DSBlog

State and regional intelligence fusion centers (IFCs) typically operate quietly and out of the public eye, and when they do make news it’s often related to local controversies over privacy and civil liberties. DHS Secretary Janet Napolitano spent a fair amount of time talking about fusion centers at a recent congressional hearing, so we thought it would be an opportune time to take a look at some of the less controversial happenings at selected IFCs around the U.S. in recent months.

As Secretary Napolitano noted in her September 22nd testimony before the Senate Homeland Security and Governmental Affairs Committee, there are 72 fusion centers in operation today.

That list will soon grow a bit longer with the addition of two new centers. In Texas on May 28th, the Austin City Council gave the green light for the Austin Regional Intelligence Center (ARIC), involving 10 public safety agencies in three Texas counties.
 
In Pennsylvania, meanwhile, a new $20-million regional fusion center (rendering, right) is being slated for construction starting next year. The Delaware Valley Intelligence Center (DVIC) will “coordinate street-level intelligence nationally and among 11 counties in Pennsylvania, New Jersey, Delaware, and Maryland,” according to a June 10th report in The Philadelphia Inquirer. Based in an old Army complex in South Philadelphia, the DVIC will house the Philadelphia Police Department’s criminal intelligence and homeland security units, and between 40 and 50 officers, the paper reported. (DVIC rendering courtesy of design services firm L.R. Kimball.)

Training and education of personnel are perennial activities for all IFCs. Now, the Center for Homeland Defense and Security (CHDS) at the Naval Postgraduate School has launched a pilot executive-level educational program for fusion center directors. The inaugural session of the Fusion Centers Leaders Program (FCLP) took place June 21-25.

Intelligence Liaison Officer (ILO) training courses are also offered, in facilities like the Michigan Intelligence Operations Center (MIOC) and elsewhere. For example, the Kentucky Intelligence Fusion Center (pictured, right) held a day-long ILO training seminar in Frankfort in late July in which more than 100 ILOs took part. (The KIFC has also opened a telephone hotline so that residents can report suspicious or criminal activity.)

In another leadership development, the Iowa Intelligence Fusion Center swore in its new director on July 15th. James Saunders replaces longtime Director Russell Porter, who has been appointed to a position with the Office of the Director of National Intelligence (ODNI). Porter, it may be remembered, gave a detailed interview to The Iowa Independent two years ago in which he discussed the Iowa IFC’s focus and operations – and dealt forthrightly with the center’s budget woes and the public’s civil liberties concerns.

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises, for optimizing risk-based strategic, policy, and budgetary decisions.

Like many of us in the security risk profession, media outlets and blogs took careful note of the novel ways social media tools were employed in two high-profile emergencies earlier in the month: the hostage standoff at Discovery headquarters near Washington DC and the gas pipeline explosion in San Bruno, California.

On the whole, the writers have been less skeptical about the role and utility of raw data from Twitter feeds and their ilk than we were in our recent post on the Discovery incident.

Here’s a small sampling of what others have been saying since the two events happened.

Federal Computer Week notes that emergency management, “once the province of official channels, is going where the people are.” It lists “5 ways to use social media for better emergency response,” including:
1. Reaching a wider audience by having “a presence on Facebook and Twitter and … moving onto YouTube as a way to disseminate information about emergency preparedness,” augmenting more traditional alert services;
2. Making emergency alerts two-way;
3. Monitoring the tweets and messages of emergency management agencies via social media channels “to know what’s going on”;
4. Integrating social media data sources to produce “a Web-based common operating picture”; and
5. Using “social media and Web 2.0 technologies [to] improve collaboration among defense, civilian and nongovernmental agencies during disasters.”

Mapping tools feature prominently in a number of blog posts on both incidents. A blogger with Off the Map, from mapping firm FortiusOne, built a bounded location search for tweets around Discovery headquarters the afternoon of the incident, using the Twittering Stream API, and published the results the following morning.

At the opposite end of the country just over week later, according to SMSEO, Google launched a resource map to assist those affected by the San Bruno explosion and subsequent fire (photo right). (The home offices of Google-owned YouTube are about two miles from where the explosion occurred). All Hazards bloggers went one step further and augmented the Google map with an array of additional resources for those affected by the blast.

Awareness of social media tools is no longer the challenge among government agencies at the federal, state and locals levels; it’s how to use them. And in a few cases some interesting things are being tried. For example, Government Computer News reported over the summer about one such widget project at the Federal Emergency Management Agency. The Discovery and San Bruno incidents are merely the latest reasons for FEMA and other agencies to continue their explorations of social media tools.

(Photo courtesy of California Beat, credited to Twitpic via @brian305)

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises, for optimizing risk-based strategic, policy, and budgetary decisions.

A newly published report by a panel of outside security risk specialists from academia and the private sector takes a mostly critical view of Department of Homeland Security risk analysis efforts. 

The congressionally mandated report from the National Research Council (NRC), part of the non-profit National Academies, concludes that the Risk = Threat x Vulnerability x Consequence formula used by DHS to assess risk is valid and “in accord with accepted practice in the risk analysis field.” It adds, however, that “DHS’s operationalization of that framework – its assessment of individual components of risk and their integration into a measure of risk – is in many cases seriously deficient and is in need of major revision.”

“DHS seems to use the special case formula Risk = T ×V × C very broadly for both terrorism and natural hazards applications [and] …needs to be very careful in documenting assumptions and understanding when the multiplicative formula is appropriate and when it is not,” according to the report. “The risks presented by terrorist attack and natural disasters cannot be combined in one meaningful indicator of risk, and so an all-hazards risk assessment is not practical.”

It goes on to note that DHS does a good job with analyzing natural hazard risks, calling the approach “near state of the art” and “based on extensive data.” Not so with its risk analysis approaches related to terrorism, which the report says are not sufficiently transparent, validated or reviewed, and also that the department “appears to be in a very immature state with respect to characterizing uncertainty.”

The full report can be ordered or read for free online here.

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises, for optimizing risk-based strategic, policy, and budgetary decisions.

The Dept. of Homeland Security has released a revised and expanded version of the DHS Risk Lexicon, two years after publication of the original document.

The 2008 edition contained roughly 70 terms and definitions while the new version, published on September 8th, adds more than 50 new ones and provides revised definitions for 23 of the original terms.

To view the Lexicon, click here.

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises, for optimizing risk-based strategic, policy, and budgetary decisions.

There are more than a few disciples of data visualization guru Edward Tufte at Digital Sandbox. So we’re happy to see that the well-regarded Yale professor and statistician will soon be hitting the lecture circuit again with his one-day course on Presenting Data and Information, including a swing through the Washington DC area later this month.

Tufte is known for having sworn eternal hostility to overuse of PowerPoint presentations long before it became fashionable to do so. His preference is for high-impact graphics like cartographer C.J. Minard’s illustration of Napoleon’s ill-fated 1812 campaign into Russia   (right), which plotted multiple types of raw data – geography, time, temperature and number of soldiers – on a single two-dimensional graphic. And of course his approaches and methods have informed our own four core principles on data visualization (see pp 6-7 of our Inside The Box report on data analytics for details.)

If you’re interested in picking up a wealth of insights and best practices on the subject, then it’s well worth your time – and the $380 fee – to attend. As a bonus he throws in free copies of all four of his beautifully crafted books as part of the registration fee, including the classics Envisioning Information and The Visual Display of Quantitative Information.

Tufte’s fall series kicks off with three lectures in Arlington, VA, from September 29th through October 1st, followed by Philadelphia and New York City in November and California in December.

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises, for optimizing risk-based strategic, policy, and budgetary decisions.

The American Red Cross has conducted a very interesting survey among U.S. citizens aged 18 and over to gauge their reliance on social media in obtaining information about emergencies such as earthquakes or severe weather. While the numbers are still somewhat small, the survey shows that there are rapidly growing expectations regarding the use of social media in emergencies.

As expected, the survey recorded widespread usage of social media in general: nearly three in four respondents said they use some form of it – topped by the likes of Facebook, YouTube and Twitter. When it comes to public emergencies, however, the uptake is less widespread. The overwhelming majority still get their emergency news from more traditional media like TV (63%), radio (44%) and news websites (37%) while a much smaller proportion rely on social media like Facebook (14%) and Twitter (6%).

But the trend towards greater use of social media is clearly apparent, especially among those aged 18 to 34. Here’s what the survey’s 1,058 adults told the Red Cross:

• About 50% would sign up for emails, text alerts, or applications to receive emergency information, and about the same number would post emergency information on their personal pages or sites;
• 18% would turn to digital social media if calls to 911 were unsuccessful;
• 69% believe emergency response agencies should regularly monitor their Web sites and social media networks so they can respond promptly to any requests for help posted there; and
• 74% say they would expect help to arrive within an hour.

The survey can be found here.

In a posting about the Red Cross survey and its related Emergency Social Data Summit, the Center for Health & Homeland Security Blog zeroed in on the use of Twitter and made a few additional points worth sharing. It observed, for example, that “when responding to disasters it’s all about the relationships you’ve already built.”

“In social media,” the blog noted, “building real relationships requires a long-term focus driven by consistent engagement and substantive interaction, and it’s no secret that Twitter is an especially fertile ground for both. However, all too often emergency management agencies use Twitter as a one-way-street for information dissemination rather than a tool for conversation, valuable outreach, and, in times of crisis, immediate situational awareness and information gathering.”

CHHS found in its own research that “42 state emergency management/homeland security agencies maintain Twitter accounts (43 counting D.C.), and only one of those accounts is ‘verified’ by Twitter. Surprisingly, 16 of those agencies do not link to their Twitter page from their agency homepage.” And of the 27 that do, it added, only a handful give Twitter particularly prominent homepage placement.

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises, for optimizing risk-based strategic, policy, and budgetary decisions.

It was an all-too familiar scene: a lone gunman entered an office building, took hostages and threatenened lives. Hardly typical, though, was that news of the event first broke on Twitter and other social media. Can emergency managers harness this potent capability? They’re already trying. But should they be?

On September 1, 2010, gunman James Lee entered Discovery Communications’ corporate headquarters just outside Washington DC and took three hostages before being killed by police. Although such scenarios have played out multiple times in the past, The Washington Post reports a unique twist to this event: it was first communicated to the public by the public, via Twitter and other social media outlets. Twitter was also the source of continuous real-time updates as the incident unfolded, most of them neatly aggregated under the hashtag “#Discovery.”

Monitoring and harnessing information from social media sites is a growing trend in the emergency management community. There seems to be a rush not only to capture the flood of information streaming from these media, but also to do something useful with it.

The question we would ask is: what constitutes ‘useful’?

Even a cursory look at tweets from the Discovery incident clearly shows how the data could be a valuable risk communication tool. But we should also recognize the limitations of the data sources, and take corresponding steps that will clearly define the extent to which they can be rendered sufficiently consistent and reliable – in other words to make them truly useful.

Here are some questions that need to be addressed:

• How quickly can misinformation be corrected?
• What are the costs and benefits of fast information versus accurate information?
• How can quality information be equitably distributed to affected populations?

Raw information feeds such as Twitter provide a rich trove of real-time data on a wide array of mission-critical questions. But there should be a way for that data to be rapidly vetted and analyzed in context before social media can become truly effective tools for emergency response, risk communication or threat warning dissemination. (Image courtesy of: yfrog.)

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises, for optimizing risk-based strategic, policy, and budgetary decisions.

Ever wondered why there seem to be so many vague or contradictory definitions for the words “hazard” and “threat” and “risk”? One big reason is that they’re often used interchangeably in the popular press – and even among some security practitioners.

In fact each does have a distinct (if sometimes overlapping) meaning in the risk management lexicon. Since these are fundamental terms that should be commonly understood by everyone in the security risk profession, we thought it would be worth taking a moment to clarify our definitions.

Hazard:  As in many organizations in the risk community, we use the term “hazard” to refer to any condition or event triggered by nature, or intentionally or accidentally by humans, which could result in disruption, harm or loss. Typically it is a descriptive word or phrase, like “hurricane” or “truck bombing.”

Threat (Likelihood):  On its own the word “threat” is sometimes used to describe a man-made hazard, such as a chemical weapons attack, for which variables like intent and capability can be gauged. More often, though, it is shorthand for “threat likelihood,” which describes the probability of any type of adverse event occurring at a given location during a given time frame. Likelihood is routinely expressed in numerical terms – say, the total number of hurricanes expected this year in South Florida. We typically use “likelihood” as short-hand for “threat likelihood.”

Risk:  “Risk” is a more complex term that incorporates multiple elements of probability, including likelihood. It is defined as the aggregate potential consequences of a hazard event, for instance the expected human casualties and monetary losses resulting from a tsunami.

Despite there being literally hundreds of proprietary methodologies in use today for assessing risk, most calculations rely on some combination of the same three variables:

• The likelihood of a hazard event;
• The vulnerability of assets to that event; and
• The adverse impact of the event.

In many risk calculations, moreover, vulnerability and impact are fused into a single metric called “consequence,” which can be measured in units like fatalities. From this more condensed version comes the widely used formula: Risk = Likelihood x Consequence.

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises, for optimizing risk-based strategic, policy, and budgetary decisions.

The Investigative Project on Terrorism has produced a “U.S. Terror History Map” using Google Maps technology to track and identify cases of terror plots, terror financing “and other radical activities” in the U.S. during the past two decades.

Three categories are plotted on the map:

• Court cases involving terrorist plots or financial and other forms of material support for terrorists.
• Mosques and Islamic centers that “at one time were home to radical clerics or to conspirators in a terrorism-related investigation, or had other connections to radical individuals or terrorist organizations.”
• Radical activities (including duplicates of certain court cases described above) that “involve multi-player criminal cases of terrorist plots or financing” and which in some cases “have tentacles in more than one city.”

The map was developed before the current flare-up in tensions over mosque-building plans near Ground Zero, but seems rather timely in retrospect. It also comes with this disclaimer about the mosques: “Their inclusion should not be interpreted as a sign that all who attend share the radical views or were aware of the activities.”

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises, for optimizing risk-based strategic, policy, and budgetary decisions.