GSN_Oct_YUMPU
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Government Security News<br />
OCTOBER 2016 DIGITAL EDITION<br />
Scientist George Lane explains “What was in the World Trade Center plume on<br />
9/11”, and former EPA Administrator Christie Whitman acknowledges that many<br />
people died because of her “mistake” in announcing seven days after the attacks<br />
that the air in lower Manhattan was safe to breathe – Page 12<br />
Also in this issue:<br />
Case Study: HID Global helps streamline Bhutan’s driver’s license issuance and management system – Page 6<br />
Chuck Brooks on Cybersecurity: The weakest link will always be the human element in what many people call<br />
the wild, wild west of cybersecrurity – Page 32<br />
The nation’s power grid is struck by cyber or physical attacks once every four days, according to Federal<br />
energy records – Page 40
NEWS<br />
<strong>GSN</strong> <strong>Oct</strong>ober 2016 Digital<br />
12<br />
4<br />
5<br />
6<br />
15<br />
16<br />
19<br />
20<br />
24<br />
25<br />
26<br />
27<br />
What was in the World Trade Center chemical plume at<br />
Ground Zero on 9/11<br />
Salient CRGT awarded $22.6M contract from DHS<br />
to improve border technologies<br />
GTT releases most advanced TSP solution to date:<br />
modular, expandable Opticom CVP<br />
HID Global helps streamline Bhutan’s driver license issuance<br />
and management system<br />
Canon U.S.A. and National Crime Prevention Council collaborate<br />
to raise awareness of theft and safety concerns<br />
The Technology War: Advantages of Network-Centric<br />
approach to modern warfare<br />
International sports competition in Brazil catapults<br />
to Gold Standard of ID Management with<br />
Quantum Secure<br />
The 2015 ISIS Attacks on Paris: Assessment and Lessons Learned<br />
Handheld Narcotics Analyzer can now detect lethal W-18 opioid drug<br />
FLIR announces identiFINDER R100 personal radiation detector<br />
with integrated Bluetooth smart technology<br />
Cambridge Pixel enhances radar tracking software<br />
to support small target detection<br />
Vecna attainst DoD DIACAP Security Accreditation<br />
and ATO for patient self-service solution<br />
2
Edition Table of Contents<br />
28<br />
29<br />
30<br />
Even the Government’s own advisory committee wants<br />
to end family detention<br />
How the Vice Presidential candidates responded to<br />
immigration issues at the debate<br />
Class action lawsuit challenging failure of CBP to respond to<br />
Freedom of Information requests is dismissed following settlement<br />
FEATURES<br />
SPECIAL REPORT ON INTERNATIONAL THREAT/CYBER INTELLIGENCE<br />
32<br />
36<br />
37<br />
38<br />
Chuck Brooks on Cybersecurity: The weakest link will<br />
always be the human element<br />
Arrest of ex-NSA contractor shows federal<br />
cybersecurity still faces a serious insider threat<br />
Intelligent Automation Inc discusses cyber attacks<br />
and tools of analysis and mitigation<br />
Convy on Net-Centric Security:<br />
The future of identity management is<br />
on the tips of your fingers<br />
SPECIAL REPORT ON OIL/GAS/ELECTRIC GRID SECURITY<br />
40<br />
42<br />
44<br />
The nation’s power grid is struck by cyber or physical attacks once every four<br />
days, according to federal energy records<br />
Quanergy acquires OTUS People Tracker Software<br />
from Raytheon BBN Technologies to strengthen its<br />
position as complete LiDar solution provider<br />
Infrared NCR launches national critical infrastructure<br />
security and resilience month awareness campaign<br />
3
Salient CRGT awarded $22.6M contract from Department<br />
of Homeland Security to improve border technologies<br />
FAIRFAX, VA – <strong>Oct</strong>ober 12, 2016<br />
- Salient CRGT, Inc., a leading provider<br />
of worldwide training development<br />
and delivery, Agile software<br />
development, data analytics, mobility,<br />
cyber security, and infrastructure<br />
solutions, today announced a<br />
prime contract award from<br />
the Department of Homeland<br />
Security (DHS) Science<br />
and Technology<br />
Directorate (S&T), to<br />
provide development,<br />
integration and evaluation<br />
in support of Borders<br />
& Maritime Research, Integration<br />
and Transition Environments<br />
(BorderRITE). This five-year<br />
effort is valued at approximately<br />
$22.6 million.<br />
The objective of BorderRITE is<br />
to provide two environments that<br />
seamlessly work together to help<br />
secure the Nation’s borders. Salient<br />
CRGT fills the gap between vendor<br />
testing and pilot programs by<br />
development systems and creating<br />
environments to evaluate emerging<br />
technologies and transition them<br />
into operational use. The company<br />
will build and maintain these environments<br />
and help S&T identify<br />
new technologies.<br />
Created by Congress in 2003 with<br />
the formation of the Department of<br />
Homeland Security, S&T is DHS’s<br />
primary research and development<br />
(R&D) arm. S&T manages science<br />
and technology research, from development<br />
through transition, for<br />
the department’s operational<br />
components and the nation’s<br />
first responders.<br />
S&T’s mission is to deliver<br />
effective and innovative<br />
insight, methods<br />
and solutions for<br />
the critical needs of the<br />
Homeland Security Enterprise.<br />
“Our partnership with DHS Science<br />
and Technology Directorate<br />
aligns with our company focus on<br />
innovation,” says Brad Antle, CEO<br />
of Salient CRGT. “Our Innovation<br />
Centers focus on identifying and<br />
testing new technologies to improve<br />
our customers’ efficiency and<br />
threat posture. This effort picks up<br />
where manufacturers’ and vendors’<br />
product testing ends. Evaluating<br />
technologies in a real-world environment<br />
will inform DHS S&T’s<br />
decision making about significant<br />
technology investments and save<br />
the agency time and money.”<br />
4<br />
This award was through Salient<br />
Federal Solutions, Inc., a wholly<br />
owned subsidiary of Salient CRGT.<br />
About Salient CRGT<br />
Salient CRGT provides Agile software<br />
development, data analytics,<br />
mobility, cyber security and infrastructure<br />
solutions. We support<br />
these core capabilities with full lifecycle<br />
IT services and training—to<br />
help our customers meet critical<br />
goals for pivotal missions. We are<br />
purpose built for IT transformation<br />
supporting federal civilian, defense,<br />
homeland, and intelligence agencies,<br />
as well as Fortune 1000 companies.<br />
We use the most innovative<br />
talent delivery model in the industry,<br />
scientifically providing exactly<br />
the right people for the customers’<br />
most pressing requirements. Salient<br />
CRGT has earned a record of success<br />
with integration and operations<br />
of large‐scale, high‐volume solutions.<br />
On September 15, 2015, Salient<br />
and CRGT announced closing<br />
of the merger transactions – visit<br />
newsroom. For additional information<br />
on Salient and CRGT, visit<br />
www.salientcrgt.com
GTT releases most advanced TSP solution to date:<br />
modular, expandable Opticom CVP<br />
ST. PAUL, MN – <strong>Oct</strong>ober 11, 2016<br />
– Global Traffic Technologies announced<br />
today the availability of Opticom<br />
CVP, the company’s next-generation<br />
transit optimization solution.<br />
The Opticom CVP is built with<br />
the same powerful and precise algorithms<br />
used in Opticom hardwarecentric,<br />
GPS-enabled solutions. The<br />
new platform provides softwarebased<br />
Transit Signal Priority (TSP),<br />
schedule adherence, headway management<br />
and other advanced capabilities,<br />
helping to ensure transit vehicles<br />
adhere to their published timetables.<br />
With GTT’s most advanced solution<br />
to date, agencies have the potential to<br />
increase rider satisfaction while dramatically<br />
reducing operating costs.<br />
The platform also adds cloud-based<br />
analytics for more control and insights.<br />
GTT’s president Doug Roberts said<br />
“the new Opticom CVP is a softwarecentric<br />
platform that, combined with<br />
new service and delivery options, is<br />
designed to offer agencies maximum<br />
flexibility with their implementation.<br />
“The solution significantly reduces<br />
implementation time,” Roberts said.<br />
“This allows agencies to increase efficiency<br />
and improve rider satisfaction<br />
faster than conventional solutions.”<br />
The CVP - like other transit solutions<br />
from GTT - provides a compelling<br />
and quick return on investment<br />
for transit agencies by reducing fuel<br />
and labour costs. Opticom TSP solutions<br />
can even have the potential to<br />
reduce fleet requirements.<br />
“The Opticom Connected Vehicle<br />
Platform is designed to empower<br />
transit agencies,” Roberts said.<br />
“Combining GTT’s industry-leading<br />
Opticom TSP with built-in active<br />
schedule and headway management<br />
capabilities, the CVP helps keep transit<br />
services on time and performing<br />
optimally in order to minimize travel<br />
times, increase predictability and improve<br />
on-time metrics.”<br />
In addition to the software-based<br />
TSP, schedule and headway applications,<br />
the Opticom CVP allows transit<br />
managers to monitor and maintain<br />
system performance from a central<br />
location with cloud-based analytics<br />
and reporting. Transit managers can<br />
monitor such key metrics as on-time<br />
performance, and dwell time and<br />
travel time by vehicle or route. Users<br />
can also assess and maintain system<br />
performance and provide updates to<br />
the system from anywhere with Internet<br />
access using Opticom Centralized<br />
Management Software (CMS).<br />
The Opticom CVP is built to expand<br />
as an agency’s needs grow. The<br />
CVP offers multiple interface options<br />
and allows additional applications to<br />
5<br />
be added as needed.<br />
In cities that are already equipped<br />
with Opticom for emergency vehicle<br />
preemption, Opticom CVP can be<br />
easily integrated to include service to<br />
their transit fleets. Opticom CVP is<br />
designed to support all variations of<br />
Opticom TSP, including distributed<br />
variants that use infrared and/or GPS<br />
intersection infrastructure, centralized<br />
architectures, and radio or cellbased<br />
communications, including<br />
DSRC.<br />
The Opticom CVP solution is available<br />
now from authorized GTT dealers.<br />
For more information contact<br />
GTT Sales Support via phone at +1<br />
800-258-4610 select Option 1, email<br />
sales@gtt.com, or visit www.gtt.com/<br />
cvp.<br />
About Global Traffic<br />
Technologies, LLC<br />
GTT, formed in 2007 from 3M’s pioneering<br />
Intelligent Transportation<br />
Systems business, is the manufacturer<br />
of Opticom priority control systems<br />
and CanogaT traffic-sensing systems.<br />
These systems have provided safe and<br />
More on page 46
CASE STUDIES<br />
HID Global helps streamline Bhutan’s driver<br />
license issuance and management system<br />
Road Safety and Transport Authority,<br />
Thimphu, Bhutan<br />
The Road Safety and Transport<br />
Authority of Bhutan (RSTA), the<br />
government agency responsible<br />
for printing and issuing driver’s licenses<br />
sought a more secure and<br />
durable card issuance solution for<br />
the country’s growing population<br />
of road users. Formerly known as<br />
Surface and Transport Authority<br />
(STA), the agency was established<br />
in 1977 and works to provide safe,<br />
reliable and cost-effective transportation<br />
alternatives that support the<br />
socio-economic development of<br />
Bhutan. Among its myriad of private<br />
and commercial motor vehicle<br />
functions, it is responsible for all vehicle<br />
registration and driver license<br />
issuance throughout the country.<br />
The RSTA currently employs approximately<br />
170 civil servants in its<br />
regional and local offices across the<br />
country.<br />
Challenges<br />
In recent years, Bhutan has undergone<br />
significant economic development<br />
and modernization leading<br />
to an increase in a<br />
number of drivers<br />
unable to manage<br />
the high demand<br />
in the issuance of<br />
driver’s licenses, the<br />
existing printing<br />
process was inefficient<br />
and lacked<br />
a streamlined approach<br />
for replacing<br />
printer consumables<br />
needed in order to<br />
meet the demands<br />
of new driver requirements.<br />
Dependent on a system<br />
that required different vendors for<br />
its consumables such as cards and<br />
overlaminates, the RSTA needed<br />
a more efficient printing solution<br />
from a single source that would enable<br />
them to issue a high-volume of<br />
ID cards.<br />
“We needed a more efficient printing<br />
solution without compromising<br />
security, durability and image quality,”<br />
said Tshering Nidup, ICT Officer<br />
at the Road Safety and Transport<br />
Authority.“Before implementing<br />
HID Global’s ID card issuance solution,<br />
we had to work with mul-<br />
6<br />
“The printers were plugged in and they were just ready to go. They<br />
were also incredibly intuitive to use, and we have had no problem<br />
with them through the entire year.”<br />
– Tshering Nidup<br />
ICT Officer, Road Safety and Transport<br />
Authority of Bhutan (RSTA)<br />
tiple vendors to get all the components<br />
needed in order to carry out<br />
the printing of driver’s licenses, but<br />
there were times when it was difficult<br />
to ensure each vendor would<br />
deliver the needed consumable on<br />
time. If any of them had to delay<br />
their delivery to a particular site, we<br />
had to stop printing at that location<br />
creating a large backlog for us.”<br />
Since the driver’s licenses are also<br />
used as citizen identification, it is<br />
critical for the ID card to be highly<br />
secure, resistant to cloning and<br />
counterfeiting. Previously, the li-<br />
More on page 10
HID Global Helps Streamline<br />
Bhutan’s Driver License Issuance<br />
and Management System<br />
Continued from page 6<br />
censes lacked the security features<br />
that prevented them from being<br />
tampered with resulting in an underground<br />
market of fake IDs that<br />
presented a problem for law enforcement.<br />
In addition, the old licenses were<br />
very susceptible to wear and tear<br />
fading after a few years, leaving behind<br />
IDs with only faint images of<br />
personal information that were illegible,<br />
and difficult to be recognized.<br />
Solutions<br />
After RSTA selected Ugen Trading<br />
House (UTH), the local authorized<br />
dealer of HID Global solutions in<br />
Bhutan, the RSTA selected HID<br />
Global’s FARGO® HDP5000 high<br />
definition printers/encoders and<br />
Thinley Dorji, Motor Vehicle Inspector at<br />
RSTA, is one of the officers responsible for the<br />
issuance of drivers’ licenses in Bhutan.<br />
deployed the new system in its offices<br />
last year to manage the driver’s<br />
license issuance process. The RSTA<br />
chose HID Global because it was<br />
looking for a trusted partner who<br />
could provide not only highly secure<br />
products that adhere to international<br />
standards, but also professional<br />
and thorough aftersales<br />
services and support.<br />
The HDP5000 printers/encoders<br />
enabled RSTA to gain access to<br />
state-of-the-art, high-definition and<br />
efficient card printing at a lower total<br />
cost of ownership than the previously<br />
deployed solution.<br />
“Gaining greater efficiency with<br />
the new printers, we had no problems<br />
operating and issuing ID cards<br />
across all of our driver’s license distribution<br />
locations,” said Nidup.<br />
Additionally, the HDP5000 ID<br />
printer and encoder produces crisp,<br />
high-definition images by leveraging<br />
the retransfer print technology.<br />
By printing a reverse image on an<br />
intermediate film, then transferring<br />
the film to the card surface, the<br />
HDP5000 outputs greater image<br />
quality that is long-lasting and more<br />
resistant to wear and tear compared<br />
to those printed directly on the<br />
cards.<br />
The new driver’s licenses also features<br />
a multitude of security features,<br />
supported by the HDP5000<br />
printers. The RTSA achieved this<br />
by utilizing the dual-sided printing<br />
10<br />
feature. By installing the dual lamination<br />
module it enabled them to<br />
quickly and efficiently laminate the<br />
cards on both sides, without flipping,<br />
in one pass.<br />
Benefits<br />
For easy identification, the new<br />
driver’s licenses are issued in three<br />
different colors – white for private<br />
cars, blue for commercial vehicles<br />
such as buses, and green for taxis.<br />
The improved quality of the cards<br />
have received positive feedback by<br />
the citizens of Bhutan, as it provides<br />
a more secure, durable and updated<br />
look. “We now have a lot fewer requests<br />
for replacement cards compared<br />
to last year lessening our work<br />
load and resulting in an added benefit<br />
in annual waste savings,” added<br />
Nidup.<br />
With the new HID Global solution<br />
deployed, the RSTA of Bhutan can<br />
now procure all printer consumables<br />
from a single source for a more efficient<br />
and streamlined resupplying<br />
process. The high throughput rate of<br />
the HDP5000 printers also contributes<br />
to improved efficiency. In the<br />
first few weeks of deployment, the<br />
RSTA cleared its backlog of driver’s<br />
licenses requests. As a result, the department<br />
also reduced its wait times<br />
for the issuance of new and replacement<br />
licenses.<br />
Law enforcement agencies also<br />
More on page 46
<strong>GSN</strong>’s 2016 Homeland Security Awards Program<br />
Now Accepting Entries at:<br />
www.gsnmagazine.com/hsa2016/welcome<br />
The 2016 Government Security News Awards Program, featuring<br />
many new categories in Cybersecurity, Physical Security, Government<br />
Agency Innovations and Mobile Technologies will open for entries on<br />
August 24 and will close for entries on November 15.<br />
In good news for Winners and Finalists, <strong>GSN</strong> will be reinstating its<br />
annual Homeland Security Awards Dinner in Washington, DC in<br />
the first week of December, in a venue to be announced. Longtime<br />
participants in the <strong>GSN</strong> awards programs will recall that previous<br />
<strong>GSN</strong> Awards Dinners have featured top government, military leaders<br />
and respected television commentators such as 4-Star General<br />
Barry McCaffrey (Ret); Fran Townsend, Homeland Security Advisor to<br />
George W. Bush, James Kallstrom, Assistant Director of the FBI and<br />
Admiral Thad Allen (Ret), Commandant of the U.S. Coast Guard<br />
who came out of retirement twice to serve his county, first in<br />
Hurricane Katrina and later in the BP Oil Spill.<br />
The cost of an entry for vendors is $300 per entry, but there is no<br />
charge for government agencies or departments. All Winners<br />
and Finalists receive Awards Emblems, and all Winners receive a<br />
handsome, gold-trimmed plaque describing their winning entries.<br />
All Winners and Finalists will also be invited to participate in the 2016<br />
Digital Yearbook of Awards Winners.<br />
To see photo gallery of previous Awards Dinners:<br />
https://www.flickr.com/photos/44536438@N06/<br />
For information on the Awards Dinner or Sponsorships,<br />
Contact Adrian Courtenay, Managing Partner, at<br />
acourtenay@gsnmagazine.com, (Mobile) 917-696-5782
What was in the World Trade Center chemical<br />
plume created at Ground Zero on “9/11”?<br />
By George Lane,<br />
Emergency Response Technology<br />
Fifteen years later, what exactly residents<br />
and rescue workers were exposed<br />
to remains at least a partial<br />
mystery. The smell cannot be forgotten.<br />
Any smoky mix of burning plastic<br />
can instantly bring back memories<br />
for locals of the aftermath of the collapse<br />
of the two towers of the World<br />
Trade Center on September 11,<br />
2001. 91,000 liters of jet fuel and the<br />
10,000,000 tons of building materials<br />
and contents burning at temperatures<br />
above 1,000 degrees Celsius extended<br />
from lower Manhattan across the East<br />
River into Brooklyn and beyond to<br />
the sea.<br />
The terrorist attacks on the World<br />
Trade Center on September 11, 2001,<br />
exposed thousands of Fire Department<br />
of New York City (FDNY) rescue<br />
workers to dust, leading to substantial<br />
declines in lung function in<br />
the first year. So what exactly was in<br />
that smoke and dust?<br />
The real answer to that question will<br />
never be known as few direct measurements<br />
were taken of the plume<br />
that followed the disintegration of<br />
the two towers into a blizzard of dust,<br />
though air samples were collected in<br />
subsequent weeks and months. Regardless,<br />
the then administrator of the<br />
U.S. Environmental Protection Agency<br />
and former governor of New Jersey<br />
Christie Whitman said on September<br />
13, 2001, “EPA is greatly relieved to<br />
have learned that there appears to be<br />
no significant levels of asbestos dust in<br />
the air in New York City.” She added:<br />
“We will continue to monitor closely.”<br />
And five days later, she announced: “I<br />
am glad to reassure the people of New<br />
York and Washington, D.C., that their<br />
air is safe to breath [sic].” 1<br />
Knowing what was in the dust suggests<br />
what may have caused the ailment<br />
dubbed “World Trade Center<br />
or WTC Cough” by the New England<br />
Journal of Medicine, which doctors at<br />
Mount Sinai Medical Center in New<br />
York estimate afflicted nearly half of<br />
those who worked at the site.<br />
Ultimately, the EPA determined<br />
that the air around “Ground Zero”<br />
was harmless, despite the agency’s<br />
findings concerning levels of asbestos<br />
and dioxin, at least to civilians living<br />
and working in the vicinity, if not the<br />
rescue workers. “Except for inhalation<br />
exposures that may have occurred on<br />
9/11 and a few days afterwards, the<br />
ambient air concentration data suggest<br />
that persons in the general population<br />
were unlikely to suffer short-term or<br />
long-term adverse health effects caused<br />
12<br />
by inhalation exposures,” EPA scientists<br />
wrote in their analysis published<br />
in 2007. 2<br />
“It was such a horrific event,” says<br />
environmental scientist Paul Lioy of<br />
the Environmental and Occupational<br />
Health Sciences Institute in New<br />
Jersey, who was contacted by both<br />
the federal government and the Port<br />
Authority of New York and New Jersey<br />
to collect samples of the pulverized<br />
remains of the Twin Towers in<br />
the days following the attack. “What<br />
was the contribution of the gases [from<br />
combustion]?”<br />
The terrorist attack on the World<br />
Trade Center on September 11, 2001,<br />
now known as “9/11”, and its consequent<br />
collapse killed 2,751 persons,<br />
including 343 rescue workers employed<br />
by the Fire Department of<br />
New York City (FDNY) and exposed<br />
thousands of persons to a dense, persistent<br />
dust cloud of pulverized building<br />
materials and chemical by-products<br />
of combustion or pyrolysis. 3<br />
The FDNY rescue workers who responded<br />
to the World Trade Center<br />
site during the collapse or the subsequent<br />
10-month rescue-and-recovery<br />
operations had substantial loss in pulmonary<br />
function during the first year<br />
after the event, more than 12 times<br />
the annual age-associated rate. The
largest decline was observed among<br />
workers who arrived at the site on<br />
the morning of “9/11”, and there were<br />
larger declines among firefighters<br />
than among emergency medical services<br />
workers. 4<br />
Among non-FDNY rescue workers,<br />
volunteers, and residents of lower<br />
Manhattan who were exposed to<br />
World Trade Center dust, abnormal<br />
results on spirometry, a common office<br />
test used to assess how well your<br />
lungs work by measuring how much<br />
air you inhale, how much you exhale<br />
and how quickly you exhale,<br />
were common and persisted during a<br />
3-year follow-up. However, health records<br />
were not available before “9/11”<br />
to determine the extent of new versus<br />
preexisting abnormalities. 5<br />
During the “9/11” attack on the<br />
WTCs, urban chemical warfare was<br />
introduced to America. Thousands<br />
were hospitalized with a “pulmonary<br />
edema”, an indicator of what became<br />
known as the “WTC Cough”. 6<br />
“FEV1”,” forced expiratory volume” in<br />
1 second, is the volume exhaled during<br />
the first second of a forced expiratory<br />
maneuver started from the level<br />
of total lung capacity. FEV1 was used<br />
to assess airway obstruction, bronchoconstriction,<br />
or bronchodilatation.<br />
7,8<br />
“Ground Zero” smoldered until<br />
December 19, releasing fumes that<br />
researchers collected in air samples.<br />
The debris pile acted like a chemical<br />
factory. It cooked together the components<br />
of the buildings and their<br />
contents, including enormous numbers<br />
of computers, and gave off gases<br />
of toxic metals, acids and organics.<br />
The “WTC Cough” was named by<br />
Dr. David Prezant, medical director<br />
of the New York City Fire Department,<br />
in a September 12, 2002, study<br />
in the New England Journal of Medicine.<br />
He and his colleagues reported<br />
that firefighters who had worked at<br />
the World Trade Center site within<br />
the first three days of September<br />
11 were most likely to display these<br />
symptoms, no doubt from massive<br />
exposure to a variety of toxic chemicals.<br />
Those who required at least four<br />
consecutive weeks of medical leave as<br />
a result of the sickness were diagnosed<br />
with “World Trade Center Cough”.<br />
A 2005 study of 2,812 residents living<br />
near the World Trade Center published<br />
in the Journal Environmen-<br />
13<br />
tal Health Perspectives found that<br />
coughing, wheezing, chest tightness<br />
and shortness of breath were reported<br />
in three to six times greater numbers<br />
among people living within one<br />
mile of the World Trade Center site<br />
than among those who lived more<br />
than five miles away. More recent<br />
studies of patients who have sought<br />
treatment for September 11-related<br />
respiratory illness suggest that years<br />
later, they still have a greater risk for<br />
abnormal lung function.<br />
But it is hard to know what the real<br />
numbers are. Unlike firefighters, who<br />
receive care through the New York<br />
City Fire Department and whose<br />
health status before and after September<br />
11 has been well-documented, the<br />
health of residents and local workers<br />
hasn’t been well-tracked.<br />
The “James L. Zadroga 9/11 Health<br />
& Compensation Act”, signed into law<br />
by President Obama in early 2011,<br />
establishes the “World Trade Center<br />
(WTC) Health Program”. It ensures<br />
that those affected by “9/11” continue<br />
to receive monitoring and treatment<br />
services for “9/11”-related health<br />
problems through at least 2015. The<br />
“WTC Health Program” consists of a<br />
Responder Program (for rescue and<br />
recovery workers, including more<br />
than 15,000 New York City firefighters)<br />
and a Survivor Program (for those<br />
who lived, worked or went to school<br />
in lower Manhattan on “9/11”). Services<br />
also are available for responders<br />
to the Pentagon and Shanksville,
Pennsylvania sites also attacked by<br />
9/11 terrorists. People eligible can receive<br />
services, no matter where they<br />
live now in the U.S. The director of<br />
the National Institute for Occupational<br />
Safety and Health (NIOSH) administers<br />
the “WTC Health Program”,<br />
paid by the federal government and<br />
New York City. 9<br />
I was invited to participate in research<br />
into the chemical origins of<br />
the “WTC Cough” by the Naval Postgraduate<br />
School in 2010. Because<br />
no chemical-specific detectors were<br />
used, I used an indirect forensic science<br />
public policy approach, noting<br />
that almost all victims suffered<br />
from what is known in medicine as<br />
a “pulmonary edema”, characterized<br />
by fluid accumulation in the lungs,<br />
which collects in air sacs. Shortness<br />
of breath is the most common symptom<br />
of “pulmonary edema” and is due<br />
to the failure of the lungs to provide<br />
adequate Oxygen to the body.<br />
I examined the materials of construction<br />
used in World Trade Tower<br />
Centers 1 and 2 (WTCs), completed<br />
in 1973 and using from 200<br />
to 250,000 tons of common plastic,<br />
Polyvinyl chloride (PVC) as insulation<br />
in the WTCs. When the jet fuel<br />
ignited on “9/11”, the PVC was partially<br />
combusted, forming incomplete<br />
product of combustion chemicals,<br />
and creating from 10 to 15,000 tons<br />
of Phosgene within minutes. Phosgene<br />
is used both in industry and as a<br />
battle field weapon.<br />
The effects of exposure to irritants<br />
such as Hydrogen chloride, Phosgene,<br />
and particulates are dependent on the<br />
size of the particle and how readily<br />
the chemical dissolves in water. These<br />
properties determine where in the respiratory<br />
tract the chemical or particle<br />
is deposited and absorbed. Hydrogen<br />
chloride is very soluble therefore<br />
injury occurs in the upper airway as<br />
opposed to Phosgene, which effects<br />
mainly in the lower respiratory tract,<br />
the lungs.<br />
Phosgene is deadly at a concentration<br />
of 2 ppm. It appears as a white<br />
cloud and has a characteristic odor of<br />
sweet, newly mown hay in lower concentrations.<br />
Phosgene has low water<br />
solubility, so has a delayed onset of<br />
action, from 30 minutes to 8 hours. It<br />
readily reaches the respiratory alveoli<br />
and has direct toxic effects, leading to<br />
cellular damage of the alveolar-capillary<br />
membrane and subsequent pulmonary<br />
edema. 10 Alveoli tubes transfer<br />
O2 into and CO2 out of the lungs.<br />
Because there is no systemic absorption,<br />
other organs are not affected. 11<br />
I observed that when Phosgene reacted<br />
on the moisture of the alveoli in<br />
the lungs it formed corrosive Hydrogen<br />
chloride (HCl). Phosgene had reacted<br />
with the moisture of the alveoli<br />
to form corrosive Hydrogen chloride<br />
(HCl), causing “pulmonary edemas”<br />
in both residents and fire fighters.<br />
However, all Phosgene produced by<br />
the incomplete combustion of PVC<br />
was destroyed by the large amounts of<br />
14<br />
water used to fire the numerous fires<br />
at “Ground Zero”, preventing detection<br />
after “9/11”.<br />
To mitigate human exposure to<br />
Phosgene and other hazardous chemicals<br />
when responding to emergencies,<br />
I am designing and deploying<br />
autonomously operated chemical security<br />
networks capable of detecting,<br />
identifying and measuring not only<br />
Phosgene, but many other chemicals<br />
using a passive standoff chemical<br />
sensor using commercially available<br />
Fourier Transform Infrared (FTIR).<br />
Integrated with video surveillance,<br />
the chemical security “Tool<br />
Box” warns emergency responders<br />
of chemical hazards from up to three<br />
miles away in real-time, preventing<br />
firefighters and other emergency responders<br />
from becoming “canaries in<br />
a coal mine”, protecting both public<br />
health and critical infrastructure.<br />
Editor’s Note:<br />
Published reports within a few days<br />
of the 15th anniversary of 9/11 have<br />
indicated that Christine Todd Whitman,<br />
who was the administrator of<br />
the Environmental Protection Agency<br />
at the time of the 9/11 disaster, has<br />
finally apologized after fifteen years<br />
for her claim in the days immediately<br />
after the attacks that the air around<br />
Ground Zero and in lower Manhattan<br />
was safe. The reports also indicated<br />
that Ms Whitman had stated that<br />
More on page 46
Canon U.S.A. and National Crime Prevention Council<br />
collaborate to raise awareness of theft and safety<br />
concerns to counterfeit power accessories<br />
MELVILLE, NY – <strong>Oct</strong>ober 13, 2016<br />
– Canon U.S.A., Inc., a leader in<br />
digital imaging solutions, today announced<br />
its collaboration with the<br />
National Crime Prevention Council<br />
(NCPC) to promote awareness<br />
around the safety risks of using<br />
counterfeit power accessories,<br />
such as batteries, chargers, and<br />
external flashes. The production<br />
and sale of counterfeit<br />
products is an issue that not<br />
only affects the consumer electronics<br />
industry, but can affect<br />
consumer safety as well. The<br />
launch of this collaboration is<br />
scheduled to coincide with Crime<br />
Prevention Month in <strong>Oct</strong>ober, and<br />
will continue through 2017.<br />
Together with Canon U.S.A.,<br />
NCPC will use its resources to provide<br />
educational tools to crime prevention<br />
practitioners, law enforcement<br />
officials, and educators who,<br />
in turn, can use those resources to<br />
teach their communities about the<br />
dangers of purchasing counterfeits.<br />
The awareness campaign will also<br />
include digital messaging directed<br />
to consumers and public service announcements<br />
as well as other videos<br />
featuring McGruff the Crime Dog®.<br />
Counterfeit items are illegal replicas<br />
of real products, designed to<br />
deceive and take advantage of the<br />
superior value of genuine merchandise.<br />
They are produced in a manner<br />
that is increasingly more difficult<br />
for average consumers to identify,<br />
which is why awareness and education<br />
efforts are so important. Furthermore,<br />
counterfeit power accessories<br />
can lead to potentially<br />
dangerous results. They typically<br />
do not contain important safety<br />
technologies and are not tested to<br />
meet industry safety standards. As<br />
a result, they may overheat, smoke,<br />
melt, ignite, or create power surges<br />
and electrical irregularities that may<br />
cause personal injury or property<br />
damage.<br />
15<br />
“The safety of our customers is of<br />
paramount importance,” said Yuichi<br />
Ishizuka, president and COO, Canon<br />
U.S.A., Inc. “We want to make<br />
sure our customers are aware of the<br />
dangers of counterfeit power accessories<br />
so they can avoid potential<br />
risks of hurting themselves<br />
or damaging their equipment.”<br />
“As counterfeiting of camera<br />
accessories continues to<br />
evolve, we want to make consumers<br />
aware of this risk so<br />
they can keep themselves and<br />
their equipment safe,” said<br />
Ann Harkins, president and<br />
CEO, NCPC. “Counterfeit products<br />
designed to look like genuine products<br />
from major camera manufacturers<br />
may cause damage to people<br />
and property.”<br />
NCPC is a private, nonprofit<br />
tax-exempt 501(c)(3) organization<br />
whose primary mission is to be the<br />
nation’s leader in helping people<br />
keep themselves, their families and<br />
their communities safe from crime.<br />
To learn more about the campaign,<br />
please visit www.ncpc.org/<br />
stopfakes.<br />
More on page 47
The Technology of War: Advantages of a<br />
Network-Centric approach to modern warfare<br />
By Barry McElroy<br />
While the reasons we go to war –<br />
land, religion, retribution, resources<br />
– have not changed much over the<br />
millennia, warfare itself has changed<br />
dramatically, especially in recent decades.<br />
No longer is a battle a linear operation<br />
with clearly defined lines and<br />
trained soldiers in uniform firing artillery<br />
at each other, as it was for much<br />
of the 20th century. To fight a war in<br />
the 21st century means fighting an<br />
enemy who is everywhere and nowhere<br />
at the same time, who has not<br />
been trained in battle formations or<br />
military strategy, who does not wear<br />
a uniform or use WoRm formulas to<br />
calculate where to fire.<br />
There are no battle lines – anywhere<br />
in a targeted country is a free<br />
fire zone, and the enemy is constantly<br />
moving and changing where they attack<br />
from. There is no symmetry – a<br />
solitary person can destroy a group of<br />
soldiers and their vehicles using an<br />
improvised explosive device (IED) or<br />
rocket.<br />
Twenty-first century warfare requires<br />
that soldiers are constantly on<br />
their guard and ready to fight – and<br />
this need for always-on preparedness<br />
has changed the way the military<br />
collects and uses intelligence, giving<br />
rise to what’s called “network-centric<br />
warfare”: the use of networked technology<br />
to provide advantages on the<br />
battlefield.<br />
The Benefits of the<br />
Network-Centric Approach<br />
A network-centric approach to warfare<br />
links all military assets to each<br />
other and to decision makers via<br />
computer, radio and data networks,<br />
enhancing the way military objectives<br />
are accomplished because of information<br />
superiority: According to David<br />
S. Alberts, who formerly worked in<br />
the office of the Assistant Secretary<br />
of Defense for Networks and Information<br />
Integration, “A robustly networked<br />
force improves information<br />
sharing. Information sharing and<br />
collaboration enhance the quality of<br />
information and shared situational<br />
awareness. Shared situational awareness<br />
enables self-synchronization.<br />
These, in turn, dramatically increase<br />
mission effectiveness.”<br />
A Department of Defense text adds<br />
that while war will always be characterized<br />
by “fog, friction, complexity<br />
and irrationality,” network-centric<br />
operations provide increased aware-<br />
16<br />
ness and more informed decision<br />
making: “… Having a better near real-time<br />
picture of what is happening<br />
… certainly reduces uncertainty in a<br />
meaningful way.”<br />
This method requires a powerful<br />
communications network, however.<br />
A true military-grade<br />
network must provide<br />
continuous<br />
communication<br />
to in-motion<br />
and stationary<br />
personnel,<br />
vehicles and<br />
equipment, giving<br />
commanders and<br />
troops always-connected,<br />
secure access to applications and<br />
information – thus improving situational<br />
awareness and mission effectiveness.<br />
There is no room for security<br />
breaches or outages of any kind<br />
when it can mean the difference between<br />
life and death, or a war won or<br />
lost.<br />
Communications have sometimes<br />
been a weak link between the various<br />
moving parts of the armed forces,<br />
whether between ground, airborne<br />
and seaborne forces, or between<br />
forces and non-aligned units such as<br />
foreign coalitions or sister services
within the Department of Defense.<br />
However, this has been changing in<br />
recent years as military operations<br />
and projects have begun utilizing a<br />
network called kinetic mesh.<br />
Kinetic Mesh on the Battlefield<br />
A kinetic mesh network combines<br />
wireless network nodes and networking<br />
software. It employs multiple<br />
radio frequencies and any-node-toany-node<br />
capabilities to instantaneously<br />
route data via the best<br />
available traffic path<br />
and frequency,<br />
with up to 300<br />
Mbps transfer<br />
rates.<br />
If a certain<br />
path becomes<br />
unavailable for<br />
any reason – due to<br />
antenna failure, for example<br />
– nodes on the network use<br />
an alternate route to deliver the data,<br />
eliminating any gaps in communication<br />
and allowing on-the-fly transmission<br />
of voice, video and data to<br />
provide situational awareness, despite<br />
conditions that would cripple other<br />
networks. Routes are built automatically,<br />
and are evaluated for quality<br />
and performance for every sent and<br />
received packet.<br />
There is no central control node<br />
and no single points of failure. These<br />
self-healing, peer-to-peer networks<br />
support Wi-Fi, integrate easily with<br />
Ethernet-connected devices and<br />
scale to hundreds of high-bandwidth<br />
nodes – in fact, the more nodes added,<br />
the more pathways are established<br />
and the more resilient a network becomes.<br />
The nodes self-configure, making<br />
it simple to expand the network, and<br />
are built to withstand hostile environments<br />
like battlefields. Each node<br />
serves as singular infrastructure,<br />
which enables everything within the<br />
network to be mobile: wireless nodes<br />
can move, clients can move, network<br />
traffic can move – all in real time and<br />
without manual intervention.<br />
A Kinetic mesh network can be easily<br />
redeployed and expanded in multiple<br />
ways, and still operates with the<br />
same level of reliability, even in the<br />
harshest conditions. It eliminates the<br />
challenges of time-consuming, complicated<br />
deployments in the midst of<br />
battlefield pressures, challenging terrain<br />
and changing operations: All a<br />
soldier has to do is hit a power button<br />
on the radio, and the radio immediately<br />
connects to the network and<br />
is up and running. A soldier doesn’t<br />
need extensive training to learn how<br />
to set up a radio, and a company no<br />
longer needs to lay new cable every<br />
time its headquarters moves, which<br />
requires man-hours and taxpayer<br />
dollars.<br />
Not to be overlooked is the network’s<br />
military-grade level of security<br />
(with some radios certified to<br />
“Secret and Below” interoperability).<br />
Kinetic mesh delivers end-to-end,<br />
17<br />
256-bit encryption. When encrypted<br />
information flows through the mesh<br />
and comes out another node, it stays<br />
encrypted all the way through, and is<br />
not decrypted until it is delivered to<br />
its final destination, ensuring privacy.<br />
At each hop in the network, kinetic<br />
mesh provides a per-hop authentication<br />
for each packet. Metadata also is<br />
encrypted; an attacker cannot analyze<br />
the traffic and see which nodes are<br />
communicating with other devices –<br />
which, in a battlefield situation, could<br />
give away position.<br />
Kinetic Mesh in Action<br />
Kinetic mesh has been a part of several<br />
military programs and projects,<br />
including:<br />
C-RAM: The C-RAM program is a<br />
“system of systems” that primarily<br />
uses radar to detect incoming projectiles<br />
(rockets, artillery and mortars)<br />
fired from hostile forces. An engagement<br />
weapon then attempts to intercept<br />
the projectile and destroy it in<br />
flight before it impacts.<br />
There also is a warning component;<br />
once the radar has determined the<br />
trajectory of the projectile, it can determine<br />
what kind of shell or projectile<br />
it is, as well as estimated point of<br />
impact, to determine the blast radius.<br />
It then can send an alert to the affected<br />
area, instructing all personnel<br />
to seek cover. A soldier has about 10<br />
seconds to find cover before detonation<br />
if the projectile is not intercepted
in flight – which does not sound like<br />
a lot of time, but can mean the difference<br />
between life and death.<br />
The C-RAM program was an important<br />
counter measure to enemy<br />
fire during the wars in Iraq, where the<br />
way the enemy fought made it impossible<br />
for troops to deploy counter fire<br />
– because there was simply no one to<br />
fire at. Instead, the enemy would set<br />
up crude stands with rockets on top<br />
and use a triggering device to deploy<br />
the rockets from afar. It was by no<br />
means a scientific method of warfare,<br />
but it was intermittently effective, killing<br />
or injuring soldiers and disabling<br />
military assets.<br />
For the past five years, kinetic mesh<br />
has provided the communications<br />
link between the radars and the command<br />
center, and the warning towers<br />
and the command center. Before kinetic<br />
mesh radios were implemented,<br />
there was a much higher rate of interference<br />
between the various components<br />
and the radios, creating gaps in<br />
communications. With kinetic mesh<br />
radios, system availability rate has increased<br />
significantly – meaning even<br />
more human lives will be saved in<br />
current and future field operations.<br />
Soldier Link: Soldier Link is a communications<br />
network that connects<br />
all military personnel from the lowest<br />
link – the individual soldier – up<br />
to national command. It is intended<br />
to provide and distribute situational<br />
awareness communications, including<br />
position locator information for<br />
soldiers and vehicles. Kinetic mesh<br />
radios will provide plug-and-play<br />
Ethernet connections with IP-based<br />
devices for company-level and below<br />
soldiers. (Soldier Link has been developed<br />
and is being evaluated and<br />
tested.)<br />
Wolfhound: Wolfhound is a manportable<br />
electronic warfare and cyber<br />
capability supporting kinetic<br />
operations in Operation Enduring<br />
Freedom. The system includes three<br />
networked, man-packable nodes capable<br />
of detecting, identifying and<br />
direction-finding conventional communications.<br />
It targets Very High<br />
Frequency (VHF) or Ultra High Frequency<br />
(UHF), push-to-talk, handheld<br />
radio communications, and is a<br />
counter-IED program.<br />
The use of IEDs is an example of the<br />
unconventional military tactics seen<br />
in the asymmetrical warfare of the<br />
late 20th and early 21st centuries: By<br />
burying artillery shells strategically in<br />
roads and other areas where troops<br />
traveled, an enemy can injure or kill<br />
soldiers and damage military assets<br />
– all without needing to take aim or<br />
even remain in the area.<br />
IEDs were used extensively against<br />
U.S.-led forces in Iraq and were responsible<br />
for nearly 2,000 deaths between<br />
July 2003 and January 2009.<br />
Since Wolfhound’s inception, however,<br />
the program has prevented the<br />
detonation of more than 1,000 wouldbe<br />
IEDs and is expected to save many<br />
more lives in the future.<br />
18<br />
The Need for Real-Time<br />
Communications in Modern Warfare<br />
Technology is constantly changing<br />
everything we do. Ray Kurzweil’s Law<br />
of Accelerating Returns avows that<br />
the rate of change in systems – including<br />
technology – increases exponentially,<br />
not linearly, meaning that<br />
each advance doubles the rate of the<br />
next: “30 steps linearly gets you to 30.<br />
One, two, three, four, step 30, you’re<br />
at 30. With exponential growth, it’s<br />
one, two, four, eight. Step 30, you’re<br />
at a billion.”<br />
If this theory holds true, we will<br />
continue to see lightning-fast technological<br />
progress across every part<br />
of our lives – including the way we<br />
conduct combat operations. As warfare<br />
becomes more unpredictable<br />
and asymmetrical, a network-centric<br />
approach will be ever more critical –<br />
without real-time communications<br />
enabling information superiority, all<br />
the artillery in the world won’t make<br />
a difference. Kinetic mesh networks<br />
provide the mobility, reliability, scalability,<br />
security and high bandwidth<br />
needed to ensure mission-critical intelligence<br />
is sent and received in real<br />
time, breaking new ground in wartime<br />
communications and helping to<br />
save lives.<br />
Barry McElroy is Vice President of Rajant.<br />
He can be reached at bmcelroy@<br />
rajant.com.
International sports competition in Brazil catapulted to a<br />
Gold Standard of Identity Management with Quantum Secure<br />
SAN JOSE, CA – <strong>Oct</strong>ober 12, 2016<br />
– While millions of viewers were<br />
watching races, volleyball, gymnastics,<br />
swimming and a wide range of<br />
sporting achievements, Quantum<br />
Secure, part of HID Global, a worldwide<br />
leader in secure identity solutions,<br />
worked behind the scenes in<br />
Rio, Brazil this past summer to protect<br />
sports venues by verifying the<br />
identity of athletes, staff members,<br />
guests and volunteers. The use of<br />
SAFE Software from Quantum Secure<br />
helped reduce the risk of intrusions<br />
at the sporting events, preventing<br />
potential threats through one of<br />
the world’s most advanced forms of<br />
managing identities at large events.<br />
Quantum Secure’s SAFE software<br />
tracked approximately 500,000<br />
people who had credentials to come<br />
and go from sporting venues across<br />
Rio. Identity had to be<br />
verified nearly three<br />
million times during<br />
the competitions, ensuring<br />
that each badge<br />
could be trusted and<br />
was not a counterfeit.<br />
Approximately a dozen<br />
issues with badges were<br />
identified, including an<br />
incident in which people<br />
tried to falsify badges in order<br />
to enter a basketball game. Using<br />
its analytics engine, SAFE software<br />
recognized the falsified records, and<br />
the response time was virtually instantaneous.<br />
“Recent incidents around the<br />
world have shown that the highest<br />
profile activities, including sporting,<br />
political and entertainment events,<br />
require better protection and smarter<br />
managing of access to buildings,”<br />
said Ajay Jain, President and CEO,<br />
Quantum Secure. “The power of our<br />
new SAFE Sports and Events Access<br />
Manager moves us from reaction to<br />
prevention, with the ultimate goal<br />
of eliminating potential threats before<br />
they happen.”<br />
SAFE Sports and Events Access<br />
Manager features a mobile app<br />
that quickly validates individuals<br />
19<br />
by simply swiping their identity<br />
credentials on handheld peripherals.<br />
Once the credentials are read,<br />
security personnel can perform an<br />
on-site visual confirmation via a<br />
workstation and/or mobile device.<br />
The system can control entrance of<br />
all participants across different venues<br />
or different locations within the<br />
same venue.<br />
“Quantum Secure specializes in<br />
identifying the weak link that could<br />
turn into an inside threat via a fake<br />
ID, and then neutralizing it without<br />
any disruption to the event,” added<br />
Jain. “With years of experience<br />
managing the lifecycle of identities,<br />
we consistently beat threats to the<br />
finish line.”<br />
Like other solutions in the SAFE<br />
portfolio, SAFE Sports and Events<br />
Access Manager focuses on automating<br />
and simplifying<br />
physical identity and access<br />
management, and<br />
identifying and eliminating<br />
potential risk by<br />
amassing and analyzing<br />
actionable intelligence.<br />
Specific capabilities that<br />
enhance its use in high<br />
profile or high secu-<br />
More on page 48
The 2015 ISIS Attacks on Paris:<br />
Assessment and Lessons Learned<br />
By George Lane<br />
The coordinated attacks<br />
in Paris on November 13,<br />
2015 left 130 people dead<br />
and hundreds wounded.<br />
There were nine attackers,<br />
each wearing a suicide<br />
vest. The attackers targeted<br />
a soccer stadium, bars and<br />
restaurants, and a concert<br />
hall, all venues ISIS knew<br />
would be crowded on a Friday evening.<br />
November 13 is now considered<br />
“11/13”, France’s “9/11”. 1<br />
ISIS has designated France as the<br />
European country they hate most.<br />
France has been an enthusiastic participant<br />
in the U.S.-led coalition that<br />
is bombarding Islamic State positions<br />
in Syria and Iraq. ISIS also has<br />
focused on France because it has the<br />
largest Muslim population in Western<br />
Europe and has become Europe’s<br />
biggest source of recruits. 2<br />
In response to the attacks, President<br />
Francois Hollande declared a state of<br />
emergency. France’s borders were<br />
closed and an additional 1,500 troops<br />
were deployed to Paris. The state of<br />
emergency granted security forces<br />
and police the ability to search homes<br />
and place suspects under house arrest<br />
without judicial approval. Within 48<br />
George Lane<br />
hours of the attacks, 168 homes had<br />
been raided and 104 people placed<br />
under house arrest. The<br />
Paris law enforcement<br />
community responded<br />
well to coordinated, simultaneous<br />
attacks. The death<br />
toll likely would have been<br />
much higher if not for several<br />
key decisions made<br />
immediately after the attacks<br />
began. 3<br />
Incident Management Overview: The<br />
lessons learned from assessment of<br />
the Paris attacks focus on six key areas:<br />
(1) intelligence, (2) community<br />
engagement, (3) investigation, (4)<br />
incident command, (5) crisis communication,<br />
and (6) training/equipment.<br />
In each of these areas, findings<br />
specific to the Paris attacks highlight<br />
the challenges and opportunities facing<br />
the French law enforcement and<br />
public safety communities.<br />
Intelligence: The attacks in Paris in<br />
2015 caught authorities off guard for<br />
several reasons. Previously fighters<br />
had relied on a single mode of attack:<br />
a shooting, an explosion, or hostagetaking.<br />
In Paris, the attackers did all<br />
three, overwhelming the country’s<br />
emergency response capabilities. The<br />
20<br />
terrorists employed new tactics, exploited<br />
weaknesses in Europe’s border<br />
controls and demonstrated a desire<br />
for maximum carnage, as opposed to<br />
directing attacks at symbolic targets.<br />
In many ways, the Paris attacks<br />
closely resembled the Mumbai attacks<br />
in 2008, which required “precise<br />
planning, detailed reconnaissance<br />
and thorough preparation, both<br />
physical and mental. It relied on surprise,<br />
creating confusion and overwhelming<br />
the ability of the authorities<br />
to respond.” 4 As in Mumbai, the<br />
Paris attackers had carefully planned,<br />
carried heavy firepower along with<br />
explosives, and divided into teams,<br />
simultaneously attacking different<br />
locations to prevent the authorities<br />
from developing an accurate assessment<br />
of the situation.<br />
The attackers’ goal was mass murder<br />
rather than targeted killings. At<br />
the Bataclan night club, they knew to<br />
kill the security guard first and then<br />
took large numbers of hostages, creating<br />
a siege. This suggests that the<br />
terrorists studied Mumbai and replicated<br />
what worked. While the Paris<br />
attackers were organized into blind<br />
cells, they had extensive logistical<br />
support.<br />
Investigators believe that ISIS terrorists<br />
used the Sony PlayStation 4
game network to avoid detection of<br />
communication before and during the<br />
attacks. The PlayStation 4 Network allows<br />
video game players from across<br />
the globe to virtually meet and talk<br />
with one another. Players can send<br />
text messages or place calls through<br />
the PlayStation network, spelling out<br />
messages to one another within video<br />
games almost impossible to track. 5<br />
However French authorities do<br />
not believe technological intelligence<br />
could have prevented these attacks.<br />
They said that human intelligence is<br />
the most effective form of counterterrorism,<br />
and the best intelligence<br />
comes from community engagement,<br />
not coercion. But gaining the necessary<br />
trust to build human intelligence<br />
sources within the European Muslim<br />
community has proved particularly<br />
difficult for French authorities. 6<br />
Community Engagement: France has<br />
the largest Muslim population in the<br />
European Union. The Pew Center<br />
for Research estimates that 4.8 million<br />
people, or approximately 7.5% of<br />
French residents, are of Muslim descent.<br />
7 By law the French government<br />
is prohibited from asking or keeping<br />
data on its citizens’ race and religion<br />
so exact demographic data is hard<br />
to obtain. France has a complicated<br />
colonial past that leaves many Muslims<br />
today feeling isolated and discriminated.<br />
Many of France’s Muslim<br />
immigrants come from the former<br />
French colonies of Morocco and Algeria.<br />
In the mid-eighteenth century,<br />
France invaded Algeria and began efforts<br />
to convert the indigenous Muslims<br />
to Christianity.<br />
Algeria remained under French colonial<br />
rule for the next century, not<br />
gaining independence until 1962 after<br />
a brutal eight-year war. Hundreds<br />
of thousands died, and nearly one<br />
million refugees fled to France. But<br />
assimilation was difficult, especially<br />
for practicing Muslims who found<br />
France to be openly hostile to their<br />
21<br />
religious beliefs. France is a deeply<br />
secular country. This tension has increased<br />
in recent decades. In 2004,<br />
France banned the wearing of veils,<br />
crosses and yarmulkes in schools. In<br />
2010, France banned public wearing<br />
of a face veil worn by some Muslim<br />
women.<br />
Today many Muslims live in the Parisian<br />
suburbs known as the “banlieues”.<br />
While the word literally means<br />
“suburbs,” it has become a pejorative<br />
term synonymous with poor, immigrant,<br />
crime-ridden areas. France has<br />
717 “sensitive urban zones” in which<br />
unemployment is over twice the national<br />
rate. Over a third live below the<br />
poverty line and the unemployment<br />
rate is near 40% for young Muslim<br />
men. 8 There are direct connections<br />
between youth, unemployment, and a<br />
rise in Sunni extremism.<br />
Investigation: While the style and<br />
ferocity of the November attacks<br />
caught law enforcement off-guard,
the immediate response was largely<br />
successful. Though the French do not<br />
have a traditional National Incident<br />
Management System/Incident Command<br />
System (NIMS/ICS) structure,<br />
the many responding agencies were<br />
able to coordinate quickly and share<br />
information, despite the difficulties of<br />
encrypted communication, multiple<br />
crime scenes and numerous fatalities.<br />
Investigators later found a cell<br />
phone in a trash bin that contained<br />
detailed information about the attack<br />
and a text message saying, “On est<br />
parti en commence.” (Translation: “We<br />
have left, we are starting.”) 9 Authorities<br />
were able to use geolocation services<br />
on the phone to find the attackers last<br />
known location before the assault in<br />
an apartment in the Parisian suburb<br />
of St. Denis. A seven hour shootout<br />
with police ended with explosions<br />
and the deaths of three people.<br />
Despite the chaos and the variety of<br />
crime scenes, French authorities were<br />
able to achieve situational awareness<br />
with a high degree of accuracy in<br />
a short period of time. After the attacks,<br />
the police were criticized for<br />
their inability to locate attackers, especially<br />
because they were hiding a<br />
short distance away in Brussels. The<br />
deep cultural divide likely impeded<br />
cooperation between Muslim communities<br />
and the authorities.<br />
cide vest outside the stadium, President<br />
Hollande, who had been inside<br />
the stadium watching the game, was<br />
rushed to safety. However, concerned<br />
that the attacker’s intent was to create<br />
a stampede out of the stadium with<br />
other attackers lying in wait to ambush<br />
the exit spectators, Hollande decided<br />
not to tell the fans and players<br />
what was going on. 10 The stadium was<br />
quietly locked down and play continued.<br />
Because of the spotty cell reception<br />
inside the stadium, the public remained<br />
largely unaware of the events<br />
that were unfolding outside. At the<br />
same time, police commanders opted<br />
not to flood the area surrounding the<br />
stadium with resources as French authorities<br />
determined that this was a<br />
likely a terrorist attack.<br />
There was much confusion in the<br />
response phase of the crisis. Because<br />
there were three difference crime<br />
22<br />
Incident Command: Two key decisions<br />
made during the first phase of the attacks<br />
at the Stade de France stadium<br />
likely saved hundreds of lives. After<br />
the first attacker detonated his suiscenes,<br />
there were also three separate<br />
command posts that were operating<br />
independently, hindering police attempts<br />
to get accurate information<br />
in real time. France allows the selfdeployment<br />
of officers in an emergency.<br />
Despite good intentions, these<br />
self-deployed officers and their vehicles<br />
created bottlenecks at key locations.<br />
Because resources were not deployed<br />
from a centralized command,<br />
resource management suffered. First<br />
responders had been using their radios<br />
to communicate with the Incident<br />
Command Post. However, Headquarters<br />
took control of the radio communications,<br />
which interfered with the<br />
first responders’ ability to effectively<br />
communicate with each other on<br />
scene.<br />
Crisis Information: Managing crisis<br />
communication and the flow of infor-
mation proved to be one of the most<br />
challenging aspects of the November<br />
13 attacks. First, the emergency information<br />
call system, the French “911”,<br />
was completely overwhelmed. There<br />
were two call centers, each staffed<br />
with forty operators. French authorities<br />
estimated that only one in six<br />
emergency calls was answered. There<br />
were likely many duplicate calls reporting<br />
the same event.<br />
Second, the media in France is<br />
largely unregulated and has unrestricted<br />
access to crime scenes even<br />
as an investigation is unfolding. During<br />
the attacks, French stations aired<br />
live feed of police amassing outside<br />
the market, preparing their attack.<br />
ISIS was able to watch in real time<br />
and gain situational awareness from<br />
these media reports. The media in<br />
France are not credentialed so there<br />
is no way to enforce crime scene perimeters.<br />
Third, the authorities did not effectively<br />
use social media to share<br />
official news updates. The first coordinated<br />
statement and social media<br />
push came the following morning. In<br />
the hours after the attacks, the informational<br />
void increased the sense of<br />
panic throughout the city. 11<br />
Training/Equipment: In the months<br />
following the Paris attacks, no one discounted<br />
the bravery of the responders,<br />
but critics within and outside the<br />
French law enforcement community<br />
questioned if the police are capable<br />
of adequately responding to this new<br />
generation of terror attacks. Simultaneous<br />
attacks with multiple crime<br />
scenes require a nimble response<br />
from a security force trained in both<br />
crisis and counter-terrorism strategies.<br />
But the French police system is<br />
highly centralized.<br />
Community policing, a common<br />
practice in the United States, is not<br />
the norm in France. In most situations,<br />
local officers are trained to wait<br />
for the specialists to arrive. 12 To effectively<br />
manage a terrorist incident, first<br />
responders need appropriate equipment<br />
and training to neutralize or at<br />
least contain the terrorists. However,<br />
French first responders are currently<br />
only trained in crime scene procedures.<br />
They lack counter terrorism<br />
training and do not have adequate<br />
firepower to match up against automatic<br />
weapons. A key lesson learned<br />
is the importance of tactical training<br />
for patrol officers.<br />
Recommendations: The following are<br />
recommendations for Paris law enforcement:<br />
(1) Intelligence:<br />
• Increase efforts to cultivate and leverage<br />
human intelligence sources<br />
• Improve tracking of fighters who<br />
travel abroad for training and return<br />
to France.<br />
(2) Community Engagement:<br />
• Adopt and/or create training programs<br />
to counter violent extremism.<br />
• Develop training programs to<br />
neutralize the radicalization of incarcerated<br />
individuals.<br />
23<br />
(3) Investigation:<br />
• Study past terrorist attacks to<br />
identify lessons learned.<br />
• Create a tracking system to maintain<br />
real-time information on the<br />
status of the victims of a major attack<br />
in the medical system.<br />
• Improve major case management<br />
software with commercially available<br />
products.<br />
• Use real-time data tracking systems<br />
to enhance situational awareness<br />
for incidents involving multiple<br />
attacks.<br />
(4) Incident Command:<br />
• Encourage application of NIMS/<br />
ICS training to all first responders<br />
and first supporters.<br />
• Ensure protocols so that emergency<br />
operation centers can respond to<br />
terrorist attacks.<br />
• Ensure multiple interactive communications<br />
processes are in place<br />
to main situational awareness and<br />
CONOPS.<br />
(5) Crisis Information:<br />
• Review current media protocols,<br />
including media credentialing systems.<br />
• Incorporate social media into crisis<br />
communications.<br />
• Educate the public on how to react<br />
and respond during an active<br />
shooter incident.<br />
(6) Training/Equipment:<br />
• Enhance counter-terrorist training<br />
provided to patrol officers.<br />
Training such as Multiple Assault<br />
More on page 48
Handheld narcotics analyzer can now detect<br />
lethal W-18 opioid drug<br />
TEWKSBURY, MA – <strong>Oct</strong>ober 5,<br />
2016 – Law enforcement agents,<br />
narcotics officers and customs personnel<br />
can now quickly and safely<br />
detect street drug W-18 and other<br />
lethal drugs with the newest library<br />
update for the Thermo Scientific<br />
TruNarc handheld narcotics analyzer.<br />
W-18 is a new designer drugconsidered<br />
to be significantly more<br />
potent than morphine and fentanyl.<br />
As part of its most recent v1.6<br />
software update, the TruNarc analyzer<br />
adds dibutylone, furanyl fentanyl<br />
andU-47700 to its onboard<br />
library, which now includes nearly<br />
300 suspected narcotics and narcotics<br />
precursorsand an additional 80<br />
common cutting agents. TruNarc<br />
helps combat drug abuse by enabling<br />
law enforcement to quickly<br />
identify core drugs of abuse as well<br />
as emerging threats. These include<br />
dangerouspainkillers that have contributed<br />
to the growing opioid epidemic<br />
in the U.S. Last year, TruNarc<br />
addedfentanyl and acetyl fentanyl to<br />
its library.<br />
Dibutylone, known as “booty” or<br />
“beauty,” is a psychedelic drug in the<br />
phenethylamine, amphetamine andcathinone<br />
class. It has been linked<br />
to recent random acts of violence in<br />
Florida, where the Thermo FisherScientific<br />
Reachback Support<br />
team assisted law enforcement<br />
by identifying the dibutylone<br />
(bk-DMBDB HCl). Furanyl fentanyl<br />
and U-47700 are two synthetic<br />
opioids distributed in the<br />
U.S. as recreational drugs.<br />
Fentanyl has been linked to hundreds<br />
of deaths in the U.S. since<br />
2013, a reason the U.S. Drug EnforcementAgency<br />
issued a briefing<br />
in July 2016 stating that the country<br />
is in the midst of a fentanyl crisis.<br />
“The recent case in Florida highlights<br />
the challenges safety and security<br />
professionals face as newer,<br />
deadlier drugs reach the street,” said<br />
Denzil Vaughn, director of marketing,<br />
portable analytical instruments,<br />
Thermo Fisher. “The TruNarc analyzer’s<br />
latest library update is designed<br />
to equip field agents with<br />
updated capabilities to stay ahead<br />
of emerging narcotics threats and<br />
more quickly get drug users the<br />
treatment they need.”<br />
The TruNarc analyzer, which debuted<br />
in 2012, allows law enforcement<br />
personnel to scan a single<br />
sample for multiple narcotics in one<br />
test and receive the results within<br />
seconds. An increasing number of<br />
24<br />
lawenforcement departments are<br />
deploying TruNarc for presumptive<br />
testing, helping to eliminate<br />
the need to carry multiple chemical<br />
tests, reduce drug testing backlogs<br />
and speed prosecution.<br />
The analyzer identifies chemicals<br />
with Raman spectroscopy, a wellestablished<br />
technique. Features and<br />
benefits of the TruNarc analyzer include:<br />
• Point-and-shoot simplicity that<br />
allows users to accurately identify<br />
narcotics on site with a highspecificity,<br />
non-destructive and noncontact<br />
test for most samples;<br />
• Rapid presumptive testing designed<br />
to enable law enforcement to<br />
more expeditiously prosecute cases.<br />
As an example, the Franklin County,<br />
Missouri, Multi-County Narcotics<br />
and Violent Crimes Enforcement<br />
Unit uses TruNarc to gain probable<br />
cause and charge drug offenders.<br />
• Field-based sample screening<br />
More on page 48
FLIR announces identiFINDER R100 personal radiation<br />
detector with integrated Bluetooth smart technology<br />
WILSONVILLE, OR – <strong>Oct</strong>ober 13,<br />
2016 – FLIR Systems, Inc. (NASDAQ:<br />
FLIR) today announced the identiFINDER®<br />
R100 personal<br />
radiation detector, the latest<br />
addition to its industry-leading<br />
identiFINDER<br />
R-Series handheld radiation<br />
security solutions. The<br />
belt-worn R100 integrates<br />
networking capabilities to<br />
safeguard first responders,<br />
law enforcement, and<br />
military and security personnel<br />
by delivering immediate<br />
radiation threat<br />
FLIR identiFINDER R100<br />
alarms and providing<br />
automatically-generated radiation<br />
dose rate reports to offer increased<br />
situational awareness to central command<br />
personnel.<br />
The identiFINDER R100 is the<br />
industry’s first IP67-certified and<br />
American National Standards Institute<br />
(ANSI) drop-test compliant personal<br />
radiation detector. The device<br />
meets the 1.5M drop criteria required<br />
by ANSI N42.32, one of the key performance<br />
standards for alarming<br />
PRDs in Homeland Security. The IP67<br />
rating assures the R100 is protected<br />
against dust and immersion in water<br />
up to 1M depth. The unit features<br />
integrated Bluetooth® Smart wireless<br />
technology which facilitates recording<br />
and sending real-time dose rates<br />
and geotag information via a companion<br />
mobile app.<br />
The R100 joins the industry-leading<br />
identiFINDER<br />
product family in offering<br />
a complete range of radiation<br />
security solutions,<br />
from threat detection to<br />
threat identification. All<br />
identiFINDER models, including<br />
the identiFINDER<br />
R100, share the same fieldproven,<br />
intuitive user interface,<br />
which enables<br />
coordinated emergency<br />
response between law enforcement,<br />
firefighters, and HAZMAT teams using<br />
any identiFINDER product.<br />
“As the only ANSI drop-test -compliant<br />
and IP67-certified personal<br />
radiation detector, the R100 is the<br />
industry’s most rugged personal radiation<br />
detector for first responders,”<br />
said Dennis Barket, Jr., Vice President<br />
and General Manager of FLIR Detection.<br />
“When deployed across teams,<br />
the R100 provides a primary detection<br />
net that protects the frontline<br />
against radiological threats, while the<br />
integrated networking features eliminate<br />
communication blind spots for<br />
central command.”<br />
25<br />
FLIR will showcase the identiFIND-<br />
ER R100 for the first time at the International<br />
Association of Chiefs of Police<br />
(IACP) Show on <strong>Oct</strong>ober 16 – 18<br />
in San Diego, CA, booth #5251. The<br />
identiFINDER R100 will begin shipping<br />
globally in January 2017 with<br />
pricing starting at $1,195. To learn<br />
more about the identiFINDER R100,<br />
visit: http://www.flir.com/r100.<br />
About FLIR Systems<br />
FLIR Systems, Inc. is a world leader<br />
in the design, manufacture, and<br />
marketing of sensor systems that<br />
enhance perception and awareness.<br />
FLIR’s advanced systems and components<br />
are used for a wide variety of<br />
thermal imaging, situational awareness,<br />
and security applications, including<br />
airborne and ground-based<br />
surveillance, condition monitoring,<br />
navigation, recreation, research and<br />
development, manufacturing process<br />
control, search and rescue, drug<br />
interdiction, transportation safety,<br />
border and maritime patrol, environmental<br />
monitoring, and chemical,<br />
biological, radiological, nuclear, and<br />
explosives (CBRNE) threat detection.<br />
For more information, visit FLIR’s web<br />
site at www.FLIR.com.
Cambridge Pixel enhances radar tracking software<br />
to support small target detection<br />
CAMBRIDGE, United Kingdom,<br />
<strong>Oct</strong>ober 12, 2016 – Cambridge Pixel<br />
(www.cambridgepixel.com), an<br />
award-winning supplier of radar display,<br />
tracking and recording subsystems,<br />
has enhanced its popular, fieldproven<br />
SPx radar tracking software<br />
with new modelling algorithms to<br />
support the detection and tracking of<br />
very small targets.<br />
The new Model-based Tracking extensions<br />
allow the operator to create<br />
multiple models that match the signature<br />
of likely small and weak targets<br />
such as a swimmer or crawler, rigid<br />
inflatable boat (RIB), jet ski, helicopter,<br />
small UAV or a motorbike.<br />
The tracker can also be configured<br />
to look for specific scenarios, such<br />
as targets moving towards a sensitive<br />
location or on a specific heading.<br />
Importantly, the tracking software allows<br />
multiple types of target to be acquired<br />
from the same data set.<br />
Richard Warren, Cambridge Pixel’s<br />
director of software said: “Radar sensors<br />
are offering more capabilities to<br />
detect targets of interest, but targets<br />
of interest are getting smaller and<br />
more agile, so advances in software<br />
processing are a key part of the overall<br />
detection solution.<br />
“With our enhanced target tracking<br />
software combining a multi-hypothesis<br />
approach with this multi-model<br />
capability, small and weak targets<br />
can now be detected and tracked<br />
even in cluttered environments. Our<br />
software is highly flexible and can<br />
work with a wide range<br />
of commercial and<br />
military radars to<br />
assist our customers<br />
in providing<br />
effective security<br />
and to combat an increase<br />
in terrorism, smuggling,<br />
piracy and insurgency.”<br />
Cambridge Pixel’s SPx radar tracking<br />
software is designed to operate<br />
with many different radar types and is<br />
already widely deployed in command<br />
and control, maritime navigation, security,<br />
airports and vessel traffic applications.<br />
The software receives radar video<br />
as either radar signals through an acquisition<br />
card, as ASTERIX CAT-240<br />
network data or in one of a number<br />
of radar-specific proprietary formats.<br />
Radar video is processed to attenuate<br />
noise and clutter and then target-like<br />
detections are extracted as plots. The<br />
plots are then correlated to identify<br />
candidate targets for fully automatic<br />
acquisition.<br />
Cambridge Pixel’s SPx radar tracker<br />
is a best-in-class software-based<br />
26<br />
COTS primary radar data extractor<br />
and target tracker that provides target<br />
track identification, heading and<br />
speed. It is fully parameterised, highly<br />
configurable and supports multi-hypothesis<br />
tracking to improve<br />
tracking efficiency<br />
and reduce<br />
nuisance alarms.<br />
Cambridge Pixel’s<br />
SPx radar tracking<br />
software is part of<br />
the company’s world-leading SPx<br />
suite of software libraries and applications<br />
providing highly flexible, readyto-run<br />
software products for radar<br />
scan conversion, visualisation, radar<br />
video distribution, target tracking,<br />
sensor fusion, plot extraction and<br />
clutter processing.<br />
Cambridge Pixel’s technology is<br />
used in naval, air traffic control, vessel<br />
traffic, commercial shipping, security,<br />
surveillance and airborne radar applications.<br />
Its systems have been implemented<br />
in mission critical applications<br />
with companies such as BAE<br />
Systems, Frontier Electronic Systems,<br />
Barco Defence, Blighter Surveillance<br />
Systems, DRS, Exelis, Kelvin Hughes,<br />
Lockheed Martin, Navantia, Navtech<br />
Radar, Raytheon, Saab, Royal Thai<br />
Air Force, Samsung Thales, Sofresud<br />
More on page 49
Vecna attains DoD DIACAP Security Accreditation and<br />
ATO for patient self-service solution<br />
CAMBRIDGE, MA – <strong>Oct</strong>ober 11,<br />
2016– Vecna announced its DIA-<br />
CAP (DoD Information Assurance<br />
Certification and Accreditation<br />
Process) Accreditation and ATO<br />
(Authorization to Operate) issued<br />
by the Department of Defense’s Defense<br />
Health Agency. This latest accreditation<br />
enables DoD customers<br />
to purchase and securely use Vecna’s<br />
patient check-in system on the<br />
DoD network. Vecna’s patient selfservice<br />
solution automates check-in<br />
procedures for medical and dental<br />
clinics, pharmacies, labs, and radiology<br />
centers. Vecna’s system helps<br />
staff to optimize patient flow, reduce<br />
wait times, and increase patient satisfaction.<br />
The system interacts in<br />
real-time with the DoD’s EHR and<br />
Dental Application.<br />
“We are honored to support the<br />
Military Health System,” says Bill<br />
Donnell, Vecna’s VP of Government<br />
Business. “Vecna’s expertise in patient<br />
self-service solutions, combined<br />
with the DoD’s world-class<br />
facilities provide a secure, convenient,<br />
and reliable digital platform<br />
for enhancing patient access to care.<br />
We look forward to showcasing our<br />
very latest capabilities at the upcoming<br />
Joint Federal Pharmacy Seminar<br />
(JFPS) in Washington, DC, <strong>Oct</strong>ober<br />
30 - November 2, 2016.”<br />
Patients use the kiosks to checkin<br />
for scheduled appointments and<br />
unscheduled visits. They can verify<br />
their demographic and insurance<br />
information, respond to satisfaction<br />
surveys, complete forms electronically,<br />
and more.<br />
Staff members use the system to<br />
monitor patient wait times, prioritize<br />
based on individual patient<br />
needs, and manage patient flow in<br />
the facility.<br />
Vecna has deployed and supported<br />
its patient self-service solution<br />
in over 1,000 VA, DoD, and commercial<br />
medical facilities around<br />
the world, including Walter Reed<br />
27<br />
National Military Medical Center.<br />
Vecna’s solution has processed nearly<br />
30 million health care self-service<br />
interactions to date.<br />
About Vecna<br />
Vecna provides innovative healthcare<br />
IT, including patient selfservice,<br />
robotic telepresence and<br />
logistics solutions, to streamline<br />
operations, improve access, reduce<br />
costs, and increase patient satisfaction.<br />
Vecna delivers better technology<br />
to realize a better world for all.<br />
Learn more at www.vecna.com.<br />
FREE SUBSCRIPTION<br />
SIGN-UP<br />
Monthly Digital Edition<br />
Airport/Seaport Newsletter<br />
Daily Insider Newsletter<br />
<strong>GSN</strong> Media Kit<br />
CLICK HERE
Even the Government’s own advisory committee<br />
wants to end family detention<br />
By Lindsay M. Harris<br />
Calls to end the detention of immigrant<br />
children and their mothers<br />
seeking protection in the United<br />
States are not new. What is new is<br />
that the Department of Homeland<br />
Security (DHS) Advisory Committee<br />
on Family Residential Centers, created<br />
by DHS itself, has now added its<br />
voice to the chorus calling for an end<br />
to family detention.<br />
On June 24, 2015, DHS Secretary<br />
Jeh Johnson announced the establishment<br />
of the DHS Committee,<br />
known as the ACFRC (“the Committee”),<br />
which was created to advise<br />
Secretary Johnson and ICE Director<br />
Sarah Saldaña on the family<br />
detention centers. The Committee,<br />
comprised of subject matter experts<br />
with a wide range of expertise, conducted<br />
visits to all three family detention<br />
centers currently operating<br />
in Pennsylvania (Berks County) and<br />
Texas (Dilley and Karnes City) and<br />
spent countless hours analyzing the<br />
practice of family detention prior to<br />
reaching the conclusions outlined in<br />
its lengthy September 30, 2016 draft<br />
report.<br />
DHS tasked the Committee in<br />
March 2016 with developing recommendations<br />
for best practices at family<br />
detention centers, including in the<br />
areas of: education, language, intake<br />
and out-processing procedures, medical<br />
care, and access to legal counsel.<br />
In response to these tasks, the<br />
Committee requested<br />
information and documents<br />
from ICE, some<br />
of which ICE deemed<br />
“beyond the Committee’s<br />
scope.” Nonetheless,<br />
the Committee issued<br />
a thorough and well-researched<br />
draft report last week, demonstrating<br />
their comprehensive understanding<br />
of the problematic elements of family<br />
detention.<br />
Today, by a unanimous vote, the<br />
Committee voted to approve the<br />
report with some additional operational<br />
improvements and procedural<br />
protections for detainees. The report<br />
will be officially submitted to DHS<br />
on <strong>Oct</strong>ober 14, at which time it will<br />
be made publicly available.<br />
First and foremost, the Committee<br />
recommends that DHS adopt a presumption<br />
that “detention is generally<br />
neither appropriate nor necessary<br />
for families” and “never in the best<br />
interest of children.” The Committee<br />
proceeded to issue a series of detailed<br />
recommendations, drawing on the<br />
public documents filed in the ongo-<br />
28<br />
ing Flores litigation, which seeks to<br />
hold the Government accountable to<br />
the commitments it made under the<br />
1997 Flores Settlement that outlines<br />
the required treatment for children<br />
in detention and set a<br />
maximum period of<br />
3-5 days during which<br />
children may be held.<br />
The Committee’s<br />
Report speaks authoritatively<br />
about<br />
ICE’s misguided use of civil detention,<br />
recognizing that management<br />
of family detention centers is currently<br />
“improperly, premised upon<br />
criminal justice models rather than<br />
civil justice requirements or needs.”<br />
Emphasizing that detention cannot<br />
be used to deter migration, to punish,<br />
or to hold people indefinitely, the<br />
Committee highlighted the plight of<br />
the mothers and children detained<br />
in Berks County, PA, some of whom<br />
have now been detained more than a<br />
year. Indeed, this week 17 Senators<br />
wrote to DHS Secretary Johnson,<br />
calling the decision to hold asylumseeking<br />
children and their mothers<br />
at Berks in prolonged detention “unconscionable.”<br />
In making their recommendations,<br />
the Committee relied on various re-<br />
More on page 49
How the Vice Presidential candidates responded to<br />
immigration issues at the debate<br />
By Eric Gibble<br />
During the recent vice presidential<br />
debate, candidates<br />
U.S. Senator Tim Kaine and<br />
Indiana Governor Mike<br />
Pence engaged in a heated<br />
exchange on immigration.<br />
Kaine reiterated his running<br />
mate Hillary Clinton’s stated<br />
policy positions, while<br />
Pence attempted to soften Donald<br />
Trump’s many radical anti-immigrant<br />
statements.<br />
Debate moderator Elaine Quijano<br />
turned to immigration by noting that<br />
Trump has made repeated remarks<br />
that immigrants are dangerous – although<br />
the facts show that immigrants<br />
are less likely to be criminals<br />
and immigration is associated with<br />
lower crime rates and safer communities.<br />
She asked Pence, “what would<br />
you tell the millions of undocumented<br />
immigrants who have not committed<br />
violent crimes?”<br />
Pence, like Trump, favors an enforcement-first<br />
approach to immigration<br />
reform. He stated that their<br />
first order of business would be to begin<br />
deportations to “make our country<br />
safer, then, we will deal with those<br />
that remain.” Later, Pence elaborated<br />
that immigration reform “begins<br />
Photos Courtesy of Gage Skidmore and iprimages<br />
with border security” and that they<br />
would go beyond building a massive<br />
border wall, which experts have noted<br />
would be economically devastating,<br />
and secure the border “beneath<br />
the ground and in the air.”<br />
However, this enforcement-first<br />
policy has already been the law of the<br />
land for decades. Since the last major<br />
overhaul of the U.S. immigration<br />
system in 1986, the federal government<br />
has spent an estimated $186.8<br />
billion on immigration enforcement.<br />
Meanwhile border apprehensions,<br />
the most commonly used metric to<br />
look at the flow of undocumented<br />
immigrants crossing the border, are<br />
at 40 year lows. Under the Obama<br />
administration alone, more than 2.5<br />
million immigrants have already<br />
been deported.<br />
Additionally, Pence said that millions<br />
of Americans “believe that we<br />
29<br />
can end illegal immigration<br />
once and for all.” Yet the reality<br />
is most of the American<br />
public remains committed<br />
to practical immigration solutions.<br />
72 percent of Americans<br />
say undocumented<br />
immigrants currently living<br />
in the United States should<br />
be allowed to stay.<br />
When Kaine addressed<br />
immigration measures, he focused<br />
instead on the importance of keeping<br />
families together and a path to citizenship:<br />
“I want a bipartisan reform that<br />
will keep families together; second,<br />
that will help focus enforcement efforts<br />
on those were violent; third,<br />
that will do more border control; and<br />
fourth, write a path to citizenship for<br />
those who play by the rules and take<br />
criminal background checks.”<br />
As the topic turned to refugees,<br />
Kaine underscored that a Clinton<br />
administration “will do immigration<br />
enforcement and vet refugees<br />
based on whether they are dangerous<br />
or not, not discriminating based on<br />
which country you are from.” He did<br />
not elaborate on whether any changes<br />
would be made to how refugees<br />
are currently vetted, given the United<br />
States already has robust systems in
place to ensure the safety and security<br />
of our nation.<br />
Pence, however, did not disavow<br />
the discriminatory ban on Muslim<br />
immigration proposed by Trump.<br />
His campaign has called “for a total<br />
and complete shutdown of Muslims<br />
entering the United States until our<br />
country’s representatives can figure<br />
out what is going on.”<br />
The debate showed a clear distinction<br />
between the two campaigns,<br />
one that endeavors to balance the<br />
dignity of immigrants and their<br />
families alongside the need to secure<br />
our country. The other seeks to<br />
continue and expand upon today’s<br />
failed enforcement-only policies that<br />
leave many communities living in the<br />
shadows of society.<br />
FREE SUBSCRIPTION<br />
SIGN-UP<br />
Monthly Digital Edition<br />
Airport/Seaport Newsletter<br />
Daily Insider Newsletter<br />
<strong>GSN</strong> Media Kit<br />
CLICK HERE<br />
Class action lawsuit challenging failure of<br />
CBP to respond to Freedom of Information<br />
requests is dismissed following settlement<br />
Washington, D.C. - This week,<br />
in accordance with a settlement<br />
reached by the parties, a federal district<br />
court dismissed a class action<br />
lawsuit which challenged U.S. Customs<br />
and Border Protection’s (CBP)<br />
nationwide practice of failing to<br />
timely respond to requests for case<br />
information under the Freedom of<br />
Information Act (FOIA). The suit<br />
was filed in 2015 by five immigration<br />
attorneys and 13 noncitizens,<br />
all of whom had filed FOIA requests<br />
that had been pending between 7<br />
and 24 months—significantly longer<br />
than the 20-business day period<br />
set by law for an agency to respond<br />
to a FOIA request. At the time of filing,<br />
CBP had a staggering backlog<br />
of over 30,000 FOIA requests that<br />
had been pending for more than 20<br />
business days, many for months or<br />
years. During the course of the lawsuit,<br />
CBP implemented new procedures<br />
for handling FOIA requests<br />
and devoted additional staff. Conse-<br />
30<br />
quently, at the time of the settlement,<br />
CBP’s backlog had been reduced to<br />
approximately 3,000 FOIA requests,<br />
most of which were complex, and<br />
CBP generally was responding to<br />
new requests within 20 days.<br />
In the settlement, CBP committed<br />
to continuing its efforts to<br />
timely process FOIA requests. Additionally,<br />
the agency committed<br />
to increased transparency about its<br />
performance; CBP will now post<br />
monthly FOIA statistics to its website,<br />
including the total number of<br />
FOIA requests pending, how long<br />
they have been pending, how many<br />
new requests are received each<br />
month, and how many are processed.<br />
The Law Office of Stacy Tolchin,<br />
the National Immigration Project of<br />
the National Lawyers Guild, Northwest<br />
Immigrant Rights Project, and<br />
the American Immigration Council<br />
represented the plaintiffs.
<strong>GSN</strong>’s 2016 Homeland Security Awards Program<br />
Now Accepting Entries at:<br />
www.gsnmagazine.com/hsa2016/welcome<br />
The 2016 Government Security News Awards Program, featuring<br />
many new categories in Cybersecurity, Physical Security, Government<br />
Agency Innovations and Mobile Technologies will open for entries on<br />
August 24 and will close for entries on November 15.<br />
In good news for Winners and Finalists, <strong>GSN</strong> will be reinstating its<br />
annual Homeland Security Awards Dinner in Washington, DC in<br />
the first week of December, in a venue to be announced. Longtime<br />
participants in the <strong>GSN</strong> awards programs will recall that previous<br />
<strong>GSN</strong> Awards Dinners have featured top government, military leaders<br />
and respected television commentators such as 4-Star General<br />
Barry McCaffrey (Ret); Fran Townsend, Homeland Security Advisor to<br />
George W. Bush, James Kallstrom, Assistant Director of the FBI and<br />
Admiral Thad Allen (Ret), Commandant of the U.S. Coast Guard<br />
who came out of retirement twice to serve his county, first in<br />
Hurricane Katrina and later in the BP Oil Spill.<br />
The cost of an entry for vendors is $300 per entry, but there is no<br />
charge for government agencies or departments. All Winners<br />
and Finalists receive Awards Emblems, and all Winners receive a<br />
handsome, gold-trimmed plaque describing their winning entries.<br />
All Winners and Finalists will also be invited to participate in the 2016<br />
Digital Yearbook of Awards Winners.<br />
To see photo gallery of previous Awards Dinners:<br />
https://www.flickr.com/photos/44536438@N06/<br />
For information on the Awards Dinner or Sponsorships,<br />
Contact Adrian Courtenay, Managing Partner, at<br />
acourtenay@gsnmagazine.com, (Mobile) 917-696-5782
International Threat/Cyber Intelligence<br />
Chuck Brooks on Cybersecurity: The weakest link<br />
who talks about where we stand in what many pe<br />
by Larry Karisny<br />
If you’re in the cybersecurity business,<br />
you know the name Chuck<br />
Brooks.<br />
He is an advisor to the Bill and<br />
Melinda Gates Foundation Technology<br />
Partner Network, chairman of<br />
CompTIA’s New and Emerging Tech<br />
Committee, subject matter expert to<br />
the Homeland Defense and Security<br />
Information Analysis Center, “passcode<br />
influencer” for The Christian<br />
Science Monitor, on the Board of<br />
Advisors for CyberTech, and on the<br />
Board of Directors at Bravatek and<br />
the Cyber Resilience Institute.<br />
Brooks also has authored numerous<br />
articles focusing on cybersecurity,<br />
homeland security and technology<br />
innovation for such publications<br />
as Forbes, Huffington Post, InformationWeek,<br />
MIT Sloan Blog, Computerworld,<br />
Federal Times, NextGov,<br />
Government Security News, Cygnus<br />
Security Media, Homeland Security<br />
Today, The Hill and Government Executive.<br />
I recently got a chance to get<br />
Brooks’ take on where we are today<br />
in what many people call the “wild,<br />
wild west” of cybersecurity. Here are<br />
his thoughts.<br />
Q. You wear many hats and certainly<br />
have been focused on cybersecurity<br />
for some time now. So tell me, who is<br />
Chuck Brooks and what is he trying<br />
to accomplish this space?<br />
A. You are right, over my career in<br />
government, corporate and academia,<br />
I have worn many hats. There<br />
have been some strong common<br />
threads [of] science, technology, national<br />
security, and legislative and executive<br />
policy in all my various roles.<br />
32<br />
Chuck Brooks, Cybersecurity Expert<br />
Thankfully, I selected a professional<br />
vocation of government relations<br />
and marketing that encompasses all<br />
those threads.<br />
My passion for cybersecurity issues<br />
was first established over a decade<br />
ago during the time I spent at<br />
the Department of Homeland Security’s<br />
Science and Technology Directorate.<br />
Back then, the threats to<br />
our critical infrastructure were not<br />
as pronounced as they are today. Of<br />
course we were just beginning to<br />
experience the smartphone era. The
will always be the human element, says Chuck,<br />
ople call the “wild, wild west” of cybersecurity<br />
field of cybersecurity has evolved<br />
exponentially along with the technologies,<br />
networks and connectivity<br />
that make up the cyber ecosystem.<br />
And the ecosystem is quite diverse<br />
and expansive, comprising software,<br />
hardware, monitoring, forensics,<br />
governance and more. All these elements<br />
make it an exciting area to<br />
explore since there is always more to<br />
learn from strategy and technology<br />
perspectives. Also, it certainly blends<br />
my common career threads.<br />
For anyone’s career focus, studying<br />
cybersecurity makes [sense] since<br />
it touches everything work- or personal-related.<br />
In both the public and<br />
private sectors — just about every<br />
CIO survey — cybersecurity is the<br />
top concern. And of course, along<br />
with data analytics, cybersecurity is<br />
a annually a budget priority of federal<br />
spending. DHS Secretary Jeh<br />
Johnson recently described cybersecurity<br />
and counterterrorism as the<br />
two top priorities for the protecting<br />
the homeland.<br />
What I want to accomplish in this<br />
space is to continue being a subject<br />
matter expert in cybersecurity; I enjoy<br />
writing and speaking about the<br />
varied aspects of the topic and especially<br />
in educating others on how it<br />
can impact their lives. My advisory<br />
and board director roles with organizations<br />
are a reflection of that interest.<br />
When I retire (which is a long<br />
way off), I hope to join academia<br />
again in a part-time role. I spent<br />
two years at Johns Hopkins University<br />
SAIS [School of Advanced International<br />
Studies] teaching graduate<br />
students homeland security and<br />
found it very fulfilling.<br />
Q. You have one of the most active<br />
groups in LinkedIn under the heading<br />
of the Department of Homeland<br />
Security. How has this helped both<br />
yourself and DHS in feeling the pulse<br />
of the cybersecurity industry?<br />
A. I do operate a half dozen groups<br />
that focus on homeland security and<br />
information security on LinkedIn,<br />
including a few of the largest groups:<br />
“U.S. Department of Homeland Security,<br />
DHS” “Information Technology<br />
(Homeland & National Security)”<br />
and “Homeland Security.”<br />
In all, these groups include about<br />
60,000 people. Among the members<br />
are a host of well-known cybersecurity<br />
professionals who often post and<br />
comment on issues of the day. Also,<br />
33<br />
as any news on data breaches or cyberincidents<br />
occur, they are often<br />
posted in the LinkedIn groups.<br />
Moderating these groups certainly<br />
keeps me updated and in tune with<br />
the pulse of policy. It has also served<br />
as a great networking venue to share<br />
ideas and information with some<br />
of the best security minds around<br />
in both the private and federal sectors.<br />
Many senior-level executives in<br />
the federal government are on social<br />
sites such as LinkedIn, GovLoop,<br />
Facebook and Twitter. There are an<br />
estimated 1.5 million federal government<br />
employees who regularly<br />
use LinkedIn, including over 65,000<br />
from DHS. Because of the growing<br />
need for public/private-sector collaboration<br />
and interface, being actively<br />
involved in social media makes<br />
a lot of sense.<br />
Q. What is Sutherland Government<br />
Relations and what do you do for the<br />
company?<br />
A. Sutherland Global Services is a<br />
global provider of business processing<br />
services, contact centers, IT<br />
service desks and management consulting<br />
serving government and U.S.<br />
leading corporations across multiple
International Threat/Cyber Intelligence<br />
industries, including health care and<br />
insurance, technology, mortgage<br />
and loan services, finance and banking,<br />
retail, and travel. Sutherland has<br />
36,000 employees and annual revenues<br />
of over $1.2 billion, [and] was<br />
listed in 2015 as one of the fastest<br />
growing private companies in America<br />
by Inc.<br />
I work for the recently created<br />
Sutherland Government Solutions<br />
as VP of Government Relations and<br />
Marketing, where we are at several<br />
agencies and are known for integrated<br />
services for citizen service<br />
needs and digital government. Our<br />
cybersecurity operations at Sutherland<br />
Government Services are internal,<br />
but we do have a practice in<br />
customer relations management after<br />
a company or agency has been<br />
breached. Our cybersecurity practice<br />
is led by Glenn Schoonover who has<br />
a deep technical background. He is a<br />
former chief information security officer<br />
for the Army and was responsible<br />
for providing network security to<br />
the Department of the Army headquarters.<br />
He is also a former senior<br />
technology strategist for Worldwide<br />
National Security and Public Safety<br />
at Microsoft.<br />
Q. I see you are active in both the<br />
public and private sectors when it<br />
comes to cybersecurity. What are the<br />
similarities and differences between<br />
these two sectors?<br />
A. The biggest difference is that government<br />
is motivated by mission,<br />
and the private sector (for the most<br />
part) is driven by profit and loss.<br />
The R&D efforts, innovation sector<br />
and skilled technical expertise in<br />
the private sector has been more robust<br />
than in government. Industry is<br />
more agile and able to react to threat<br />
trends.<br />
On the federal side, the landscape<br />
has really changed over the past<br />
few years. [The U.S. Department<br />
of Defense], of course, has had the<br />
cybersecurity war-fighting mission<br />
and continues to build upon new<br />
requirements for operations and for<br />
systems. On the civilian side, DHS<br />
takes an increasingly larger role in<br />
cybersecurity. Presidential and congressional<br />
directives have mandated<br />
that DHS play a growing and more<br />
primary role, especially with protecting<br />
critical infrastructure (transportation,<br />
health, energy, finance) that<br />
is mostly owned by the private sector.<br />
DHS has to step up its activities<br />
in assessing situational awareness,<br />
information sharing, and resilience<br />
research and development plans<br />
with stakeholders. This has led to a<br />
trend in public-private partnering<br />
for sharing threat information and<br />
in creating standards and protocols.<br />
In both the public and private sectors,<br />
training of the next-generation<br />
cybersecurity technical and policy<br />
[subject matter experts] is a major<br />
34<br />
priority.<br />
Q. To date, there seems to be a standoff<br />
between Apple and the federal<br />
government when it comes to iPhone<br />
security. What are your thoughts on<br />
this, and can this bring about some<br />
lessons learned for the cybersecurity<br />
industry?<br />
A. This is the topic of the day, and it<br />
is a complicated issue relating to government<br />
requesting a corporation to<br />
provide software to allow access to<br />
data. My thoughts may be a bit different<br />
from some of the others in the<br />
industry. While I recognize the importance<br />
of privacy and the dire risk<br />
of an Orwellian surveillance state, I<br />
consider protecting innocent lives<br />
as a mitigating circumstance. What<br />
if that data that the FBI is seeking<br />
on the terrorist’s encrypted phone<br />
uncovers a deeper terrorist network<br />
planning more horrific acts? In my<br />
opinion, this is a mitigating circumstance.<br />
What should be done is to establish<br />
protocols between industry and law<br />
enforcement to cooperate in these<br />
type of instances (with proper warrants<br />
and assurances) so that company<br />
Internet protocol can be isolated<br />
and privacy issues for the company’s<br />
customers can be best addressed. I<br />
am quite sure Congress will be looking<br />
closely at this case to establish<br />
legislation to create a working formula.<br />
The lesson for cybersecurity is
that there is a balance between privacy<br />
and security that has to be constantly<br />
reviewed in accordance with<br />
the threats at hand.<br />
Q. With billions of Inernet of Things<br />
devices on the near horizon<br />
and zetabytes of data projected<br />
by 2020, can we secure<br />
and control our digital<br />
processes, or are we<br />
headed for a digital train<br />
wreck?<br />
A. According to Gartner, there<br />
will be nearly 26 billion networked<br />
devices on the Internet of Things<br />
(IoT) by 2020. Moreover, it will keep<br />
expanding as the cost of sensors decreases<br />
and processing power and<br />
bandwidth continue to increase. The<br />
fact is that most of these IT networks<br />
will have some sort of an IoT-based<br />
security breach. We could be headed<br />
for a digital train wreck if IoT security<br />
standards are not adopted. We<br />
may have a digital train wreck even<br />
if they are adopted. Standards will<br />
have to be developed industry by<br />
industry. Protecting a network of<br />
medical devices in a hospital will require<br />
different sets of standards than<br />
protecting utilities with SCADA [supervisory<br />
control and data acquisition]<br />
systems that make up the electric<br />
grid. There are a lot of questions,<br />
including who enforces compliance?<br />
And what are the liabilities of an IoT<br />
breach?<br />
The real danger is that the Internet<br />
was not built for security at its<br />
inception; it was built for connectivity.<br />
There is some truth to the notion<br />
that your network may someday be<br />
betrayed by your toaster or refrigerator.<br />
One thing is for sure:<br />
the Internet of Things will<br />
pose many challenges to<br />
cybersecurity and data<br />
analytics, much of which<br />
we have yet to contemplate.<br />
Q. You’ve had the opportunity to<br />
review many cyberdefense technologies.<br />
Are we really finding new solutions<br />
that can handle this explosion<br />
of digital processes, or are we still<br />
playing the game of catch-up and<br />
patch-and-pray cybersecurity?<br />
A. New solutions are continually<br />
evolving with threats, but there will<br />
always be a need for better encryption,<br />
biometrics, analytics and automated<br />
network security to protect<br />
networks and endpoints. It is<br />
a perpetual game of cat and mouse<br />
between hackers and protectors, and<br />
there is really no such thing as being<br />
invulnerable.<br />
In a sense, we are continually playing<br />
catch-up and reacting to the last<br />
incident with patches. The weakest<br />
link will always be the human element.<br />
However, there are many new<br />
interesting technologies that could<br />
significantly impact cybersecurity in<br />
35<br />
the near future. There are technologies<br />
and algorithms coming out of<br />
the national labs, government, and<br />
from private-sector R&D and startups<br />
that have the potential to be disruptive.<br />
Q. Any final comments? And are<br />
there any speaking engagements or<br />
events you are participating in that<br />
you would like to announce? Could<br />
you also offer a good source for information<br />
on the subject of cybersecurity<br />
that you would suggest for our<br />
readers?<br />
A. Please check my regular posts in<br />
the media and social media, join<br />
my LinkedIn groups and follow me<br />
on Twitter @ChuckDBrooks. I do<br />
have some future blogs with the National<br />
Cybersecurity Institute on my<br />
agenda. Also, in addition to social<br />
media, which I highly recommend,<br />
there are many excellent outlets for<br />
cybersecurity information including<br />
the Homeland Defense and Security<br />
Information Analysis Center. A great<br />
site that aggregated cybersecurity<br />
news daily is The CyberWire.<br />
Larry Karisny is the director of<br />
Project Safety.org, an advisor, consultant,<br />
speaker and writer supporting<br />
advanced cybersecurity technologies<br />
in both the public and private sectors.<br />
Reprinted with permission of authors.
International Threat/Cyber Intelligence<br />
Arrest of ex-NSA contractor shows federal<br />
cybersecurity still faces a serious inside threat<br />
By Steve Bittenbender<br />
The latest arrest of a government<br />
contractor charged with stealing<br />
documents and illegally downloading<br />
and retaining classified data indicates<br />
that the threat of an inside<br />
attack on data remains real and, in<br />
many cases, exposes an Achilles’<br />
heel for U.S. cybersecurity efforts.<br />
Court documents released earlier<br />
this week show the Federal Bureau<br />
of Investigation arrested Harold<br />
T. Martin III at his Maryland residence<br />
in late August. In searching<br />
his house and car, investigators<br />
found numerous documents – both<br />
in hard-copy and digital formats –<br />
marked as highly classified that contained<br />
sensitive information vital to<br />
national security.<br />
In at least six cases, the documents<br />
date back to 2014.<br />
Martin worked for Booz Allen<br />
Hamilton, which performs work<br />
for several agencies involved with<br />
federal security and defense. Most<br />
recently, he was working within the<br />
Department of Defense, but documents<br />
found date back to at least<br />
2014. At that time, Martin was a<br />
Booz contractor holding cleared position<br />
within the National Security<br />
Agency.<br />
“The disclosure of the documents<br />
would reveal those sensitive sources,<br />
methods, and capabilities,” said<br />
F.B.I. Special Agent Jeremy Bucalo<br />
in an affidavit filed with Martin’s<br />
criminal complaint.<br />
The NSA monitors and collects<br />
information regarding foreign intelligence<br />
matters. It’s also responsible<br />
for securing federal communications<br />
and computer networks. Booz<br />
Allen Hamilton is the same firm<br />
that employed Edward Snowden,<br />
who released without authorization<br />
classified NSA material three years<br />
ago.<br />
Most of the attention placed on<br />
cybersecurity focuses<br />
on efforts to stop<br />
hackers trying to penetrate<br />
systems from<br />
abroad. However, a<br />
survey conducted by<br />
cybersecurity software<br />
provider Imperva<br />
revealed that 1<br />
in 50 employees (or 2<br />
percent of the work-<br />
36<br />
force) can be considered a threat for<br />
an inside breach.<br />
In addition, 36 percent of companies<br />
surveyed said insider incidents<br />
took place on their systems within<br />
the past year.<br />
“The insider threat is real and<br />
reinforces the fact that the biggest<br />
threat to enterprise security is the<br />
people already on the payroll,” said<br />
Terry Ray, a chief strategist for Imperva.<br />
“The unfortunate reality is<br />
that insiders can do far more damage<br />
than external attackers because<br />
they have legitimate access and vast<br />
opportunity.”<br />
Amichai Shulman, Imperva’s chief<br />
technology officer, said current cybersecurity<br />
solutions target malware<br />
and other tools used by hackers.<br />
Those solutions do<br />
not work properly and<br />
because of that expose<br />
government and other<br />
vital systems to substantial<br />
risk.<br />
Solutions must be<br />
focused on protecting<br />
the target of the<br />
attack, the data, Shul-<br />
More on page 49
Intelligent Automation Inc discusses cyber attacks<br />
and tools of analysis and mitigation<br />
Cyber security is a critical issue as<br />
networks are consistently attacked<br />
and compromised. Due to the evergrowing<br />
dependency on computer<br />
systems and networks for<br />
business transactions, systems<br />
face growing cyber threats<br />
from both inside and outside.<br />
IAI has in-depth knowledge,<br />
advanced technology and extensive<br />
hands-on experience<br />
in providing cyber-attack<br />
analysis and mitigation strategies<br />
and solutions. IAI is focused on<br />
cyber defense through prevention,<br />
attack detection and mitigation, and<br />
reliability and trustworthiness.<br />
Examples of IAI’s cyber attack<br />
analysis and<br />
mitigation solutions include:<br />
Self-shielding Dynamic Network<br />
Architecture (SDNA) changes the<br />
nature of the network by introducing<br />
cryptographically strong<br />
dynamics. SDNA provides an<br />
IPv6-based integrated security architecture<br />
allowing multiple types<br />
of dynamics to be constructively<br />
combined. Various network-level<br />
dynamics like addressing, naming,<br />
routing, availability, etc. are incorporated<br />
into SDNA’s design. SDNA’s<br />
dynamics operate before, during,<br />
and after an attack and place the<br />
burden on the attacker, creating an<br />
environment where the network is<br />
secured by default. This approach<br />
significantly reduces the reliance on<br />
detection to defend against attacks.<br />
NIRVANA is cyber situational<br />
awareness tool that leverages efficient<br />
graphical models and inference/analysis<br />
algorithms to assist<br />
system administrators in enterprise<br />
network security analysis and dynamic<br />
situation awareness. We decouple<br />
the abstract knowledge from<br />
the particular network information<br />
like topology settings, roll out the<br />
instance network attack graph as<br />
needed, use efficient matching algorithms<br />
for situation awareness,<br />
37<br />
and apply inference algorithms under<br />
uncertainty to facilitate what-if<br />
analysis and action planning. IAI’s<br />
graphical models capture the inherence<br />
dependency relationships<br />
of applications on<br />
networks/systems, and of<br />
missions on applications. Our<br />
method enables independent<br />
graphic model development at<br />
different levels while ensuring<br />
interoperability.<br />
NetBEAM is an integrated<br />
tool for enterprise network monitoring<br />
and cyber behavior anomaly<br />
detection based upon the unique<br />
features and characteristics of typical<br />
cyber threats.<br />
JANASSURE is an automated<br />
network mapping tool to detect the<br />
existence of IPv6 transition mechanisms<br />
and evaluate the potential risk<br />
caused by IPv6 transition mechanisms<br />
in networks.<br />
Smart AppShield is a virtualization-based<br />
approach to application<br />
protection which employs an outof-the-box<br />
approach to monitor the<br />
information flow among applications<br />
and enforce the security polic-<br />
More on page 50
Convy on Net-Centric Security<br />
The future of identity management –<br />
on the tips of your fingers<br />
By John Convy, Convy Associates, Washington, DC<br />
Identity management remains an ongoing<br />
challenge for the security industry.<br />
Any number of technologies promise<br />
quick, easy access for authorized<br />
individuals, including card keys, biometric<br />
scans, facial recognition, and<br />
voice recognition. However, issues<br />
with accuracy, false positives, and<br />
false negatives continue to frustrate<br />
security people.<br />
One of the world’s oldest identity<br />
management methods, ironically,<br />
may still be the best. This uses something<br />
each of us carries with us everywhere,<br />
and is almost perfectly unique<br />
to every individual – our fingerprints.<br />
Forensic Science in Literature<br />
Sir Arthur Conan Doyle popularized<br />
fingerprint use as a forensic tool in a<br />
Sherlock Holmes story published in<br />
1890. The first documented application<br />
of fingerprint technology came<br />
from an Argentine police official<br />
around 1892.<br />
Soon after that, fingerprints became<br />
the backbone of many police<br />
operations. Analog images can be<br />
printed and shared easily. Scans can<br />
be turned into digital codes that serve<br />
as unique identifiers that can operate<br />
as both a user ID and password. This<br />
application of biometrics – the use<br />
of physical characteristics for digital<br />
authentication – has been one of the<br />
key goals for the security industry for<br />
many years.<br />
Older fingerprint scanner technologies<br />
had their limitations. They<br />
could not record sufficient information<br />
from a finger to be reliable or<br />
generate a sufficiently sophisticated<br />
numerical code that was fully secure.<br />
Dirty sensors or wet fingertips caused<br />
readability issues. Slow analytics took<br />
too long to validate identity, and some<br />
systems could be fooled by something<br />
as simple as an analog copy of a fingerprint<br />
printed on a clear piece of<br />
plastic.<br />
According to Gary Jones, Director<br />
of Biometric Access and Time Solutions<br />
at MorphoTrak LLC, those legacy<br />
scanners are just as obsolete as the<br />
paper fingerprints in old police ledgers.<br />
Today’s fingerprint sensors are<br />
fast, accurate, and reliable.<br />
“We call this frictionless access,”<br />
Jones told me. “The difference is that<br />
we now know how to capture fingerprints<br />
in 3D. Once you have the whole<br />
fingerprint, including the curvature,<br />
you can capture more information.<br />
38<br />
And that extra information means incredible<br />
accuracy. We can now come<br />
very close to the rolled capture from<br />
ink-and-paper, even with a partial<br />
scan. And we can process that information<br />
very rapidly.”<br />
Always Available, Rarely Lost<br />
Another key element in the evolution<br />
of fingerprint scanning has been the<br />
development of sensors that automatically<br />
account for distorted scans, wet<br />
fingers, or dirty surfaces. These newer<br />
technologies operate under challenging<br />
conditions that confused older<br />
systems, and occasionally rendered<br />
them inoperable.<br />
Speed is another major improvement,<br />
according to MorphoTrak’s<br />
Gary Jones.<br />
“Wave your hand – left or right –<br />
it does not matter. We now see what<br />
we need to see as your fingers move<br />
through the scanning area. It’s like<br />
placing your finger on an older sensor<br />
10, 12, or 15 times – except you<br />
only have to wave once, and you don’t<br />
have to place your finger down on a<br />
surface.”<br />
The result is an advanced identity<br />
management solution that can move<br />
large numbers of people through
doorways, gateways, turnstiles, and<br />
other access points with impressively<br />
little delay. It works when hands<br />
are wet, dirty, or even<br />
damaged. This method<br />
delivers enhanced security<br />
without cards,<br />
key fobs, smartphone<br />
two-factor authentication<br />
apps, or other<br />
devices that need to<br />
be managed and can<br />
easily be lost. It takes<br />
a catastrophic event for someone to<br />
misplace a finger.<br />
Multiple Security Layers<br />
Modern fingerprint sensors can provide<br />
two-factor authentication out of<br />
the same device scanning for fingerprints.<br />
The unit can recognize unique<br />
finger vein patterns at the same time.<br />
In the infinitesimally unlikely event<br />
that two individuals have the same<br />
fingerprint, or that the sensor has<br />
somehow been fooled with a spoofed<br />
print, the vein pattern provides an additional<br />
layer of security that is tough<br />
to fake.<br />
Adding a PIN requirement enables<br />
three-factor authentication – all from<br />
a single sensor and keypad. “MorphoTrak’s<br />
FingerVP product won a<br />
Best-In-Show at ISC West for this innovation,”<br />
Jones pointed out.<br />
The final piece of the puzzle comes<br />
from faster, smarter processing, both<br />
on the sensor and in the back end<br />
systems that handle the significantly<br />
greater amounts of data that each<br />
scan can capture. It has never been<br />
easier to process the volume of data<br />
The final piece of the puzzle comes from<br />
faster, smarter processing, both on the<br />
sensor and in the back end systems that<br />
handle the significantly greater amounts<br />
of data that each scan can capture.<br />
necessary for proper identity management<br />
using something as simple<br />
and unique as a fingerprint. National<br />
Institute of Standards and Technology<br />
(NIST) testing has confirmed the<br />
superior performance of MorphoTrak’s<br />
approach.<br />
“People, especially younger individuals,<br />
quite literally expect the world at<br />
their fingertips through their smartphones,”<br />
Jones added. “And they’re<br />
already used to securing their phones<br />
with their fingerprints. We can now<br />
deliver that same ease of use at the<br />
levels of security demanded by the<br />
toughest of governmental and business<br />
standards.”<br />
Standards Compliance<br />
MorphoTrak’s technology operates<br />
equally well as a mobile solution as<br />
it does at fixed locations, according<br />
to Jones. It complies with essential<br />
government standards to ensure<br />
high levels of effectiveness and performance.<br />
These include FIPS 201<br />
39<br />
Personal Identity Verification (PIV)<br />
approval for Federal contractors and<br />
employees, Transportation Worker<br />
Identity Credential<br />
(TWIC) certification<br />
for Homeland Security<br />
contractors, and FBI<br />
Next Generation Identification<br />
(NGI) Image<br />
Quality Specification<br />
(IQS) compliance.<br />
This commitment to<br />
standards also ensures<br />
that MorphoTrak’s fingerprint solutions<br />
integrate smoothly with other<br />
biometric systems. The company<br />
recognizes that no single technology<br />
provides perfect identity management.<br />
It is essential for organizations<br />
to be able to operate multiple layers<br />
of authentication as transparently as<br />
possible.<br />
Sometimes, what is old becomes<br />
new again.<br />
John Convy and Convy Associates provide<br />
strategic alliance, A&E consultant,<br />
technology ecosystem, and lead<br />
generation programs to monetize relationships<br />
and accelerate demand for<br />
leading security industry manufacturers.<br />
John is the Founder and Managing<br />
Director of the Open Standards<br />
Security Alliance and the IP Security<br />
Academy, and a speaker at many global<br />
industry events. Email: John@ConvyAssociates.com
Oil/Gas/Electric Grid Security<br />
The nation’s power grid is struck by cyber or physical attacks<br />
once every four days, according to Federal energy records<br />
By Bill Gertz<br />
The threat of a devastating cyber<br />
attack on the U.S. electrical grid is<br />
increasing due to the Obama administration’s<br />
politically correct<br />
policies that spend vast sums on<br />
green and smart grid technologies<br />
while failing to secure power grids<br />
from cyber attack.<br />
A report by the Manhattan Institute,<br />
a New York think tank, warns<br />
that the push to integrate wind and<br />
solar electrical power into the $6<br />
trillion electric utility system has<br />
created new vulnerabilities that<br />
other nations could exploit in a future<br />
cyber war.<br />
“Electric grids have always been<br />
vulnerable to natural hazards and<br />
malicious physical attacks,” writes<br />
Mark Mills, a physicist and engineer<br />
who authored the Manhattan<br />
Institute report. “Now the U.S. faces<br />
a new risk—cyber attacks—that<br />
could threaten public safety and<br />
greatly disrupt daily life.”<br />
The U.S. electrical power network<br />
is not made up of a single<br />
grid, but a complex web of eight<br />
40<br />
regional “supergrids” linked to<br />
thousands of local grids. Under a<br />
drive for improved efficiency, government<br />
policymakers and regulators<br />
in recent years have spent tens<br />
of billions of dollars on so-called<br />
“smart grid” technology. But<br />
the efficiency drive has not been<br />
matched with new technology that<br />
will secure grids against cyber attacks.<br />
Utility owners also have resisted<br />
improving cyber security over<br />
concerns doing so would increase<br />
operating costs and force unpopular<br />
rate hikes. Yet the failure to<br />
take steps now to deal with future<br />
threats could prove catastrophic.<br />
The threat, according to the report,<br />
is not the current state of security<br />
but the future use of greener<br />
and smarter electric grids, interconnected<br />
and linked to the Internet.<br />
“These greener, smarter grids<br />
will involve a vast expansion of<br />
the Internet of Things that greatly<br />
increases the cyber attack surface<br />
available to malicious hackers and<br />
hostile nation-state entities,” the<br />
report warns, adding that cyber attacks<br />
overall have risen 60 percent<br />
annually over the past six years<br />
and increasingly include the targeting<br />
of electric utilities.<br />
A recent survey by Cisco Systems<br />
revealed that 70 percent of electric<br />
utility security managers suffered<br />
at least one security breach.<br />
Unfortunately, Obama’s liberal<br />
agenda forced government policymakers<br />
and regulators to promote<br />
green and smart grid technologies<br />
while spending relatively trivial<br />
amounts to secure those grids<br />
from cyber attacks.<br />
“Greater grid cyber security in<br />
the future means that policymakers<br />
must rethink the deployment<br />
of green and smart grids until<br />
there are assurances that security<br />
technologies have caught up,” the<br />
report recommends.<br />
Part of the problem for grid security<br />
is that power networks are<br />
controlled by the private sector<br />
utilities. Government can and<br />
must provide intelligence and<br />
warning of cyber threats. But grid<br />
security is the responsibility of industry<br />
and there is an urgent need
for the private sector to do more to<br />
defend the country from a future<br />
devastating blackout.<br />
Further, the government and<br />
electric companies appear to be<br />
playing down the danger, claiming<br />
cyber attacks are less likely than<br />
squirrels eating electrical cables,<br />
or tree limbs shorting out wires.<br />
This attitude was reflected in<br />
a controversial Department of<br />
Homeland Security Report produced<br />
in January that concluded<br />
the threat of a damaging or disruptive<br />
cyber attack on the electric infrastructure<br />
was low. The study was<br />
an embarrassing reminder that the<br />
federal government is ill-prepared<br />
for future dangers. A month before<br />
the DHS report, Russian hackers<br />
took down portions of Ukraine’s<br />
power grid in what has been called<br />
the first known cyber attack on an<br />
electricity infrastructure.<br />
The problem of grid security<br />
has been made worse by the past<br />
seven years of administration policies<br />
that subordinated building up<br />
security against cyber attacks to<br />
integrating environmental technologies.<br />
The liberal worldview<br />
mistakenly has placed climate<br />
change as a greater national security<br />
threat than future cyber attacks<br />
from nation states.<br />
According to the Manhattan report,<br />
wind and solar power will be<br />
unable to meet the country’s 24/7<br />
41<br />
energy demands for the foreseeable<br />
future. Yet programs to develop<br />
these energy sources received<br />
over 75 percent of all new generating<br />
capacity, with some $150 billion<br />
invested by the federal government<br />
on green and smart grid<br />
programs. By contrast, the Energy<br />
Department spent $150 million on<br />
cyber security research and development.<br />
Blackouts have occurred in the<br />
past, mainly after hurricanes. One<br />
non-natural disaster was the August<br />
2003 blackout that affected<br />
New York City and the Northeast.<br />
That power outage put 50 million<br />
people in the dark for two days,<br />
and caused $6 billion in damage.<br />
The cause was a combination of a<br />
software glitch and human error<br />
that resulted in a localized power<br />
outage in Ohio cascading into a<br />
widespread regional power disruption.<br />
According to the Manhattan Institute<br />
study, Lloyd’s estimates that<br />
the damage from a worst-case cyber<br />
attack that causes a widespread<br />
blackout would cost between $250<br />
billion and $1 trillion.<br />
The coming danger will involve<br />
sophisticated nation state cyber attacks.<br />
U.S. Cyber Command chief<br />
More on page 50
Oil/Gas/Electric Grid Security<br />
Quanergy acquires OTUS People Tracker Software<br />
from Raytheon BBN Technologies to strengthen its<br />
position as complete LiDAR solution provider<br />
SUNNYVALE, Calif.—(BUSINESS<br />
WIRE)—Quanergy Systems, Inc.,<br />
the leading provider of solid state<br />
LiDAR sensors and smart sensing<br />
solutions, today announced the acquisition<br />
of OTUS People Tracker<br />
software from Raytheon BBN Technologies.<br />
The software complements<br />
Quanergy’s existing software portfolio<br />
and, when used with Quanergy’s<br />
LiDAR sensors, creates an<br />
integrated hardware and software<br />
solution for advanced people detection<br />
and tracking applications<br />
within the security and autonomous<br />
driving markets.<br />
OTUS uses sophisticated human<br />
perception algorithms to identify<br />
and track people for safety and security<br />
in crowded environments at<br />
ranges exceeding 100 meters when<br />
used with Quanergy LiDAR sensors.<br />
The system features segmentation<br />
techniques identifying humans,<br />
background extraction, object clustering,<br />
sophisticated merge and split<br />
algorithms, persistent<br />
tracking algorithms, and other advanced<br />
features supporting robust<br />
crowd control. Support for multiple<br />
zones of interest is included, allowing<br />
users fine control over active<br />
monitoring. With the acquisition,<br />
Quanergy is offering the most intelligent<br />
and complete solution to<br />
track people in 3D and in real-time<br />
over large spaces. The combined solution<br />
has advantages over camera<br />
systems including the<br />
ability to work in any<br />
weather or lighting<br />
conditions with fewer<br />
false alarms, along<br />
with the reduction of<br />
equipment and labor<br />
costs.<br />
“The acquisition<br />
of Raytheon BBN’s<br />
42<br />
OTUS People Tracker software is a<br />
significant milestone in Quanergy’s<br />
strategy and long term road map<br />
for LiDAR integration into larger<br />
transportation and automation<br />
platforms,” said Dr. Louay Eldada,<br />
Quanergy CEO. “Raytheon BBN is a<br />
recognized leader in the space, with<br />
the most advanced solution, and<br />
Quanergy is now further positioned<br />
to expand its footprint and accelerate<br />
its ability to deliver new levels of<br />
product performance.”<br />
The software is the foundation for<br />
Q-Guard, Quanergy’s 3D perimeter<br />
fencing and intrusion detection system.<br />
The company recently demonstrated<br />
Q-Guard and the capability<br />
for tracking human subjects at the<br />
tradeshow, ASIS 2016, which was<br />
held September 12-15 at the Orange<br />
County Convention Center in Orlando,<br />
Florida. The demo will show<br />
how Quanergy LiDAR sensors and<br />
software incorporating the OTUS<br />
People Tracker capability can track<br />
people persistently, send commands<br />
to PTZ cameras and enable the cameras<br />
to focus on subjects.
About Quanergy Systems, Inc.<br />
Quanergy Systems, Inc. was founded<br />
in 2012 and builds on decades of<br />
experience of its team in the areas<br />
of optics, photonics, optoelectronics,<br />
artificial intelligence software,<br />
and control systems. Headquartered<br />
in Sunnyvale, California, in<br />
the heart of Silicon Valley, Quanergy<br />
offers the leading solid state<br />
LiDAR sensors and software for<br />
real-time capture and processing of<br />
high-definition 3D mapping data<br />
and object detection, tracking, and<br />
classification. Application areas include<br />
transportation, security, mapping<br />
and industrial automation.<br />
Quanergy’s LiDARs lead in six key<br />
commercialization areas (price, performance,<br />
reliability, size, weight,<br />
power efficiency) while meeting the<br />
mass deployment requirements of<br />
durability and dependability using<br />
solid state technology. For more information<br />
about Quanergy, visit us<br />
at www.quanergy.com and follow us<br />
on Twitter @Quanergy.<br />
Sign-up for Free<br />
<strong>GSN</strong> Digital Editions<br />
and Email Newsletters<br />
Free subscription to your selection of <strong>GSN</strong> digital editions<br />
and daily/weekly email newsletters. Add new selections or<br />
opt-out of any selections at any time.<br />
<strong>GSN</strong> Airport, Seaport, Rail, Border Security Weekly<br />
<strong>GSN</strong> Daily Insider Newsletter (5 Days Weekly)<br />
<strong>GSN</strong> Monthly Digital Edition<br />
<strong>GSN</strong> Media Kit<br />
CLICK HERE<br />
The News Leader in Physical, IT and Homeland Security<br />
www.gsnmagazine.com<br />
43
Oil/Gas/Electric Grid Security<br />
InfragardNCR launches national critical infrastructure<br />
security and resilience month awareness campaign<br />
WASHINGTON, DC – <strong>Oct</strong>ober 12<br />
– InfraGard of the National Capital<br />
Region (InfraGardNCR), a partnership<br />
between the FBI and the private<br />
sector to protect critical infrastructure,<br />
today launched a comprehensive<br />
effort to recognize and support<br />
National Critical Infrastructure Security<br />
& Resilience Month (NCIS-<br />
RM). The initiative supports the U.S.<br />
Department of Homeland Security’s<br />
National Protection & Programs<br />
Directorate, Office of Infrastructure<br />
Protection mission to raise awareness<br />
around critical infrastructure<br />
protection during the month of November.<br />
InfraGardNCR unveiled<br />
the NCISRM website and its numerous<br />
social media interaction points<br />
and announced an owner/operator<br />
driven event to focus on CI supply<br />
chain partners.<br />
“Well after the events of September<br />
11 we are still working to understand<br />
and mitigate the complex<br />
challenges posed by our converged<br />
cyber and physical environments.<br />
NCISRM is an opportunity for<br />
both the owners and operators of<br />
our critical infrastructure, and our<br />
government counterparts engaged<br />
in all 16 critical infrastructures<br />
to highlight and<br />
reinforce their work, understand<br />
in-depth the pressing<br />
threats and vulnerabilities,<br />
and work on ways to mitigate<br />
their effects,” said Kristina<br />
Tanasichuk, president of InfraGardNCR<br />
and CEO of the<br />
Government Technology &<br />
Services Coalition.<br />
The Office of Infrastructure<br />
Protection, within the U.S.<br />
Department of Homeland<br />
Security’s National Protec-<br />
44<br />
tion and Programs Directorate, is<br />
partnering with InfraGardNCR to<br />
promote Critical Infrastructure Security<br />
and Resilience Month. InfraGardNCR<br />
has<br />
been working<br />
since January<br />
2016 with numerous<br />
stakeholders<br />
and<br />
national nonprofit<br />
organizations<br />
that are<br />
aligned with the<br />
16 critical infrastructure<br />
sectors<br />
to work together<br />
in November to<br />
raise awareness<br />
and take tangible<br />
steps to improve<br />
the security posture around our<br />
critical infrastructure.<br />
In addition to campaigns to raise<br />
awareness, InfraGardNCR will<br />
bring key stakeholders together to<br />
explore physical and cyber vulnerabilities<br />
to the U.S. electric grid.<br />
The discussions will focus on the<br />
threats to the grid and include briefings<br />
from both the FBI and the Of-
fice of the Director of National Intelligence,<br />
in addition to a targeted<br />
campaign for owners and operators<br />
to invite their vendors and others<br />
who “should” know more about CI<br />
in order to make their supply chain<br />
stronger and educate those who<br />
may not focus on critical infrastructure<br />
security on a daily basis will be<br />
a key part of the<br />
awareness effort.<br />
“Critical infrastructure<br />
organizations<br />
need<br />
to be concerned<br />
about the physical<br />
security as<br />
well as the cybersecurity<br />
of their<br />
small business<br />
suppliers. Those<br />
small businesses<br />
in the supply<br />
chain need to be<br />
concerned about<br />
their security<br />
primarily for the common good,<br />
but also to differentiate themselves<br />
to their critical infrastructure customers.<br />
The BBB is engaging with<br />
NCISRM to raise awareness of sector<br />
interdependencies and to provide<br />
training for small businesses<br />
across North America based on the<br />
NIST Cybersecurity Framework,”<br />
added Bill Fanelli, CISSP, Chief<br />
Security Officer, Council of Better<br />
Business Bureaus Inc.<br />
Owners and operators of critical<br />
infrastructure, non-profit organizations<br />
that represent critical<br />
infrastructure sectors, colleges and<br />
universities, and private companies<br />
are all invited to partner during November<br />
to raise awareness and educate<br />
their constituents. More information<br />
on partnership is available<br />
here.<br />
The NCISRM website, which will<br />
provide tools, resources, and tips<br />
throughout November, is available<br />
at www.NCISRM.org.<br />
More information on the in-person<br />
event, Attacking the Grid: Left<br />
and Right of Boom, will take place<br />
in Tysons Corner, Virginia and<br />
focus on uncovering interdependencies<br />
due to an extended power<br />
outage. This year’s NCISRM event<br />
will provide attendees with three<br />
things: 1) the most recent, accurate<br />
threat assessments from the<br />
FBI and ODNI; 2) an in-depth look<br />
45<br />
at the December 2015 cyberattack<br />
on the electric grid in Ukraine and<br />
an analysis of the implications of a<br />
similar attack in the United States;<br />
and 3) scenario-based facilitated<br />
breakout sessions with stakeholders<br />
across critical infrastructure sectors<br />
to discuss best practices and tangible<br />
tools for preventing, detecting,<br />
responding, and recovering from a<br />
large power outage.<br />
More information on all of these<br />
activities can be found at: www.<br />
NCISRM.org.<br />
About InfraGardNCR<br />
InfraGardNCR is a partnership between<br />
the FBI and the private sector<br />
to share information to protect the<br />
nation’s critical infrastructure. InfraGardNCR<br />
serves as a critical link<br />
that connects owners and operators<br />
with the entities that strive to protect<br />
their assets. More information<br />
is available at www.InfraGardNCR.<br />
org.
GTT releases most advanced TSP<br />
solution to date<br />
Continued from page 5<br />
reliable traffic solutions to communities<br />
for over 40 years. GTT proactively<br />
delivers advanced transportation<br />
solutions to help emergency, transit<br />
and traffic personnel increase safety,<br />
minimize traffic congestion and reduce<br />
greenhouse gas emissions, while<br />
maximizing resource efficiency and<br />
performance. Headquartered in St.<br />
Paul, Minnesota, GTT is the market<br />
leader in traffic management systems,<br />
with its system installed in intersections<br />
in 41 of the 50 largest U.S. cities.<br />
To find out more about GTT, visit their<br />
website (www.gtt.com).<br />
FREE SUBSCRIPTION<br />
SIGN-UP<br />
Monthly Digital Edition<br />
Airport/Seaport Newsletter<br />
Daily Insider Newsletter<br />
<strong>GSN</strong> Media Kit<br />
CLICK HERE<br />
HID Global Helps Streamline<br />
Bhutan’s Driver License Issuance<br />
and Management System<br />
Continued from page 10<br />
benefit from the change to the<br />
printing process. In the months<br />
since the new IDs were issued, law<br />
enforcement officers have observed<br />
a decline in incidents involving<br />
fake IDs. The new security features<br />
on the IDs prove to be an effective<br />
deterrence against counterfeiting.<br />
Those counterfeit driver’s licenses<br />
circulating in the market can easily<br />
be distinguished from the genuine<br />
ones. The inability to create a counterfeit<br />
of the new IDs has resulted<br />
in a drop in the production of inauthentic<br />
IDs.ww<br />
“We are very pleased with the deployment<br />
of the HDP5000 printers<br />
and are are currently exploring how<br />
we can expand our use of technology.<br />
Smart chip encoding, which<br />
can be supported by the printers<br />
with an upgrade, would enable us to<br />
augment the cards and make them<br />
multifunctional, and is a feature we<br />
are interested in implementing in<br />
the near future,” said Nidup.<br />
© 2016 HID Global Corporation/ASSA ABLOY<br />
AB. All rights reserved. HID, HID Global,<br />
the HID Blue Brick logo, and Chain Design<br />
and FARGO are trademarks or registered<br />
trademarks of HID Global or its licensor(s)/<br />
supplier(s) in the US and other countries and<br />
may not be used without permission. All other<br />
trademarks, service marks, and product or service<br />
names are trademarks or registered trademarks<br />
of their respective owners. hidglobal.com<br />
46<br />
What was in the World Trade<br />
Center chemical plume created at<br />
Ground Zero on “9/11”?<br />
Continued from page 14<br />
“we did the very best we could at the<br />
time” and she was sorry that people<br />
had died as a result of her “mistake”<br />
– a claim which was disputed and rejected<br />
by numerous firefighters, who<br />
made it clear that they knew the air<br />
was polluted with toxins, but they did<br />
the clean-up work and searches for<br />
survivors because that was their job.<br />
Other firefighters described the EPA<br />
decision to be absurd in light of the<br />
fact that seven days after the attacks<br />
virtually all the buildings in downtown<br />
Manhattan were coated with<br />
dust, debris, lead, asbestos and other<br />
toxic substances. Still others argued<br />
that Ms Whitman’s decision jeopardized<br />
the health of every school child<br />
and every educator who went back to<br />
teach the children, along with every<br />
person who lived in the area who returned<br />
home to breathe in toxic dust.<br />
According to a post-fifteenth anniversary<br />
article by the Associated<br />
Press, “More than 1,000 people who<br />
registered with the World Trade Center<br />
Health Program, set up to oversee<br />
those affected by the aftermath<br />
of the attacks, have died in the past<br />
15 years. According to a summary<br />
of five research articles on the health<br />
impacts on rescuers and others who<br />
worked the site, both the number<br />
of people sickened and the type of<br />
illnesses present were greater than
anticipated. According to Jake Lemonda,<br />
union head of the Uniformed<br />
Fire Officer’s Association, there are<br />
currently 1,396 afflicted with cancer;<br />
5,456 with a lower respiratory illness<br />
and there are many more firefighters<br />
who responded on 9/11 who are very<br />
sick.”<br />
References<br />
1. Amy Goodman, “Ex-EPA Head Christine<br />
Todd Whitman Denies Misleading Public over<br />
Environmental Dangers After ‘9/11’ ”, Independent<br />
Global News, June 26, 2007; www.democracynow.org/2007/6/26/ex_epa_head_christine_todd_whitman<br />
2. Thomas K. Aldrich, M.D., Jackson Gustave,<br />
M.P.H., Charles B. Hall, Ph.D., “Lung Function<br />
in Rescue Workers at the World Trade Center after<br />
7 Years”, New England Journal of Medicine,<br />
2010; 362:1263-1272, April 8, 2010<br />
3. David Biello, “What Was in the World<br />
Trade Center Plume? Ten years later, what exactly<br />
residents and rescue workers were exposed<br />
to remains at least a partial mystery”, Scientific<br />
American, September 7, 2011; www.scientificamerican.com/article/what-was-in-the-worldtrade-center-plume/<br />
4. Rachel Zeig-Owens, Anna Nolan, Barbara<br />
Putman, Ankura Singh, David J. Prezant, Michael<br />
D. Weiden. “Biomarkers of patient intrinsic<br />
risk for upper and lower airway injury after exposure<br />
at the World Trade Center”, American Journal<br />
of Industrial Medicine, 2016, 59:9, 788-794.<br />
5. Jennifer Yip, Mayris P. Webber, Rachel<br />
Zeig-Owens, Madeline Vossbrinck, Ankura<br />
Singh, Kerry Kelly, David J. Prezant, “FDNY and<br />
9/11: Clinical services and health outcomes in<br />
World Trade Center-exposed firefighters and EMS<br />
workers from 2001 to 2016”, American Journal of<br />
Industrial Medicine, 2016 59:9, 695-708<br />
6. Caralee Caplan-Shaw, Angeliki Kazeros,<br />
Deepak Pradhan, Kenneth Berger, Roberta<br />
Goldring, Sibo Zhao, Mengling Liu, Yongzhao<br />
Shao; “Improvement in severe lower respiratory<br />
symptoms and small airway function in World<br />
Trade Center dust exposed community members”,<br />
American Journal of Industrial Medicine, 2016<br />
Canon U.S.A. and National Crime<br />
Prevention Council collaborate<br />
Continued from page 15<br />
About Canon U.S.A., Inc.<br />
Canon U.S.A., Inc., is a leading provider<br />
of consumer, business-to-business,<br />
and industrial digital imaging<br />
solutions to the United States and to<br />
Latin America and the Caribbean<br />
(excluding Mexico) markets. With<br />
approximately $31 billion in global<br />
revenue, its parent company, Canon<br />
Inc. (NYSE: CAJ), ranks third overall<br />
in U.S. patents granted in 2015†<br />
and is one of Fortune Magazine’s<br />
World’s Most Admired Companies<br />
in 2016. Canon U.S.A. is committed<br />
to the highest level of customer satisfaction<br />
and loyalty, providing 100<br />
percent U.S.-based consumer service<br />
and support for all of the products<br />
it distributes. Canon U.S.A.<br />
59:9, 777-787.<br />
7. James E. Cone, Sukhminder Osahan, Christine<br />
C. Ekenga, Sara A. Miller-Archie; “Asthma<br />
among Staten Island fresh kills landfill and barge<br />
workers following the September 11, 2001 World<br />
Trade Center terrorist attacks”, American Journal<br />
of Industrial Medicine, 2016, 59:9, 795-804<br />
8. “Lung function indices”, www.spirxpert.<br />
com/indices7.htm<br />
9. “James L. Zadroga 9/11 Health and Compensation<br />
Act”, “9/11 Health”, www.nyc.gov/<br />
html/doh/wtc/html/health_compensation/<br />
health_compensation_act.shtml<br />
10. “Medical management of chemical casualties<br />
handbook”, 3rd ed. USAMRICD, Aberdeen<br />
Proving Ground, MD. July 2000.<br />
11. Kales S, Christiani D., “Acute chemical injuries”,<br />
New England Journal of Medicine 2004;<br />
350:800-808.<br />
47<br />
is dedicated to its Kyosei philosophy<br />
of social and environmental<br />
responsibility. In 2014, the Canon<br />
Americas Headquarters secured<br />
LEED® Gold certification, a recognition<br />
for the design, construction,<br />
operations and maintenance of<br />
high-performance green buildings.<br />
To keep apprised of the latest news<br />
from Canon U.S.A., sign up for the<br />
Company’s RSS news feed by visiting<br />
www.usa.canon.com/rss and<br />
follow us on Twitter @CanonUSA.<br />
For media inquiries, please contact<br />
pr@cusa.canon.com.<br />
About National Crime<br />
Prevention Council<br />
The National Crime Prevention<br />
Council is the nonprofit leader in<br />
crime prevention. For more than 35<br />
years, our symbol of safety, McGruff<br />
the Crime Dog®, has delivered easyto-use<br />
crime prevention tips that<br />
protect what matters most—you,<br />
your family, and your community.<br />
Since 1982, NCPC has continuously<br />
provided the American public with<br />
comprehensive educational materials,<br />
training programs, and effective<br />
crime prevention messaging, delivered<br />
in large part through its vast<br />
network of more than 10,000 state<br />
and local law enforcement agencies,<br />
crime prevention associations,<br />
community groups, foundations,<br />
and corporate partners.<br />
For more information on how NCPC<br />
can be a public safety expert for<br />
you or how to “Take A Bite Out of<br />
Crime®,” visit www.ncpc.org.
International sports competition<br />
in Brazil<br />
Continued from page 19<br />
rity applications include real-time<br />
credential validation; integration<br />
with multiple handheld peripherals;<br />
tracking of all access activity; and<br />
instantly provisioning and managing<br />
secure access to each identity<br />
per their access profile.<br />
SAFE Sports and Events Access<br />
Manager offers an ideal solution for<br />
temporary or limited engagement<br />
events where security is a high priority.<br />
About Quantum Secure, Inc.<br />
Quantum Secure’s SAFE software<br />
suite provides a single, fully interoperable<br />
and integrated physical security<br />
policy platform to manage and<br />
streamline security identities, compliance,<br />
and operations across multiple<br />
sites and systems. Quantum<br />
Secure’s customers include both<br />
commercial and government organizations.<br />
Quantum Secure is part<br />
of HID Global, an ASSA ABLOY<br />
Group brand.<br />
For more information, visit www.<br />
quantumsecure.com<br />
The 2015 ISIS Attacks on Paris:<br />
Assessment and Lessons Learned<br />
Continued from page 23<br />
Counter Terrorism Action Capabilities<br />
or an equivalent course should<br />
be offered to all first responders.<br />
• Enhance efforts regarding Tactical<br />
Emergency Medical Service to include<br />
Special Weapons and Tactics<br />
(SWAT) teams cross-training with<br />
Fire Department personnel.<br />
References<br />
1. Geert Vanden Wijngaert, AP, “Lessons<br />
Learned from the Paris and Brussels Terrorist<br />
Attacks”, March 23, 2016, www.USAToday.com<br />
2. “An ISIS Militant from Belgium Whose<br />
Own Family Wants Him Dead,” New York<br />
Times, November 17, 2015.<br />
3. “France under first state of emergency since<br />
1961”, The Guardian, November 15, 2016.<br />
4. “The Lessons of Mumbai”, The RAND Corporation,<br />
January 9, 2009.<br />
5. Paul Tassi, “How ISIS Terrorists May<br />
Have Used PlayStation 4 to Discuss And Plan<br />
Attacks”, Forbes, November 14, 2015; www.<br />
forbes.com/sites/insertcoin/2015/11/14/whythe-paris-isis-terrorists-used-ps4-to-planattacks/#2f03878c731a<br />
6. “Five Facts about the Muslim Population<br />
in Europe”, Pew Research Center, November 17,<br />
2015.<br />
7. “Forgotten in the Banlieus”, The Economist,<br />
February 23, 2013.<br />
8. “France: Efforts to Counter Islamist Terrorism<br />
and the Islamic State”, Congressional Research<br />
Service, November 18, 2015<br />
9. “Islamic, Yet Integrated,” The Economist,<br />
September 6, 2014.<br />
10. “Paris Attacks”, New York Times, November<br />
18, 2015.<br />
11. “Behind Francois Hollande’s Snap Decision”,<br />
Wall Street Journal, November 15, 2015.<br />
12. David, Edward F. III, Alejandro A. Alves<br />
and David Alan Sklansky, “Social Media and Police<br />
Leadership: Lessons from Boston”, New Perspectives<br />
in Policing Bulletin, Washington, DC,<br />
U.S. Department of Justice, National Institute of<br />
Justice, 2014<br />
Handheld Narcotics Analyzer<br />
Continued from page 24<br />
designed to reduce sample backlogs<br />
and ensure valuable resources are<br />
put to use on high-profile cases and<br />
analysis of unconfirmed samples;<br />
and<br />
• Free library updates that add<br />
newly discovered substances to the<br />
analyzer’s “fingerprint” library. For<br />
more information on the Thermo<br />
Scientific TruNarc handheld narcotics<br />
analyzer, please visit www.thermofisher.com/trunarc.<br />
About Thermo Fisher Scientific<br />
Thermo Fisher Scientific Inc. is the<br />
world leader in serving science,<br />
with revenues of $17 billion and<br />
more than 50,000 employees in 50<br />
countries. Our mission is to enable<br />
our customers to make the world<br />
healthier, cleaner and safer. We help<br />
our customers accelerate life sciences<br />
research, solve complex analytical<br />
challenges, improve patient<br />
diagnostics and increase laboratory<br />
productivity. Through our premier<br />
brands.<br />
Thermo Scientific, Applied Biosystems,<br />
Invitrogen, Fisher Scientific<br />
and Unity Lab Services – we offer<br />
an unmatched combination of innovative<br />
technologies, purchasing<br />
convenience and comprehensive<br />
support.<br />
For more information, please visit<br />
www.thermofisher.com.<br />
48
Cambridge Pixel enhances radar<br />
tracking software<br />
Continued from page 26<br />
and Tellumat.<br />
Cambridge Pixel will be showcasing<br />
its new SPx radar tracking software<br />
on stand G27 in Hall 2b (UK<br />
Pavilion) at Euronaval in Paris from<br />
17-21 <strong>Oct</strong>ober 2016.<br />
For more information about<br />
Cambridge Pixel’s radar tracker and<br />
range of software modules, please<br />
visit www.cambridgepixel.com or<br />
call: +44 (0) 1763 852749 or email:<br />
enquiries@cambridgepixel.com.<br />
About Cambridge Pixel<br />
Founded in 2007, Cambridge Pixel<br />
is an award-winning developer of<br />
sensor processing and display solutions<br />
including primary and secondary<br />
radar interfacing, processing<br />
and display components for military<br />
and commercial radar applications.<br />
It is a world-leading supplier of<br />
software-based radar tracking and<br />
scan conversion solutions through<br />
its modular SPx software, and HPx<br />
hardware product range. Based near<br />
Cambridge in the UK, the company<br />
operates worldwide through a network<br />
of agents and distributors. In<br />
2015, Cambridge Pixel received a<br />
Queen’s Award for Enterprise in International<br />
Trade for ‘outstanding<br />
overseas sales growth over the last<br />
three years.<br />
Government’s advisory committee<br />
want to end family detention<br />
Continued from page 28<br />
cent reports on family detention, including:<br />
• The S. Commission on International<br />
Religious Freedom’s Report<br />
on the extremely troubling practice<br />
of expedited removal that funnels<br />
children and families into detention<br />
• The American Immigration Lawyers’<br />
Association Report on Central<br />
Americans Seeking Asylum<br />
and Legal Protection in the U.S.<br />
• The American Immigration<br />
Council report on family separation<br />
in family detention and on<br />
families deported back to danger<br />
in Central America.<br />
• Human Rights First reports including<br />
Lifeline on Lockdown and<br />
Family Detention: Still Happening,<br />
Still Damaging.<br />
The Committee’s report will be worth<br />
reading in full and makes concrete,<br />
specific, practical recommendations<br />
throughout to comprehensively address<br />
the myriad of problems posed<br />
by detaining families, but the bottom<br />
line is clear – the U.S. government<br />
should end family detention.<br />
Lindsay Harris is Assistant Professor<br />
of Law at the University of the District<br />
of Columbia, David A. Clarke School<br />
of Law.<br />
Arrest of ex-NSA contractor shows<br />
federal cybersecurity still faces a<br />
serious inside threat<br />
Continued from page 36<br />
man said.<br />
“The main line of defense must be<br />
around your data,” he said. “These<br />
are the only assets you can control.<br />
It may not be a physical location—<br />
it could be in the cloud. There are<br />
endless possibilities for the ways a<br />
hacker or bad actor can get in, so<br />
you can’t try to control it all. The<br />
right approach to managing the insider<br />
threat problem starts with protecting<br />
against inappropriate access<br />
to all of your data repositories–databases,<br />
file servers and cloud applications.”<br />
Martin faces up to 10 years in<br />
federal prison for theft of government<br />
property and a year for the<br />
unauthorized retention of classified<br />
materials. He appeared in federal<br />
court in Maryland on Aug. 29 and<br />
remains in custody, according to the<br />
Department of Justice.<br />
49
Intelligent Automation Inc<br />
discusses Cyber Attacks<br />
Continued from page 37<br />
es to regulate the secure information<br />
flow. Smart AppShield shields<br />
the application from the cyber<br />
attacks and prevents information<br />
leakage, thus providing a trusted<br />
computing base.<br />
Trusted Computing Framework<br />
for Embedded System<br />
(TCES) is a hardware and software<br />
solution that provides broad capabilities<br />
for ensuring the security<br />
of highly distributed embedded<br />
systems, with high-level security<br />
assurance rooted in the hardware,<br />
and high flexibility provided by<br />
the software implementation.<br />
SecureVisor is a platform for<br />
efficiently protecting weapon systems<br />
against cyber threats. Secure-<br />
Visor has three major components<br />
including a whitelisting tool to<br />
identify allowed safe programs,<br />
a security enhanced hypervisor,<br />
and a Trusted Platform Module<br />
(TPM) to provide the root of trust.<br />
SecureVisor is a combined hardware-software<br />
security solution<br />
that provides a high level of security,<br />
and also minimizes impact on<br />
platforms in terms of power, processing<br />
cycles and operation performance.<br />
www.i-a-i.com<br />
The nation’s power grid is struck<br />
by cyber or physical attacks once<br />
every four days<br />
Continued from page 41<br />
Adm. Mike Rogers announced in<br />
March that it is a matter of “when,<br />
not if ” a foreign power will attack<br />
critical U.S. infrastructures.<br />
Peter Pry, a former CIA officer<br />
and grid security advocate, says<br />
the report correctly identified the<br />
contradiction between Obama administration’s<br />
green agenda and<br />
the need to protect the nation’s energy<br />
security.<br />
“The ‘war on coal’ and other hydrocarbon<br />
sources of energy, and<br />
the Obama administration’s environmental<br />
obstacles to development<br />
of nuclear power, is making<br />
the nation less safe,” said Pry, executive<br />
director of the Task Force on<br />
National and Homeland Security.<br />
Coal-fired electric plants and<br />
potentially nuclear power provide<br />
the country with the most resilient<br />
source of electric power. But<br />
the administration’s push to phase<br />
them out and replace them with<br />
wind and solar energy generation<br />
is not only technologically unrealistic.<br />
It will reduce national electrical<br />
supplies at a time when demand<br />
is increasing sharply.<br />
The result will be both increase<br />
costs for electric power and increase<br />
risks to national survival in<br />
50<br />
the aftermath a major cyber attack.<br />
“The increased risks to the national<br />
electric grid and national<br />
security by Obama’s green agenda,<br />
driven by the alleged threat from<br />
climate change, is even more true<br />
for greater threats to the grid posed<br />
by natural and manmade electromagnetic<br />
pulse (EMP),” Pry said.<br />
“These threats and cyber are here<br />
and now, while climate change—if<br />
this scientifically dubious threat<br />
occurs at all—is in the future.”<br />
Mills, the Manhattan Institute<br />
researcher, told the Washington<br />
Free Beacon that cyber security<br />
“is the existential challenge of the<br />
Internet, but so far mainly about<br />
private info and financial data.”<br />
“Meanwhile, the so-called smarter<br />
grid and green power both require<br />
a vast increase of Internet<br />
connectivity bolted onto our electrical<br />
grids,” he said. “What in the<br />
world makes green pundits think<br />
that rapidly expanding and exposing<br />
our critical grid infrastructure<br />
to the Internet is a good idea to<br />
rush into?”<br />
Editor’s Note: Bill Gertz article reproduced<br />
with permission of Washington<br />
Free Beacon: www.freebeacon.com
The News Leader in Physical, IT and Homeland Security<br />
CEO/Editorial Director<br />
Adrian Courtenay<br />
917-696-5782<br />
acourtenay@gsnmagazine.com<br />
Editor<br />
Steve Bittenbender<br />
502-552-1450<br />
sbittenbender@gsnmagazine.com<br />
Senior Writer<br />
Karen Ferrick-Roman<br />
412-671-1456<br />
karenferrickroman@gmail.com<br />
Columnist<br />
Shawn Campbell<br />
Campbell on Crypto<br />
shawn.campbell@safenetat.com<br />
Columnist<br />
George Lane<br />
Hazmat Science & Public Policy<br />
georgelane@hotmail.com<br />
Contributing Author<br />
Lloyd McCoy Jr<br />
Immix Group<br />
Contributing Author<br />
Walter Ewing<br />
Contributing Author<br />
Wendy Feliz<br />
Contributing Author<br />
Joshua Breisblatt<br />
Contributing Author<br />
J. Michael Barrett<br />
Contributing Author<br />
Christopher Millar<br />
Gatekeeper Security<br />
Art Director<br />
Gerry O’Hara, OHDesign3<br />
gerry@ohd3.com<br />
203-249-0626<br />
Production Manager<br />
Brenden Hitt<br />
Brenden.hitt@gsnmagazine.com<br />
Direct: 203-216-7798<br />
COMING ATTRACTIONS<br />
November<br />
Tech Focus<br />
Perimeter Protection/<br />
Intrusion Detection<br />
Market Sector Focus<br />
Mass Notification/<br />
Disaster Response<br />
December<br />
Late News<br />
Tech Focus<br />
2016 Technology Roundup<br />
Special Awards Review:<br />
2016 Digital Yearbook of<br />
Awards Winners<br />
51