Civil Information Awareness Program CIAP Linking Federal State

Civil Information Awareness Program (CIAP) Linking Federal, State and Local Law Enforcement within a Total Information Awareness Grid

CIAP Overview Emphasis on Local level, all source information fusion center focused on deriving HLS related actionable knowledge Conduct Critical Infrastructure Vulnerability Analysis and Threat Assessments Track Indications and Early Warning of Threat Activities Provide on-going net-assessment and Threat Situation Awareness Collaboration Link between Federal & State Information Centers and local LEA Full Spectrum Analysis and Production *Vulnerabilities *Indications and Warning *Situation Awareness

Requirements “Through joint planning, clear communication, comprehensive coordination, mutual aid at all levels and increased information sharing, America ’s first responders can be trained and equipped to save lives in the event of a terrorist attack. President Bush, Securing the Homeland, Strengthening the Nation, 2002 Intelligence sharing capability is the number one requirement of law enforcement agencies. NIJ Sponsored Survey of Law Enforcement Agencies …need an information sharing capability Association of Police Chiefs report to Do. J “the nation’s law enforcement community needs to be a team…focused on predictive intelligence. ” Attorney General John Ashcroft Establishment of new DHS…has identified a requirement for local level intelligence fusion centers as part of national strategy n n Critical Infrastructure Vulnerability Assessment Local level Information Coordination and Dissemination Centers The Technology Needed to Share Information is Already Here

Emphasis on Local level, all source information fusion center focused on deriving HLS related actionable knowledge Field Ops CIAP Ops Center Open Source Data Information Knowledge Citizen All Source Reporting What’s happening Context Federal Info Products Local Operational Area Convert nebulous data to knowledge and actionable options Decision Support Products: Planning Tools Advisories Alerts Bulletins

Process: Conduct Critical Infrastructure Vulnerability Analysis and Threat Assessments Identify Potential Targets Site surveys Define the site’s characterizations Evaluate the site’s physical security posture Evaluate Threats and Prepare Threat Models Correlate Threat to Vulnerabilities Define Indications and Early Warning Criteria Prepare Rapid Response Reference Products Local Database of Potential Target and Likely Threats used to Derive an Indications and Warning Process

Process: Track Indications and Early Warning of Threat Activities Define Specific Information Requirements (SIR) Define Named Areas of Interest NAI Correlate SIR, NAI with Reporting Source Open Reporting Channels using Information Awareness (IA) Net Plot, Record, Correlate and Assess Incoming Reports employing IA Database and Geospatial Information System (GIS) Display Identify activities that provide evidence indicating the development of a potential incident

Process: Provide on-going net-assessment and Threat Situation Awareness Conduct Detailed, Multi-Disciplined Assessment of Reports by comparing to Threat Models Actual Situation Assessment Compared to Predicted Events Identify Deviations and Update Assessment Disseminate Alerts, Advisories or Bulletins as Appropriate BIO Chem Explosives Update Rapid Response References as Appropriate RDD HAZMAT Cyber Response Personnel Constant Awareness of Threat Situation

Technologies CIAP Portal Applications n n n Incident Management GIS Reporting Chat Video VTC Virtual EOC San Diego Enterprise Portal n n n GIS Work Flow Engine Advanced Terabyte Search Engine San Diego State University Vis Lab CAL IT 2 Infrastructure

End State: Collaboration Link between Federal & State Information Centers and local LEA Federal Information Center State Information Centers IA Net Local CIAP • Information Products Archive in Document Library • Imagery Archive • Collaboration Tools for Chat and VTC • Surveillance Video over TCP/IP • Voice over TCP/IP • Incident Management Application • Real-Time Reporting • Report Forms and GIS Mapping National Information Awareness Grid that Emphasizes Local Requirements

Proof of Concept Domestic Emergency Response Information Service (DERIS) March, 2002 Burning Man, August, 2002 Super Bowl XXXVII, January, 2003 n n n Vulnerability Analysis and Threat Assessment Concept Active Citizen Program Indications and Warning/Situation Awareness Concept

Domestic Emergency Response Information Service (DERIS) w Demonstrated feasibility of portal based approach for LEA crisis response w Implements National Institute for Urban Search and Rescue standards for e. Xtreme Information Infrastructure (XII) w Prototype a common operational picture and provide real-time C 2 for Joint Civil. Military Operations w LEA from Chicago, San Diego and Los Angeles utilized collaboration portal within context of a potential terrorist attack

Burning Man Event held annually Spontaneous community of 25, 000 people gathering to explore social phenomena CIAP involvement n n n Established robust collaboration network in an austere environment Employed DERIS portal tools as primary means for receiving, archiving and disseminating emergency management essential elements of information Over four day period, implemented complex cultural analysis focused on the dynamics of an emergent community w w w w n n Social Structure (caste, tribal, warlord) Religion, Ethnic Groups Evolving Economic Structure and Status Political structure and stability Language and Dialect Reaction to intervening forces Location and identification of key social facilities, etc Implications Terrain and Weather Developed Reach-back technique to interface with San Diego State University Sociology Lab and San Diego Data Processing Center’s GIS applications Provided Situation Awareness Products describing community profile in real time Integrated products and tools within 3 -D virtual Emergency Operations Center Employ advanced visualization techniques

Super Bowl XXXVII (Future) Phase I Exercise and Evaluation Support Special Event Readiness Level II San Diego Police requested support from Federal Office for Domestic Preparedness (ODP) CIAP participation…Review Local Vulnerability Analysis and Threat Assessments as basis for Tabletop and Functional Exercises n n n Identify potential critical infrastructure targets and target systems Conduct site surveys, Define the site’s functional, physical and environmental characterizations, Evaluate the site’s physical security posture Define the most likely and most dangerous threat, and Develop threat attack models and correlate with potential target vulnerabilities Facilitate “Gaming” of Threat problem against Security Posture Provide recommendations for security, indications and warning, response and mitigation resources

Target Sites Target San. Sites Diego Target Site Surveys Analysis Target Folders Site Specific Reports Anchored to DOD, ODP, SDNL Standards 1. Text based, but supported by amplifying images, plans, diagrams and maps San Diego Threat Evaluation Analysis 2. Threat Integration 3. Area Threat Assessment Text based, but supported by amplifying images, plans, diagrams and maps Exercises and Gaming Situation Templates Graphics and terrain model based. • Orientation Graphic • Site Characteristics Graphics • Site Findings Graphic Threats Models Developed using DOD, ODP, SDNL Standards • Doctrinal templates • Potential Threat Element Profile *Image *Description *Existence, Capability, History, Intentions matrix *Assessment -targets they may see attractive Graphic snapshots Of Potential Threat Elements Course of Action Related to Specific Sites • Sit-Temp roughs for gaming • Terrain Model • Refined Sit Temp Quad Chart *Site Findings Graphic Extract *PTE image and description *Template of attack COA *Recommendations & I&W

Collect and Report Site Survey Facility X Report Collect Data per Playbook Site Specific Reports Vulnerability Analysis Playbook Initial Production Orientation graphic *Basic Site info Table *Working inward, identify KOCCOA elements *Potential Hazards *Amplifying data tables Information and Product Refinement Process Site Characteristics graphics could take many forms but will illustrate Information collected on: *Operational Conditions, *Building Structure, *Intermodal links and Systemic Impact, *Procedures, *Equipment and Information *Historic Analysis, *Consequence and Severity Analysis *Security System Effectiveness DOD, ODP, SDNL Vulnerability Analysis Protocols Analysis Review Orientation and Characteristics Graphics and identify vulnerabilities. DOD, ODP and SDNL protocols and evaluation checklists are used in conjunction with these graphics to key in on main limitations and opportunities provided by the lay of the land. Final Production Site Findings Graphic will combine critical components of Orientation and Characteristic Graphics to Illustrate key analytical points that need to be brought to the customer’s attention. This will be a single graphic And will provide the basis for gaming during threat integration phase. Target Folder provides description of findings in narrative format 1 San Diego Target Site Surveys

Collect and Report San Diego Threat Evaluation • Detail Research • Interaction with LEA Report Threat Database Threats Models Developed using DOD, ODP, SDNL Standards Initial Production Threat Model Graphics –Doctrinal Templates Illustrate how PTE conducts attacks Information and Product Refinement Process Evaluate PTE using DOD, ODP, SDNL Standards Analysis Correlate PTE Models to Target Site Findings Graphic to determine which sites fit PTE profile Final Production PTE Quad Charts provide a snapshot of PTE And the Potential targets attractive to the group *Image *Description *Existence, Capability, History, Intentions matrix *Assessment -targets they may see attractive Area Threat Assessment 2 San Diego Threat Evaluation

Initial Production Situation Templates are a graphic illustration of how a PTE would attack a specific target. Situation Templates are developed for each attack scenario for each target site. Initial Situation Templates illustrate R&S activity, C 2 Activity, Infiltration Activity and Attack Activity. During Threat Integration’s initial production, Situation Templates are based on an analysis and need to be refined through exercises and gaming. Terrain Models facilitate exercises by providing true scale representation of target site. Table Top Exercise Series to refine Situation Templates and Help Security Personnel identify gas in their resources and procedures Detailed Analysis Information and Product Refinement Process Evaluate and refine Situation Templates based on results of Gaming. Evaluate gaming and define I&W SME Evaluation Final Production Situation Template Quad Charts illustrate ML and MD attack scenarios *Site Finding Graphic Extract *PTE image and description *Template of attack COA *Recommendations & I&W 3 Threat Integration

Active Citizen Concept Field Ops CIAP Ops Center Open Source Data Information Knowledge Products: Planning Tools Advisories Alerts Bulletins Active Citizen All Source Reporting What’s happening Context Decision Support Federal Info Products Local Operational Area A Critical Component to CIAP

Active Citizen Program Main Concept: Community based approach to empowering citizens as partners with law enforcement in the effort to protect their neighborhoods and communities. Issues: *Events of Sept 11 th and subsequent investigations reveal that the terrorists easily integrated into American communities. *Americans are not aware of what indicators to look for. *No program currently exists to educate the American public about things to look for in pre-attack environments *No processes or programs exist to motivate Americans to inform law enforcement officials of suspicious activity. *Most terrorists will infiltrate into ethnically-friendly lower/middle class economic communities. *Most ethnic communities are suspicious of or noncooperative with law enforcement programs. *Existing community-based programs are not compatible with the terrorist modus operandi. Active Citizen Program leverages the eyes and ears of the community to assist law enforcement

Active Citizen Program Act. Cit Coordination Center is not a law enforcement entity Neighborhood Act. Cit Teams Active Citizen Program leverages the eyes and ears of the community to assist law enforcement Components: 1. Organizational and Operational Structure 1. *Act. Cit Coordination Center 2. *Cadre of trained citizen volunteers 2. Reporting Context 1. *Provide citizens with specific information reporting requirements 3. Reporting Infrastructure 1. *Internet based reporting portal 2. *Hotline Phone Bank 3. *Does not replace 911! 4. Information Fusion 1. *Validate 2. *Coalesce 3. *Archive 5. Dissemination to Law Enforcement

Active Citizen Program Pilot Implementation: Establish Coordination Center *Space in County EOC or SDSU Viz lab *Broadband, Telephone and VTC Establish Cadre Sample for initial implementation *Link with SDPD COPS program *Link with Sheriffs Neighborhood Watch Reporting Architecture *PDA, Cell Phone, Wireless Service *Block marshal concept Train and Exercise Implement Small Scale Sample Implementation During Pilot

Pulling the CIAP Pieces Together Vulnerability Analysis + Threat Assessment + Active Citizen Indications and Warning Situation Awareness

Super Bowl XXXVII (Future) Phase II Establish CIAP Center is support of San Diego Multi-Agency Command (MAC) Stand up CIAP Center to provide real-time information reporting and all source fusion in support of indications and warning and situation awareness for Super Bowl security CATIC-California Anti-Terrorism Information Center Fed OHS State LEA DOC CATIC LEA DOC 18 Cities in SD County Real-Time Collaboration Tools Full Service VTC SDPD DOC 18 Cities in SD County Super Bowl CIAP Center IA Net Act. Cit CIAP Portal LA TEW SDSO DOC Reports MIL SD MAC SD EOC Net Assessment Support And Production IA Net SDPD DOC SDSO DOC MIL SD MAC Dissemination SD EOC

Concept of Operations for San Diego: Indications and Warning National Advisories and I&W From Federal Agencies FBI SIOC LA TEW Provides Net Assessment And Fusion Support Z OHS State Anti Terrorism Information Coordination Advisories FEMA Z 1 LA TEW CATIC SDPD DOC SD Sheriff DOC MAC Y CIAC Military COCs County EOC Field Units Act. Cit Event Field X I&W flow into CIAP via Incident Reports from Field And Supporting DOCs 2

Concept of Operations for San Diego: Alerts, Advisories and Bulletins Disseminated for Common Operational Understanding FBI SIOC Z OHS FEMA Z 1 LA TEW CATIC SDPD DOC SD Sheriff DOC MAC Y CIAC Military COCs County EOC Field Units Act. Cit Field Event X 2 Situation Awareness

Implementation Establish the Information Awareness Grid Existing Technology NO new Boxes NO New Software NO Modifications to Architectures Portal Based Concept that uses “familiar” everyday type applications FAA Each Center requires only A username and password For each participant National Capabilities In Direct Support of Local Event in Real-time Real time access to online Vulnerability assessment Products and planning tools Facilitates Existing Procedures Virtual Information Analysis Round-Table FBI SIOC MAC CIAC IA Net SD Sheriff DOC FEMA CATIC LA TEW Information SBU over VPN SDPD DOC OHS Event Military COCs Subject Matter Experts County EOC

Implementation CIAP Functionality…Monitoring Events • Information from the event site Disseminated using Incident Management Application allowing all sites to view significant Incident Reports • Access to Planning Documents using Shared Document Library allows collaborative action planning • Information Requests Managed using Request For Information (RFI) Application • Collaboration Tools allow real-time interaction • GIS Tracking Tools CIAC MAC Local Collaboration Coordinate Event Related Operations Ensure Readiness Posture SDPD DOC IA Net SD County EOC SD Sheriff DOC Act. Cit Coordination at Event Site

Implementation CIAP Functionality…Monitoring Events • Information from the event site Disseminated using Incident Management Application allowing all sites to view significant Incident Reports • Access to Planning Documents using Shared Document Library allows collaborative action planning • Information Requests Managed using Request For Information (RFI) Application • Collaboration Tools allow real-time interaction OHS Link to vast Federal, State and Regional Information Resource Support SDPD DOC FBI SIOC MAC CIAC IA Net FEMA SD Sheriff DOC Military COCs CATIC LA TEW Subject Matter Experts SD County EOC

Implementation CIAP Functionality…Alert and Notification • Broadcast Alerts and activate EOC/DOC using Alert and Notification Application • Shared Document Library • Resource Lists • Planning Docs • Imagery CIAC • Mapping Graphics MAC • GIS Plume Modeling • Situation Templates for Action Planning Cell Phone PDA SDPD DOC IA Net Voice and Text Pager SD County EOC Email SD Sheriff DOC Act. Cit Coordination at Event Site

Next Steps Law Enforcement Working Group Endorsement and sponsorship Federal, State and Local Agency participant endorsements Implement Active Citizen Coordination Implement CIAP operational components Implement CIAP architecture Pilot program in support of Super Bowl Develop Transition Concept