In search of safe harbor

Securing the nation’s ports represents one of the most complicated undertakings in homeland security because of the high volume of traffic and large number of parties involved. Timely, accurate data sharing is at the heart of the challenge. At the federal level, port security falls under the government’s maritime domain awareness (MDA) initiative. That effort seeks to create a common operating picture that federal, state and local agencies with maritime security responsibilities can share. The Defense and Homeland Security departments spearhead the interagency MDA effort, which also involves the Transportation Department.Locally, ports have their own security priorities. The job at this level also calls for the cooperation of multiple parties, including port employees, terminal operators, shipping companies and truckers. Most ports are near urban areas, so adjacent police, fire and emergency services agencies also come into play. Data sharing permeates MDA at all levels. Relevant data must be collected from varied sources, put together in a meaningful way and made available to the appropriate parties. To make all that happen, it is necessary to identify key stakeholders and data sources, put cooperative agreements into place, and assemble the technical means for culling and distributing data. “This is very complex,” said Zachary Tumin, executive director of the Leadership for a Networked World Program at Harvard University’s John F. Kennedy School of Government. “There are very different missions and very different organizations involved here. They all see part of the picture, but none of them see all of the picture.” Anthony Cresswell, interim director of the Center for Technology in Government, said efforts such as MDA extend beyond technical considerations.“It’s not just about getting databases to communicate or establishing data standards,” he said. “That is important, but all the bits and pieces of the technology are embedded in a very complicated policy framework and business process.”Federal agencies and local port authorities are making progress in maritime security, but many challenges remain, including obtaining the cooperation of stakeholders, managing cross-boundary efforts and building incident response capabilities. Maritime security got increased attention after the 2001 terrorist attacks, but still greater emphasis came in 2004 with National Security Presidential Directive 41 and Homeland Security Presidential Directive 13. Those directives set policy guidelines for securing the seaboard and gave rise to the National Strategy for Maritime Security.The National Plan to Achieve Maritime Domain Awareness is one of eight plans that fall under the national strategy. The MDA plan describes a series of information-sharing priorities including creation of a virtual information grid extending across federal, state, local and international agencies. The MDA plan was published in 2005. That same year, a community of interest (COI) began to form around the issue of sharing maritime security data. The MDA community first focused on automatic identification system (AIS) data. AIS lets ships communicate identity and location information, but such data exists in multiple locations, impeding a unified view. The Coast Guard, Navy and DOT all have AIS information. “Each has some data on their world,” said Tumin, who wrote a 2007 MDA case study. “How do they bring together [data] to provide a shared set of facts about the world and a shared set of facts about the domain?”Tumin’s paper identified a number of data silos, including the Navy’s Automatic Identification System Rapid Deployment Capability Shipboard program, the Coast Guard’s emerging National Automatic Identificati on System, and Maritime Safety and Security Information System for U.S. Naval Forces Europe, run by DOT’s Volpe Center. Technology is not the core issue in encouraging various parties to share, said Bruce Brown, special assistant to DOD’s deputy chief information officer. “Ninety percent of the problem is cultural,” he said. To bridge the cultural and data divide, the parties embraced the COI methodology. In the DOD context, a COI pursues a particular data-sharing problem and focuses on producing results quickly.“Let’s start small and move quickly and get some quick wins,” Tumin said, describing the COI approach. “That’s very effective in cross-boundary environments.”The MDA COI got under way with the Navy and Coast Guard providing executive sponsorship. The focus then shifted to technology. The group chose service-oriented architecture as the technical underpinning for sharing AIS data. The goal was to share an infrastructure and Web services rather than linking data sources through one-off, point-to-point integrations. A company called Solers is using the Defense Information Systems Agency’s Net-Centric Enterprise Services, said Trey Rhiddlehoover, the company’s director of Global Information Grid solutions. The Arlington, Va.-based company has a contract with the Navy’s Space and Naval Warfare Systems Center.DISA’s Net-Centric Enterprise Services aims to provide a SOA-based mechanism for data sharing. The ability to publish data through a shared infrastructure helped the MDA COI keep costs in check and accelerate results. “We’re doing it rapidly and economically,” Brown said, adding that the effort cost less than $1 million. The AIS task, known as Spiral 1 in MDA COI circles, was completed in 2006. Spiral 2, completed earlier this year, launched value-added services that took advantage of the data made available through Spiral 1. One such service — data augmentation — was created to add more information to the AIS data. That information doesn’t necessarily include a ship’s call sign, for instance, but the augmentation system is designed to tap authoritative sources for that kind of information, Rhiddlehoover said.Tumin said SOA and COI approaches worked well together. “This was a perfect storm of a methodology to rapidly develop innovation…and a technology that was supportive of it,” he said. As federal efforts advance, individual ports are also taking on security and data-sharing issues.“Since 9/11, ports have really made tremendous progress in improving their security posture,” said Ted Langhoff, director of the port and cargo security practice at Unisys Federal Systems.He said prevention and detection measures have been the primary port security pursuit during the past five years. Those measures cover everything from fences to radar and other more sophisticated systems. But now, ports are beginning to tackle incident response and recovery, Langhoff said. Response and recovery efforts require cross-organizational collaboration and data dissemination. Ports generally operate in large population centers, Langhoff said, “so if a major event happens in a port, it’s going to have an impact on the surrounding community and critical infrastructure. The focus [is] on really thinking through what kind of event could occur and how best to respond to it.” Langhoff also cited emergency notification systems as a technology of interest to ports seeking to beef up incident response. When an event occurs, such systems can help get information to the individuals affected. But he said deployment in port settings can prove challenging because of the large number of stakeholders. Langhoff cited as examples truc rivers and terminal operators who work in the port community but aren’t port employees. Port officials must find a way to enroll all the relevant parties in a system.Erin Phelps, director of the enterprise security solutions practice at Ciber, said ports are interested in more system integration and response capabilities. Ciber provided an interoperable communication system for Port Freeport, Texas, as part of the integrator’s Harbor Management and Security System. The system lets the port coordinate with local police, fire departments and other first responders, Phelps said. Another element of emergency response is a so-called blue-force tracking system that let ports keep tabs on the location of security and emergency response units.In February, Los Angeles Mayor Antonio Villaraigosa announced that the city’s port would receive $3.4 million in state homeland security grants to build an electronic blue-force tracking system. According to the city, it will let command and dispatch centers see where police cars, boats and other equipment are located at all times. Global Positioning System units in a vehicle-mounted or handheld radio are usually used to report blue-force locations. Langhoff cited the potential to combine blue-force tracking data with Coast Guard AIS information. That fusion would enable a port to display the location of police and emergency units in addition to vessels in the port’s vicinity. He said the combination of blue-force and AIS data “is more than theoretical, but to our knowledge no one is actually doing this.” As ports work with immediately adjoining jurisdictions, they also look to collaborate and share data on a regional level. DHS is funding and encouraging regional solutions for information sharing, Phelps said. “More and more regional consortiums are being established.” She cited as an example the Port of New Orleans and four others that have banded together with various agencies in and around those ports. The Lower Mississippi River Port Wide Strategic Security Council was launched in 2006 to undertake joint security projects. In addition, the Virginia Port Authority wants to establish a regional consortium in the Norfolk area, Phelps said.Another dimension of expanded data sharing involves cooperation between public- and private-sector entities. Candice Wright, in a 2007 thesis she prepared at the Naval Postgraduate School, identified the public/private linkage as lacking in port security. “One evident gap in the port collaborative fabric is the incorporation of private stakeholders as a partner in securing the homeland and critical infrastructure, particularly in the areas of prevention, response and recovery,” she wrote.Finally, maritime data sharing across all tiers of government remains a future prospect. Rhiddlehoover said MDA COI “is doing a good job of horizontal access” across federal agencies but hasn’t yet focused on including state agencies and port authorities. “We want to work on that,” he said.