TSA piggybacks on Coast Guard emergency alert systems
When the Homeland Security Department’s Transportation Security Administration wanted to upgrade its emergency alert system two years ago, it went to the U.S. Coast Guard for advice about the system it had recently implemented.
“Being a sister agency, we opened up the facility and showed them what we do,” said Lt. Cmdr. Ted Kim, operations systems manager at USCG headquarters in Washington.
Launched in 2009, USCG’s Alert and Warning System 2.0 is housed in the agency’s West Virginia data center and uses the Common Alerting Protocol, an XML-based data format for public warning that supports multiple communications channels including voice, text and fax. More than 100 Coast Guard facilities use it to send alerts to 50,000 port and industry officials as well as Coast Guard personnel.
Emergency alert system expands to mobile phones
Souped-up alert system spreads the word for Coast Guard
TSA returned to USCG in March 2011 and announced that it had evaluated the available commercial systems and had decided it wanted instead to join the Coast Guard’s system.
“It was a bit of a surprise,” Kim said. USCG had been offering advice, not services. But the agencies came to an agreement in which TSA would become a tenant with its own virtual environment in the AWS.
A TSA network connection was established to the data center, and DHS’s two largest agencies became partners.
“The advantage to TSA is that they don’t have to set up their own system,” Kim said. “We are adding more hardware, but we are not doubling the infrastructure. When you share the infrastructure, both agencies win.”
The AWS 2.0 is built on IWSAlerts software from the mass notification vendor AtHoc Inc. “From the data center perspective, they needed more software licenses and the ability to support the software,” said AtHoc CEO Guy Miasnik. “It was more cost-efficient for TSA to integrate with the same system that the Coast Guard had.”
Sea and airport coverage
Today that infrastructure serves about 100,000 government and industry partner personnel at about 150 ports, airports and agency facilities on two segregated virtual networks. In the first phase of the virtual program, which began in May 2011, only TSA personnel are included in the database that provides the directory for TSA alerts.
In the second phase, which is expected to begin in April, additional partners in the aviation community will be added to the TSA database, and the Coast Guard would like to strengthen the authentication for system access.
USCG’s Alert and Warning System is a third-generation system used to fulfill the agency’s mandate to provide timely information to its partners in the nation’s sea ports and in the maritime industry, and to receive feedback from them.
The first generation had used radio broadcast and local phone trees to notify Coast Guard and private-sector personnel. This was replaced with the first AWS, which was integrated into its USCG’s Homeport Internet portal. This system enabled distribution of local or nationwide alerts about weather conditions, natural disasters, security threats or operational activities via e-mail and telephone messages, as well as text messages to wireless devices.
AWS was effective and was able to leverage the centralized Web resources at the USCG’s data center so that no additional software and hardware was required for local commands or ports. But limitations in the system appeared as needs expanded. The channels for distributing messages were not keeping up with the rapidly expanding technology, and there was no capability for automating responses from recipients. AWS only tracked messages that were sent and noted when they were received.
To scale up the reach, functionality and performance of the system, AWS 2.0 adopted the standards-based IWSAlerts. The CAP standard allows dissemination of data that can include images, audio and video over multiple channels and systems. It allowed the Coast Guard to continue leveraging the Web interface for alerts but provided better performance and almost unlimited scalability.
“The infrastructure really has not changed” with the addition of a new tenant, Kim said. “We set up a virtual system for TSA.”
How it works
Local commanders at each of the 16 Coast Guard districts set up their own distribution lists and have the ability to create messages that can be sent out to specific lists. The system is used for major events, such as issuing tsunami warnings in the wake of the March 2011 Japanese earthquake, as well as routine information such as day-to-day requirements for personnel at different stations.
There were some challenges to bringing TSA on board, Kim said. First of all, “we are not a vendor; we don’t sell stuff.” The agencies had to develop a memorandum of agreement spelling out requirements and service-level agreements. The systems also had to be segregated. “The Coast Guard can’t know what’s on TSA’s system, and TSA can’t see the Coast Guard system.”
That was a challenge because the Coast Guard was using its Common Access Card for authenticating users through its Homeport portal and TSA had neither a Web portal nor the CAC. TSA is in the process of implementing the civilian Personal Identity Verification card for logical access to IT systems, but until that ability is in place the Coast Guard hosts had to settle for a simpler, less secure means of authentication.
“We ended up using usernames and passwords,” Kim said. “That was a security violation for us,” but he said he hopes that strong, two-factor authentication can be used in Phase 2 of the TSA system with the PIV card.
The lack of a ready-made directory of aviation community partners for the alert system has been the biggest hurdle to adding TSA. A database of users that could be used for distribution lists was built, with USCG providing the technical expertise and TSA providing the data, starting with TSA personnel only. “All we needed is an e-mail or a cell number,” Kim said. “It was not a difficult job.”
In the second phase of operations, TSA hopes to be able to add aviation industry personnel to the directory of its system, but it will have to gather that data and create rules for vetting entries and for use of the system. “That was a little more than we bargained for,” Kim said of setting up that directory.
In the end, the system works for both agencies and is cost-efficient. “The bottom line in this budgetary environment is that these two agencies have created an optimized approach with reduced costs without sacrificing value,” Miasnik said.