In Rochester, the Rochester Police department will use advanced analytics software from IBM to mine, share and extract intelligence from critical data in order to improve police investigative and prevention programs. Law enforcement will then be able to identify local “hot spots,” and allocate resources in advance.

The application, IBM InfoSphere Identity Insight, provides users with specific data from existing law enforcement and public safety databases to aid in investigations and prevention. “The technology will allow law enforcement officials to see broad patterns about activity in their city and focus on prevention,” Cleverley explains.

In Las Vegas, police there will use IBM’s COPLINK crime analytics software, a product already in place in more than 3,000 law enforcement agencies nationwide. COPLINK allows officers to accelerate their investigations by enabling them to make non-obvious connections based on information that was previously spread across the department. COPLINK will also allow the Las Vegas Metropolitan Police Department to forge information sharing agreements with other law enforcement agencies that already use COPLINK inside and outside Nevada.

Las Vegas police were already using parts of the i2 crime analytics software from IBM – the broader suite which includes COPLINK, giving the department a more comprehensive crime analytics platform.

IBM is working to provide a broad spectrum of analytics solutions for cities Cleverley said. Last year, CivSource reported on another predictive analytics solution used by the Memphis police department. “All of these tools fit along the spectrum of analytics capabilities,” Cleverley said. “You can leverage analytics in a variety of different ways depending on the desired data and outcomes. Each city is using the tools in slightly different ways based on what makes sense for them.”

Cleverley noted that these types of applications can also help make the case for projects like the Public Safety Broadband Network. By giving law enforcement the infrastructure to handle data transfer, and communications at higher speeds throughout more locations officials will also see an improved user experience with applications like COPLINK.

“These tools can really help with the investigation process. For example, witnesses often recant in the hours after reporting a crime. What if law enforcement officials could replay a 911 call for the witness at the first visit, or show them some of the information they already have? It could save time, and strengthen the overall investigation process,” Cleverley said.

IBM has put together a YouTube video that demonstrates COPLINK’s capabilities here.

Public safety and law enforcement officials have been calling for a public safety broadband network for years. Now, they may be closer than ever to having it created. The network has support from the Obama administration and Sens. Jay Rockefeller (D-WV) and Kay Bailey Hutchison (R-Texas), are sponsoring a bill that would get the project off the ground after several roadblocks.

However, Governor’s O’Malley and Mead are raising concerns about the level of involvement from state level officials in the network. State level first responders would be the primary users of the network. In a letter to the Senators sponsoring the bill, the Governors note that the governing body for the network should have the majority of seats filled by state level officials for this reason. That would mean a change to the current language of the bill.

The letter cautions against too much federal power in the bill which would be “a federal intrusion into state and local zoning authority.”

The Governors also want to ensure that any spectrum reallocation or project work is signed off on by state officials so that any existing projects and investments will not be impacted. Reallocating that spectrum to other uses would waste “billions of dollars of taxpayer investments,” the letter said.

Standards for information security and storage are rapidly coming out of a variety of governing bodies as federal agencies adopt a, “cloud first,” strategy. Typically moves like this at the federal level can provide a roadmap for state governments as they look at moving on to similar systems and law enforcement is no different.

Local law enforcement agencies store sensitive information on several inter-jurisdictional systems that are designed to help them understand key information including criminal histories, information about criminal groups and geospatial data. Each of these systems have strict security requirements designed to ensure that access to information but also the information itself is done in a secure manner. When an individual agency moves to cloud, those requirements must still be maintained.

According to Gould, this is where failures can occur. Agencies and contractors must be involved in rigorous due diligence to ensure that any cloud services migration meets security requirements. The Los Angeles Police Department and Google Apps For Government are an example of how a failure to do due diligence can result in a high profile fiasco.

As CivSource reported earlier this year, Computer Sciences Corp. and Google were awarded a five-year, $7.2 million contract with the city to construct a cloud-based email system for all municipal workers but significant deployment delays due to security concerns resulted in thousands of dollars in reimbursements and Google picking up the tab to keep police on a more secure email platform.  Gould notes in a recent SafeGov.org article, Los Angeles officials ran into trouble meeting the requirements for secure access to the national Criminal Justice Information System database (CJIS). The CJIS requirements govern both direct access to CJIS and the secondary dissemination of CJIS-derived information. This can include email, and they also include outside IT contractors who provide services to law enforcement agencies. Los Angeles claims that Google met these requirements initially, but the set up failed on examination.

According to Gould, “The FBI demands 128-bit or better encryption of CJIS-derived information. So-called “at rest” (i.e. storage-based) encryption does not seem to be a standard feature of Google Apps, but the city says Google has met this requirement. LAPD’s existing on premises email server, Novell GroupWise, also meets the FBI’s encryption standard, as do comparable systems such as IBM Lotus Notes and Microsoft Exchange.”

The problem Gould explains is not that the requirements are unclear, but that both cities and contractors need to step back and examine what is actually required. “CJIS requirements are very specific, what you have here is a failure of due diligence. Google Apps For Government clearly does not meet the standard. And there are other law enforcement agencies that are in the same boat with this now. City and state agencies need to look at both the service provider but also the systems integrator to make sure the requirements are met before the contract goes forward.”

Encryption isn’t the only issue, CJIS requires that IT contractor personnel pass criminal background checks and sign the FBI Security Addendum. For contractors like Google, with global personnel, this requirement may not be something they can currently meet without some labor restructuring – a key factor that should be understood during the bid process.

“Large parts of this could have been avoided if both the service providers and the agency understand all of the requirements. The key question for the other law enforcement agencies currently working with Google will be if they step back and find a way to meet the requirements or if they have to work with another provider,” Gould said.

The situation points to broader issues surrounding cloud service providers.  Gould notes that beyond due diligence, the providers themselves need to offer a variety of options to avoid situations like this. Unlike commercial cloud offerings,  public sector agencies face a unique set of requirements designed to ensure the privacy of citizens and the functions of government.  Contractors need to take care to provide solutions that meet these challenges.

The contest will let students compete for prizes in a variety of hour-long skills quizzes on computer networking, operating systems and systems administration. The competition also provides tutorials and training in all of these areas of computing.

The competition is supported by the New England Institute of Technology, Rhode Island Department of Education, RI Science & Technology Advisory Council, and the Tech Collective. Students who participate in the program will learn new skills and get information on various military and college programs focused on cybersecurity.

Last year’s competition included almost 100 schools throughout the state of Rhode Island. Congressmen Langevin, is the co-chairman of the cybersecurity caucus in Congress, and is working with organizations nationwide to increase interest in cybersecurity fields among students.

The technology is provided by Intrado and sends the text messages to live call takers just as a standard 911 call. The only other city using the Intrado technology is Black Hawk County, Iowa. Durham Emergency Communication Center is taking part of the pilot at no cost and will be working with Verizon to provide text message support.

Allowing citizens to text 911 can be helpful during times when a call might not be possible or for individuals that are hearing or otherwise impaired. Some law enforcement agencies have already started experimenting with text message use in times of situational crisis in order to keep people out of certain areas. However, this is typically one way communication from law enforcement to the individual.

Verizon sent word of the pilot to wireless customers in Durham but also noted that there may be increased response time should an individual use a text message to communicate with 911. It is also critical for individuals to provide location information in the text message and not rely on geolocation from their cell phones.

Verizon will also not be providing free 911 text messages or allowing additional characters so messages sent to 911 by Verizon customers will cost the same as any other text and be subject to fees if necessary.

For me, the important insights that emerged from the London Summit were the potential cyber threats that could impact state and local governments. Many vital citizen services are provided online and international cyber intrusions can compromise the security of these networks. Still there are significant challenges that need to be addressed in order to develop the multilateral agreements and the policies that need to be in place to ameliorate the cyber risks.

This issue is not new. Two years ago in Beijing I attended meetings organized by the East/West Institute that addressed the issue of cyber threats. A preliminary agreement was reached at that time, to support multilateral cybersecurity negotiations around several agreed upon topics. The U.S., China, India, Russia and NATO were also ultimately parties to that agreement.

The discussions around protecting critical government services in cyberspace that emerged from the Beijing discussions became the platform for a preliminary interchange on the issue at the first EWI Worldwide Cybersecurity Summit held in Dallas in 2010. It was developed further this year at the 2011 EWI Summit in London.

In addition to the Summits, EWI working groups continue their work throughout the year, to try to hammer out recommendations that set the stage for international cyber cooperation to move forward. Earlier this year U.S./Russia bilateral negotiations on political infrastructure protection took place under the sponsorship of the EWI. The following five major recommendations emerged from that working group:

• Russia and the U.S., along with other willing parties, should conduct an evaluation of the present state of the intermingling of protected, humanitarian critical infrastructure with non-protected infrastructures in order to determine whether existing Convention and Protocol articulation is sufficient and whether significant detangling of essential humanitarian critical infrastructures is feasible.
• Russia and the U.S., along with other willing parties, should conduct a joint assessment of the benefit and feasibility of special markers for zones in cyberspace that can be used to designate humanitarian interests protected by the Conventions and Protocols of War.
• Russia, the U.S. and other interested parties, should assess how best to accommodate Convention principles with the new reality that cyber warriors may be non-state actors.
• Russia, the U.S. and other interested parties, should conduct a joint analysis of the attributes of cyber weapons in order to determine if there are attributes analogous to weapons previously banned by the Geneva Protocol.
• Russia and the U.S., along with other willing parties, should explore the value of recognizing a third, ‘other-than-war’ mode in order to clarify the application of existing Conventions and Protocols.

With these US/Russia recommendations as the foundation, one of the objectives of the London Summit was to define approaches to protect critical government services for our citizens. The protections are critical because of the proliferation of services available on the internet, including emergency response, health care, and human services. Several significant insights came out of the discussions at the Summit.

• There is a need to more clearly and specifically define those critical government services on the internet that directly affect the lives of private citizens.
• Work also needs to be done around policies to protect other critical infrastructure, such as the electric grid, which if attacked, could affect the ability of governments to provide critical citizen services.
• Once defined, policy should apply in peacetime as well as in wartime.
• Although consideration of the U.S.-Russia recommendation of markers in cyberspace was considered, there was concern about the recommendations as they did not address the risks posed by non-state actors.
• It was discussed that cost benefit analysis is required around potentially segregating certain vulnerable entities on the internet.
• Finally, it was also recognized that some multilateral backup capabilities may need to be established subject to assessing cost effectiveness.

The commitment was made by the Summit attendees to continue to refine the observations and recommendations, recognizing that there may ultimately be a requirement for international statutory changes and treaty agreements. The commitment was made to report back on progress at the third Worldwide Cybersecurity Summit planned for 2012 in India.

As always I welcome your feedback and questions for a lively discussion in the comment section below.

Mr. Robert N. Campbell III is Vice Chairman, Principal, Deloitte LLP and is the U.S. State Government Leader, based in Austin, TX

The Gallery is a forum for ideas and examination of matters facing state and local government. Readers, members of the media, academics or the business community are invited to submit guest columns to bailey{at}civsourceonline{dot}com. Member of the public sector? We’re interested in hearing from you too, learn about how you can contribute. CivSource does not endorse the views presented in The Gallery, but offers them in an effort to present more diverse coverage. CivSource will review all submissions but does not guarantee publication of all works submitted.

The 60,000-square-foot facility will include equipment for crime scene science, anthropology, trace and forensic biology, and chemistry; and polygraph, latent prints, firearms, and DNA testing. Bids for the project will open on June 30 with contracts awarded later in the summer. The state expects construction to be completed by 2012.

Currently, the state police lease 15,000 square feet of office space as its laboratory in Fairview Heights. The rented space can no longer accommodate the agency’s technological changes, casework growth and staffing needs.

“Ensuring public safety and creating jobs are two of my administration’s top priorities,” said Governor Quinn. “This project helps us accomplish both by creating an important asset for law enforcement in the Metro East area, while creating 260 jobs.”

The state’s 911 board is funding the project, which represents the largest such project of its type for North Carolina. Project coordinators hope that by providing this data through a uniform statewide initiative, they will be able to avoid redundancy and save money.

Once the project is complete, first responders and workers in 911 call centers will be able to pull up a high resolution visual of where emergency situations are occurring and plan their response accordingly.

For more information on the project or to view existing map data and images visit NC One Map.

According to a report released ahead of NGA’s Winter Meeting, NASCIO issued a “call to action” to help spotlight cyber security risks and the policies needed to help mitigate those risks.

Last September, NASCIO and Deloitte issued a survey, finding many states lack the proper resources to adequately protect some of their citizen’s most personal information. The NASCIO / Deloitte survey also found that internal and external threats to personal identifiable and personal health information are growing.

CivSource spoke with Srini Subramanian director of state government security and privacy services at Deloitte about the survey and what states can do to overcome cyber security challenges. In an interview, Subramanian said most states have a documented cyber security strategy but there are significant challenges with execution. Subramanian noted that in many cases, state CISOs rarely even have the authority to get started. “Too many state CISOs have only dotted line relationships within agencies, giving them no real connection to what’s happening with information security,” Subramanian said. “States that establish CISO authority through statute can create more effective outcomes.”

Kyle Schafer, NASCIO president and West Virginia CIO said the call to action was meant to help state leaders understand the threats and the need to develop appropriate processes and policies.

Meanwhile, NGA Winter Meeting attendees who participated in a meeting of the Special Committee on Homeland Security and Public Safety heard General Keith Alexander, Commander of the U.S. Cyber Command and other federal leaders echo these calls for action, telling governors they needed to better protect their computer networks and electronic systems. Specifically, General Alexander briefed the governors on a partnership between U.S. Cyber Command, the National Security Agency and the Department of Homeland Security and showed how a similar partnership among states and state agencies could be utilized in the event of a cyberattack.

“Threats such as identity theft, network viruses, loss of sensitive information and other malicious activity are part of the ever evolving world of cyber information and communications,” Maryland Gov. Martin O’Malley said after the meeting.

“As public servants, we Governors have a responsibility to protect their citizens’ safety and work together with our corporate partners to defend our nation’s digital infrastructure, ensuring that private networks that control financial systems, electrical grids and communications systems are secure.”

Following news of Florida’s rejection of $2 billion in federal grants for high-speed rail, governors from Connecticut, New York, Rhode Island and Maryland sent letters asking US Transportation Secretary Ray LaHood for those funds.

And in a statement issued earlier this morning, Kentucky Gov. Steve Beshear is taking Gov. Scott to task over another program cut: a state prescription drug monitoring system.

Also known as PDMPs, Prescription Drug Monitoring Programs allow physicians and pharmacists to log each filled prescription into a state database to help medical professionals prevent abusers from obtaining prescriptions from multiple doctors.

According to figures from the National Conference of State Legislatures, 39 states have initiated such programs, and many states are working to setup these databases to communicate with other states to prevent cross-border smuggling of drugs like OxyCotin and Xanax.

In a letter to Gov. Scott, Gov. Beshear wrote that despite the tough economic times facing Florida, “protecting the safety of Americans…must remain a priority for governors. I implore you to reconsider your decision, and implement this life-saving program.”

Kentucky’s Lt. Gov. Daniel Mongiardo was a little more direct, telling the St. Petersburg Times, “I don’t think your governor understands the impact Florida’s pill mills are having outside the state…If there’s no prescription drug monitoring program in Florida, I’m toying with putting a billboard just over your state line that says ‘Welcome to the Oxy-tourism Capital of the World.’ ”

Kentucky officials believe that 60 percent of the region’s illegal prescription pills come from Florida and Kentucky State Police report that more than 500 arrests have been made in Eastern Kentucky in 2009 for those who had traveled to Florida for such purposes.

To combat misuse of prescription drugs from sources within the state, Kentucky implemented the Kentucky All Schedule Prescription Electronic Reporting System (KASPER) in 1999.

“I would be glad to travel to meet with you wherever and whenever convenient for you, including in your home state,” Gov. Beshear’s letter concluded. “Meeting with you to convince you of the importance of this system is of highest priority to me.”

Details have been scant in explaining why the program has been targeted. But most PDMPs are budget neutral, or nearly budget neutral, due to amount of grants available from the federal government. Florida’s program was estimated to cost $1.2 million in upfront costs with annual maintenance costs estimated to be around $500,000.

Elected officials in Florida have vowed to move forward with the program despite Gov. Scott’s plans to kill the system. Since the money has been allocated for funding a PDMP, it would require approval from the legislature to erase, the Miami Herald reported.