National Capital Region Interoperability Program NCRIP Data Exchange
National Capital Region Interoperability Program (NCRIP) Data Exchange Hub (DEH) Project GSA - IAB February 14, 2008
NCR Interoperability Program Concept of Operations ESF-1. . N USERS FEDERAL USERS EXECUTIVE ADMIN PUBLIC USERS ARCHITECTURE REVIEW BOARD ADMIN UI CREDENTIALING DATA EXCHANGE DATA SEARCH HUB APPLICATION ACCESS FEDERAL SOURCES FEDERAL INFORMATION NCRNet ESF-2 ESF-1 ESF-2 Jurisdiction - 1 Jurisdiction - 3 ESF-2 Jurisdiction - 2 ESF-1 ESF-2 Jurisdiction - N 1
NCR Data Sharing Jurisdictions communicate through point to point phone calls or point to point system integrations. Jurisdiction s Calls / Integrations 5 10 20 190 Jurisdictions communicate using the DEH to share information online. Jurisdictions Integrations 20 20 2
DEH Goals and Strategic Objectives NCR Data Exchange Hub Goal Enable the efficient and secure exchange of data (text, voice, video and multi-media) across the NCR. Goal Area 1 Goal Area 2 Goal Area 3 Goal Area 4 Goal Area 5 TECHNOLOGY INFRASTRUCTURE SECURITY STANDARD OPERATING PROCEDURES TRAINING GOVERNANCE Strategic Objective: Ensure device independent access to data and services in real time when needed through implementation of a Service Oriented Architecture (SOA). Preserve the inviolability of the DEH through sound security practices. Develop, adopt and implement standard policies, processes and procedures to facilitate information sharing. Strategic Objective: Ensure all necessary personnel are trained to support interoperability across all systems for shared situational awareness. Establish a common operational governance structure that improves the implementation of any major technology project. NCR Data Exchange Hub Final Outcome A sustainable, enabling architecture for the secure sharing data (text, voice, video and multi-media) across all Emergency Support Functions within the NCR when needed and as authorized. 3
NCR DEH Project Deliverables 1. NCR Technical Standards 2. NCR Architectural Recommendation 3. NCR Exchanges 1. Resource Typing Data Exchange IEPD Ø http: //www. ncrnet. us/deh/IEPD/index. htm 2. Web. EOC to HSIN Data Exchange IEPD Ø http: //www. ncrnet. us/deh/iepd/cims-exchange. htm 3. Fire Incident Mapping Data Exchange IEPD Ø http: //http//www. ncrnet. us/deh/iepd/rms-exchange. htm 4. NCR IT Governance Ø Security Policy Ø Information Management Policy Ø IT Service Management 4
Open Standards Facilitate Vertical and Horizontal Integration • National Information Exchange Model (NIEM) v 1. 0 • Emergency Data Exchange Language (EDXL) • Common Alerting Protocol (CAP) • NIST Security 800 -53 • ITIL 5
NCR Data Exchange Hub Evaluation and Implementation of National Standards Link: http: //www. ncrnet. us/toolkit NIEM IEPD Life Cycle Mapping Schema User Manual NIEM CAP EDXL NIST WSDL NCR Implementation 6
DEH Architectural Recommendation Roadmap to SOA 7
NCR DEH Exchanges Live in Development Environment NCR Resource Inventory Share local First Responder Resource Information deemed important to the region (DC, Northern Virginia, Maryland) http: //www. ncrnet. us/demo-frri Web. EOC to HSIN Share local incidents/related events deemed important to the region (DC, Northern Virginia, Maryland) with HSIN (CIMS) and others. Data entered once in Web. EOC and shared with HSIN. NCR Mapping Application Assist Towson in developing an exchange for sharing Fire CAD – RMS incidents with an NCR regional mapping application (developed by DEH). http: //www. ncrnet. us: 8080/NCRIPDemo / 8
DEH SOA Governance 9
NCR Policies, Practice Statements, Processes and Procedures 10
NCR Policies 11
Policy, Practice Statement, Process and Procedure Example NCR-IS Security Policy - The NCR ISO shall ensure unique identification and authentication of NCRUsers (or processes acting on behalf of users) and that each employ multifactor authentication. Practices (more than one) stemming from the policy statement above: Practice Statement 1. An NCR User is already issued a unique identifier, called a username, by the jurisdiction that the user works for. Additionally, the user is issued a default password that the user must change. 2. The NCRjurisdiction shall enable interoperability of the directory/authentication store containing the user information with the DEH. 3. Mechanisms native to the directory platform shall be utilized to share identification and authentication information. 4. Secure protocols such as SSL and TLS shall be used to protect the information transferred between the NCR jurisdiction and the NCR. 5. An NCR user shall, by the jurisdiction or the NCR, be issued a unique, X. 509 formatted, digital certificate. The digital certificate shall use a key size of 2048 bits and RSA encryption. Processes and/or procedures (each corresponds to a practice above, and there can be multiple): Procedure 1 A. The user shall utilize existing processes and procedures within his/her corresponding jurisdiction to obtain his/her username and password. 2 A. To enable the jurisdiction directory/authentication store to work with the NCR-IS, perform the following steps: (more) 3 A. Configure the jurisdiction Active Directory in the following manner: 4 A. To install an X. 509 certificate to support the SSL/TLS enablement of the protocol, perform the following steps: 5 A. To install the issued X. 509 certificate on a Windows XP workstation, perform the following steps: 12
NCR DEH Governance Security Practices & Procedures – Risk Assessments Policy Compliance Mapping Security Categorization Privacy Impact Assessment Security Risk Assessment 13
Next Step – Planned PSIC Deliverables July 2008 – Sept. 2010 Total Projected: $5, 000 1. Exchanges Ø Ø CAD to CAD (Unit Status, Call for Service/Dispatch Remote Units) NCR Map (Working with GIS Subcommittee) 2. Infrastructure Ø Ø Evaluate, Select and Implement Data Center Hosting for Test/Staging DEH Environment Evaluate, Select and Implement Data Center Hosting for Production DEH Environment 3. Enterprise Architecture / Governance Ø Ø Draft Security, Practices and Procedures Draft Information Management Practices and Procedures Draft Service Support Practices and Procedures ITIL Compliant Service Support 14
- Slides: 15