Where the data meets the road
- By Patience Wait
- Aug 25, 2005
ON PATROL: A bomb-detecting dog walks past a Washington Metropolitan Area Transit Authority bus.
'The federal government'even DHS'isn't everywhere. State, local and tribal governments, by contrast, are.' 'former Rep. Christopher Cox
On the evening of Aug. 7, a Baltimore County, Md., police officer made a traffic stop on Reistertown Road. When the driver couldn't produce a license, the officer asked the driver and his two passengers for some identification.
One of the passengers, a Pakistani man, was arrested when his name showed up on the officer's computer screen as having been indicted in New York on charges of trafficking in fraudulent immigration documents.
But the man's name also showed up on one of the government's terrorist watch lists, according to Sgt. Vickie Warehime of the Baltimore County Police Department.
How the FBI has categorized someone's name determines how the police respond, Warehime said. Once the suspect was in custody, police determined he was not connected to terrorist activity, she said.
'He shouldn't have been on the list,' Warehime said, 'but it doesn't hurt to cast a wide net. ... There might be no nexus to terrorism, but the initial investigation was, 'Is there a link?' 'Multiple databases
Because of his outstanding warrant in New York, the man's name showed up on the National Crime Information Center, a system run for decades by the FBI. But the possible terrorism link appeared because police now have access through the interagency Terrorism Screening Center to intelligence community data at the National Counterterrorism Center. Barry Maddox, a special agent in the Baltimore field office, declined to confirm that the suspect's name was on any list outside of NCIC's.
'We don't normally comment on a list, per se,' Maddox said. 'This man was arrested based on the warrant. He was listed in the NCIC, which every police department has access to.'
But the purpose of a terrorist watch list, Maddox added, is to provide a little more information than NCIC or a warrant includes.
'It's like adding 'armed and dangerous' to a BOLO,' a be-on-the-lookout notice, he said.
This is just one example of how the information-sharing environment is evolving in the post-Sept. 11 world.
Despite its name, the Homeland Security Department is not directly responsible for most day-to-day terrorism investigations in the United States. Much of that work is carried out by the FBI, which works to identify and arrest individuals who threaten terrorist violence.
But in conjunction with the new Office of the Director of National Intelligence, DHS is responsible for coordinating information and making sure it gets into the hands of those who need it most'the federal, state and local law enforcement officers on the street.
The first step in sharing information is establishing where the data will be pooled.
When the government's intelligence functions were reorganized under DNI last summer, in keeping with the recommendations of the 9/11 Commission, President Bush established the National Counterterrorism Center, merging in the functions of the CIA's Terrorist Threat Information Center and moving it to the new national intelligence office. As part of the directive, he ordered that NCTC serve as the repository for all raw data, generated by all agencies, related to possible terrorist and counterterrorist activity.
NCTC provides 'horizontal' access to data across federal agencies, said Russ Travers the agency's deputy director of information sharing and knowledge development.
'We support the agencies that have vertical responsibility' for sharing information with state and local law enforcement, he said. 'We have been focused for the past two years on sharing between and amongst our federal partners.'
The agency provides a Web portal, NCTC Online, for about 4,000 terrorism analysts spread throughout the government, Travers said. Access requires a very high level of clearance, he said.
The NCTC both receives data from and feeds information into numerous programs throughout DHS and the intelligence community. For instance, the National Targeting Center, operated by the Customs and Border Protection directorate, uses the information to help identify high-risk containers set to be shipped into the United States.
Rod MacDonald, acting CIO of CBP, said the Trade Act of 2002 requires that shippers provide advance electronic cargo manifests. That information flows to NCTC, which combines it with data from other agencies to help Customs agents make determinations well in advance regarding cargo inspection.
The Transportation Security Administration uses the data to screen airline passengers against the terrorist watch lists.Equal partners
But the heart of the operation, in the end, has to be providing timely information to the federal, state and local law enforcement officers on the street every day. When it comes to preventing acts of terrorism, these officers are on the front lines.
'State, local and tribal governments are supposed to be equal partners with the federal government in a joint enterprise,' former Rep. Christopher Cox (R-Calif.), then chairman of the House Homeland Security Committee, said at a subcommittee hearing last month on the information-sharing process. Cox was sworn in early this month as chairman of the Securities and Exchange Commission. 'And so they must be [equal partners], if potential terrorist attacks are to be prevented across this country in the future. The federal government'even DHS'isn't everywhere. State, local and tribal governments, by contrast, are.'
DHS' Homeland Security Operations Center is the nerve center providing the information streaming out to state and local agencies.
Matthew Broderick, director of the HSOC, said the information hub represents more than 35 federal, state and local agencies. Its day-to-day responsibilities include identifying possible terrorist threats by identifying and reporting on suspicious individuals and cargo entering, trying to enter or already within the nation's borders.
'Collection and reporting of that information is shared with the entire intelligence community, with a primary focus of providing information to the FBI, the [NCTC] and the Office of Information Analysis within the DHS Information Analysis and Infrastructure Protection Directorate,' Broderick testified. 'Those entities, rather than the HSOC, perform the intelligence analysis function.'
In addition, the HSOC runs a system that shares information with other agencies, including state and local entities'the Homeland Security Information Network'tying together all 50 states and more than 50 major urban areas.Portals for different users
The HSOC slices information access in several ways through the HSIN, which feeds information to 'tens of thousands of users,' Broderick said.
There's HSIN-CT, the portal for all federal, state, territorial, tribal and local agencies to share information relating to counterterrorism and incident management; HSIN International, a channel for rapid dialogue during a crisis between the HSOC and Canada, Australia and the United Kingdom; HSIN Law Enforcement, for agencies that deal with law enforcement-sensitive data; and HSIN Emergency Management, for all emergency operations centers at all levels of government to deal with major incidents.
The HSIN Critical Infrastructure network is designed to provide warnings and notices to the owners and operators of critical infrastructure throughout the country. Since most facilities are owned by the private sector, 90 percent of the roughly 40,000 members of the network are businesses.
Then there is the HSIN connection to the Joint Regional Information Exchange System. JRIES itself is split into two parts'analytical and law enforcement'each with its own access reguirements. The system is used by roughly 150 law enforcement agencies that have major intelligence analysis departments. The data shared through JRIES is 'sensitive but unclassified,' intended for law enforcement but not rising to the category of 'secret.'
The HSIN networks connect indirectly to the FBI's Law Enforcement Online and the Justice Department-funded Regional Information Sharing System Network, an established sensitive-but-unclassified law enforement network.
LEO and RISS.net serve about 100,000 law enforcement officers around the world via links to more than 7,000 agencies. Users, all of whom are vetted before gaining access, can share information in working groups they establish themselves and voluntarily share data.
Still to come is HSIN Intelligence, for use by the internal DHS intelligence community, while HSIN Secret is a short-term system to share information classified as secret with agencies qualified to receive the data.
HSIN Secret will be replaced by the Homeland Secure Data Network, the department's effort to merge a number of classified networks into one secure system for sharing classified information among its 22 agencies.
DHS efforts to provide more information to state and local law enforcement were both commended and criticized at a July 20 hearing before the Intelligence, Information Sharing and Terrorism Risk Assessment subcommittee.
State and tribal agency officials told the subcommittee that DHS holds information too long, in order to 'polish' it, looking to confirm its accuracy, when law enforcement officers on the street need the data in real time, even in raw form.
There also are continuing backlogs in gaining access to the various networks because of delays in obtaining clearances, they said. At the same time, they agreed that federal willingness to share information has improved noticeably.
If all the DHS networks aren't confusing enough, the FBI runs yet another operation, the Terrorist Screening Center, an interagency organization that also pulls data from NCTC and HSIN to hunt for suspicious activities and individuals.
It also runs more than 100 Joint Terrorism Task Forces in major cities throughout the country, and DHS has representatives on each of those.
The FBI's Maddox commended the department's efforts to improve collaboration.
'I think the overall concept that DHS expresses is what we're all doing, collecting and sharing data,' he said.