3.3 Leveraging technology for security at the national level

 < Day Day Up > 

The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets government planners concluded that at the national level there was a general lack of focus on long-term research, development, testing, and engineering for critical-infrastructure and key asset protection. The goal was to establish a process to coordinate, with broad sector input, the creation and adoption of national research priorities and support to cross-sector research and development activities. DHS was then charged with the efforts to:

  • Coordinate public- and private-sector security research and development activities.

  • Coordinate interoperability standards to ensure compatibility of communications systems.

  • Explore methods to authenticate and verify personnel identity.

  • Improve technical surveillance, monitoring, and detection capabilities.

Government planners also concluded that modeling, simulation, and analysis can also facilitate protection planning and decision support by enabling the mapping of complex interrelationships among the elements that make up the risk environment. The information derived from these exercises and experiments could be helpful in drawing attention to likely cascading consequences that otherwise might have gone unconsidered. It was also recognized that enhancing national modeling, simulation, and analysis capabilities will require a unified effort across the public and private sectors. Thus, DHS has been charged with:

  • Integrating modeling, simulation, and analysis into national infrastructure and asset-protection planning and decision-support activities

  • Developing economic models of near- and long-term effects of terrorist attacks

  • Conducting integrated risk modeling of cyber- and physical threats, vulnerabilities, and consequences

  • Developing models to improve information integration

The Technology Administration's National Institute of Standards and Technology (NIST) has provided measurements, standards, and technical advice for many years to help federal, state, and local agencies and the private sector improve security against terrorist, military, natural-disaster, and other types of threats. Since the September 11, 2001, terrorist attacks, NIST has had approximately 120 ongoing and newly initiated research and standards development projects to address homeland security issues, including the following.

3.3.1 Investigation of the World Trade Center collapse

NIST launched a $16 million, 24-month federal building and fire safety investigation to study the structural failure and subsequent progressive collapse of the WTC. The study of the WTC Twin Towers and Building 7 of the complex focuses on the building construction, the materials used, and all of the technical conditions that contributed to the outcome of the WTC disaster. The objectives of the NIST investigation are to determine technically the following:

  • Why and how WTC Buildings 1, 2, and 7 collapsed following the initial impact of the aircraft

  • Why the injuries and fatalities were so low or high depending on location (by studying all technical aspects of fire protection, occupant behavior, evacuation, and emergency response)

  • What procedures and practices were used in the design, construction, operation, and maintenance of the WTC buildings

  • Which building and fire codes, standards, and practices warrant revision and are still in use

Scientists and engineers used a NIST-developed computational model to recreate aspects of the fires that occurred following the terrorist attack on the WTC. The model, Fire Dynamic Simulator, and a software package called SmokeView have been used previously to aid in the recreation of building fires that resulted in firefighter fatalities. Preliminary calculations have demonstrated the model's ability to shed light on the impact of building geometry, fuel distribution, and wind conditions on the smoke and fire flows within and outside the Twin Trade towers. Such information may be helpful to firefighters in predicting the likely behavior of future large-scale fires in high-rise buildings.

3.3.2 Anthrax airflow study

Following the release of anthrax spores in the Hart Senate Office Building in Washington, DC, in October 2001, NIST engineers provided help in understanding how spores may have spread through the buildings. NIST experts in ventilation systems and air quality used a sophisticated NIST developed computer model to understand different ways in which airflow may have transported spores. The results of the modeling were used in developing decontamination strategies.

3.3.3 Cybersecurity standards and technologies

NIST develops cryptographic standards and methods for protecting the integrity, confidentiality, and authenticity of information resources. NIST's first encryption standard has been used widely in the public and private sectors since 1977. In December 2001, NIST and the Department of Commerce announced the newest and strongest-yet encryption standard for the protection of sensitive nonclassified electronic information. Although the Advanced Encryption Standard (AES) was developed for the government, the private sector is using it to safeguard financial transactions and ensure the privacy of digital information-from medical records and tax information to PIN numbers-for millions of Americans. Individual consumers, financial brokers, and large corporations rely on NIST encryption standards for safe and secure electronic transactions, whether they are worth just a few cents or several billion dollars.

NIST also works with government and industry to establish more secure systems and networks by developing, managing, and promoting security assessment tools, techniques, and services and supporting programs for testing, evaluation, and validation. For example, NIST helps companies incorporate NIST encryption algorithms into commercial products by testing and validating their correct implementation.

NIST, in co-sponsorship with the Small Business Administration (SBA) and the National Infrastructure Protection Center, and using NIST publications as core materials, holds regional workshops to advise small businesses and not-for-profit organizations on practical tools and techniques that can help them assess, enhance, and maintain the security of their systems.

3.3.4 Cybersecurity of electric power and industrial control systems

NIST is working with companies and industry organizations to identify the types of vulnerabilities that exist and develop security requirements for the real-time systems that control the power grid and critical industrial production processes. A Process Control Security Requirements Forum has been established to identify and assess threats and risks to process control information and functions, make and promote the adoption of security requirements recommendations, and promote security awareness and integration of security considerations in the life cycle of electric power and industrial process control systems.

NIST also is working with the Institute of Electrical and Electronics Engineers (IEEE), the International Electrotechnical Commission, and the Instrumentation, Systems, and Automation Society to incorporate security requirements into the standards relevant to electric power and industrial control systems.

3.3.5 Ensuring proper doses for irradiation of mail

NIST is a member of a White House task force led by the Office of Science and Technology Policy to ensure that mail intended for Congress and other federal government offices is properly irradiated to kill anthrax bacteria. Very shortly after the first discovery of anthrax in mail to Senator Tom Daschle, the U.S. Postal Service identified commercial facilities in Lima, Ohio, and Bridgeport, New Jersey, that could successfully irradiate mail to help ensure its safety.

These facilities use high-energy electron sources to sterilize a wide range of items, more typically medical instruments and supplies. Such radiation destroys biological agents without affecting most other materials, so the mail is made safe without damage. NIST physicists certified for the task force that these facilities could sterilize mail against anthrax effectively.

NIST collaborated with the U.S. Postal Service and the Armed Forces Radiobiology Research Institute (AFRRI) to determine what dose of radiation produced at the two facilities would be adequate to kill anthrax and yet not damage most mail items. NIST has a long history of involvement in providing calibrations, standards, and measurement methods to ensure accurate radiation doses for x-ray machines, mammography, radiopharmaceuticals, and other products.

The high radiation doses required to kill the anthrax caused some deterioration of the paper in the mail, with the subsequent release of volatile organic compounds (VOCs) that can be irritating to mail-room personnel. NIST is working with AFRRI, the U.S. Postal Service, the National Archives, and the Library of Congress to minimize the release of the VOCs and to understand quantitatively the VOC chemistry and the damage to the paper in the mail.

The electron irradiation process has limited penetrating power and, thus, cannot be used to sanitize parcels that have larger volumes and contain dense objects. For parcel package decontamination, the team from NIST, AFRRI, and the U.S. Postal Service turned to high-energy x-ray irradiation, which is much more penetrating but requires a longer irradiation time to deliver the needed dose. Using procedures analogous to those used in the certification of electron beam irradiation, the White House task force validated the decontamination of parcel packages using high-energy x-rays.

3.3.6 Weapons-detection technologies and standards

With funding from the National Institute of Justice (NIJ), NIST researchers have completed work on new performance standards and operational requirements for both walk-through and hand-held metal detectors. Several additional federal agencies-including the Transportation Security Administration and the Federal Bureau of Prisons-and dozens of state and local law-enforcement and corrections agencies contributed ideas to the project.

The researchers created a sophisticated measurement system that uses specialized computer software to evaluate detector effectiveness. Test objects also were developed to duplicate the response of various threat items, such as razor blades, handguns, and handcuff keys.

Another NIST research group has received funding from the NIJ and the Federal Aviation Administration (FAA) to investigate a new technology for weapons detection based on low-energy, millimeter-size electromagnetic waves. The technology, which currently is under development, involves a radar-like apparatus that could illuminate a group of people or individuals. Clothing is transparent to the waves, but objects concealed beneath the clothing are not. Waves striking guns, knives, and plastic explosives would be reflected back and directed through a set of optics, which focuses the radiation onto an array of tiny antennas mounted on a silicon wafer. The antennas are so small that 120 can fit onto a single wafer. An electronics package would convert the concentrated electromagnetic radiation into images, and these would be projected onto a laptop computer screen.

Millimeter-size waves are expected to locate concealed weapons consistently, without simultaneously creating detailed images of the body. NIST is working to understand fully the performance issues for such detectors to be able to assist the FAA and the NIJ in judging the sensitivity and reliability of commercial products.

3.3.7 Detection of chemical, biological, radiological, and other threats

As the primary reference laboratory for the United States, NIST develops standards, protocols, and new test methods to ensure that chemical and biological compounds can be measured accurately. This includes extensive, ongoing programs for the detection of chemical, biological, radiological, nuclear, and explosive threats.

NIST researchers work continually to improve methods and data for ultrasensitive detection of chemicals, including chemical warfare agents. This research involves both widely used techniques, such as mass spectrometry and chromatography, as well as smaller, portable devices designed to detect more specific biological or chemical agents.

For example, a NIST database developed with the Environmental Protection Agency and the National Institutes of Health is included with most mass spectrometers sold by major manufacturers today.

This database provides the mass spectral information-a kind of chemicalfingerprint-needed to identify definitively more than 140,000 different-compounds. This database is essential for rapidly identifying specific chemical threats in real time-at airport security checkpoints, for example. NIST also is developing mass spectral libraries for use in the identification of bacteria and other complex protein mixtures that may be used in a biological attack.

Military personnel wear gas masks for protection against chemical and biological assault. With funding from the U.S. Army, NIST is verifying the accuracy of test equipment used to determine if a soldier's gas mask is protecting properly. A gas mask that does not fit well may leak around the edges, there may be small holes in the mask, or the filter may be malfunctioning.

To test for such problems, the army uses a commercial calibration system that compares the concentration of airborne particulate matter inside the soldier's mask while it is being worn with the ambient concentration of particulates outside the mask. Ordinary small particulates in the air serve as a stand-in for chemical or biological agents such as mustard gas or anthrax because their flow behavior is very similar. NIST scientists are working to ensure accurate calibration of test equipment by developing a mechanism to deliver a well-characterized aerosol source, as well as accurate and reproducible measurement capabilities.

Two complementary analytical approaches have been developed by NIST; the first uses electron microscopy and imaging processing to count particles, whereas the second is much faster and uses the measurement of electrical current flow of deliberately charged particles to calculate the particle concentration. Both methods are in the final stages of intercomparison and validation and will result in improved and more reliable calibration of military gas masks.

Other NIST projects are aimed at creating new, portable measurement devices that can detect agents such as sulfur-mustard gas compounds, sarin and other nerve agents, and explosive compounds. For example, gas microsensors based on NIST-patented research show exceptional promise as a low-cost, widely deployable technology for detecting a range of chemical agents that could be used in terrorist attacks. Therefore, NIST is working with the Defense Threat Reduction Agency on the creation of microsensor arrays that use selective thin films and miniheaters embedded in integrated circuits to identify chemical agents at trace levels. The NIST-developed microsensor arrays have been used successfully to detect simulated mustard and nerve agents and, more recently, the chemical agents themselves.

NIST also has initiated work with the Food and Drug Administration on the development of fluorescent standards for microarray-based clinical diagnostics to detect pathogenic microorganisms in the environment. A NIST collaboration with Virginia Polytechnic Institute and State University has been developing a cell-based microfluidic sensor for the detection of environmental toxins in water streams. And a NIST collaboration with the FAA is aimed at checking the performance of systems that sense whether an airline passenger is carrying explosives by identifying minute quantities of particles and vapors as the person walks through a portal device. NIST is using its expertise in a specialized form of mass spectrometry to identify, count, and size explosive particles collected by such detection systems.

NIST is working with other federal agencies to improve the quality and comparability of measurements for both chemical and biological agents. For example, NIST is working with the Department of Defense (DOD) on the use of specialized mass spectrometric techniques for the identification of bacteria and other microorganisms. NIST is focusing on the standardization of methods for sample preparation and data interpretation of results. NIST also has initiated a collaboration to assist the Centers for Disease Control and Prevention in support of their Counter-Terrorism Laboratory Network, which includes laboratories in five states, with plans to expand the number of states participating in the coming years. Additional NIST projects involve improving methods to:

  • Use laser-based techniques to enhance detection of chemical agents.

  • Use proteins to detect low levels of specific biological pathogens.

  • Rapidly sequence DNA for quick identification and for tracing the sources of pathogens.

  • Monitor medical markers in routine urine tests as an early warning. system that a population has been exposed to biological pathogens.

3.3.8 Tools for law enforcement

For most of its 100-year history, NIST has worked closely with law enforcement, corrections, and criminal justice agencies to help improve the technologies available for solving and detecting crimes and for protecting law enforcement officers. Starting in 1913, a NIST scientist named Wilmer Souder pioneered the use of scientific techniques for forensic investigations and helped the Federal Bureau of Investigation (FBI) establish its crime laboratory in 1932. Since the early 1970s, NIST has issued more than a dozen law-enforcement standards that help law-enforcement agencies ensure that the equipment they purchase and the technologies they use are safe, dependable, and effective.

3.3.9 Standards for biometrics

NIST has provided biometric test data and standard measurement methods for fingerprints and, more recently, face recognition. This work is being extended to include the specific biometric systems and scenarios required for visa systems under the USA Patriot Act, as amended by the Enhanced Border Security and Visa Reform Act. NIST has statutory responsibilities to develop and certify a technology standard that can be used to verify the identity of persons applying for a U.S. visa or using a visa to enter the country. The DOJ and DOS also expect NIST to certify the accuracy of specific government and commercial systems being considered for use in this visa system.

This program will produce standard measurements of accuracy for biometric systems, standard XML-based scoring software, and accuracy measurements for specific biometrics required for the system scenarios mandated under the Border Security Act. This work will have wide impact beyond the mandated systems; standard test methods are likely to be accepted as international standards, and discussions are under way concerning the use of these same standards for airport security.

In conjunction with the FBI, NIST has developed several databases, including one consisting of 258 latent fingerprints and their matching rolled file prints. This database can be used by researchers and commercial developers to create and test new fingerprint identification algorithms, test commercial and research systems that conform to the NIST/American National Standards Institute (ANSI) standard, and assist in training latent fingerprint examiners. The increasing use of specialized 'live' fingerprint scanners will help ensure that a high-quality fingerprint can be captured quickly and added to the FBI's current files. Use of these scanners also should speed up the matching of fingerprints against the FBI database of more than 40 million prints.

The Biometric Consortium serves as the federal government's focal point for research, development, test, evaluation, and application of biometricbased personal identification and verification technology. The consortium now has more than 800 members, including 60 government agencies. NIST and the National Security Agency (NSA) cochair the consortium. NIST has collaborated with the consortium, the biometric industry, and other biometric organizations to create a common biometric exchange file format. The format already is part of government requirements for data interchange and is being adopted by the biometric industry. The specification is a candidate for fast-track approval as an ANSI standard and as an international standard for exchange of many types of biometric data files, including data on fingerprints, faces, palm prints, retinas, and iris and voice patterns.

3.3.10 Standards for forensic DNA typing

NIST has developed a series of standard reference materials (SRMs) that can be used by forensic and commercial laboratories to check the accuracy of their analyses. The NIST SRMs include samples of human DNA that have been carefully analyzed according to a standard FBI matching method. By extracting the DNA provided in the NIST SRM and analyzing it with their own laboratory equipment and test methods, forensic and commercial laboratories can verify that their methods are accurate.

NIST experts in DNA analysis met with scientists from the Armed Forces Institute of Pathology (AFIP) in October 2001 to discuss details of a specialized DNA analysis technique that AFIP is using to identify remains of victims at the Pentagon and Pennsylvania crash sites. NIJ officials also contacted NIST scientists for consultation on DNA analysis of human remains from the WTC. A NIST forensic scientist also serves on the NIJ convened World Trade Center Kinship and Data Analysis Panel, which is composed of 25 experts from the forensic DNA community.

It was clear from the outset that the large number of victims and degraded condition of tissue samples from the attack pose particular problems for forensic DNA typing, so NIST developed a new technique using smaller portions of DNA at specific chromosome sites. The new technique improves DNA typing assays for degraded DNA and is now being compared with the methods currently used by a commercial DNA testing laboratory for the analysis of 13,000 bone fragments from the WTC site. NIST also is verifying two new commercial methods that have been developed to analyze degraded DNA samples.

The massive effort to identify victims from the WTC-the world's largest-human identification case ever-includes a program devoted to analyzing mitochondrial DNA (mtDNA), a small circular strand of genetic material located within the cell's mitochondria that converts nutrients into energy. Each human cell can have hundreds to several thousand molecules of mtDNA, compared with only one copy (two intertwined strands) of genomic DNA in the cell nucleus. A NIST SRM is being used for quality control in the mtDNA studies.

3.3.11 Enhanced surveillance cameras

The proper rendering of shadow and dark detail by cameras is important in many security applications, such as surveillance within airplane cabins or terminals. Cameras, however, do not work nearly as well as the human eye, which is much better at distinguishing subtle differences between varying shadows and dark details. This is particularly true when bright areas dominate the scene under view. In this situation, conventional cameras suffer from substantial amounts of glare that make it difficult to see details in shadowed areas. By mimicking the eye and surrounding the camera with liquid instead of air, NIST researchers (with interagency Technology Support Working Group funding) hope to improve the performance of surveillance cameras substantially. This, in turn, may improve the reliability of other technologies, such as face recognition within airports.

3.3.12 Forensic tools for investigating computer or magnetic data evidence

While computer forensics experts know these tricks, they frequently face the daunting task of searching up to 100,000 files on a single desktop computer for evidence. NIST computer scientists are helping to speed up this process dramatically with a new tool, the National Software Reference Library. Working with software manufacturers and others who provided copies of their programs, NIST collected signature formats for more than 6 million different computer files. These signatures are checked against the actual contents of the file rather than other identifiers such as the file name or header. The library allows law-enforcement agencies to eliminate 25 percent to 95 percent of the total files in a computer, concentrating only on those that really might contain evidence.

There is also a critical need in the law-enforcement community to ensure the reliability of computer forensic tools, so that they consistently produce accurate and objective test results. NIST's Computer Forensic Tool Testing (CFTT) project aims to establish a methodology for testing these software tools through the development of tool requirements specifications, test procedures, test criteria, test sets, and test hardware. The results provide the information necessary for toolmakers to improve tools, for users to make informed choices about acquiring and using computer forensics tools, and for interested parties to understand the tools' capabilities. The approach is based on well-recognized international methodologies for conformance testing and quality testing.

Several federal agencies support the effort, including the NIJ, the U.S. Secret Service, the FBI, the U.S. Customs Service, and the Defense Computer Forensics Laboratory.

In another project, NIST researchers collaborated with the National Telecommunications and Information Administration on a new technique for retrieving data from damaged or altered magnetic tapes and computer disks. The method uses high-resolution magnetic sensors to map microscopic magnetic fields on a sample. The map then is used to rebuild the original magnetic signal. The researchers demonstrated the technique by recovering audio data from a tape fragment provided by the National Transportation Safety Board that was too damaged to be played in a conventional tape deck. For the FBI, they used the technique to reveal magnetic marks produced by the erase and record heads during the recording process. Such evidence could be critical for proving that an original tape or disk had been altered.

3.3.13 Crimes involving pipe bombs or handguns

NIST chemists, in conjunction with the NIJ, have come up with a reliable way to associate the composition of unfired gunpowder or ammunition with residues collected at handgun or pipe bomb crime scenes. To develop the method, the NIST researchers collected gunpowder residues from handguns fired at a test range and analyzed them for nitroglycerin and stabilizer additive content. This enabled the determination of a numerical identification ratio, which often can link the residues to unfired powders. In another project, NIST asked 15 forensic laboratories to analyze test samples of two commercial gun powders. This voluntary interlaboratory comparison demonstrated the labs' proficiency in gunpowder measurements, thereby making forensic gunpowder analysis more defensible in criminal prosecutions. As a follow-up to this work, NIST now is preparing a smokeless powder reference material, which forensic laboratories will be able to use in checking the accuracy of their bomb and gunpowder residue analyses.

3.3.14 Standardization of communications for first responders

Federal, state, and local police, fire, and rescue personnel are assigned to use widely separated radio frequencies. They also use different types of computer hardware and software systems with access to different law-enforcement databases. At a large disaster site, such as the WTC, responders from different agencies may not be able to use their radios to talk to each other. At other times, a police officer may let a traffic offender go with a ticket, unaware that the offender was wanted on serious charges in another jurisdiction.

NIST, again with funding from the NIJ, is working with the public safety community to standardize techniques for wireless telecommunications and IT applications. NIST also is working with standards development organizations to have first responder requirements included within the scope of standardization efforts. For example, NIST is coordinating first responders' standards needs with the IEEE committee that is developing standard message sets for transferring information among public-safety, transportation, and hazardous material-incident command centers. In addition to standardization, NIST is helping other agencies select promising interim solutions and is analyzing long-term solutions, such as a software-defined radio, for research and development investment.

NIST also is working on the development, deployment, and standardization of Web-based technologies for integrating sensors, real-time video, smart tags, and embedded microprocessor devices to provide next-generation personnel support for remote monitoring, control, and communications in the field. This technology can enable rapid access to real-time sensor and video information and allow sharing and collaborative use of IT applications. Wearable computers and small, embedded devices integrated with the latest technology for remote sensing, real-time conferencing, and other data-intensive applications could provide an immediate feedback channel for law-enforcement agents and emergency responders. NIST is working to demonstrate how these technologies can be extended and rapidly deployed to create easily configurable networks.

3.3.15 Simulation tools

When properly used, simulation tools can enhance planning and training and help personnel evaluate different response options during and after catastrophic events. Complex scenarios cannot be modeled very accurately, however, because no single simulation tool can represent all aspects of an emergency situation. Individual simulation packages and databases can address individual phenomena and behaviors, but they cannot be integrated together easily to provide an overall picture of events.

To address this need, NIST is helping to establish a framework to allow a broad range of simulation systems to share information, including models and results. NIST is working with the response community, industry, and academia to identify information sources, simulation systems, and data requirements; develop an emergency response simulation framework and standard interfaces; and develop and demonstrate distributed simulations using commercial software and the new framework. The ability to integrate information from different simulations will be a valuable tool for responders and allow agencies to develop and coordinate emergency response simulations and scenarios independently.

3.3.16 Search-and-rescue robots

A NIST project aimed initially at protecting emergency personnel by minimizing the amount of time rescuers spend searching earthquake-damaged buildings has helped provide a new tool for rescue workers at the WTC. Search-and-rescue robots had never before been used at a disaster site, and they demonstrated promise in being able to penetrate areas too small and too hazardous for people to access. Teams of robots-led by the independent Center for Robot-Assisted Search and Rescue-were able to locate full and partial remains of several victims at the WTC site. Just a month before, several of the robots had run through a NIST-designed test course at the International Joint Conference on Artificial Intelligence.

To provide an objective evaluation of the performance of autonomous, intelligent, mobile robots for search-and-rescue operations, NIST engineers designed and built a standard test arena for robots, complete with overturned furniture, collapsed floors, broken pipes, and mannequin victims. The arena has different levels of difficulty to help assess different types of robotic ability. Because the robots, built by universities and industry, compete quite literally on the same playing field, their performance can be measured objectively. Since one of NIST's goals is to foster cooperation among robotics researchers around the world, NIST supplies its test arenas to two international robotics conferences, which include competitions to see how well search-and-rescue robots perform on the NIST arena. Winners of the annual Robo Cup Rescue and the American Association for Artificial Intelligence Rescue Robot competitions share their techniques so all participants can build better robots.

 < Day Day Up > 

Implementing Homeland Security for Enterprise IT
Implementing Homeland Security for Enterprise IT
ISBN: 1555583121
EAN: 2147483647
Year: 2003
Pages: 248

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net