Showing posts with label Department of Homeland Security. Show all posts
Showing posts with label Department of Homeland Security. Show all posts

September 4, 2011

9/11 - A Lesson In Risky Business

Corresponding to the 10th anniversary of 9/11, Bloomberg BusinessWeek (5-11 Sept 2011) has a great article on risk management called The G-d Clause.

When insurers take out insurance--this is called reinsurance, and reinsurers are "on the hook for everything, for all the risks that stretch the limits of the imagination"--that's referred to as The G-d Clause--whatever the almighty can come up with, the "reinsurers are ultimately responsible for" paying for it.

And obviously, when insurers and reinsurers don't well imagine, forecast, and price for risky events--they end up losing money and potentially going out of business!

Well when it came to 9/11, insurers lost fairly big financially--to the tune of $23 billion (it is in fact, the 4th costliest disaster since 1970 after Japan's tsunami, earthquake and Fukushima nuclear disaster ($235B), and hurricanes Katrina ($72B) and Andrew ($25B) in the U.S.)

Even Lloyd's "that invented the modern profession of insurance [and] publishes a yearly list of what it calls 'Realistic Disaster Scenarios,'" and while they had imagined 2 airlines colliding over a city, even they failed to anticipate the events of September 11, 2001.

According to the article, even insurers that make their living forecasting risks, "can get complacent."

And the psychology of the here and now, where "people measure against the perceived reality around them and not against the possible futures" is the danger we face in terms of being unprepared for the catastrophic events that await, but are not foretold.

In a sense, this is like enterprise architecture on steroids, where we know our "as-is" situation today and we try to project our "to-be" scenario of the future; if our projection is to far off the mark, then we risk either failing at our mission and/or losing money, market share, or competitive advantage.
The ability to envision future scenarios, balancing reality and imagination, is critical to predict, preempt, prepare, and manage the risks we face.

Post 9/11, despite the stand-up of a sizable and impressive Department of Homeland Security, I believe that our achilles heel is that we continue to not be imaginative enough--and that is our greatest risk.

For example, while on one hand, we know of the dangers of weapons of mass destruction--including nuclear, chemical, biological, and radiological devices--as well as new cyber weapons that can threaten us; on the other hand, we have trouble imagining and therefore genuinely preparing for their actual use.

Perhaps, it is too frightening emotionally or we have trouble coping practically--but in either case, the real question is are we continuing to proceed without adequate risk-loss mitigation strategies for the future scenarios we are up against?

Frankly, living in the suburbs of our nations capital, I am fearful at what may await us, when something as basic as our power regularly goes out, when we get just a moderate rain storm in this area. How would we do in a real catastrophe?

In my mind, I continue to wonder what will happen to us, if we proceed without taking to heart the serious threats against us--then the tragic events of 9/11 will have unfortunately been lost on another generation.

Like with the reinsurers, if we do not open our minds to perceive the catastrophic possibilities and probabilities, then the risky business that we are in, may continue to surprise and cost us.

(All opinions my own)

(Source Photo: here)

Share/Save/Bookmark

November 16, 2010

Who Needs Airport Body Scanners? An Alternative Approach

Not sure if this is serious or a joke, but I received an email for an alternative to body scanners at the airports -- may seem a bit crude, but then again we need to look for an effective security solution that is less invasive.

This particular idea, attributed to Israeli security, is for a booth that rather than take potentially invasive body scans, will safely (but not for you, if you are a terrorist) "detonate any explosive device that you may have on you." Poof!

Advantages: deterrence, speed, privacy, justice, and the objective of safe air transport is achieved.

Share/Save/Bookmark

August 7, 2010

No Real Solution Without Integration

Emergency Management Magazine (July/August 2010) has an article called “Life Savers” that describes how a convergence of new technologies will help protect and save first responder lives. These new technologies can track first responders’ location (“inside buildings, under rubble, and even below ground”) and monitor their vital signs and send alerts when their health is in danger.

There are numerous technologies involved in protecting our first responders and knowing where they are and that their vitals are holding up:

  • For locating them—“It will likely take some combination of pedometers, altimeters, and Doppler velocimeters…along with the kinds of inertial measurement tools used in the aerospace industry.”
  • For monitoring health—“We’ve got a heart monitor; we can measure respiration, temperature. We can measure how much work is being done, how much movement.”

The key is that none of the individual technologies alone can solve the problem of first responder safety. Instead, “All of those have to be pulled together in some form. It will have to be a cocktail solution,” according to the Department of Homeland Security (DHS), Science and Technology (S&T) Directorate that is leading the effort.

Aside from the number of technologies involved in protecting first responders, there is also the need to integrate the technologies so they work flawlessly together in “extreme real world conditions,” so for example, we are not just monitoring health and location at the scene of an emergency, but also providing vital alerts to those managing the first responders. This involves the need to integrate the ability to collect inputs from multiple sensors, transmit it, interpret it, and make it readily accessible to those monitoring the scene—and this is happening all under crisis situations.

While the first responder technology “for ruggedized vital-sign sensors could begin in two years and location tracking in less than a year,” the following lessons are clear:

  • The most substantial progress to the end-user is not made from lone, isolated developments of technology and science, but rather from a convergence of multiple advances and findings that produce a greater synergistic effect. For example, it clearly takes the maturity of numerous technologies to enable the life saving first responder solution envisioned.
  • Moreover, distinct technical advances from the R&D laboratory must be integrated into a solution set that performs in the real world for the end-user; this is when product commercialization becomes practical. In the case of the first responder, equipment must function in emergency, all hazard conditions.
  • And finally, to bring the multiple technologies together into a coherent end-user solution, someone must lead and many parties must collaborate (often taking the form of a project sponsor and an integrated project team) to advance and harmonize the technologies, so that they can perform as required and work together seamlessly. In the case of the first responder technology, DHS S&T took the lead to come up with the vision and make it viable and that will save lives in the future.


Share/Save/Bookmark

August 18, 2009

DHS OIG Report on My User-centric EA Implementation at the Coast Guard

Just learned of new Department of Homeland Security (DHS) Office of Inspector General (OIG) Report documenting the significant progress of Enterprise Architecture and IT Governance program at the U.S. Coast Guard, which I led up to and during the majority of the audit.

I am pleased at the recognized progress and at the terrific work that my team accomplished there--I am very proud of all of them!

Of course, there is more work to be done, but the right EA infrastructure has been put in place to accomplish the goals and objectives set out.

Here is the link to the report: http://sites.google.com/site/thetotalcio/Home/links/EAOIGReport-July2009.pdf?attredirects=0

"The Coast Guard has made progress in developing its enterprise architecture by defining its enterprise architecture framework [User-centric EA] in alignment with both federal and DHS architectures. In addition, its enterprise architecture is aligned with the Coast Guard's IT strategy. These achievements have been possible because of executive support for the enterprise architecture effort."
Share/Save/Bookmark

July 13, 2008

Secure Border Initiative and Enterprise Architecture

The enterprise architecture change process starts with requirements generation and management. Requirements become business cases and business cases become decision requests for new or changes to IT projects, products, and standards that go before the enterprise architecture board (EAB) and ultimately to the IT investment review board (IRB). The decision requests get vetted against the architecture for business alignment and technical compliance by the EAB. The IRB takes the findings of the EAB and also looks at return on investment and risk management. Approved changes to the IT environment get added to the enterprise architecture.

So mission-business requirements from the program sponser/end user are the starting point for changes to the EA.

What happens though when requirements are unclear?

Obviously, if the requirements are unclear, then proposed changes to the enterprise are sort of like shooting in the dark, and the ability to develop viable technical solutions is a guessing game.

An article on Secure Border Initiative in National Defense Magazine, July 2008, demonstrated how the architecture does not add up, when the “Border Calculus” is a big question mark.

After 9/11, securing the border became a more publicized issue. With the formation of DHS, the Secure Boarder Initiative (SBI) was set up in 2005.

SBI is supposed to secure the border, okay. But secure it against what is the question. What are the requirements for securing it?

  1. Illegal immigrants—“For many Americans—especially these who don’t live near the border—illegal immigration is what prompts their calls for a beefed up border.” While some say that “the U.S. economy depends on cheap labor…others claim illegal immigrants are a drain on the economy.”
  2. Terrorism—“For the Department of Homeland Security, charged with protecting the nation, keeping weapons of mass destruction out of the United States is the priority.”
  3. Drugs—“for many who live north and south of the four states that border Mexico, the real threat is narcotics.”

Each of these purposes, changes the equation. If the primary purpose you are securing the border is to protect against a genuine threat of weapons of mass destruction, then some may argue for highly secure border, one that is truly non-porous, without regard to cost. However, if the goals are more for controlling illegal immigration, perhaps a less perfect and less costly border security solution is acceptable. And if drugs are the issue, then maybe the money is better spent going after the source, rather than building fences that can be circumvented.

So understanding and building consensus on the true requirements are critical to developing a business case and a technical solution.

As it stands now, SBI is going in two directions:

  1. Physical fence—“to stop those on foot or on vehicles.” Estimates by the Congressional Research Service “say that maintaining those fences may cost up to $49 billion.” While critics say that these physical barriers “only delay an illegal crosser three to four minutes,” so is this worth it?”
  2. Virtual fence—“Sensors, cameras, improved communication systems and unmanned aerial vehicles.” According to the article, “no one seems know how much it will cost to set up and maintain these high-tech systems throughout their lifespan.”

Additionally, “plans call for doubling the number of border patrol agents.”

I guess without a clear consensus on what we’re trying to accomplish, any solution will get us there or not. Isn’t this what an enterprise architecture is supposed to help with—establishing a clear roadmap or blueprint? Of course, but it’s got to start with the requirements generation process and with the business owners.


Share/Save/Bookmark

January 25, 2008

Big Brother is Watching and Enterprise Architecture

The enterprise architecture for law enforcement and security in the next decade will be focused on using technology to identify the bad guys and stop them in their tracks.
ComputerWorld, 14 January 2008, reports that “Homeland Security is bankrolling futuristic technology to nab terrorists before they strike.”
Here’s the target architecture:
“The year is 2012 [probably a bit optimistic on the date]. As soon as you walk into the airport, the machines are watching. Are you a tourist—or a terrorist posing as one? As you answer a few questions at the security checkpoint, the systems begin sizing you up. An array of sensors—video, audio, laser, infrared—feeds a stream of real-time data about you to a computer that uses specially developed algorithms to spot suspicious people. The system interprets your gestures and facial expressions, analyzes your voice and virtually probes your body to determine your temperature, heart rate, respiration rate, and other physiological characteristics—all in an effort to determine whether you are trying to deceive. Fail the test, and you’ll be pulled aside for a more aggressive interrogation and searches.”
Last July, The Department of Homeland Security, “human factors division asked researchers to develop technologies to support Project Hostile Intent, an initiative to build systems that automatically identify and analyze behaviors and physiological cues associated with deception.”

The intent is to use these screening technologies at airports, border crossings, as well as possibly in the private sector for building access control and candidate screening.
Sharla Rausch, director of DHS’s human factors division says that “in controlled lab setting, accuracy rates are in the range of 78% to 81%.”
Where is the current research focused?
  1. Recognition of gestures and microfacial expressions
  2. Analysis of variations in speech (i.e. pitch, loudness)
  3. Measurement of physiological characteristics
The hope is that by combining all three modalities, “the overall predictive accuracy rate” will improve.
What are some of the challenges with these technologies?
  1. Currently, too many false positives
  2. Existing technologies, like the polygraph have “long been questioned by scientists…and remain inadmissible in court.”
  3. Ability of algorithms to “correctly interrupt” suspicious behavior or cues
  4. Profiling is continuously objected too based on discriminatory grounds
  5. Privacy concerns about the personal data collected
  6. Testing is limited by security concerns in the field
  7. Deployment will be limited due to cost, leaving soft targets potentially at risk
Will this Big Brother screening technology come to fruition?
Absolutely. The challenges with the technologies will be resolved, and putting aside the profiling and privacy issues, these screening technologies will become essential to our protecting ourselves.

Share/Save/Bookmark