Civil Information Awareness Program (CIAP)

Linking Federal, State and Local Law Enforcement within a Total Information Awareness Grid

CIAP OverviewEmphasis on Local level, all source information fusion center focused on deriving HLS related actionable knowledge Conduct Critical Infrastructure Vulnerability Analysis and Threat AssessmentsTrack Indications and Early Warning of Threat ActivitiesProvide on-going net-assessment and Threat Situation AwarenessCollaboration Link between Federal & State Information Centers and local LEA

Full Spectrum Analysis and Production*Vulnerabilities *Indications and Warning *Situation Awareness

Requirements

“Through joint planning, clear communication, comprehensive coordination, mutual aid at all levels and increased information sharing, America ’s first responders can be trained and equipped to save lives in the event of a terrorist attack. President Bush, Securing the Homeland, Strengthening the Nation, 2002

Intelligence sharing capability is the number one requirement of law enforcement agencies. NIJ Sponsored Survey of Law Enforcement Agencies

…need an information sharing capability Association of Police Chiefs report to DoJ

“the nation’s law enforcement community needs to be a team…focused on predictive intelligence.” Attorney General John Ashcroft

Establishment of new DHS…has identified a requirement for local level intelligence fusion centers as part of national strategy

Critical Infrastructure Vulnerability Assessment Local level Information Coordination and Dissemination Centers

The Technology Needed to Share Information is Already Here

Emphasis on Local level, all source information fusion center focused on deriving HLS related

actionable knowledge

Convert nebulous data to knowledge and actionable options

Data

OpenSource

Information Knowledge

Products:Planning Tools

AdvisoriesAlerts

Bulletins

What’s happening Context DecisionSupport

All Source Reporting

Local Operational Area

FederalInfo

Products

Citizen

Field Ops

CIAP Ops Center

Process: Conduct Critical Infrastructure Vulnerability Analysis and Threat Assessments

Local Database of Potential Target and Likely Threats used to Derive an Indications and Warning Process

Identify Potential Targets

Site surveys

Define the site’s characterizations

Evaluate the site’s physical security posture

Evaluate Threats and Prepare Threat Models

Correlate Threat to Vulnerabilities

Define Indications and Early Warning Criteria

Prepare Rapid Response Reference Products

Process: Track Indications and Early Warning of Threat Activities

Identify activities that provide evidence indicating the development of a potential incident

Define Specific Information Requirements (SIR)

Define Named Areas of Interest NAI

Correlate SIR, NAI with Reporting Source

Open Reporting Channels using Information Awareness (IA) Net

Plot, Record, Correlate and Assess Incoming Reports employing IA Database and Geospatial Information System (GIS) Display

NAI

Process: Provide on-going net-assessment and Threat Situation Awareness

Response Personnel Constant Awareness of Threat Situation

Conduct Detailed, Multi-Disciplined Assessment of Reports by comparing to Threat Models

Actual Situation Assessment Compared to Predicted Events

Identify Deviations and Update Assessment

Disseminate Alerts, Advisories or Bulletins as Appropriate

Update Rapid Response References as Appropriate

Explosives

Chem

BIO

RDD

HAZMATCyber

Technologies

CIAP Portal Applications Incident Management GIS Reporting Chat Video

VTCVirtual EOCSan Diego Enterprise Portal

GIS Work Flow Engine Advanced Terabyte Search Engine

San Diego State University Vis LabCAL IT2 Infrastructure

End State: Collaboration Link between Federal & State Information Centers and local LEA

IA IA NetNet

IA IA NetNet

National Information Awareness Grid that Emphasizes Local Requirements

FederalInformation

Center

Local CIAP

State Information

Centers

•Information Products Archive in Document Library•Imagery Archive•Collaboration Tools for Chat and VTC•Surveillance Video over TCP/IP•Voice over TCP/IP•Incident Management Application•Real-Time Reporting•Report Forms and GIS Mapping

Proof of Concept

Domestic Emergency Response Information Service (DERIS) March, 2002

Burning Man, August, 2002

Super Bowl XXXVII, January, 2003 Vulnerability Analysis and Threat

Assessment Concept Active Citizen Program Indications and Warning/Situation

Awareness Concept

Domestic Emergency Response Information Service (DERIS)

Demonstrated feasibility of portal based approach for LEA crisis response

Implements National Institute for Urban Search and Rescue standards for eXtreme Information Infrastructure (XII)

Prototype a common operational picture and provide real-time C2 for Joint Civil-Military Operations

LEA from Chicago, San Diego and Los Angeles utilized collaboration portal within context of a potential terrorist attack

Burning Man Event

Burning Man Event held annuallySpontaneous community of 25,000 people gathering to explore social phenomena CIAP involvement

Established robust collaboration network in an austere environment Employed DERIS portal tools as primary means for receiving, archiving and disseminating

emergency management essential elements of information Over four day period, implemented complex cultural analysis focused on the dynamics of

an emergent community Social Structure (caste, tribal, warlord) Religion, Ethnic Groups Evolving Economic Structure and Status Political structure and stability Language and Dialect Reaction to intervening forces Location and identification of key social facilities, etc Implications Terrain and Weather

Developed Reach-back technique to interface with San Diego State University Sociology Lab and San Diego Data Processing Center’s GIS applications

Provided Situation Awareness Products describing community profile in real time Integrated products and tools within 3-D virtual Emergency Operations Center Employ advanced visualization techniques

Super Bowl XXXVII (Future) Phase IExercise and Evaluation Support

Special Event Readiness Level IISan Diego Police requested support from Federal Office for Domestic Preparedness (ODP)CIAP participation…Review Local Vulnerability Analysis and Threat Assessments as basis for Tabletop and Functional Exercises

Identify potential critical infrastructure targets and target systems Conduct site surveys, Define the site’s functional, physical and

environmental characterizations, Evaluate the site’s physical security posture

Define the most likely and most dangerous threat, and Develop threat attack models and correlate with potential target vulnerabilities

Facilitate “Gaming” of Threat problem against Security Posture Provide recommendations for security, indications and warning, response

and mitigation resources

Target SitesTarget Sites

Target SitesSan DiegoTarget Site

Surveys

Target Folders

AreaThreat

Assessment

Target FoldersTarget Folders

Target FoldersAnalysis

San DiegoThreat

EvaluationAnalysis

Threat Integration Exercises and Gaming

SituationTemplates

Site SpecificReports

Anchored toDOD, ODP, SDNL

Standards

Threats Models Developed using

DOD, ODP, SDNLStandards

Graphic snapshotsOf Potential

Threat ElementsCourse of Action

Related to SpecificSites

SituationTemplatesSituation

TemplatesSituationTemplates

Text based, but supported by amplifying images, plans, diagrams and maps

Text based, butsupported by amplifying images, plans, diagrams and maps

•Orientation Graphic•Site Characteristics Graphics•Site Findings Graphic

•Doctrinal templates•Potential Threat Element Profile*Image*Description*Existence, Capability, History, Intentions matrix*Assessment -targets they may see attractive

Graphics and terrain model based.

•Sit-Temp roughs for gaming•Terrain Model •Refined Sit Temp Quad Chart*Site Findings Graphic Extract*PTE image and description*Template of attack COA*Recommendations & I&W

1.

2.

3.

SiteSurvey

Facility XReport

Site SpecificReportsCollect Data per Playbook

Orientation graphic *Basic Site info Table*Working inward, identify KOCCOA elements*Potential Hazards*Amplifying data tables

Site Characteristics graphics could take many forms but will illustrate Information collected on:*Operational Conditions, *Building Structure,*Intermodal links and Systemic Impact,*Procedures,*Equipment and Information*Historic Analysis,*Consequence and Severity Analysis

*Security System Effectiveness

Review Orientation and Characteristics Graphics and identify vulnerabilities. DOD, ODP and SDNL protocols and evaluation checklists are used in conjunction with these graphics to key in on main limitations and opportunities provided by the lay of the land.

Site Findings Graphic will combine critical components of Orientation and Characteristic Graphics to Illustrate key analytical points that need to be brought to the customer’s attention. This will be a single graphic And will provide the basis for gaming during threat integration phase.

Target Folder provides description of findings in narrative format

DOD, ODP, SDNL Vulnerability Analysis Protocols

Collect and Report

Initial Production

Vulnerability Analysis Playbook

Analysis

Final Production

Information and ProductRefinement Process

1San DiegoTarget Site

Surveys

AreaThreat

Assessment

San DiegoThreat

Evaluation

Threat Database

*Image*Description*Existence, Capability, History, Intentions matrix*Assessment -targets they may see attractive

Information and ProductRefinement Process

Collect and Report

Initial Production

Analysis

Final Production

•Detail Research•Interaction with LEA

Report

Threats Models Developed using DOD, ODP, SDNL Standards

Threat Model Graphics –Doctrinal Templates Illustrate how PTE conducts attacks

PTE Quad Charts provide a snapshot of PTE And the Potential targets attractive to the group

Evaluate PTE using DOD, ODP, SDNL Standards

Correlate PTE Models to Target Site Findings Graphic to determine which sites fit PTE profile

2San Diego

ThreatEvaluation

Information and ProductRefinement Process

Initial Production

Detailed Analysis

Final Production

*Site Finding Graphic Extract*PTE image and description*Template of attack COA*Recommendations & I&W

Table Top Exercise Series to refine Situation Templates and Help Security Personnel identify gas in their resources and procedures

Evaluate and refine Situation Templates based on results of Gaming. Evaluate gaming and define I&W

Situation Templates are a graphic illustration of how a PTE would attack a specific target. Situation Templates are developed for each attack scenario for each target site. Initial Situation Templates illustrate R&S activity, C2 Activity, Infiltration Activity and Attack Activity.

During Threat Integration’s initial production, Situation Templates are based on an analysis and need to be refined through exercises and gaming.

Terrain Models facilitate exercises by providing true scale representation of target site.

Situation Template Quad Charts illustrate ML and MD attack scenarios

SME Evaluation

3Threat Integration

Active Citizen Concept

A Critical Component to CIAP

Data

OpenSource

Information Knowledge

Products:Planning Tools

AdvisoriesAlerts

Bulletins

What’s happening Context DecisionSupport

All Source Reporting

Local Operational Area

FederalInfo

Products

ActiveCitizen

Field Ops

CIAP Ops Center

Active Citizen Program

Active Citizen Program leverages the eyes and ears of the community to assist law enforcement

Main Concept:Community based approach to empowering citizens as partners with law enforcement in the effort to protect their neighborhoods and communities.

Issues:*Events of Sept 11th and subsequent investigations reveal that the terrorists easily integrated into American communities.

*Americans are not aware of what indicators to look for.

*No program currently exists to educate the American public about things to look for in pre-attack environments

*No processes or programs exist to motivate Americans to inform law enforcement officials of suspicious activity.

*Most terrorists will infiltrate into ethnically-friendly lower/middle class economic communities.

*Most ethnic communities are suspicious of or non-cooperative with law enforcement programs.

*Existing community-based programs are not compatible

with the terrorist modus operandi.

Active Citizen Program

Active Citizen Program leverages theeyes and ears

of the community to assist law enforcement

Components:1. Organizational and Operational Structure

*ActCit Coordination Center *Cadre of trained citizen volunteers

2. Reporting Context*Provide citizens with specific

information reporting requirements

3. Reporting Infrastructure*Internet based reporting portal*Hotline Phone Bank*Does not replace 911!

4. Information Fusion*Validate*Coalesce*Archive

5. Dissemination to Law Enforcement

NeighborhoodActCitTeams

ActCitCoordination

CenterCoordination Center

is not a law enforcement entity

Active Citizen ProgramPilot Implementation:

Small Scale Sample Implementation During Pilot

Establish Coordination Center*Space in County EOC or SDSU Viz lab*Broadband, Telephone and VTCEstablish Cadre Sample for initial implementation*Link with SDPD COPS program *Link with Sheriffs Neighborhood WatchReporting Architecture*PDA, Cell Phone, Wireless Service*Block marshal conceptTrain and ExerciseImplement

Pulling the CIAP Pieces Together

Vulnerability Analysis + Threat Assessment + Active Citizen

Indications and Warning

Situation Awareness

Super Bowl XXXVII (Future) Phase IIEstablish CIAP Center is support of San Diego Multi-Agency

Command (MAC)

Stand up CIAP Center to provide real-time information reporting and all source fusion in support of indications and warning and situation awareness for Super Bowl security

LEADOC

SDEOC

MILSD

MACSDPDDOC

SDSODOC

LATEW

CATICOHS

Super BowlCIAP

Center

Reports

CIAP Portal

18 Cities in SDCounty

Full ServiceVTC

CATIC-California Anti-Terrorism Information Center

IAIANetNet

IAIANetNet

LEADOC

SDEOC

MILSD

MACSDPDDOC

SDSODOC

18 Cities in SDCounty

IAIANetNet

IAIANetNet

Net Assessment SupportAnd Production

Dissemination

Fed State

Real-TimeCollaboration Tools

ActCit

Event

Concept of Operations for San Diego:

X

Y

SD SheriffDOC

MilitaryCOCs County

EOC

MAC

LA TEWCATIC

OHSFBI

SIOCFEMA

CIAC

SDPDDOC

Z1

Z2

Field

Indications and Warning

I&W flow into CIAP viaIncident Reports from Field

And Supporting DOCs

LA TEW Provides Net AssessmentAnd Fusion Support

National Advisories and I&WFrom Federal Agencies

State Anti Terrorism InformationCoordination Advisories

ActCitFieldUnits

Event

Concept of Operations for San Diego:Situation Awareness

X

Y

SD SheriffDOC

MilitaryCOCs

County EOC

MAC

LA TEWCATIC

OHSFBI

SIOCFEMA

CIAC

SDPDDOC

Z1

Z2

Field

Alerts, Advisories and Bulletins Disseminated for Common Operational

Understanding

ActCitFieldUnits

ImplementationEstablish the Information Awareness Grid

SD SheriffDOC

MilitaryCOCs

County EOC

MAC

LA TEW

CATIC

OHS

FBISIOC

FEMA

CIAC

IAIANetNet

IAIANetNet

Virtual InformationAnalysis Round-Table

Each Center requires onlyA username and passwordFor each participant

SBU over VPN

National CapabilitiesIn Direct Support of LocalEvent in Real-time

Existing TechnologyNO new BoxesNO New SoftwareNO Modifications to ArchitecturesPortal Based Concept that uses “familiar” everyday type applications

SDPDDOC

SubjectMatterExperts

Facilitates Existing Procedures

Event

Info

rmati

onReal time access to online

Vulnerability assessment Products and planning tools

FAA

ImplementationCIAP Functionality…Monitoring Events

SD SheriffDOC

SDCounty

EOC

MACCIAC

IAIANetNet

IAIANetNet

Local CollaborationCoordinate Event Related Operations

Ensure Readiness Posture

SDPDDOC

•Information from the event site Disseminated using Incident Management Application allowing all sites to view significant Incident Reports•Access to Planning Documents using Shared Document Library allows collaborative action planning•Information Requests Managed using Request For Information (RFI) Application•Collaboration Tools allow real-time interaction•GIS Tracking Tools

Coordination at Event Site

ActCit

ImplementationCIAP Functionality…Monitoring Events

SD SheriffDOC

MilitaryCOCs

SDCounty

EOC

MAC

LA TEW

CATIC

OHS

FBISIOC

FEMA

CIAC

IAIANetNet

IAIANetNet

Link to vast Federal, State and RegionalInformation Resource Support SDPD

DOC

SubjectMatterExperts

•Information from the event site Disseminated using Incident Management Application allowing all sites to view significant Incident Reports•Access to Planning Documents using Shared Document Library allows collaborative action planning•Information Requests Managed using Request For Information (RFI) Application•Collaboration Tools allow real-time interaction

ImplementationCIAP Functionality…Alert and Notification

SDCounty

EOC

MACCIAC

IAIANetNet

IAIANetNet

SDPDDOC

•Broadcast Alerts and activate EOC/DOC using Alert and Notification Application•Shared Document Library

•Resource Lists•Planning Docs•Imagery•Mapping Graphics

•GIS Plume Modeling•Situation Templates for Action Planning

Coordination at Event Site

CellPhone

PDA

Pager

EmailSD SheriffDOC

Voice and Text

ActCit

Next Steps

Law Enforcement Working Group Endorsement and sponsorshipFederal, State and Local Agency participant endorsements Implement Active Citizen CoordinationImplement CIAP operational componentsImplement CIAP architecturePilot program in support of Super BowlDevelop Transition Concept