32 September 2003/Vol. 46, No. 9 COMMUNICATIONS OF THE ACM
By John Yen EMERGNG TECHNOLOGIES FORHOMELAND SECURITY he catastrophic events of September 11, 2001, dramati- ILLUSTRATION BY cally demonstrated the reach and effects of terrorism and ROBERT NEUBECKER made protecting the security of citizens a top priority and jor challen nge for mant governments worldwide. The formation of the Department of Homeland Security is an exemplar response by the U.S. to such a challenge, draw- ing upon the intellectual and technological capabilities of scholars, scientists,and technologists. In this special section, we highlight some of the key emerging technologies related to several critical areas in the realm of homeland security. As outlined in The National Strategy for Homeland Security, ' the scope of U.S. homeland security is quite broad. Six of the mission areas considered critical include: intelligence and warning: border and transportation security; domestic counterterrorism; protect- ing critical infrastructures; defending against terrorism; and emer gency preparedness and response. The first three areas focus on, among other things, preventing terrorist attacks against the U.S the next two on reducing vulnerabilities within the U.S., and last area on minimizing the damage and recovering from attacks that have occurred in the U. S Information and communi tion technologies (ICTs)must play a pervasive, central role in overcoming the many inherent informational challenges embod I National Strategy for Homeland Security. U.S. Office of Homeland Security. COMMUNICATIONS OF THE ACM March 2004/Vol 47. No.3 33
COMMUNICATIONS OF THE ACM March 2004/Vol. 47, No. 3 33 T he catastrophic events of September 11, 2001, dramatically demonstrated the reach and effects of terrorism and made protecting the security of citizens a top priority and a major challenge for many governments worldwide. The formation of the Department of Homeland Security is an exemplar response by the U.S. to such a challenge, drawing upon the intellectual and technological capabilities of scholars, scientists, and technologists. In this special section, we highlight some of the key emerging technologies related to several critical areas in the realm of homeland security. As outlined in The National Strategy for Homeland Security, 1 the scope of U.S. homeland security is quite broad. Six of the mission areas considered critical include: intelligence and warning; border and transportation security; domestic counterterrorism; protecting critical infrastructures; defending against terrorism; and emergency preparedness and response. The first three areas focus on, among other things, preventing terrorist attacks against the U.S., the next two on reducing vulnerabilities within the U.S., and the last area on minimizing the damage and recovering from terrorist attacks that have occurred in the U.S. Information and communication technologies (ICTs) must play a pervasive, central role in overcoming the many inherent informational challenges embodEMERGING TECHNOLOGIES FOR HOMELAND SECURITY illustration by robert neubecker By John Yen 1National Strategy for Homeland Security. U.S. Office of Homeland Security, July 2002; www.whitehouse.gov/homeland/book/
ied within these six mission areas. Due to this wide and social network analysis(SNA). To better deal scope, this special section seeks to provide a snap- with the complex nature of terrorist activities, the shot of some of the key emerging ICTs related to authors enhanced traditional algorithms using three of the mission areas(intelligence, protecting these techniques to operate on graphs whose nodes infrastructure, and emergency response). These and edges are labeled by attributes. Moreover, three areas were selected because their informational because intelligence data is often incomplete, challenges are not only critical but also highly inter- ambiguous, and/or unreliable, these enhanced algorithms also consider inexact matches between The special section includes three articles on tech- the intelligence data and the pattern graphs. Based nologies to support intelligence and warning(includ- on the difference of social interactions between ing a summary by authors from the Defense normal non-terrorist groups and those between te Advanced Research Project Agency), two articles rorists, SNA metrics can be defined to characterize about protecting critical infrastructure, specifically suspicious activities. Bayesian classifiers are then ber infrastructures (including an overview about used to classify suspicious activity graphs and time technology and strategy for cyber security), and two varying graphs articles regarding ICTs for enhancing emergency Kogut et al. describe a research effort designed to preparedness and response. support counterterrorism analysts using agents that can dynamically anticipate their fe Intelligence and Warning mation needs. The approach is inspired by psycho- he article by Popp et al. surveys several logical studies suggesting effective human team DARPA-sponsored research thrusts for behaviors are based on maintaining a shared mental counterterrorism. These include: center- model of the team. The authors use an agent archi edge collaboration, analysis and decision tecture called CAST( Collaborative Agents Simulat- support tools to support multi-agency ing Teamwork) to support a computational shared information sharing and collaborative mental model about the structure and the process of problem solving: ICTs involving transcription, the team, enabling software agents to dynamically machine translation, cross-language information anticipate information needs of analysts, and detection and retrieval, and summarization, whose assist them by finding and delivering information use will help to exploit the wealth of available for- relevant to their needs eign language speech and text; and pattern analysis tools intended to detect terrorist signatures from Protecting Cyber Infrastructures extual sources, representing and detecting patterns oth government agencies and global indicative of terrorist plots, and learning new ter enterprises rely on a secure network rorist patterns. The authors describe experiments infrastructure for sharing critical infor- onducted jointly by DARPA and several agencies mation and conducting business transac within the U.S. intelligence and counterterrorism protecting communities. The experiments, conducted by real infrastructures from cyber attacks is criti- tellis nce analysts solving actual foreign intelli- cal. The article by Saydjari provides a general gence problems using their own foreign intelli- overview of the components of cyber defense, dis- gence data, indicated that analysts were far more cussing a variety of challenges and issues ranging productive using the IT tools provided by DaRPa from strategies and technologies to performance as opposed to using manually driven conventional assessment. One of the challenges discussed is the means. Specifically, analysts spent much less time lack of an experimental infrastructure and rigorous searching and preprocessing data (preparing data scientific methodologies for developing and testing for analysis)and generating intelligence reports next-generation cyber security technology in sup- (summarizing analysis for decision makers)and port of deploying large-scale cyber security systems much more time on doing the actual analysis The article by Bajcsy et al. describes a project with (thinking about the problem) n extensive research ddress th Coffman, Greenblatt, and Marcus elaborate on challenge. The goal of the project, which involves one of the DARPA research thrusts for counter-ter- nine teams from academia and industry, is to create rorism: pattern analysis. More specifically, two an experimental infrastructure network to support graph-based techniques for detecting suspicious the development and demonstration of next- activities of terrorist groups are described: sub- generation information security technologies for graph isomorphism algorithms(graph matching), cyber defense 34 March 2004/Vol 47. No. 3 COMMUNICATIONS OF THE ACM
34 March 2004/Vol. 47, No. 3 COMMUNICATIONS OF THE ACM ied within these six mission areas. Due to this wide scope, this special section seeks to provide a snapshot of some of the key emerging ICTs related to three of the mission areas (intelligence, protecting infrastructure, and emergency response). These three areas were selected because their informational challenges are not only critical but also highly interrelated. The special section includes three articles on technologies to support intelligence and warning (including a summary by authors from the Defense Advanced Research Project Agency), two articles about protecting critical infrastructure, specifically cyber infrastructures (including an overview about technology and strategy for cyber security), and two articles regarding ICTs for enhancing emergency preparedness and response. Intelligence and Warning T he article by Popp et al. surveys several DARPA-sponsored research thrusts for counterterrorism. These include: centeredge collaboration, analysis and decision support tools to support multi-agency information sharing and collaborative problem solving; ICTs involving transcription, machine translation, cross-language information detection and retrieval, and summarization, whose use will help to exploit the wealth of available foreign language speech and text; and pattern analysis tools intended to detect terrorist signatures from textual sources, representing and detecting patterns indicative of terrorist plots, and learning new terrorist patterns. The authors describe experiments conducted jointly by DARPA and several agencies within the U.S. intelligence and counterterrorism communities. The experiments, conducted by real intelligence analysts solving actual foreign intelligence problems using their own foreign intelligence data, indicated that analysts were far more productive using the IT tools provided by DARPA as opposed to using manually driven conventional means. Specifically, analysts spent much less time searching and preprocessing data (preparing data for analysis) and generating intelligence reports (summarizing analysis for decision makers) and much more time on doing the actual analysis (thinking about the problem). Coffman, Greenblatt, and Marcus elaborate on one of the DARPA research thrusts for counter-terrorism: pattern analysis. More specifically, two graph-based techniques for detecting suspicious activities of terrorist groups are described: subgraph isomorphism algorithms (graph matching), and social network analysis (SNA). To better deal with the complex nature of terrorist activities, the authors enhanced traditional algorithms using these techniques to operate on graphs whose nodes and edges are labeled by attributes. Moreover, because intelligence data is often incomplete, ambiguous, and/or unreliable, these enhanced algorithms also consider inexact matches between the intelligence data and the pattern graphs. Based on the difference of social interactions between normal non-terrorist groups and those between terrorists, SNA metrics can be defined to characterize suspicious activities. Bayesian classifiers are then used to classify suspicious activity graphs and timevarying graphs. Kogut et al. describe a research effort designed to support counterterrorism analysts using software agents that can dynamically anticipate their information needs. The approach is inspired by psychological studies suggesting effective human team behaviors are based on maintaining a shared mental model of the team. The authors use an agent architecture called CAST (Collaborative Agents Simulating Teamwork) to support a computational shared mental model about the structure and the process of the team, enabling software agents to dynamically anticipate information needs of analysts, and to assist them by finding and delivering information relevant to their needs. Protecting Cyber Infrastructures B oth government agencies and global enterprises rely on a secure network infrastructure for sharing critical information and conducting business transactions; therefore protecting IT infrastructures from cyber attacks is critical. The article by Saydjari provides a general overview of the components of cyber defense, discussing a variety of challenges and issues ranging from strategies and technologies to performance assessment. One of the challenges discussed is the lack of an experimental infrastructure and rigorous scientific methodologies for developing and testing next-generation cyber security technology in support of deploying large-scale cyber security systems. The article by Bajcsy et al. describes a project with an extensive research agenda to address this very challenge. The goal of the project, which involves nine teams from academia and industry, is to create an experimental infrastructure network to support the development and demonstration of nextgeneration information security technologies for cyber defense
Emergency hen a terrorist attack occurs, emer- mobility, seronine robots must have good human- Preparedness and Respons ments and require special considerations for their and communication capabilities agencies at the federal, state, and robot interaction to ultimately be accepted by the local levels must quickly collaborate rescue workers to assess the nature, severity, and effects of the attack, as well as to plan Conclusion and coordinate their response actions. One of the two It is fortunate the U.S. is able to utilize a wide range of articles in this area focuses on wireless technology in technological bases to develop ICTs for homeland support of first responders, while the other article security purposes. This ability is tempered by the new describes the use of robotics technology for rescue problems and challenges raised by contemporary te operations. The article by Sawyer et al. describes a rorist activities. In the articles that follow you will see field study of police in Pennsylvania using mobile both the tremendous science and the problems of access technology to access an integrated justice infor- operations that will bind the efforts to make the U.S mation system. The goal of the study is to assess the safer. Some of the challenges are due to the complex potential impacts of 3G wireless networks on first and secret nature of terrorist activities, while others are responders. The authors' observations suggest that due to environmental constraints. The widely varying introducing wireless technology is unlikely to change yet highly interrelated homeland security challenges xisting organizational links within the legacy com- discussed in this section are intended to help spur the mand, control, and communications infrastructure. global IT community in designing and developing Murphy's article describes the use of robots after novel and creative multidisciplinary solutions for such Sept. 11 in searching for victims and in assisting first challenges. c responders in assessing the structural integrity of the World Trade Center foundation. The article discusses JoHN YEN (yen@ist psu.edu)is a University Professor of Information several research issues identified as a result of the expe- Information Sciences and Technology at Pennsylvania State University rience: fundamentally, rescue robots must function within the physical constraints of complex environ- o2004ACM0002-07820-4/0300$5.00 Communications of the acm 2004 Editorial Calendar Give Rebooting the boot APRIL Etiquette for With vMware Virtualization Software Human-Computer Relatior MAY Transforming Financial Run multiple operating system ervices via Ict architectures -windows, Linux, Netware- simultaneously on a single PC JUNE Sensor Networks Develop, test, and deploy multi-tier apps on one box ULY Medical Modeling Shorten development cycles and AUGUST Interactive Immersion in increase hardware utilization 3D Graphics Perform ctoss-platlorm server consolication, box kup, and disaster SEPTEMBER End-User Development recovery in minutes, not days vmware OCTOBER E-Voting NoVEMBER Bioinformatics More than 1.4 million users worldwide cant be wrong find out about VMware Workstation 4 now! DECEMBER Blogging and the Ecology of the Internet www.vmware.com/specials COMMUNICATIONS OF THE ACM March 2004/Vol 47. No.3 35
COMMUNICATIONS OF THE ACM March 2004/Vol. 47, No. 3 35 Emergency Preparedness and Response When a terrorist attack occurs, emergency response organizations and agencies at the federal, state, and local levels must quickly collaborate to assess the nature, severity, and effects of the attack, as well as to plan and coordinate their response actions. One of the two articles in this area focuses on wireless technology in support of first responders, while the other article describes the use of robotics technology for rescue operations. The article by Sawyer et al. describes a field study of police in Pennsylvania using mobile access technology to access an integrated justice information system. The goal of the study is to assess the potential impacts of 3G wireless networks on first responders. The authors’ observations suggest that introducing wireless technology is unlikely to change existing organizational links within the legacy command, control, and communications infrastructure. Murphy’s article describes the use of robots after Sept. 11 in searching for victims and in assisting first responders in assessing the structural integrity of the World Trade Center foundation. The article discusses several research issues identified as a result of the experience: fundamentally, rescue robots must function within the physical constraints of complex environments and require special considerations for their mobility, sensing, and communication capabilities. Additionally, rescue robots must have good humanrobot interaction to ultimately be accepted by the rescue workers. Conclusion It is fortunate the U.S. is able to utilize a wide range of technological bases to develop ICTs for homeland security purposes. This ability is tempered by the new problems and challenges raised by contemporary terrorist activities. In the articles that follow you will see both the tremendous science and the problems of operations that will bind the efforts to make the U.S. safer. Some of the challenges are due to the complex and secret nature of terrorist activities, while others are due to environmental constraints. The widely varying yet highly interrelated homeland security challenges discussed in this section are intended to help spur the global IT community in designing and developing novel and creative multidisciplinary solutions for such challenges. John Yen (jyen@ist.psu.edu) is a University Professor of Information Sciences and Technology and the professor in charge of the School of Information Sciences and Technology at Pennsylvania State University. © 2004 ACM 0002-0782/04/0300 $5.00 c Communications of the ACM ~ 2004 Editorial Calendar ~ APRIL Etiquette for Human-Computer Relations MAY Transforming Financial Services via ICT Architectures JUNE Sensor Networks JULY Medical Modeling AUGUST Interactive Immersion in 3D Graphics SEPTEMBER End-User Development OCTOBER E-Voting NOVEMBER Bioinformatics DECEMBER Blogging and the Ecology of the Internet