BACKGROUND

Effective top-down and bottom-up, secure communication is critical among state transportation agencies before, during, and after an emergency incident. Infrastructure that supports secure communications is of interest to all modes of transportation and all emergency responders. An upcoming demonstration provides an opportunity for researchers to highlight and address development and implementation questions.

OBJECTIVES

Phase 1: Prepare an Interim Report on the July 3 demonstration (described below), placing it in the context of secure communication-infrastructure developments for transportation. Propose Phase 2 follow-up activities.

Phase 2: Characterize the users, and scope and test the deployment-readiness of a state-based secure communication system.

Phase 3: Develop information, analysis, and perspectives of potential participants on the value and feasibility of forming a transportation agency sector ISAC, possibly under the ST-ISAC.

PHASE 1

Task 1. Debrief participants in the July 3, 2002, demonstration of the ITA. The New Mexico State Highway and Transportation Department and partner state transportation agencies and federal agencies are developing a web-based system for sharing intelligence information in real-time on a range of security issues. This non-proprietary effort, called Integrated Transportation Analysis (ITA), has potential applicability for use by all transportation modes, emergency responders, and other entities.

The ITA July 3 demonstration will involve partner states (New Mexico, Texas, Maryland, Washington, and Missouri); FHWA Division Offices in New Mexico and Texas; and federal transportation security interests including the US Department of Transportation and the Federal Bureau of Investigation.

An Interim Report on the July 3 demonstration will include assessments of the current ITA capability by the participating states and federal agencies. The assessments should include the security features of the ITA information exchanges and secure website, and recommendations for further development. The Interim Report should also include ITA assessments by state and federal agencies observing, but not participating in, the demonstration.

Task 2. Prepare an interim report. Report on the ITA demo and propose Phase 2 activities. The Interim Report will cover the preparations for, conduct of, and after-action assessments and recommendations derived from the July 3 demonstration. The Interim Report will assess the security of the information shared between and among state transportation agencies, the US DOT and other federal agencies during the July 3 demonstration. The Interim Report should describe the process and progress of the ITA. The Interim Report must include a recommended Phase 2 work plan that describes a path to providing an integrated, secure communication infrastructure. One resource to be considered in preparing the Interim Report is the Preliminary Draft Final Report from TCRP Project J-10B(4) Communication of Threats, which is attached.

Task 3. Meet with the panel in Washington DC. The panel will meet with the researcher to discuss the Interim Report to approve a Phase 2 work plan.

PHASE 2

Task 1. Identify and characterize the anticipated user universe for a State DOT centered secure communication system. This will entail describing the institutional roles and responsibilities of pertinent state, local, and federal entitities responsible for transportation infrastructure, operations, security, and communications, and describing their information needs from a transportation security perspective. This can be accomplished partially through surveys.

Task 2. Develop and support a summit on secure information sharing. The summit purpose is to identify institutional and technological issues associated with the implementation and ongoing development of a secure communication system. The workshop will be held in Washington DC, for a day and a half with about 60 participants. The workshop participants will be selected and their travel costs funded by the NCHRP.

Task 3. Review relevant practice, performance data, research findings, and other information related to available secure communication systems. This information shall be assembled from technical literature and from unpublished experiences of engineers, telecommunications buyers, software suppliers, system integrators, and others. This section serves as a primer on the features available for secure communications infrastructure and provides a market survey of readily available systems that are appropriate for some identified environments. Information on actual field performance—especially as it relates to predictions based on the results of currently applied laboratory test procedures—is of particular interest. This task should build upon the information on pages 27-31 of the Phase 1 report, focusing on capabilities and connectivity. The experiences of the various sectoral Information Sharing and Analysis Centers (ISACs) will be included. The connectivity of a Surface Transportation ISAC to the ITA System, and the ITA System to internal State information systems will be addressed. At minimum, please provide explicit information on the degree to which each of the other systems described on pages 27-31 of the Phase 1 report will be able to share information and inter-operate with the ITA system.

Task 4. Submit an interim report detailing the findings of Tasks 1 through 3. Of particular interest are the policies, training, and standard operating practices in regards to the handling of sensitive information, and the security clearances or other mechanisms for limiting and enforcing system access for different types of secure communication systems. The interim report might take the form of a "best practices" report designed 1) in support of the formation of a fully functional Surface Transportation (Highway) ISAC, and 2) in support of a separate ITA System.

Concurrently with the above tasks, the panel would like to pursue testing and evaluation of a proposed system.

Task 5. Conduct scalability tests of the first generation of a state-based secure communication system (currently ITA) for a range from 50 nodes (users) to 1,000 nodes (the anticipated build-out). To meet these objectives calls for a significant research effort in partnership with the developers to resolve issues including operating system stability and performance, system manageability and scheduling, fault tolerance and recovery, and details of the communications network. These laboratory tests should identify functional problem areas and system response to peak loads (i.e., spikes) as well as the likelihood of insecure transmissions. Tests should focus on the reliability and security of the system. Testing should also determine if the system operations could be significantly improved by limiting expansion to something less than 1,000 nodes.

Task 6. Prepare an interim report on the information developed in Task 5, including advice on how the system could be modified to provide more nodes if needed. The interim report shall also contain a detailed work plan for field testing in Phase III. NCHRP review and approval of the interim report will be required before proceeding with work on the remaining tasks. The contractor should anticipate meeting with the Project Panel to discuss the proposed research plans.

PHASE 3

Task 1. Conduct a review of all available information and experience dealing with ISAC formation and use. Focus will be on understanding the purpose, roles, costs, effectiveness, value added, and other relevant factors about ISACs role in transportation security and threat response. Product will be a comprehensive report summarizing baseline information regarding ISACs and their potential application to the transportation agency community.

Task 2. Support a working group of transportation agency leaders in evaluating the potential of forming a Transportation Agency Sector for an ISAC. Provide logistical and analysis support for the working group of 5-7 people. This working group will be developing and forming recommendations regarding AASHTO participation and/or leadership of a Transportation Agency Sector ISAC. Products will include 5 to 7 white papers dealing with issues defined by the working group and supporting business case analysis of the feasibility of establishing this Sector ISAC.

Status: Complete. Published. This second volume of NCHRP Report 525: Surface Transportation Security will be of interest to those responsible for analyzing intelligence to determine threats to transportation assets; included will be chief executive officers, senior executives, operational and technical managers, law enforcement officers, security personnel, and communications and human-resources staff. Personnel with similar responsibilities in public transportation or public works will also find this report to be of value. The objective of Volume 2: Information Sharing and Analysis Centers: Overview and Supporting Software Features is to provide background for decisions on how to organize and share security threat information across transportation organizations.

NCHRP Report 525: Surface Transportation Security Volume 2: Information Sharing and Analysis Centers: Overview and Supporting Software Features




TRB's National Cooperative Highway Research Program (NCHRP) Report 525: Surface Transportation Security Volume 2: Information Sharing and Analysis Centers: Overview and Supporting Software Features examines how to organize and share security threat information across transportation organizations.