNet
LEADOC
SDEOC
MILSD
MACSDPDDOC
SDSODOC
18 Cities in SDCounty
IAIANetNet
IAIANetNet
Net Assessment SupportAnd Production
Dissemination
Fed State
Real-TimeCollaboration Tools
ActCit
Event
Concept of Operations for San Diego:
X
Y
SD SheriffDOC
MilitaryCOCs County
EOC
MAC
LA TEWCATIC
OHSFBI
SIOCFEMA
CIAC
SDPDDOC
Z1
Z2
Field
Indications and Warning
I&W flow into CIAP viaIncident Reports from Field
And Supporting DOCs
LA TEW Provides Net AssessmentAnd Fusion Support
National Advisories and I&WFrom Federal Agencies
State Anti Terrorism InformationCoordination Advisories
ActCitFieldUnits
Event
Concept of Operations for San Diego:Situation Awareness
X
Y
SD SheriffDOC
MilitaryCOCs
County EOC
MAC
LA TEWCATIC
OHSFBI
SIOCFEMA
CIAC
SDPDDOC
Z1
Z2
Field
Alerts, Advisories and Bulletins Disseminated for Common Operational
Understanding
ActCitFieldUnits
ImplementationEstablish the Information Awareness Grid
SD SheriffDOC
MilitaryCOCs
County EOC
MAC
LA TEW
CATIC
OHS
FBISIOC
FEMA
CIAC
IAIANetNet
IAIANetNet
Virtual InformationAnalysis Round-Table
Each Center requires onlyA username and passwordFor each participant
SBU over VPN
National CapabilitiesIn Direct Support of LocalEvent in Real-time
Existing TechnologyNO new BoxesNO New SoftwareNO Modifications to ArchitecturesPortal Based Concept that uses “familiar” everyday type applications
SDPDDOC
SubjectMatterExperts
Facilitates Existing Procedures
Event
Info
rmati
onReal time access to online
Vulnerability assessment Products and planning tools
FAA
ImplementationCIAP Functionality…Monitoring Events
SD SheriffDOC
SDCounty
EOC
MACCIAC
IAIANetNet
IAIANetNet
Local CollaborationCoordinate Event Related Operations
Ensure Readiness Posture
SDPDDOC
•Information from the event site Disseminated using Incident Management Application allowing all sites to view significant Incident Reports•Access to Planning Documents using Shared Document Library allows collaborative action planning•Information Requests Managed using Request For Information (RFI) Application•Collaboration Tools allow real-time interaction•GIS Tracking Tools
Coordination at Event Site
ActCit
ImplementationCIAP Functionality…Monitoring Events
SD SheriffDOC
MilitaryCOCs
SDCounty
EOC
MAC
LA TEW
CATIC
OHS
FBISIOC
FEMA
CIAC
IAIANetNet
IAIANetNet
Link to vast Federal, State and RegionalInformation Resource Support SDPD
DOC
SubjectMatterExperts
•Information from the event site Disseminated using Incident Management Application allowing all sites to view significant Incident Reports•Access to Planning Documents using Shared Document Library allows collaborative action planning•Information Requests Managed using Request For Information (RFI) Application•Collaboration Tools allow real-time interaction
ImplementationCIAP Functionality…Alert and Notification
SDCounty
EOC
MACCIAC
IAIANetNet
IAIANetNet
SDPDDOC
•Broadcast Alerts and activate EOC/DOC using Alert and Notification Application•Shared Document Library
•Resource Lists•Planning Docs•Imagery•Mapping Graphics
•GIS Plume Modeling•Situation Templates for Action Planning
Coordination at Event Site
CellPhone
PDA
Pager
EmailSD SheriffDOC
Voice and Text
ActCit
Next Steps
Law Enforcement Working Group Endorsement and sponsorshipFederal, State and Local Agency participant endorsements Implement Active Citizen CoordinationImplement CIAP operational componentsImplement CIAP architecturePilot program in support of Super BowlDevelop Transition Concept