Professional Documents
Culture Documents
Fusion Center Guidelines
Fusion Center Guidelines
This document was prepared under the leadership, guidance, and funding of the Bureau of Justice Assistance (BJA), Office of Justice Programs, U.S. Department of Justice, in collaboration with the U.S. Department of Justices Global Justice Information Sharing Initiative and the U.S. Department of Homeland Security. The opinions, findings, and conclusions or recommendations expressed in this document are those of the authors and do not necessarily represent the official position or policies of the U.S. Department of Justice or the U.S. Department of Homeland Security.
Foreword
The U.S. Department of Justce (DOJ) and the U.S. Department of Homeland Securty (DHS) collaborated n the development of these fuson center gudelnes. The ntent of the partnershp is to provide a consistent, unified message and to provide a comprehensve set of gudelnes for developng and operatng a fuson center wthn a state or regon. Members of DOJs Global Justce Informaton Sharng Intatve (Global) and DHSs Homeland Securty Advsory Councl (HSAC) supported ths project, whch nvolved numerous law enforcement experts and practtoners from local, state, trbal, and federal agences, as well as representatves of publc safety and prvate sector enttes across the country. Ther collectve knowledge, nsght, and wllngness to partcpate resulted n an outstandng product. Strong leadershp for the projects focus groups was provded by Peter Modaffer, char of the Law Enforcement Intellgence Focus Group; John Cohen, char of the Publc Safety Focus Group; and Kenneth Bouche, char of the Prvate Sector Focus Group. Ths effort would not have been possble wthout the support and gudance of key ndvduals. A specal thank you s gven to the followng ndvduals for ther leadershp and commtment to this initiative: Regina B. Schofield, Assistant Attorney General, Office of Justice Programs (OJP); Domingo S. Herraiz, Director, Bureau of Justce Assstance (BJA), OJP; J. Patrck McCreary, Assocate Deputy Drector of Natonal Polcy, BJA; Tm Beres, Director, Preparedness Programs Division, Office for Domestic Preparedness, DHS; Dave Brannegan, Program Manager, Office of State and Local Government Coordnaton and Preparedness, DHS; Danel Ostergaard, Executve Drector, HSAC, DHS; Michael Miron, Jeff Gaynor, and Candace Stoltz, Directors, Intellgence and Informaton Sharng Workng Groups, HSAC; DHS; and Mtt Romney, charman, Intellgence and Informaton Sharng Workng Group, HSAC, DHS.
v
Table of Contents
Foreword ................................................................................................................................................................................................iii Executive Summary ..............................................................................................................................................................................1 Summary of Guidelines and Key Elements ........................................................................................................................................5 IntroductionFusion Concept and Functions ...................................................................................................................................9 Fuson Center Gudelnes Development...........................................................................................................................................9 The Fuson Concept .........................................................................................................................................................................10 Fuson Centers .................................................................................................................................................................................12 Fuson Center Functons ..................................................................................................................................................................13 Functonal Categores ......................................................................................................................................................................13 State Strategy ..................................................................................................................................................................................14 Informaton Flow ..............................................................................................................................................................................14 . Background and Methodology ............................................................................................................................................................15 . A Phased Approach .........................................................................................................................................................................15 . Phase ILaw Enforcement Intellgence Component ......................................................................................................................15 . Phase 2Publc Safety Component ................................................................................................................................................16 Phase 3Prvate Sector Component ..............................................................................................................................................17 Guidelines Gudelne 1: The NCISP and the Intellgence and Fuson Processes ...........................................................................................19 Gudelne 2: Msson Statement and Goals ...................................................................................................................................23 Gudelne 3: Governance...............................................................................................................................................................25 Gudelne 4: Collaboraton ............................................................................................................................................................29 Gudelne 5: Memorandum of Understandng (MOU) and Non-Dsclosure Agreement (NDA) .....................................................31 . Gudelne 6: Database Resources.................................................................................................................................................33 Gudelne 7: Interconnectvty ........................................................................................................................................................37 Gudelne 8: Prvacy and Cvl Lbertes .........................................................................................................................................41 Gudelne 9: Securty .....................................................................................................................................................................43 Gudelne 10: Faclty, Locaton, and Physcal Infrastructure ...........................................................................................................47 Gudelne 11: Human Resources ....................................................................................................................................................51 Gudelne 12: Tranng of Center Personnel ....................................................................................................................................53 Gudelne 13: Multdscplnary Awareness and Educaton ..............................................................................................................55 Gudelne 14: Intellgence Servces and Products ...........................................................................................................................57
Gudelne 15: Polces and Procedures ...........................................................................................................................................59 Gudelne 16: Center Performance Measurement and Evaluaton ..................................................................................................61 Gudelne 17: Fundng .....................................................................................................................................................................63 Gudelne 18: Communcatons Plan ...............................................................................................................................................65 Next Steps ..............................................................................................................................................................................................67 Appendices Appendx A: Focus Group Partcpants and Acknowledgements...................................................................................................A-1 Appendx B: Fuson Center CD Resources ...................................................................................................................................B-1 Appendx C: Functonal Categores ...............................................................................................................................................C-1 Appendx D: HSAC Homeland Securty Intellgence and Informaton Fuson Report ...................................................................D-1 Appendx E: Informaton Exchange Analyss and Desgn Report ..................................................................................................E-1 Appendx F: Fuson Center Report Glossary.................................................................................................................................F-1 Appendx G: Acronyms ..................................................................................................................................................................G-1
v
Executive Summary
The need to develop and share nformaton and ntellgence across all levels of government has significantly changed over the last few years. The long-standng nformaton sharng challenges among law enforcement agences, publc safety agences, and the prvate sector are slowly dsappearng. Yet, the need to dentfy, prevent, montor, and respond to terrorst and criminal activities remains a significant need for the law enforcement, ntellgence, publc safety, and prvate sector communtes. Through the support, expertse, and knowledge of leaders from all enttes nvolved, the fuson center concept can become a reality. Each official has a stake in the development and exchange of nformaton and ntellgence and should act as an ambassador to support and further ths ntatve. It s the responsblty of leadershp to mplement and adhere to the Fusion Center Guidelines. and operaton of centers. The gudelnes are a mlestone n achieving a unified force among all levels of law enforcement agencies; public safety agencies, such as fire, health, and transportaton; and the prvate sector. Fuson centers brng all the relevant partners together to maximize the ability to prevent and respond to terrorsm and crmnal acts. By embracng ths concept, these entities will be able to effectively and efficiently safeguard our homeland and maximize anticrime efforts.
In their January 2005 survey, the National Governors Association Center for Best Practices revealed that states ranked the development of state intelligence fusion centers as one of their highest priorities.
The development and exchange of ntellgence s not easy. Sharng ths data requres not only strong leadershp, t also requres the commtment, dedcaton, and trust of a dverse group of men and women who beleve n the power of collaboraton. How can law enforcement, public safety, and private entities embrace a collaborative process to improve intelligence sharing and, ultimately, increase the ability to detect, prevent, and solve crimes while safeguarding our homeland? Recently, an ntatve has emerged that ncorporates the varous elements of an deal nformaton and ntellgence sharng project: fuson centers (or center). Ths ntatve offers gudelnes and tools to assst n the establshment
Informaton Sharng Intatves (Global) Crmnal Intellgence Coordnatng Councl (CICC), formed the Law Enforcement Intellgence Fuson Center Focus Group (FCFG).1 Concurrently, the U.S. Department of Homeland Securtys (DHS) Homeland Securty Advsory Councl (HSAC or Councl) Intellgence and Informaton Sharng Workng Group was focusng on preventon and nformaton sharng by developng gudelnes for local and state agences n relaton to the collecton, analyss, and dssemnaton of terrorsm-related ntellgence (.e., the fuson process). The recommendatons resultng from DOJs ntatve and HSACs efforts lad the foundaton for the expanson of the Fusion Center Guidelines to ntegrate the publc safety and prvate sector enttes. Subsequent to publshng Verson 1 of the Fusion Center Guidelines and the HSACs Intelligence and Information Sharing Initiative: Homeland Security Intelligence and Information Fusion report, DOJ and HSAC establshed two addtonal focus groups the Publc Safety FCFG and the Prvate Sector FCFGn an effort to develop a comprehensve set of gudelnes for fuson centers. Partcpants n the three focus groups2 ncluded experts and practtoners from local, state, and federal law enforcement agences; publc safety agences; and the prvate sector as well as representatves from currently operatng fuson centers.3 In addton, representatves from natonal law enforcement, publc safety, and private sector organizations participated in the focus groups. These gudelnes should be used to ensure that fuson centers are establshed and operated consstently, resultng n enhanced coordnaton efforts, strengthened partnershps, and mproved crime-fighting and antiterrorism capabilities. The guidelines and related materals wll provde assstance to centers as they prioritize and address threats posed in their specific jurisdictions for all crme types, ncludng terrorsm. In addton, the gudelnes wll help admnstrators develop polces, manage resources, and evaluate servces assocated wth the jursdctons fuson center. The gudelnes should be used for homeland securty, as well as all crimes and hazards. The full report contains an in-depth explanaton of the gudelnes and ther key elements. Also ncluded n the report are addtonal resources, model polces, and tools for gudelne mplementaton.
response, and consequence management programs. At the same tme, t supports efforts to address mmedate or emergng threat-related crcumstances and events. Data fuson nvolves the exchange of nformaton from dfferent sourcesncludng law enforcement, publc safety, and the prvate sectorand, wth analyss, can result n meanngful and actonable ntellgence and nformaton. The fuson process turns ths nformaton and ntellgence nto actonable knowledge. Fuson also allows for relentless reevaluaton of exstng data n context wth new data n order to provde constant updates. The publc safety and prvate sector components are ntegral n the fuson process because they provde fuson centers wth crme-related nformaton, ncludng rsk and threat assessments, and subject-matter experts who can aid in threat identification.
Because of the prvacy concerns that attach to personally identifiable information, it is not the intent of fusion centers to combine federal databases containing personally identifiable nformaton wth state, local, and trbal databases nto one system or warehouse. Rather, when a threat, crmnal predcate, or public safety need is identified, fusion centers will allow information from all sources to be readily gathered, analyzed, and exchanged, based upon the predcate, by provdng access to a varety of dsparate databases that are mantaned and controlled by approprate local, state, trbal, and federal representatves at the fuson center. The product of ths exchange wll be stored by the entty takng acton n accordance wth any applcable fuson center and/or department polcy, ncludng state and federal prvacy laws and requrements.
ntellgence and fuson processes, through whch nformaton s collected, integrated, evaluated, analyzed, and disseminated. Nontradtonal collectors of ntellgence, such as publc safety entities and private sector organizations, possess important nformaton (e.g., rsk assessments and suspcous actvty reports) that can be fused wth law enforcement data to provde meanngful nformaton and ntellgence about threats and crmnal actvty. It s recommended that the fuson of publc safety and prvate sector nformaton wth law enforcement data be virtual through networking and utilizing a search function. Examples of the types of nformaton ncorporated nto these processes are threat assessments and nformaton related to publc safety, law enforcement, publc health, socal servces, and publc works. Federal data that contans personally identifiable information should not be combined with this data
Crmnal Justce Educaton Emergency Servces (non-law enforcement) Energy Government Health and Publc Health Servces Hosptalty and Lodgng Informaton and Telecommuncatons Mltary Facltes and Defense Industral Base Postal and Shppng Prvate Securty Publc Works Real Estate Retal Socal Servces Transportaton
Although each fusion center will have unique characteristics, it is important for centers to operate under a consistent framework similar to the construction of a group of buildings where each structure is unique, yet a consistent set of building codes and regualtions are adhered to regardless of the size or shape of the building.
untl a threat, crmnal predcate, or publc safety need has been identified. These processes support efforts to anticipate, identify, prevent, montor, and respond to crmnal actvty. Federal law enforcement agences that are partcpatng n fuson centers should ensure that they comply wth all applcable prvacy laws when contemplatng the wholesale sharng of nformaton wth nontradtonal law enforcement enttes. Ideally, the fuson center nvolves every level and dscplne of government, prvate sector enttes, and the publcthough the level of nvolvement of some of these partcpants wll vary based on specific circumstances. The fusion process should be organized and coordinated, at a minimum, on a statewide level, and each state should establsh and mantan a center to facltate the fuson process. Though the foundaton of fuson centers s the law enforcement ntellgence component, center leadershp should evaluate ther respectve jursdctons to determne what publc safety and prvate sector enttes should partcpate n the fuson center. To ad n ths assessment, functonal categores have been developed, n whch smlar enttes are grouped. These categores are not comprehensve but represent a startng pont for fuson center leadershp to begn assessng what agencies and organizations should be involved in the centers operatons. The functonal categores nclude: Agrculture, Food, Water, and the Envronment Bankng and Fnance Chemical Industry and Hazardous Materials
The Fusion Center Guidelines report contans an appendx descrbng the functonal categores and provdes examples of the types of nformaton that the enttes can provde to fuson centers.
1. Adhere to the tenets contained in the National Criminal Intelligence Sharing Plan (NCISP) and other sector-specific information sharing plans, and perform all steps of the intelligence and fusion processes.
Consult the tenets of the NCISP, and use model standards and polces as a blueprnt for establshng or enhancng the ntellgence functon wthn the center. Consult the Homeland Securty Advsory Councls (HSAC) Intelligence and Information Sharing Initiative: Homeland Security Intelligence and Information Fusion report when ncorporatng the fuson process n the center.
4. Create a collaborative environment for the sharing of intelligence and information among local, state, tribal, and federal law enforcement agencies, public safety agencies, and the private sector.
Mantan a dverse membershp to nclude representatves from local, state, trbal, and federal law enforcement, publc safety, and the prvate sector. Conduct regular meetngs wth center personnel, and participate in networking groups and organizations. Educate and liase with elected officials and community leadershp to promote awareness of center operatons.
2. Collaboratively develop and embrace a mission statement, and identify goals for the fusion center.
Develop the centers msson statement and goals collaboratvely wth partcpatng enttes. Identify customer needs, define tasks, and prioritize functons. Ensure the msson statement s clear and concse and conveys the purpose, prorty, and role of the center. Include the name and type of the center, what the center does, and whom the center serves n the msson statement.
5. Utilize Memoranda of Understanding (MOUs), NonDisclosure Agreements (NDAs), or other types of agency agreements, as appropriate.
Educate and consult legal advsors early n the fuson center development process. Utilize an NDA for fusion center personnel and partcpants to ad n the securty of propretary nformaton. Ensure awareness of local, state, and federal publc records laws as they relate to NDAs, ncludng the Freedom of Informaton Act (FOIA). Use an MOU as the foundaton for a collaboratve ntatve, founded on trust, wth the ntent to share and exchange nformaton. At a mnmum, consder ncludng the followng elements n fuson center MOUs:
3. Create a representative governance structure that includes law enforcement, public safety, and the private sector.
Ensure all partcpatng agences have a voce n the establshment and operaton of the fuson center. Ensure partcpatng enttes are adequately represented wthn the governance structure. Compose the governing body with officials who have authorty to commt resources and make decsons.
5 Electronc versons of the documents, products, and reports referenced n the followng gudelnes can be found at www.t.ojp.gov.
Involved partes Msson Governance Authorty Securty Assgnment of personnel (removal/rotaton) Fundng/costs Civil liability/indemnification issues Polces and procedures Prvacy Terms
Integrty control Dspute resoluton process Ponts of contact Effective date/duration/modification/termination Servces Deconfliction procedure Code of conduct for contractors Specal condtons Protocols for communcaton and nformaton exchange
consstent wth the centers prvacy polcy. Establsh a process for trackng and handlng prvacy complants or concerns. Develop rules on the use of prvately held data systems nformaton. Adhere to applcable state and federal consttutonal and statutory prvacy and cvl lbertes provsons. Specfy that publc safety and prvate sector databases should not be combned wth any federal databases that contain personally identifiable information. Fuson center partcpants should comply wth all local, state, trbal, and federal prvacy laws, when applcable.
6. Leverage the databases, systems, and networks available via participating entities to maximize information sharing.
Obtan access to an array of databases and systems. At a mnmum, consder obtanng access to drvers lcense nformaton, motor vehcle regstraton data, locaton nformaton, law enforcement and crmnal justce systems or networks, and correctonal data. Become a member of a regonal or state secure law enforcement network, such as the Regonal Informaton Sharng Systems (RISS)/Federal Bureau of Investgatons (FBI) Law Enforcement Onlne (LEO) system, the U.S. Department of Homeland Securtys (DHS) Homeland Securty Informaton Network (HSIN), or the FBIs Law Enforcement Regonal Data Exchange (R-DEx) and Natonal Data Exchange (N-DEx).
9. Ensure appropriate security measures are in place for the facility, data, and personnel.
Develop, publsh, and adhere to a securty plan, and ensure proper safeguards are n place. Ensure securty plans are marked, handled, and controlled as sensitive but unclassified (SBU) information. Obtan approprate securty clearances for personnel wthn the center and key decson makers who need access. Conduct background checks on personnel. Tran personnel on the centers securty protocols. Consult Globals Applying Security Practices to Justice Information Sharing document and resource materals when developng a securty plan. Consult the Homeland Securty Informaton Act of 2002: Crtcal Infrastructure Informaton Act when collectng and storng crtcal nfrastructure-related nformaton. Consult prvate ndustry securty personnel when obtaining and storing industry-specific information (e.g., buldng securty plans). Ensure state laws allow for the security and confidentiality of publc and prvate sector data.
7. Create an environment in which participants seamlessly communicate by leveraging existing systems and those currently under development, and allow for future connectivity to other local, state, tribal, and federal systems. Use the U.S. Department of Justices (DOJ) Global Justice Extensible Markup Language (XML) Data Model and the National Information Exchange Model (NIEM) standards for future database and network development, and consider utilizing the Justice Information Exchange Model (JIEM) for enterprise development.
Establsh formal communcatons protocols, and ensure effective and efficient information exchange. Develop and mplement a communcatons plan, and ensure secure and redundant communcatons. Ensure communcatons and systems access polces, ncludng consequences for noncomplance. Consider utilizing the Organization for the Advancement of Structured Information Standards (OASIS)-ratified Common Alertng Protocol (CAP) to enable the exchange of emergency alert and publc warnng nformaton over data networks and computer-controlled warnng systems.
11. Achieve a diversified representation of personnel based on the needs and functions of the center.
Mantan a 24-hour-a-day/7-day-a-week operaton when feasble. Requre a mnmum term commtment for full-tme center personnel. Identfy subject-matter experts from the prvate sector for utilization when industry-specific threats or crimes are identified (e.g., cyber threats). Adhere to the Law Enforcement Analytic Standards booklet and other relevant analytc publcatons avalable through the Internatonal Assocaton of Law Enforcement
Intellgence Analysts (IALEIA) when hrng personnel to perform the analytc functon.
make decsons and allocate resources. Utilize performance measures to track progress and ensure accountablty. Inform center personnel of performance and progress on a regular bass.
17. Establish and maintain the center based on funding availability and sustainability.
Identfy center needs and avalable fundng sources, to nclude local, state, trbal, federal, and nongovernmental sources. Establsh an operatonal budget and adhere to reportng requrements.
13. Provide a multitiered awareness and educational program to implement intelligence-led policing and the development and sharing of information.
Ensure approprate noncenter personnel nvolved n the ntellgence process are aware of the centers functons, ncludng polcymakers, agency heads, and prvate sector executves. Develop and dssemnate outreach and educatonal materials to officers, analysts, policymakers, and others.
18. Develop and implement a communications plan among fusion center personnel; all law enforcement, public safety, and private sector agencies and entities involved; and the general public.
Determne prmary and secondary modes of communcaton between the fuson center and partcpatng enttes. Incorporate regular testng of the plan to ensure ts functonalty. Include a mechansm to alert fuson center partcpants of new nformaton and ntellgence.
A companion CD has been developed in conjunction with the Fusion Center Guidelines report. This CD contains sample policies, checklists, resource documents, and links to Web sites that are referenced throughout the report. For copies of the resource CD, contact DOJs Global at (850) 385-0600. The fusion center resources are also available at DOJs Global Web site, www.it.ojp.gov/fusioncenter, DHSs Web site, and the Homeland Security Information Network (HSIN).
Information systems contribute to every aspect of homeland security. Although American information technology is the most advanced in the world, our countrys information systems have not adequately supported the homeland security mission. Databases used for federal law enforcement, immigration, intelligence, public health, surveillance, and emergency management have not been connected in a way that allows us to comprehend where information gaps and redundancies exist. We must link the vast amounts of knowledge residing within each government agency while ensuring adequate privacy. The National Strategy for Homeland Security July 2002
Through the Global Intellgence Workng Group (GIWG)one of Globals four ssue-focused workng groupsntellgence ssues, concerns, and obstacles have been addressed. Globals Crmnal Intellgence Coordnatng Councl (CICC)7 supported the development of the Law Enforcement Intellgence Fuson Center Focus Group (FCFG) to ntate Phase 1 of the fuson center gudelnes development. Ths group was tasked wth recommending guidelines specifically for the law enforcement
7 The CICC was establshed n response to recommendatons contaned n the NCISP. The CICC s composed of local, state, and federal enttes and advses the U.S. Attorney General on matters relatng to crmnal ntellgence.
ntellgence component of fuson centers. The focus group was also tasked wth recommendng related model polces and procedures to support this initiative. Group members recognized the need and mportance of ntegratng all publc safety and prvate partners. Concurrently, a parallel effort was under way by the Homeland Securty Advsory Councl (HSAC) Intellgence and Informaton Sharng Workng Group to develop ntellgence and nformaton sharing guidelines, based on specific presidential directives, for local, state, and federal agences creatng fuson centers.8 These drectves provde gudance to local and state enttes regardng preventon and response to crmnal and terrorst actvtes.9 The recommendations and findings resulting from HSACs Intellgence and Informaton Sharng Workng Group efforts support the expanson of the Fusion Center Guidelines to publc safety and prvate sector enttes. Subsequent to the efforts of the Law Enforcement Intellgence FCFG and HSAC, the Publc Safety FCFG was created for the purpose of ntegratng the publc safety component nto the Fusion Center Guidelines. Members of the focus group concentrated on the need for nformaton and ntellgence sharng between law enforcement and publc safety communtes. Ths group endorsed the gudelnes developed by the Law Enforcement Intellgence FCFG and offered suggestons and recommendatons to successfully ncorporate publc safety enttes nto fuson centers. The last phase establshed the Prvate Sector FCFG, whose msson was to ntegrate the prvate sector nto the gudelnes. Wth 85 percent of crtcal nfrastructure owned by prvate enttes, ther nvolvement n fuson centers s essental to havng a comprehensive all-hazards, all-crimes fusion center. Key points addressed ncluded collaboraton between the fuson center and mission-critical private sector entities, as well as identification of prvate sector capabltes and nformaton needs. In addton, the need for a two-way educatonal process between the prvate sector and fusion centers was identified. The purpose of this educatonal process s to develop an understandng of how each entty operates and how each can enhance operatons and functonalty wth the other. All levels of government, the prvate sector, and nongovernmental organizations must work together to prepare for, prevent, respond to, and recover from terrorst and crmnal events. Through
8 More nformaton on HSAC can be accessed at www.dhs.gov/hsac. 9 Homeland Securty Presdental Drectve 8 (HSPD-8) was ssued wth the purpose of establshng polces to strengthen the preparedness of the Unted States to prevent and respond to threatened or actual domestc terrorst attacks, major dsasters, and other emergences. Ths is done by requiring a national domestic all-hazards preparedness goal, establshng mechansms for mproved delvery of federal preparedness assstance to state and local governments, and outlnng actons to strengthen preparedness capabltes of federal, state, and local enttes. HSPD-5 addresses the management of domestic incidents and identifies steps for mproved coordnaton n response to ncdents. It requres the U.S. Department of Homeland Securty to coordnate wth other federal departments and local, state, and trbal governments to establsh a Natonal Response Plan (NRP) and a Natonal Incdent Management System (NIMS). Each of these tems plays a role n the establshment of fuson centers and lays a foundaton for enhanced nformaton and ntellgence sharng among all levels of law enforcement, publc safety, and the prvate sector. For more nformaton regardng HSPD-8, HSPD-5, NRP, and NIMS, vst www.ojp.usdoj.gov/odp/assessments/hspd8.htm.
the hard work, dedcaton, and commtment of the ndvduals partcpatng n these efforts, the approprate gudelnes, tools, and nformaton wll be avalable to all enttes nvolved. In addton, a collaboratve envronment wll result n a consstent, unified approach to prevention and response. The ultmate goal s to provde a mechansm where law enforcement, publc safety, and prvate sector partners can come together wth a common purpose and mprove the ablty to safeguard our homeland and prevent crmnal actvty. The fuson center is this mechanism; it is key to ensuring the flow of threatand crme-related nformaton between local, state, regonal, and federal partners. The gudelnes contaned n the report represent the key components and ssues to consder when establshng fuson centers.
10
to September 11 and subsequent ncdents (e.g., the anthrax ssue), t became apparent how mportant t s to ncorporate nontraditional collectors of data (e.g., fire and health entities) nto preventon efforts. Data fuson represents an mportant part of a mechansm that can dramatcally mprove nformaton and ntellgence sharng between all components and collectors of nformaton. As a result of the need to exchange dverse data from varous sources, fuson emerged as the fundamental process to facltate the sharng of homeland securty- and crme-related ntellgence. On the surface, it would appear that defining fusion is difficult. Although the concept s new to many law enforcement, publc safety, and prvate sector communtes, fuson s not new to many other ndustres and the mltary. In fact, fuson has been dscussed and used n transportaton and avaton; satellte magng; meteorology and weather forecastng; sensory magng; and mltary and defense actvtes for years. Fusion refers to managing the flow of information and intelligence across levels and sectors of government and prvate ndustry.10 It goes beyond establshng an ntellgence center or creatng a computer network. Fuson supports the mplementaton of rsk-based, nformaton-drven preventon, response, and consequence management programs. At the same tme, t supports efforts to address mmedate or emergng threatrelated crcumstances and events. Data fuson nvolves the exchange of nformaton from dfferent sources, ncludng law enforcement, publc safety, and the prvate sector.11 When combned wth approprate analyses, t can result n meanngful and actonable ntellgence and nformaton. The fuson process turns nformaton and ntellgence nto knowledge. The prmary emphass of fuson s to dentfy emergng terrorsm-related threats and rsks as well as to support ongong efforts to address crmnal actvtes. The fuson process wll: Allow local and state enttes to better forecast and dentfy emergng crme and publc health trends. Support multdscplnary, proactve, rsk-based, and communty-focused problem solvng. Provide a continuous flow of intelligence to officials to assist n developng a depcton of evolvng threats. Improve the delvery of emergency and nonemergency servces.
measures, the process wll also be crtcal f an ncdent occurs, providing information to responders as well as officials, media, and citizens. It is important to note that the fusion process is not a system or database; t s an mportant part of a mechansm by whch partcpatng law enforcement, publc safety, and prvate sector enttes can provde and receve enhanced nformaton from a fuson center. Crmnal and terrorsm-related ntellgence s derved by collecting, blending, analyzing, and evaluating relevant nformaton from a broad array of sources on a contnual bass. There s no sngle source for terrorsm-related nformaton. It can come through the efforts of the ntellgence communty; local, state, trbal, and federal law enforcement authortes; other government agences (e.g., transportaton and health departments); the prvate sector; and the general publc. In order to mplement an effectve fuson process, a number of ssues must be addressed, ncludng the followng: The use of common terminology, definitions, and lexicon by all stakeholders. Up-to-date awareness and understandng of the global threat envronment. A clear understandng of the lnkages between terrorsmrelated and nonterrorsm-related nformaton and ntellgence. Clearly defined intelligence and information requirements that prioritize and guide planning, collection, analysis, and dssemnaton efforts. Clear delneaton of roles, responsbltes, and requrements of each level and sector of government nvolved n the fuson process.
To illustrate the fusion process within a conceptualized fusion center concept, Fgure 1 depcts a dstrbuted capablty, populated by multple and dverse nformaton sources. Users access the data via a common interface, extracting, analyzing, and dssemnatng nformaton based on need and current demands. Although t s antcpated that fuson and fuson centers wll prmarly be used for preventve and proactve
10 Terms and definitions mentioned in this document, including fusion, are specific to the fusion center initiative. Varying definitions of the same term may be utilized within the law enforcement intelligence, public safety, and private sector fields, and participants in the fusion center initiative should ensure that term definitions do not deconflict. Definitions of terms specified in this document can be found in Appendix F. 11 The fuson of publc safety and prvate sector nformaton wth any federal database containing personally identifiable information should be virtual through networking and utilizing a search function. Federal agences partcpatng n the fuson center should adhere to applcable federal laws and regulatons.
11
Understandng and elmnatng mpedments to nformaton collecton and sharng. Extensve and ongong nteracton wth the prvate sector and wth the publc at large. Connectvty (techncal and procedural) wth crtcal ntellgence streams, analyss centers, communcaton centers, and nformaton repostores. Extensve partcpaton of subject-matter experts n the analytcal process. Capacty to ensure aggressve oversght and accountablty to protect consttutonal protectons and cvl lbertes.
Important intelligence that may forewarn of a future attack may be derived from information collected by local, state, tribal, and federal law enforcement agencies; public safety agencies; and private sector entities through crime control and other normal activities, as well as by people living and working in our communities.
are tradtonally law enforcement centrc. Emergency Operatons Centers (EOC) focus on dsaster recovery (both natural and man-made). It s mportant to note that although these centers are dfferent and have unque mssons, they must work together and understand each others goals and prortes. If an ncdent occurs, all of these resources wll be needed to successfully minimize loss and apprehend suspects. The fusion center provdes ntellgence to the EOC regardng the dsaster or related events. Because of the nvestment, expertse, and capablty ntegrated wthn a fuson center, plans and procedures should nclude how each fuson center wll support the jursdctons emergency management structure durng crses. Furthermore, each fuson center should make provsons for supportng crss management and recovery operatons as lad out n the Incdent Command System (ICS), the Natonal Incdent Management System (NIMS), and the Natonal Response Plan (NRP). Fuson centers embody the core of collaboraton. Collaboraton ncreases capacty, communcaton, and contnuty of servce whle decreasng duplcaton.12 As demands ncrease and resources decrease, collaboraton becomes an evermore effective tool to maximize resources and build trusted relatonshps. In a recent survey conducted by the Natonal Governors Assocaton (NGA) Center for Best Practces, respondng states ranked the development of a state ntellgence fuson center as one of ther hghest prortes.13 This is significant and ndcates a need to quckly provde nformaton, materals, and gudelnes to assst n establshng and operatng fuson centers. As llustrated n Fgure 2, the fuson center concept embraces the collaboration of numerous resources, maximizing and streamlnng operatons, whle movng jontly toward a common goal. The figure depicts participating entities using MOUs to define their roles, responsibilities, and contributions toward center operatons. These resources funnel nto a central locaton, the fusion center. Here, authorized personnel use the resources and nformaton to assst nvestgatve and ntellgence servces, homeland securty, and publc safety operatons and to ntegrate crtcal nfrastructure functons and prvate sector partnershps. Partcpants are subject to all the polces and procedures that gude center operatons. Approprate nformaton and ntellgence is then disseminated to authorized recipients and used to nvestgate crmes and proactvely address threats.
12 C. R. Pete Petersen, M.Ed., Community Collaboration, March 4, 2003. 13 NGA Center for Best Practces, Homeland Security in the States: Much Progress, More Work, January 24, 2005.
Through the use of fuson centers and by ntegratng these gudelnes, model templates, polces, and tools, the outstandng ssues hnderng our natons ablty to seamlessly develop and share information and intelligence will be minimized.
Fusion Centers
The ablty to coordnate effectve responses n the event of a terrorist attack is a significant challenge facing our nation. It s mperatve that all approprate means to combat terrorsm, respond to terrorst attacks, and reduce crmnal actvty be employed. This section will define fusion centers; summarize the basc functons of a fuson center; and provde a summary comparson of fuson centers, ntellgence centers, and emergency operatons centers.
A fusion center is a collaborative effort of two or more agencies that provide resources, expertise, and/or information to the center with the goal of maximizing the ability to detect, prevent, investigate, apprehend, and respond to criminal and terrorist activity. The primary components of a fusion center are situational awareness and warnings that are supported by law enforcement intelligence, derived from the application of the intelligence process, where requirements for actionable information are generated and information is collected, integrated, evaluated, analyzed, and disseminated. Other key components resident in the fusion center include representatives of public safety, homeland security, the private sector, and critical infrastructure communities.
Fuson centers are not tradtonal ntellgence centers nor do they perform the same functons as emergency operatons centers. Fuson centers are multdscplnary, whereas ntellgence centers
12
One of the prncpal outcomes of the fuson process should be the identification of terrorism-related leadsany nexus between crme-related and other nformaton collected by local, state, and private entities and a terrorist organization and/or attack. Many experts beleve that there s a hgh probablty of dentfyng terrorsts through precursor crmnal actvty, ncludng llegal drug operatons, money launderng, fraud, terrorsm, and dentty theft.14 The fusion process does not replace or replicate mission-specific ntellgence and nformaton management. It does, however, leverage nformaton and ntellgence developed through these processes and systems to support the rapid identification of patterns and trends that may reflect an emerging threat. Some of the recommended goals and functons for fuson centers nclude: Serve as the prmary pont of contact to report crmnal/ terrorst nformaton to the local Jont Terrorsm Task Force (JTTF) and DHSs Homeland Securty Operatons Center (HSOC). Include the capablty of blendng law enforcement nformaton and ntellgence. Collect, analyze, and disseminate all-crimes information, so as to dentfy emergng patterns and trends. Evaluate and reevaluate the process, new data, and emergng threats. Adopt and adhere to a statewde strategy to examne the nformaton exchanges of the states law enforcement and homeland securty partners, ncludng dssemnaton of nformaton by the state Homeland Securty Advsor to law enforcement. Mantan an up-to-date statewde rsk assessment. Serve as a recept-and-dssemnaton hub for law enforcement nformaton provded by federal enttes, such as that provded by the Federal Bureau of Investgatons Regonal Data Exchange (R-DEx) and Natonal Data Exchange (N-DEx), when operatonal, and DHSs Homeland Securty Informaton Network (HSIN).
Fuson centers wll act as an analytcal hub, processng, evaluatng, and dssemnatng crtcal nformaton for law enforcement, publc safety, and prvate partners, based on a crmnal predcate, threat, or publc safety need. They wll focus on collaboraton and analyss and wll become a repostory for information that flows through the center, while ensuring state and federal prvacy laws and requrements are adhered to. Ultmately, fuson centers wll become the center for nvestgatve support, nformaton and ntellgence sharng, homeland securty, and publc safety and prvate sector partners.
Each of these areas can be expanded to nclude a number of crtcal tasks and responsbltes. To successfully acheve these goals, the first responder and private community, along wth the publc, must be a part of the fuson center concept. The ntegraton of nontradtonal consumers of nformaton and ntellgence s a key component of a fuson center. The responsbltes of fuson centers are mmense. Gudelnes, as well as sample polces and templates, must be developed to assst n establshng and operatng fuson centers.
Functional Categories
Every level and sector (dscplne) of government and the prvate sector should be ntegrated nto fuson centers. Ths may seem lke a dauntng task; however, functonal categores have been developed to assst n ntegraton efforts. These categores are not meant to be exhaustve; rather, they provde governance bodes a startng place to begn collaboraton wth dfferent components and enttes. Each fuson center should evaluate ts needs, threats, and consttuents to determne what enttes should be ntegrated. Enttes that comprse the functonal categores can provde fuson centers wth both
14 The Impact of Terrorism on State Law Enforcement, June 2005, p. 34.
13
strategc and tactcal nformaton, ncludng crme trends for partcular ndustres and publc safety agences, suspcous actvty, and rsk assessments. Fusng ths nformaton, based on an identified threat, criminal predicate, or public safety need, wth law enforcement ntellgence wll provde centers wth a more complete pcture of crme and terrorsm. The fuson of publc safety and prvate sector nformaton wth law enforcement data should be virtual through networking and utilizing a search functon, thus ensurng the separaton of federal data that contains personally identifiable information. The overarchng functonal categores nclude: Agrculture, Food, Water, and the Envronment Bankng and Fnance Chemical Industry and Hazardous Materials Crmnal Justce Educaton Emergency Servces (non-law enforcement) Energy Government Health and Publc Health Servces Hosptalty and Lodgng Informaton and Telecommuncatons Mltary Facltes and Defense Industral Base Postal and Shppng Prvate Securty Publc Works Real Estate Retal Socal Servces Transportaton
a state level, and each state should establsh and mantan an analytc center. Furthermore, each state fuson center should regularly collaborate and coordnate wth other state fuson centers to prevent nformaton slos from developng wthn states. Ths effort wll enhance nformaton and ntellgence sharng. The functons wthn a state fuson center should be based on the ntellgence cycle, ncludng requrements, prortes, identified collectors, indicators for the collectors to be aware of, collecton mechansms, methods of analyss, and producton and dssemnaton of reports and assessments to the approprate recpents. Publc safety and prvate sector enttes, along wth the general publc, are a crtcal part of ths plan and should be ncorporated nto the ntellgence cycle as collectors and recpents of nformaton, based on ther nformaton requrements. Each major urban area may want to establsh a smlar capacty, ensurng that t s lnked wth the state center. Other localtes, trbal governments, and even the prvate sector should develop a process to nterlnk to these state fuson efforts. The publc should be engaged through publc educaton programs that descrbe what they should look for and what to do f they observe suspcous actvty. Efforts should be scalable and organized and managed on a geographc bass so adjustments can be made based on changes n the envronment. And, whle natonal gudelnes should gude the process, the actual technologes and operatonal protocols used by ndvdual jursdctons should be based on the specific capabilities.
Information Flow
Wth the establshment of fuson centers around the country, t s mportant to have a clear understandng of who should receve and disseminate information and how it flows both vertically and horizontally among all local, state, tribal, and federal government agences and prvate enttes. Successful counterterrorsm efforts requre that local, state, trbal, and federal law enforcement agences, along wth publc safety and prvate sector enttes, have an effectve nformaton sharng and collaboraton capablty. Ths wll ensure they can seamlessly collect, collate, blend, analyze, disseminate, and use information and intelligence. Intellgence and nformaton should be provded based on the needs of the user. Although fuson center partcpants may nclude emergency management, publc health, transportaton, publc works, and the prvate sector, each dscplne wll not need the same level of detail (e.g., fire officials and emergency management officials may not need the specific suspect nformaton that law enforcement requres). Fuson centers should also exchange nformaton wth approprate federal partners such as DOJ (e.g., Federal Bureau of Investgaton, Jont Terrorst Task Force, and U.S. Marshals), DHS (e.g., U.S. Customs and Border Protecton, U.S. Immgraton and Customs Enforcement, and Emergency Alert Networks), Hgh Intensty Drug Trafficking Areas (HIDTA), Regional Information Sharing Systems (RISS) centers, the Centers for Dsease Control and Preventon (CDC), and other nformaton sharng ntatves.16
16 For nformaton to be exchanged, refer to the Informaton Sharng Envronment (ISE) requred under the Intellgence Reform and Terrorsm Preventon Act (IRTPA) of 2004, http://www.gpoaccess.gov/seralset/ creports/ntel_reform.html.
These categores outlne the types of law enforcement ntellgence and publc safety and prvate sector enttes to nclude n collaboraton. Types of nformaton that may be provded to fusion centers include a suspicious fire that a fire department responds to, an unusual sckness reported at a publc health department, spkes n cattle dsease on a farm, or suspcous bankng actvty reports.15 In addton, these enttes should be recpents of nformaton and ntellgence from fuson centers, ncludng threat alerts and related response efforts.
State Strategy
Fuson nvolves every level and sector (dscplne) of government, prvate sector enttes, and the publcthough the level of involvement of some participants will vary based on specific crcumstances. Some dscplnes, such as law enforcement, represent a core component of the fuson process due to the relatonshp between crme and terrorsm and the fact that, n many cases, law enforcement authortes are best suted to coordnate statewde and local fuson. The HSAC workng group recommended that fuson centers be establshed n every state. The fusion process should be organized and coordinated on
15 An n-depth lst of the enttes that comprse each of the functonal categores and varous examples of the types of nformaton these enttes can provde to fuson centers can be found n Appendx C.
14
. . . we must create new ways to share information and intelligence both vertically, between governments, and horizontally, across agencies and jurisdictions . . . efforts with the Global Intelligence Working Group to create a National Criminal Intelligence Sharing Plan . . . is a helpful and welcome response. Former Homeland Security Secretary Tom Ridge October 23, 2003, Philadelphia, PA
Intellgence s the product of systematc gatherng, evaluaton, and analyss of raw data on ndvduals or actvtes suspected of beng, or known to be, crmnal. Intellgence-led polcng s the collecton and analyss of nformaton to produce an ntellgence end product desgned to nform law enforcement decson makng at both the tactcal and strategc levels.19 The GIWG proposed 28 recommendatons and acton tems for mplementaton, whch are outlned n the NCISP. An event was held at the U.S. Department of Justce on May 14, 2004, to publicly support the recommendations and the Plan. Officials from local, state, and federal law enforcement agences were present. The recommendatons contaned n the Plan pertan to a wde spectrum of ntellgence ssues and concerns, ncludng: Standards for management Insttutonalsm and outreach Protecton of rghts and prvacy Standards for process
obtaned at http://t.ojp.gov/topc.jsp?topc_d=93. 19 Appendx A of the National Criminal Intelligence Sharing Plan, October 2003.
15
that centers be scalable based on the needs of the cty, state, or regon and should conduct tactcal, operatonal, and strategc ntellgence functons n support of crmnal nvestgatons. The focus groups work developed Verson 1, contanng 17 fuson center law enforcement ntellgence gudelnes. These gudelnes are the foundaton for the ntellgence component of fuson centers and take ntellgence sharng to the next level. In addton, the focus group developed sample polces, tools, and a resource CD to assst agences n ntegratng the gudelnes. The Verson 1 gudelnes were presented to and supported by the CICC, the GIWG, the Global Advsory Commttee, and DOJs Justce Intellgence Coordnatng Councl (JICC). These gudelnes were also approved by each component of the U.S. Department of Homeland Securty (DHS). Verson 1 of the Fusion Center Guidelines was publshed n July 2005. Concurrent wth the efforts of the Law Enforcement Intellgence Focus Group were the efforts of the Homeland Securty Advsory Councls (HSAC) Intellgence and Informaton Sharng Workng Group. The HSAC workng group developed a report that revolved around ntegratng the fuson process nto fuson centers. The result of the Law Enforcement Intellgence Workng Group and the Intellgence and Informaton Sharng Workng Group was a jonng of efforts to expand the Fusion Center Guidelines to nclude the publc safety and prvate sector components. HSAC also establshed a Prvate Sector Informaton Sharng Task Force that addressed the obstacles of nformaton sharng between the federal government and the prvate sector. Ths task force also provded recommendatons to alleviate the identified information sharing obstacles.21
Globals Crmnal Intellgence Coordnatng Councl (CICC),20 n support of DOJs efforts to develop fuson center gudelnes, recommended the creaton of the Law Enforcement Intellgence Fuson Center Focus Group to further many of the tenets outlned n the Plan.
The Plan represents law enforcements commitment to take it upon itself to ensure that we do everything possible to connect the dots, whether it be a set of criminal dots or a set of terrorist dots. Former U.S. Attorney General John Ashcroft May 14, 2004, Washington, DC Methodology
The first phase of the Fusion Center Guidelines ntatve was the establshment of the Law Enforcement Intellgence FCFG. The focus group was composed of representatves from a varety of local, state, and federal law enforcement agences across the country, ncludng law enforcement personnel nvolved wth developng fuson centers, and offered example polces and materals to assst n ths ntatve. Throughout the meetngs and subsequent communcatons, partcpants were encouraged to dscuss and share best practces resultng from the establshment and operaton of ther centers or ntatves. The focus group recommended that the ntellgence component nclude all crme types and that centers provde an array of ntellgence servces. The group also recommended
20 The Crmnal Intellgence Coordnatng Councl (CICC) was establshed n response to recommendatons contaned n the NCISP. The CICC s composed of local, state, and federal enttes and advses the U.S. Attorney General on matters relatng to crmnal ntellgence.
Partcpants n the Publc Safety FCFG ncluded members from a variety of public safety components, including fire, health, transportaton, agrculture, and envronmental protecton. Also partcpatng n the meetng were select members of the Law Enforcement Intellgence FCFG. The first task the focus group addressed was to define what public safety is with respect to a fusion center. The focus group defined
21 A copy of ths report can be found on the companon Fusion Center Guidelines resource CD.
16
publc safety enttes as government-based agences that respond to contemplated or completed crmnal acts, man-made or natural dsasters, publc health ssues, or ntentonal acts that threaten or drectly mpact the essental functons of socety. Examples of these functons nclude economc, transportaton, communcatons, publc works, power/energy, and food supply. Also dscussed durng the meetng were the concept of the fuson center and the definition of the fusion process with a focus on how to incorporate the publc safety component nto the center and process. The focus group identified many public safety entities that could potentially be integrated into a fusion center and categorized them nto functonal categores. The categores are ncluded as an appendx to the gudelnes and, although not comprehensve, serve as a starting point for operating fusion centers to utilize when ntegratng publc safety enttes.22 When jursdctons are establshng a fuson center, the functonal categores should be evaluated and the applicable entities should be identified and ncluded as partners. The consensus of the Publc Safety FCFG was that the 17 gudelnes n Verson 1 provde a thorough explanaton and gudance for jursdctons establshng and operatng a fuson center. The focus group recommended addng n Verson 2 of the gudelnes a more comprehensve explanaton of the fuson process and examples of how publc safety enttes can be ncorporated nto the process.
how public safety entities fit into these efforts. This awareness tranng should be offered ntally to agency heads to receve support for ntegraton and then delvered to the nformaton gatherers and ndvduals who wll support the fuson center. There are a varety of ways that ntegraton of the publc safety component can occur. Whle the gudelnes fully address ntegraton opportuntes, the fuson center and publc safety agences should determne whether a full-tme representatve or a lason wll be used n the center for recevng and sharng nformaton and ntellgence.
Implementation
Collaboraton s vtal to the success of fuson centers. The publc safety component can provde fuson centers wth nformaton that wll add value to the ntellgence and fuson processes. Addtonally, fuson centers can provde publc safety enttes wth nformaton and ntellgence that mpact them, such as bomb threats, health-related nformaton and ntellgence, and/or transportation-related information. Public safety entities (fire, EMS, transportation) often impact the lives of citizens, and ensurng that these enttes mantan stuatonal awareness and are actvely nvolved n the fuson center s mportant to protectng the lives of citizens. Fusion center governance members should evaluate the needs of ther jursdcton to dentfy what publc safety enttes should be nvolved n the fuson center wth partcular focus on health servces, government, transportaton, educaton, crmnal justce and securty, socal servces, and publc works. Publc safety partners should be ncorporated nto all phases of the ntellgence/fuson process. Enttes wthn ths sector represent nontradtonal nformaton gatherers and can provde fuson centers wth both strategc and tactcal nformaton, ncludng crme-related trends (e.g., prescrpton drug fraud and fire investigations); additional response capabilities (fire and hazmat); and suspicious activity (e.g., unusual diseases reported at hosptals). Publc safety enttes should also be ncluded n the dssemnaton and evaluaton phases. Because of the groundbreakng efforts of the fuson center, partcpatng enttes may need awareness-level tranng of how the fuson center works, an explanaton of the ntellgence cycle, and
22 A complete lstng of each of the functonal categores and correspondng enttes, wth examples of the types of nformaton that these enttes can provde to fuson centers, can be found n Appendx C.
We will build a national environment that enables the sharing of essential homeland security information. We must build a system of systems that can provide the right information to the right people at all times. Information will be shared horizontally across each level of government and vertically among federal, state, and local governments; private industry; and citizens. Source: The Presidents National Strategy for Homeland Security
vulnerable to crme, such as terrorsm and fraud. Accordng to a study jontly conducted by the Councl of State Governments and Eastern Kentucky Unversty, snce September 11, 2001, nteractons between the prvate sector and state law enforcement agencies have significantly increased. Specifically, private companies are communicating with agencies about the securty of ther facltes and workers and ther nteractons wth representatves of corporate securty.23 Ths nteracton further demonstrates the necessty of prvate sector partcpaton n fuson centers. The prvate sector owns the facltes that may be targets of crme, ncludng terrorsm, and law enforcement has the nformaton and ntellgence regardng the crmnal event.
23 The Impact of Terrorism on State Law Enforcement, June 2005, p. 23.
17
The purpose of ths focus group was to dentfy ssues and concerns that should be addressed when fuson centers ncorporate the prvate sector. Several mpedments to nformaton sharng by the prvate sector nclude the potental for unauthorized release of their information, lack of control of data, possblty of propretary dsclosure, and concerns regardng the information being used to impose civil fines in regulatory areas of government. One of the recurring themes identified by the group was the need for ongong collaboraton between the prvate sector and fuson centers. In addton, the group acknowledged that the ntegraton of the prvate sector nto fuson centers s a groundbreakng endeavor. To ensure successful ntegraton, a two-way educaton process was recommended between fuson centers and the prvate sector. The focus group also recommended expandng the functonal categores ntally developed by the Publc Safety FCFG to nclude prvate sector enttes. Ths expanson wll promote comprehensve collaboraton wthn fuson centers. The focus group based the categores on the natonal Informaton Sharng Analyss Centers (ISAC) components and added categores, as needed. Furthermore, the focus group agreed on the need to ncorporate prvate sector subject-matter experts nto fuson centers to be utilized routinely or as needed, depending on the size and functon of the fuson center. Through ths ntegraton, centers wll have addtonal resources to use when threats are developed regardng the prvate sector. Moreover, subjectmatter experts can provde fuson centers wth threat assessment results, specifically risks that have been identified for various ndustres. Another recommendaton of the focus group was the development and utilization of Non-Disclosure Agreements (NDA) wthn fuson centers. Focus Group members felt NDAs would provde the prvate sector wth another level of securty when sharng nformaton wth fuson center personnel. Data from the prvate sector s an mportant element n the fuson process; t ads n the development of accurate and comprehensve products. Even though there are a varety of ndustres that fall under ths component, the greater the nvolvement, the greater the success of the fuson center.
What ndustres are located wthn or affect the jursdcton? What are the major economc drvers and employers n the jursdcton? What ndustres and crtcal nfrastructure servces are essental for emergency servces or sustanng qualty of lfe for citizens? What groups or assocatons can collectvely represent an ndustry wthn the fuson centers (e.g., professonal assocatons)? What are past, current, and emergng threats and/or rsks that affect the private sector, and which specific entities do they affect? What are the msson crtcal enttes that should be ncluded n fuson center collaboraton (e.g., telecommuncatons and energy)? What enttes can provde fuson centers wth tmely and actonable nformaton to ncorporate nto the ntellgence cycle and the centers operatons? What prvate sector enttes are currently workng wth government agences?
Fuson center leadershp should coordnate wth regulatory agences to determne what type of nformaton s avalable from the prvate sector and can be provded to, or accessed by, the fuson center. These regulatory agences have already establshed workng relatonshps wth prvate sector enttes and may ad n prvate sector partcpaton. When partnerng wth fuson centers, the prvate sector should determine how integration will occur. Will the organization supply full-tme personnel to the fuson center, wll varous prvate sector enttes create a rotatng prvate sector desk, or wll prvate sector enttes establsh a lason wth the fuson center that wll receve and share nformaton? Once the applicable industries and organizations have been identified, it is recommended that fusion center officials conduct a seres of meetngs wth the prvate sector enttes. Fuson center heads may desire to initially meet with chief executive officers, or ther equvalent, to provde an overvew of what the fuson center s and the mportance of collaboraton between the fuson center and the private sector. Once company and organization leaders affirm their commitment to fusion centers, private sector security drectors and fuson center managers may dscuss the plan of ntegraton, ncludng nformaton requrements; who, f any personnel, would be located wthn the fuson center; and ther respectve needs. Two-way awareness tranng between the fuson center and the prvate sector should be mplemented, ncludng an overvew of what prvate sector enttes can provde to fuson centers; what fuson centers can provde to the prvate sector; and the purpose of fuson centers, ncludng the National Criminal Intelligence Sharing Plan (NCISP) and the ntellgence and fuson processes. To ensure contnued partcpaton, regular meetngs should be held wth prvate sector enttes to keep them nformed of actvtes of the center. It s mperatve that feedback occur when prvate sector enttes provde nformaton to fuson centers. Closng the nformaton loop wll ad n contnued nvolvement by all partcpants.
Implementation
The prvate sector can offer fuson centers a varety of resources, including industry-specific subject-matter experts who can provide expertise when specific threats have been identified (e.g., cyber securty subject-matter experts can provde assstance relatng to computer vruses, worms, and hackng ncdents); rsk assessment nformaton (e.g., the rsks assocated wth certan prvate sector operatons ); suspcous ncdents and actvty nformaton; and crtcal nfrastructure nformaton (e.g., the locaton of crtcal nfrastructure nodes, operatonal nterdependences, buldng blueprnts, and what, f any, hazardous materials are housed there). When ntegratng the prvate sector, the governance body should first assess the private sector environment within the jurisdiction of the fuson center to determne what enttes should be ncorporated nto the fuson centers. Questons that center staff should answer nclude: What prvate sector assocatons are wthn the jursdcton?
18
Guideline 1
Adhere to the National Criminal Intelligence Sharing Plan (NCISP) and other sector-specific information sharing guidelines, and perform all steps of the intelligence and fusion processes.
Target resources. Disrupt prolific criminals. Artculate a case to the publc and n court.
Intellgence-led polcng also provdes advantages to publc safety and prvate sector components, ncludng trends n crmnal actvty and ncreased nformaton sharng wth law enforcement to address crme preventon efforts. Crmnal ntellgence s the result of a process nvolvng plannng and drecton, nformaton collecton, processng/collaton, analyss, dssemnaton, and reevaluaton of nformaton on suspected criminals and/or organizations. This sequential process s commonly referred to as the ntellgence process (or cycle). There are varous models of the ntellgence process n use; however, most models contan the basc steps depcted n the followng graphc:
24 Ronald Bain, The Dynamics of Retooling and Staffing: Excellence and Innovaton n Polce Management, Canadan Polce College, 2003.
19
Intelligence Process
The ntellgence process s the means of developng raw information into finished intelligence products for use in decision making and formulating policies/actions. The first step, planning and drecton, nvolves dentfyng the need for data. Agency members should engage n a process of decdng what they want to know (or what they need to collect) before they collect t, or they may obtan ndscrmnate, unfocused nformaton. Collecton s the gatherng of the raw data needed to produce ntellgence products. Data may be collected from many sources, ncludng but not lmted to publc records, the Internet, confidential sources, incident reports, and periodicals. The next step, processng and collaton, nvolves evaluatng the nformatons valdty and relablty. Collaton entals sortng, combining, categorizing, and arranging the data collected so relatonshps can be determned. Analyss transforms the raw data nto products that are useful. Ths s also the functon that separates nformaton from ntellgence. It s ths vtal functon that makes the collecton effort beneficial. Without this portion of the process, we are left wth dsjonted peces of nformaton to whch no meanng has been attached. The goal s to develop a report that connects nformaton n a logcal and meanngful manner to produce
an ntellgence report that contans vald judgments based on analyzed information.25 Dssemnaton s also vtal. Wthout dssemnatng the ntellgence developed, t s pontless to collect t. To be useful, the ntellgence dssemnated must be tmely and credble. Dssemnaton must also be evaluated based on a rght to know and the need to know. The rght to know means the recpent has the legal authorty to obtan the nformaton pursuant to court order, statute, or decsonal law. The need to know means the requestor has the need to obtain information to execute official responsbltes.26 When dssemnaton occurs, t s mperatve to nclude all components of fuson centers, ncludng the publc safety and prvate sectors. The final step involves evaluation/reevaluation of the process performed and the products produced. Evaluaton/reevaluaton assesses current and new nformaton, asssts n developng an awareness of possble weak areas as well as potental threats, and strives to eliminate previously identified weaknesses that have been hardened as a result of the fuson process. Overall, ths step provdes an opportunty to revew the performance or effectveness of the fuson centers ntellgence functon.27 As prevously ndcated, fuson centers have mproved law enforcements ability to fight crime and terrorism. Ensuring that each step wthn the process s followed wll facltate the producton of useful ntellgence. Nontradtonal collectors of information, e.g., the private sector, fire, public works, and publc health, are vtal to successfully complete the ntellgence process. Whle law enforcement has ntellgence nformaton and expertse, the publc safety and prvate sectors have the nformaton systems, processes, and nfrastructure that may be targets of crme and terrorsm. Further, fuson, through managng the flow of information and intelligence across all levels and sectors of government, ntegrates the ntellgence process to accomplsh ths sharng. The ntellgence process provdes a framework for the fused nformaton to be turned nto ntellgence. Fusion centers utilize the intelligence process to analyze threatrelated ntellgence and nformaton. These centers are not smply nformaton collecton hubs but venues to brng together approprate partners to prevent crme- and terrorsm-related ncdents.
20
management structure, who the stakeholders are, and fuson center goals and objectves. The second stage, plannng and requrements development, lays the foundaton for the types of nformaton that wll be collected. Ths phase establshes where nformaton wll come from and the types of nformaton the fuson center wll collect. It also provdes collecton lmtatons and prvacy ssues that affect collecton and sharng of nformaton. Collecton s the thrd stage of the process durng whch the plannng and requrements development stage becomes operatonal. Ths s when nformaton s collected from varous sources, ncludng law enforcement agences, publc safety agencies (e.g., health, fire, and transportation), and the private sector. Ths stage s essental for fuson centers to be effectve. The fourth stage, analyss, s smlar to the analyss phase n the ntellgence cycle n that t s durng ths stage that the nformaton collected s turned nto actonable ntellgence. One of the goals of the fuson center durng ths stage s to dentfy trends or nformaton that wll prevent a terrorst attack or other crmnal actvty. The fifth stage is dissemination, tasking, and archiving. During this stage, the information that has been collected and analyzed s then dssemnated to stakeholders. The sxth stage s reevaluaton. The purpose of ths stage s for the fuson center and stakeholders to ensure that what s beng collected, analyzed, and disseminated is factual, timely, and relevant. It s durng ths stage that tweaks and mprovements are made to the fuson process. The last stage is the modification of the requirements stage (Stage 2). After reevaluaton occurs and mprovements or changes are identified, this stage allows the improvements to be implemented and the process refined.29 Often, gaps n the ntellgence process exst. To assst n closng these gaps, the Federal Bureau of Investgaton (FBI) developed a template to assst agences n dentfyng and trackng ntellgence gaps. A summary of the FBIs Intellgence Requrements and a copy of the template can be found n Law Enforcement Intelligence: A Guide for State, Local, and Tribal Law Enforcement Agencies (Carter, November 2004).30 A copy of ths gude s ncluded on the resource CD. It s recommended that fuson centers create a formal ntellgence and nformaton requirements process that prioritizes and guides the intelligence functon.
29 Intelligence and Information Sharing Initiative: Homeland Security Intelligence and Information Fusion report. 30 Avalable on the Communty Orented Polcng Servces (COPS) Web ste at www.cops.usdoj.gov/Default.asp?Item=1404.
31 Prior to entering the public Internet as a law enforcement officer or intelligence organization, consult with jurisdiction and department legal advsors to ensure complance wth any polcy or regulaton concernng law enforcement ntellgence use of the Internet for nformaton sharng. Furthermore, using the official government identity and information system for Internet searchng can pose a securty rsk to the agency network and subject of the search. Explore dfferent ways to avod such rsks wth competent techncal and legal authortes.
21
22
Guideline 2
Develop and embrace a mission statement and identify goals for the fusion center.
organization. Identifying center customers and their needs and defining center prortes pror to draftng the msson statement and goals. Prioritizing the intelligence function to address threats posed in specific fusion center jurisdictions. Integratng ntellgence-led polcng to support customer needs, define tasks, and prioritize functions. Utilizing vision statements and/or guiding principles to focus efforts. Using the center mission to promote the organization and support grant requests and fundng. Includng the msson statement n the Memorandum of Understandng (MOU) (see Gudelne 5). Including five to ten points that outline the benefits of public safety and prvate sector partcpaton n the fuson process.
32 www.communtypolcng.org/goal.html.
23
24
Guideline 3
Create a representative governance structure that includes law enforcement, public safety, and the private sector.
Governance Justification
Governance may be defined as the set of organizational regulatons and standards exercsed by management to provde strategc drecton and ensure objectves are acheved, rsks are managed approprately, and resources are used responsbly.33 Establshng a governance structure creates a supported envronment that frames the ablty for the center to functon and operate, assgn tasks, allocate and manage resources, and develop and enforce policy. Governance creates a centralized body to revew and endorse ssues affectng operatons. Members actng as the governance body are ambassadors to the program and carry the message to ther agences and consttuents. Governance provdes a forum for partcpants to voce concerns, offer suggestons, and make decsons. It enhances relatonshps, ncreases effectveness, and provdes leadershp and cohesveness among partcpants. The governance structure ensures an equal opportunty for all partcpatng agences and users to have ownershp n the decson-makng process. The governng body should be nclusve to law enforcement, publc safety, and prvate sector partners, thereby ensurng the effectveness of the fuson center. Ths can be acheved through assessng the jursdcton to determne what components, and enttes wthn the components, should be ncluded n the fuson center and governance body. Through the governance structure, agences can strategcally plan for center operatons and future enhancements, as well as dentfy obstacles and offer resolutons.
the U.S. Department of Justce (DOJ), the U.S. Department of Homeland Securty (DHS), and other state enttes, local authortes, and relevant enttes to establsh process. Composing the governing body of high-level officials who have the power and authorty to commt ther respectve agencys resources and personnel to the center. Identifying private sector organizations in the jurisdiction to nclude n the governance body. Establshng an advsory commttee composed of prvate sector leadershp, who wll provde representaton and advce to the governng body. Includng members from the Informaton Sharng and Analyss Centers (ISAC).34 Defining the management structure to include what entity oversees the centers, manages the operatons, and coordnates daly actvtes. Maintaining a governance structure that is reasonable in size yet ensures representaton of all agences that comprse the center. Creatng an effectve and tmely mechansm to communcate decsons made by the governng body to partcpants and center personnel. Evaluatng how poltcal ssues and clmate may mpact center support and operatons. Establshng operatonal and techncal commttees. Establshng an oversght commttee to ensure, among other thngs, that the ntellgence process s properly followed. Establshng a prvacy commttee that wll lase wth communty prvacy advocacy groups to ensure cvl rghts and prvacy protecton. Developng bylaws for operatons of the governance structure.
33
34 ISACs are sector-specific centers that coordinate the sharing of terrorsm-related nformaton. More nformaton on ISACs can be found at www.dhs.gov.
25
Committees
Governng bodes may employ commttees to help execute and adhere to center polces and procedures, as well as to dentfy, revew, develop, and/or mplement new programs or polces. Executve commttees set polcy, make crtcal decsons, and commt resources. Operatonal commttees may be asked to focus on specific policies, such as purge and retention or privacy (see Gudelne 8). These types of commttees may be asked to develop fundng strateges or dentfy grant opportuntes. Techncal commttees wll focus on techncal standards, crtcal nfrastructure operaton, and securty. Under these commttees, subcommttees may be used to conduct detaled research and analyss, ultmately to brng recommendatons to the governng body for revew and endorsement.35 To ad n the complete ntegraton of the prvate sector nto the governng body, t s recommended that an advsory commttee be establshed. Ths commttee, composed of prvate sector organizations and associations, will ensure that critical private sector enttes, as well as prvate securty managers, are represented both n the fuson center and n the governance structure. Fuson centers should consder establshng an oversght commttee that reports drectly to the governance body. Ths commttee wll be responsble for provdng oversght on the dayto-day operations of the fusion center, including proper utilization of the ntellgence and fuson processes.
Governance Template
The followng example offers centers a startng pont for developng a governance structure. Fgure 3 llustrates a threetered approach. The bottom level represents staff members assgned to perform the fuson/ntellgence process and provde nvestgatve support. These members may come from a varety of agences and represent the core of center operatons. Here, data ntegraton and analyss wll take place. Personnel may include intelligence analysts and officers. The middle section represents the day-to-day management of the center. It also ncludes admnstratve staff, such as computer support staff and
35 Kelly J. Harrs, Governance Structures, Roles and Responsibilities, September 2000 (Updated/Ressued 2004).
26
legal servces. In some cases, ths secton may nclude a faclty manager. The top secton represents polcy and drecton. Ths secton s smaller, ndcatng a select group of ndvduals from each partcpatng entty who have been desgnated as part of the governng structure or board. The llustraton shows nformaton flowing top down and bottom up.
Parliamentary Procedures
The governance board may want to make use of parlamentary procedures to create an effectve governng process. Procedures such as Roberts Rules of Order can be very helpful n ntroducng, debatng, and decdng on ssues. There are a number of Web stes, such as www.rulesonlne.com that contan the full text and/or summary nformaton regardng Roberts Rules of Order and parlamentary procedures.
Developing Bylaws
Accordng to The Legal Guide for Association Board Members, bylaws are defined as an important association corporate legal document that consttutes the agreement between the assocaton and ts members. Properly drafted bylaws set forth the essential organizational and operational provisions governing the assocaton.36 Bylaws are just one example of a governng mechanism that a center may utilize to enforce organizational rules. A bylaws sample document s provded on the resource CD.
36 James G. Seely, The Legal Guide for Association Board Members, Schneder, 1995, p. 71.
27
28
Guideline 4
Create a collaborative environment for the sharing of intelligence and information among local, state, tribal, and federal law enforcement agencies, public safety, and the private sector.
Collaboration Justification
To maximize intelligence sharing, all levels of law enforcement and publc safety agences and the prvate sector must communcate and collaborate. The objectve s to leverage resources and expertse whle mprovng the ablty to detect, prevent, and apprehend terrorsts and other crmnals. Fosterng a collaboratve envronment bulds trust among partcpatng enttes, strengthens partnershps, and provdes ndvdual as well as a collectve ownershp n the msson and goals of the center. The National Criminal Intelligence Sharing Plan speaks to ths as well: Sharng s founded upon trust between the nformaton provder and the ntellgence consumer. Such trust s most often fostered on an nterpersonal bass; therefore, law enforcement task forces and other jont work endeavors succeed where colocated, nterspersed personnel from dfferent agences and job types convene for a common purpose.37 Fosterng a collaboratve envronment s not only mportant to sharng, collectng, developng, and dssemnatng ntellgence but also to sharng decsons and ownershp. It dscovers solutons and expands capacty. In an envronment where some resources are decreasng whle demands are ncreasng, collaboraton has become even more essental. The purpose of collaboraton s to ncrease capacty, communcaton, and contnuty of servce whle decreasng duplcaton.38 A key to the success of fuson centers s to ensure that feedback occurs between the fuson center and the enttes that provde nformaton and ntellgence. Inherent n a collaboratve envronment s two-way communcaton; enttes that provde nformaton to fuson centers should also receve nformaton from fuson centers. Ths wll result n buy-n from all partcpants and wll ad n the success of the nformaton sharng envronment. Fuson centers should also contnually seek outreach opportuntes to ensure that publc safety agences and the prvate sector are represented, thereby meetng the needs of ther consttuents.
Successful collaboraton s contngent upon a trustng envronment. Fuson centers should seek to establsh an nformaton sharng system that ads n collaboraton, whle ensurng the securty of the nformaton wthn the system and the system tself. Ths envronment should also be equpped to handle varous types of nformaton that publc safety and the prvate sector submt, ncludng publc, senstve, propretary, and secret nformaton. Ths envronment may nclude e-mal, a vrtual prvate network, a secured Internet ste, lstservs, or face-to-face meetngs. Collaboraton begns wth nterpersonal relationships, and fusion centers should institutionalize these relatonshps through ongong dalogue and nformaton sharing. Issue-based collaborative techniques may be utilized by the fusion center when a specific threat is identified. These technques allow the prvate sector to change ts partcpaton within the fusion center, based on the identified threat. For example, a transportaton entty may have a lason n the fuson center, but if a threat is identified that affects transportation, that organization may provide full-time participation until the threat is neutralized. There are a varety of publc safety and prvate sector enttes to nclude n fuson centers. Each jursdcton has dfferent needs, and collaboraton wll be based on these needs. Fuson centers should seek to network wth varous publc safety and
37 National Criminal Intelligence Sharing Plan, November 2004, p. 9. 38 C. R. Pete Petersen, M.Ed., Communty Collaboraton, March 4, 2003, www.communtycollaboraton.net.
29
private sector organizations and associations. The greater the effort by the fuson center, the greater the ncorporaton and partnershp wth publc safety and the prvate sector. Examples of these organizations and associations include InfraGard, Sector Coordnatng Councls (SCC), 39 Informaton Sharng and Analyss Centers (ISAC),40 and the Unted States Publc-Prvate Partnershp (USP3).41 Overarchng functonal categores have been developed n whch ndvdual agences, companies, and organizations can be grouped together. Though not comprehensve, these categores and accompanyng enttes serve as a foundaton and wll ad fuson centers n determnng what enttes should be nvolved n the center. Governance bodes should dentfy the needs and vulnerabltes, organizations with a large employee base, and major economic drvers wthn the jursdcton of the fuson center. The goal s to determne what enttes should partcpate and be ntegrated nto the fuson center. To ensure the effectveness of collaboraton wthn the fuson center, lnes of communcaton should be establshed wth the varous enttes that make up the categores accordng to the needs of the fuson center and jursdcton. A lst of the functonal categores and assocated enttes s located n Appendx C of ths report. An example of effectve collaboraton s the Texas Coastal Regon Advsory System (TCRAS). TCRAS s a Jont Terrorsm Task Force (JTTF) ntatve and s used to quckly dssemnate nformaton to law enforcement partners, as well as other companes and agences that are responsble for crtcal nfrastructure operatons n the area.42 TCRAS demonstrates an effectve nformaton sharng envronment that ncorporates the law enforcement, publc safety, and prvate sector components of a fuson center.
39 The roles of Sector Coordnatng Councls (SCC) are to serve as a sngle forum nto the respectve sector for the entre range of homeland security issues; institutionalize the sectors coordination of polcy development, sector-wde strategy, and plannng; ensure program promulgaton and mplementaton; montor sector progress; provde provsons of best practces and gudelnes; develop requrements for nformaton sharng, research, and development; and serve as the pont of cross-sector coordnaton (Homeland Security Information Sharing Between Government and the Private Sector, August 10, 2005, p. 17). 40 Addtonal nformaton on SCCs and ISACs can be found at www.dhs.gov. 41 The Unted States Publc-Prvate Partnershp (USP3) (formerly known as the U.S. Department of Homeland Securtys (DHS) HSIN-CI) was mplemented as a DHS program that s regonally admnstered and governed by ts prvate and publc members. Current membershp s approxmately 40,000, nnety percent of whch are from the prvate sector, who are actively using the programs vertical and horizontal information sharng strateges for local, regonal, and natonal routne nformaton sharing and all-hazards 24/7 alerts and warnings. Due to its success, DHS and the Federal Bureau of Investgaton (FBI) wll contnue to jontly sponsor and grow the program natonally, wth a goal of 200,000 members. 42 Addtonal nformaton on TCRAS can be found at www.tcras.org.
43 Jm Freer, Banks Band Together, The South Florida Business Journal, October 2005, www.bizjournals.com/southflorida/ stores/2005/10/17/daly1.html.
30
Guideline 5
Utilize Memorandums of Understanding (MOUs), Non-Disclosure Agreements (NDAs), or other types of agency agreements, as appropriate.
Fundng/costs Civil liability/indemnification issues Polces and procedures Prvacy gudelnes Terms Integrty control Dspute resoluton process Ponts of contact Effective date/duration/modification/termination Servces Deconfliction procedure Specal condtons Protocols for communcaton and nformaton exchange Protocols for background checks on fuson center partcpants
NDA
The fuson center determnes rsks to the prvate sector and analyzes suspicious activity information. This function requires the sharng of senstve nformaton from the prvate sector to the fuson center. To ad n sharng ths senstve nformaton, a Non-Dsclosure Agreement may be used. The NDA provdes prvate sector enttes an addtonal layer of securty, ensurng the securty of prvate sector propretary nformaton and trade secrets. The development of an NDA and a clear understandng of what t does and does not cover are crtcal to prvate sector partcpaton. One of the functons of the NDA s to provde a mechansm for fuson center leadershp, partcpants, and personnel to protect nformaton. NDAs wll vary by jursdctons, based on the types of prvate sector enttes partcpatng n the fuson center. Centers should specfy the types of nformaton covered n an NDA, e.g., strategc and rsk assessment nformaton. Tactcal nformaton, such as suspcous actvty reports, should not be ncluded n an NDA because ths nformaton may be shared wth law enforcement outsde of the fuson center (e.g., the Jont Terrorsm Task Force (JTTF), Feld Intellgence Group, the state polce, or other approprate agences). Informaton that the
Example MOUs
At a mnmum, nclude the followng elements n the MOU: Involved partes Msson Governance Authorty Securty Assgnment of personnel (removal/rotaton)
31
private sector may not want disseminated should be specified in the NDA. Ths nformaton may nclude trade secret nformaton (crtcal to a busness operaton), propretary nformaton (customer lsts, throughput rates), and senstve securty nformaton (guard schedules, ste plans, securty plan access). In addton, fuson centers should specfy how ths nformaton s protected when creatng an NDA. Subject-matter experts may provde fuson centers wth ntellgence related to ther respectve sectors wthout dsclosure of trade secrets or propretary nformaton. But f ths type of nformaton s provded, fuson centers should be senstve to the storng of the nformaton wthout approval from the provdng entty. NDAs do not supersede publc records laws or legal processes. Therefore, fusion centers should be cognizant of local, state, and federal publc records laws that may supersede an NDA, such as state sunshne laws, the Freedom of Informaton Act (FOIA), and federal and state prvacy laws and requrements. If the center has a legal commttee, ths commttee should be able to provde nput nto the development and use of an NDA. In addton, t s recommended that fuson centers and ther leadershp encourage approprate polcymakers to legslate the protecton of prvate sector data provded to fuson centers.
Specfyng what nformaton should be shared and protected (e.g., propretary and trade secrets). If trade secrets or propretary nformaton s provded, an NDA may nclude the followng caveats: The nformaton beng provded s owned by the prvate sector partner and s provded for a lmted purpose of determining a specific risk associated with the entity. It s the prvate sector partners responsblty to dentfy the nformaton as propretary. Fuson centers should take nto account local, state, and federal FOIA laws n an effort to ensure that nformaton identified as proprietary may not be disclosed beyond the mmedate recpent group wthout wrtten consent of the provdng prvate sector partner.
32
Guideline 6
Leverage the databases, systems, and networks available via participating entities to maximize information sharing.
ways, ncludng fuson center leadershp controllng who has access or data orgnators controllng access levels. For more nformaton about the securty of data, see Gudelne 9 (Securty). Another opton s for the center to house ther nformaton. If a center chooses ths opton, t s mportant for the necessary polces and procedures to be n place to govern use and access. Fuson centers should consult wth publc safety and prvate sector personnel to determne f any nformaton sharng databases may be avalable wthn ther respectve jursdctons. Specal consderaton should be gven to the development of polces and procedures that ensure publc safety and prvate sector nformaton s not combned wth federal data that contains personally identifiable information, and when a criminal predicate, threat, or public safety need is identified, access to this information will be virtual through networking and utilizing a search functon. Addtonally, fuson center partcpants should ensure complance wth all local, state, and federal prvacy and cvl lbertes laws and statutes.
33
Organizational and association resources (InfraGard, The Infrastructure Securty Partnershp)44 Correctons Sex offender regstres Volent Crmnal Apprehenson Program (VICAP) Health- and Publc Health-Related Databases (Publc Health Informaton Network, Health Alert Network)
FBIs Regional Data Exchange (R-DEx)R-DEx provdes an nterface to Regonal Intellgence Centers (RICs) to enable searchng of unstructured documents and for retrevng matchng documents. R-DEx serves two man functons: provdng RICs wth access to DOJs data and enablng a RICs user to perform full-text searches over DOJ unstructured documents for the regon, n addton to the state and local documents accessed nternally. Financial Crimes Enforcement Network (FinCEN)FnCEN supports law enforcement nvestgatve efforts and fosters nteragency and global cooperaton aganst domestc and international financial crimes. Its objective is to provide United States polcymakers wth strategc analyss of domestc and worldwde money-launderng developments, trends, and patterns. FinCEN controls over 150 million reports filed under the Bank Secrecy Act and other smlar laws. www.fincen.gov High Intensity Drug Trafficking Areas (HIDTA)Ths program provdes federal funds to problem areas to help elmnate or reduce drug trafficking and its harmful consequences. Analysts at HIDTA centers have access to a varety of databases and systems that are avalable to law enforcement. www.whtehousedrugpolcy.gov/hdta/ndex.html Homeland Security Information Network (HSIN)HSIN provdes a secure Internet-based technology that allows realtime information sharing at the sensitive but unclassified level. It s the collaboratve system used by the DHS Operatons Center to collect and dssemnate nformaton between DHS and local, state, trbal, and federal agences nvolved n combatng terrorsm. HSIN also ncludes publc safety and prvate sector connectvty (USP3), homeland securty, and other nformaton. Access to secret nformaton wll be avalable n the near future on HSIN-Secret. www.dhs.gov/dhspublc/dsplay?content=3350 International Association of Crime Analysts (IACA)IACA helps crme analysts around the world mprove ther sklls and make valuable contacts, helps law enforcement agences maximize use of crime analysis, and advocates for standards of performance and technque wthn the professons. www.aca.net International Association of Law Enforcement Intelligence Analysts (IALEIA)IALEIAs mission is to professionalize analyss n law enforcement, the mltary, and prvate ndustry. IALEIA has publshed a number of booklets and holds major conferences, local or regonal chapter meetngs, and tranng sessons. www.alea.org International Criminal Police Organization (INTERPOL) INTERPOL is a worldwide law enforcement organization, establshed for mutual assstance n the preventon, detecton, and deterrence of nternatonal crmes. It houses nternatonal polce databases, provdes secure nternatonal communcatons between member countres for the exchange of routne crmnal nvestgatve nformaton, and s an nformaton clearnghouse on nternatonal crmnal/fugtves and stolen propertes. www.usdoj.gov/usncb Law Enforcement Intelligence Unit (LEIU)The purpose of LEIU is to record and exchange confidential criminal information on organized crime not previously available through regular polce communcaton channels. Membershp n LEIU s open
Also mportant are such ssues as: Controls and safeguards for data access levels Technical specification of databases (structured/unstructured data) Identification and leveraging of partner resources Ownershp of the data n the fuson center Data qualty and data relablty
System/Network Resources
The followng are avalable resources for law enforcement enttes. Ths lst s not meant to be all nclusve. Addtonal resources and Web stes may exst to assst fuson centers. El Paso Intelligence Center (EPIC)EPIC establshed a Southwest Border Intellgence Servce Center wth a concentraton on drug movement and mmgraton volatons. Members of EPIC have access to a wde range of ntellgence, ncludng nformaton from the U.S. Drug Enforcement Admnstraton and U.S. Immgraton and Customs Enforcement (ICE). www.usdoj.gov/dea/programs/epc.htm Federal Bureau of Investigations (FBI) LEO Program LEO s a natonal, nteractve computer communcatons system and nformaton servce, an ntranet exclusvely for the law enforcement communty. www.fb.gov/hq/cjsd/leo.htm FBIs National Data Exchange (N-DEx)N-DEx wll provde the first implementation of structured search and index capabilities for the U.S. Department of Justces (DOJ) Law Enforcement Informaton Sharng Program. All knds of data (e.g., structured, full-text, multmeda) wll be avalable through N-DEx, although searchng, matchng, and lnkng wll only be possble on welldefined entities (people, vehicles, locations, weapons, phone numbers, etc.), not arbtrary text (full-text data). The ntal focus s on structured ncdent data but wll be expanded to other structured data (extracted entty data from full-text documents). N-DExs focus s on large agences and aggregated data sources, such as RICs, but wll expand to any law enforcement agency.
44 The goal of InfraGard s to promote ongong dalogue and tmely communcaton between members and the FBI concernng varous counterterrorsm, counterntellgence, and crmnal matters. Ths nformaton sharng s accomplshed by 84 InfraGard chapters that are linked with the 56 FBI field office territories and their FBI Special Agent Coordnators. Any crtcal nfrastructure owners and operators can jon InfraGard and partcpate n local chapter tranng and educaton initiatives; receive sensitive, unclassified information updates; and partcpate n meetngs. All InfraGard applcants must submt to a records check, ncludng a crmnal hstory check, pror to becomng a member, n order to ensure the program s composed of well-ntentoned, law abdng citizens. For more information, visit www.nfragard.net.
34
to local or state law enforcement agences havng a crmnal ntellgence functon. The applcant must be sponsored by a current member. LEIU may be reached at the State Terrorsm Threat Assessment Center, Bureau of Investgaton, Intellgence Operations Program, Central Coordinating Agency, Post Office Box 163029, Sacramento, Calforna 95816-3029. www.leu-homepage.org/ndex.php National Crime Information Center (NCIC)NCIC s a natonwde nformaton system that lnks together local, state, trbal, and federal crmnal justce agences. NCICs capabltes include an enhanced name search, fingerprint searches, nformaton on persons on probaton or parole, a convcted sex offender regstry, and a regstry of ndvduals ncarcerated n the federal prson system. www.fb.gov/hq/cjsd/ncc.htm National Drug Intelligence Center (NDIC)The NDIC supports natonal polcy and law enforcement decsons wth tmely strategc domestc drug ntellgence assessments, focusng on the production, trafficking, and consumption trends and patterns of all llct drugs nsde Unted States natonal borders and terrtores. www.usdoj.gov/ndc National White Collar Crime Center (NW3C)NW3C provdes a natonal support network for local and state law
enforcement agences nvolved n the preventon, nvestgaton, and prosecuton of economc and hgh-tech crme. NW3C s a member-affiliated organization comprised of law enforcement agences, state regulatory bodes, and local and state prosecution offices. Support services are offered in five main categores: economc and computer crme tranng, ntellgence and analytcal servces, case fundng for desgnated cases, research, and fraud-complant referral and analyss through ts Natonal Fraud Complant Management Center/Internet Fraud Complant Center. www.nw3c.org and www.tranng.nw3c.org NletsThe Internatonal Justce and Publc Safety Informaton Sharng NetworkNlets s an nterstate law enforcement network for the exchange of law enforcement and related justce nformaton. www.nlets.org RISS Automated Trusted Information Exchange (ATIX)RISS ATIX provdes users wth secure nteragency communcatons and nformaton sharng resources for exchangng publc safety and law enforcement nformaton. www.rssnfo.com/rssatx.htm RISSNETRISSNET provdes the sx RISS centers wth a secure crmnal ntellgence network for communcatons and nformaton sharng by local, state, trbal, and federal law enforcement agences. www.rssnfo.com
35
36
Guideline 7
Create an environment in which participants seamlessly communicate by leveraging existing systems and those currently under development, and allow for future connectivity to other local, state, tribal, and federal systems. Use the U.S. Department of Justices (DOJ) Global Justice Extensible Markup Language (XML) Data Model (Global JXDM) and the National Information Exchange Model (NIEM) standards for future database and network development, and consider utilizing the Justice Information Exchange Model (JIEM) for enterprise development.
Interconnectivity Justification
Law enforcement enttes must communcate. The ultmate goal s to elmnate barrers to communcatons and ntellgence development and exchange. Communcaton barrers come n a number of formse.g., ncompatble or dsparate computer systems, lack of trust, lack of nteroperablty, lack of a common termnology, and lack of fundng. Centers should establsh formal protocols (polces and procedures) and standards to enhance communications, as well as create effective and efficient vehicles for exchangng nformaton. Center personnel and leadershp should communcate frequently and be responsve to the needs, concerns, and deas of both nternal and external partners. The nformaton contaned n ths gudelne pertans to verbal, wrtten, and electronc communcatons. It s recommended that fuson centers leverage exstng systems and those currently under development and allow for future connectvty to other state, local, trbal, and federal systems. Furthermore, centers should be aware of and educated on Global JXDM. Any new database development should be Global JXDMcomplant and meet exstng standards. It s mportant to note that
DOJ and the U.S. Department of Homeland Securty (DHS) are ntegratng the use of Global JXDM nto grant recpent crtera. Global JXDM s a comprehensve product that ncludes a data model, a data dctonary, and an XML schema that s sponsored by DOJ. Its development s supported by the Global XML Structure Task Force (GXSTF), whch works closely wth researchers at the Georga Tech Research Insttute (GTRI). The Global JXDM is an XML standard designed specifically for crmnal justce nformaton exchanges, provdng law enforcement, publc safety agences, prosecutors, publc defenders, and the judcal branch wth a tool to effectvely share data and nformaton n a tmely manner. The Global JXDM removes the burden from agences to ndependently create exchange standards, and because of ts extensblty, there s more flexibility to deal with unique agency requirements and changes. Through the use of a common vocabulary that s understood system to system, Global JXDM enables access from multple sources and reuse n multple applcatons.
37
Identfyng the requrements for prvate sector and publc safety systems and networks. Adherng to need-to-know/rght-to-know stpulatons. Developng outreach materal to help ncrease awareness among policymakers, media, and citizens. Conductng tranng on proper communcaton and center polcy. Meetng regularly wth personnel and offerng ntellgence exchange sessons. Rememberng that communcaton goes beyond just n-house communcaton. Incorporatng the protocols for communcaton and nformaton exchange n the MOU (Gudelne 5).
and other Informaton Exchange Package Documentaton (IEPD) artfacts that are essental to mplementng the Global JXDM. Ths wll eventually enable justce agences to seamlessly generate (and, f need be, regenerate) Global JXDM-complant nformaton exchanges from the busness rules encapsulated n JIEM, ensurng that they can be rapdly adapted to the needs of an ncreasngly dynamc envronment. JIEM s also beng enhanced to support the exchange of nformaton; not only wthn domans (as n the justce doman today) but between dfferent domans, such as justce, emergency management, transportaton, and ntellgence; n support of emergng organizations, such as fusion centers.46
46 The SEARCH report, Information Exchange Analysis and Design, can be found n Appendx E of ths report. 47 For more nformaton on NIEM, vst www.nem.gov.
38
The distributed model is also reliable and can maximize resources. Dstrbuted systems are scalable and offer aggregate computer power. However, securty ssues, resource dstrbuton, demand, and computng power can lmt the dstrbuted model.48 A centralized system places all information in one location. Collecton of nformaton and refreshng of data can be complicated with a centralized structure. However, often the functionality of the centralized system is greater and allows for ncreased speed. A whte paper prepared by the Integrated Justce Informaton Systems (IJIS) Insttute provdes a comparatve analyss of the distributed and centralized system based on five components: cost, governance and data ownershp, performance and functons, scalablty, and securty and prvacy. Ths document s ncluded on the resource CD. Centers should evaluate both structures to determine the best fit. As described above, it is the recommendaton of the Fusion Center Guidelines that systems can be distributed or centralized; however, federal data that contains personally identifiable information should be separate from other types of nformaton the fuson center receves, ncludng publc safety and prvate sector nformaton.
ther own data, both n terms of who s allowed to access t and n ensurng the ntegrty of the data. It allows agences to retan the nvestment they have made n ther exstng systems and at the same tme gan access to valuable nformaton contaned n other agency systems. It uses the technology of the Internet, whch s user-frendly and readly understood by most. In 2004, DOJs Global Infrastructure/Standards Workng Group (GISWG) publshed a document enttled A Framework for Justice Information Sharing: Service-Oriented Architecture (SOA). Based on the report, Global recognizes that SOA is the recommended framework for development of a justce nformaton sharng system. The report ndcates that a system should be desgned and developed around the basc components of the operatonal procedures or busness practces of an agency. These components are then combned nto a larger, loosely related structure that, n turn, can be combned nto an even larger entty. The SOA desgn must be avalable to all agences and support the evoluton of change and new technology, wth support for start-up, mantenance, and future upgrades to the nformaton sharng systems that are based on the SOA framework. A complete copy of the report s contaned on the accompanyng resource CD.
Service-Oriented Architecture
Informaton sharng s a long-standng practce among justce agences, partcularly wthn the law enforcement communty. As socety becomes more moble, the mportance of sharng data to mprove polce effectveness grows exponentally. The Web and the technologes that support t have enabled nformaton sharng to go beyond exchanges among specific partners to embrace the whole of the justce communty. Ths ncludes law enforcement, prosecutors, defense counsel, courts, probaton, and correctons, and a host of corollary dscplnes, such as homeland securty, fire, emergency services, health, education, transportation, and motor vehcle lcensng. Servce-orented archtecture (SOA) ncorporates sx fundamental prncples for the sharng of nformaton n the crmnal justce communty: The architecture must recognize innumerable independent agences and fundng bodes from the prvate sector through local, state, trbal, and federal governments. Informaton sharng must occur across agences that represent dvergent dscplnes, branches of government, and operatng assumptons. The infrastructure must be able to accommodate an infinite range of scales, from small operatons wth few partcpants n a rural county to natonal processes that reach across local, state, trbal, federal, and even nternatonal boundares. Informaton sharng must occur among data sources that dffer wdely n software, hardware, structure, and desgn. Public sector technology investment must reflect and ncorporate the lessons and developments of the prvate sector. The nfrastructure desgn must be dynamc, capable of evolvng as the nformaton sharng requrements change and the technology s transformed.
Organization for the Advancement of Structured Information Sharing Systems (OASIS)Ratified Common Alerting Protocol (CAP)
It s recommended that, where possble, fuson centers use the OASIS-ratified CAP to enable the exchange of emergency alert and publc warnng nformaton over data networks and computercontrolled warnng systems. Usng CAP also adds an element of redundancy to the systems and networks. By lmtng transportspecific nomenclature, CAP remains fully compatible with exstng publc warnng systems, ncludng those desgned for multlngual and specal-needs populatons, as well as wth XML applcatons, such as Web servces. CAP data elements have been ncorporated n DOJs Global JXDM. Other agences, such as DHSs Federal Emergency Management Agency (FEMA), have embraced the CAP and are n the process of ntegratng t nto all alert and warnng systems.
39
40
Guideline 8
personal data is collected should be specified no later than at the tme of data collecton. Its subsequent use should be limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occason of change of purpose. 4. Use limitation principle. Personal data should not be dsclosed, made avalable, or otherwse used for purposes other than those specified in accordance with Principle 3 except (a) wth the consent of the data subject or (b) by the authorty of law. 5. Security safeguards principle. Personal data should be protected by reasonable securty safeguards aganst loss or unauthorized access, destruction, misuse, modification, or dsclosure. 6. Openness principle. There should be a general polcy of openness about developments, practces, and polces wth respect to personal data. Means should be readly avalable for establshng the exstence and nature of personal data, and the man purposes of ther use, as well as the dentty and usual resdence of the data controller. 7. Individual participation principle. An ndvdual should have the right to (a) obtain confirmation of whether or not the data controller has data relatng to hm; (b) have the data related to hm wthn a reasonable tme, cost, and manner and n a form that s readly ntellgble to hm; (c) be gven an explanaton f a request made under (a) and (b) s dened and be able to challenge such denal; and (d) challenge data relatng to hm and, f the challenge s successful, to have the data erased, rectified, completed, or amended. 8. Accountability principle. A data controller should be accountable for complyng wth measures that gve effect to the prncples stated above. The NCISP recommends that prvacy polces should: Elmnate unnecessary dscreton n decson makng, gude the necessary dscreton, and contnually audt the process to ensure conformance wth the polcy. Ensure legtmacywhen an agency s developng a new polcy or revewng exstng ones, nterested partes and competng vewponts should be represented. Clearly define the parameters of the policy.
Process
Prvacy and cvl lbertes protecton should be consdered n the plannng stages of a fuson center. As systems are desgned, analyss should be made and protectons should be developed for personally identifiable information to ensure its protection. DOJs Global Justce Informaton Sharng Intatve (Global) has developed the Privacy Policy Development Guide and the Privacy and Civil Rights Policy Template for Justice Information Systems to ad justce practtoners wth developng or revsng an agencys prvacy polcy. Furthermore, the gude asssts agences n artculatng prvacy oblgatons n a manner that protects the justce agency, the ndvdual, and the publc and makes t easer to do what s necessaryshare crtcal justce nformaton. These documents are contaned as attachments to the gudelnes. The Global documents utilize, and any fusion center should consder, the Far Informaton Practces whch are the accepted baselne for prvacy protecton worldwde. The followng s a summary of the Far Informaton Practces: 1. Collection limitation principle. There should be lmts to the collecton of personal data, and any data should be obtaned by lawful and far means and, where approprate, wth the knowledge or consent of the data subject. 2. Data quality principle. Personal data should be relevant to the purposes for whch they are to be used and, to the extent necessary for those purposes, should be accurate, complete, and up to date. 3. Purpose specification principle. The purposes for whch
41
Acknowledge and address mportant ssues that currently are not ncluded n some exstng crmnal ntellgence polces. Identfy the decson ponts wthn the ntellgence process and provde approprate gudance and structure for each.
Develop a mechansm for ongong nformaton prvacy awareness. Establsh a process for trackng and handlng prvacy complants or concerns. Develop a consstent sancton polcy for falure to comply wth the privacy policy for all individuals in the organization. Recognize the overlap in privacy activities and security activities, and coordinate both within the organization. Ensure all center personnel are adequately traned n usng the prvacy polcy. Seek legal counsel.
49 Beth Hjort, A HIPAA Prvacy Checklst (AHIMA Practce Bref), Journal of AHIMA 72, Number 6, 64A-C, 2001.
42
Guideline 9
Ensure the appropriate security measures are in place for the facility, data, and personnel.
Security Justification
Securty pertans to nformaton, documents, databases, faclty, and personnel and includes measures such as authorization, encryption, access control, and confidentiality. In determining how most approprately to protect data, there are many polcy and techncal ssues for data owners to consder. It s mportant that polcy ssues be decded upon before techncal ssues are developed. The prvate sector s affected by market forces, shareholder value, and varous rules and regulatons regardng the sharng and storage of nformaton, ncludng anttrust laws and the Freedom of Informaton Act (FOIA). The Homeland Securty Act of 2002 states that the Crtcal Infrastructure Informaton Act grants an exempton from FOIA for the U.S. Department of Homeland Securty (DHS) when prvate sector companes provde crtcal nfrastructure nformaton for the purposes of homeland securty-related ssues. In addton, the Crtcal Infrastructure Informaton Act provdes for the protecton of crtcal nfrastructure nformaton submtted to DHS and subsequently shared wth local and state agences for the purposes of ensurng the reslence of crtcal nfrastructure operatons or n furtherance of an nvestgaton of a crmnal act.50 When prvate sector enttes submt crtcal nfrastructure nformaton to the fuson center, the center must ensure the information is protected from unauthorized disclosure. Fusion center leadershp should be aware of local, state, and federal laws regardng the release of nformaton, ncludng state sunshne laws and FOIA. Faclty and personnel securty should also be a part of the centers securty plan. Approprate securty clearances should be obtaned for personnel wthn the fuson center and key decson makers who need access. Securty plans should be marked, handled, and controlled as sensitive but unclassified information. Some questons to consder when developng a securty polcy and plan nclude:
50 Homeland Securty Act of 2002, Crtcal Infrastructure Informaton, www.dhs.gov/nterweb/assetlbrary/CII_Act.pdf.
Who does the data owner want to have access? How should users access the data? What access methods are necessary for the users jobs? Should audts be used to ensure proper use of data? Should centers conduct background checks on personnel? What securty needs exst for the faclty? What securty s needed for the data? Should a system-loggng mechansm be used?
43
Usng the Applying Security Practices to Justice Information Sharing document. Determnng access levels and mantanng a polcy on the level of nformaton released. Verfyng access based on crtera establshed by governance structure. Creating a form to be submitted by the agency authorizing access/supervsory approval. Conductng background checks on personnel. Utilizing local or state lead law enforcement agency background check standards on publc safety and prvate sector partcpants, to the extent permssble by state law. Clearly defining in the Memorandum of Understanding (MOU) all background check crtera or gudelnes to law enforcement, publc safety, and prvate sector partners. Consultng the National Criminal Intelligence Sharing Plan (NCISP) (Recommendaton 28) when developng a background check polcy. Usng applcable securty gudelnes for access control. Provdng relevant securty clearances. Creatng and provdng a tranng component on center securty protocols. Utilizing relevant local, state, and federal building security requrements. Utilizing relevant portions of 28 CFR Part 23 as it relates to securty. Appointing a privacy officer as a central point for compliance and oversght.
developng and adherng to securty polces: Identfy potental physcal threats to departmental computer systems and networks. Establsh polces and procedures to thwart potental physcal threats. Conduct audts to montor employee complance wth department polces and procedures. Consder ncludng the followng physcal securty polces n the organizations overall security policy: Identify unauthorized hardware attached to the department computer system; make routne checks of system hardware for unauthorized hardware. Lmt nstallaton of hardware and software owned by employees on department desktop workstatons. Identfy, tag, and nventory all computer system hardware. Conduct regular nspectons and nventores of system hardware. Conduct unscheduled nspectons and nventores of system hardware. Implement polces that nstruct employees/users on how to react to ntruders and how to respond to ncdents where an ntruson has been detected. Require background checks on all employees every five years.
Centers may also consider maintaining a security officer who s responsble for evaluatng and provdng nformaton about the securty program to management and communcatng security requirements and concerns to the organization. The security officer conducts security training and awareness and prepares a polcy on securty. Any breach ssues would be reported to and investigated by the security officer. The security officer should also coordinate background checks on center personnel. Background checks are mportant because, although the nformaton and ntellgence dssemnated by the fusion center may be unclassified, it is still sensitive, and therefore all approprate methods of nformaton protecton should be undertaken, ncludng background checks. The NCISP states that background requrements for access to the nationwide sensitive but unclassified communications capablty by law enforcement personnel shall be consstent wth requrements appled to the desgnaton and employment of sworn personnel, as set by the partcpatng state or trbal government.51 Consderaton should be gven to colocatng wth other intelligence centers, such as High Intensity Drug Trafficking Areas (HIDTA) or other law enforcement facltes, n order to share securty responsbltes. Applying Security Practices to Justice Information Sharing provdes detals on how to safeguard crtcal elements of nformaton sharng ntatves, as well as the nfrastructure and ntegrty of data, systems, facltes, and personnel. Accordng to the document, the followng ssues should be consdered when
51 NCISP, pp. 24-25.
Federal regulaton 28 CFR Part 23 s a gudelne for law enforcement agences that operate federally funded, multjursdctonal crmnal ntellgence systems, and t provdes the followng gudelnes regardng securty: The database, manual or electronc, shall be located n a physcally secured area that s restrcted to desgnated authorized personnel. Only designated authorized personnel will have access to nformaton stored n the database. All authorized visitors, regardless of agency, are required to register with designated authorized personnel prior to gaining admsson to the faclty and physcal locaton housng the database. All authorized registered visitors will be escorted by designated authorized personnel for the duration of the visit. All hard-copy submissions and/or manual files will be secured by lead agency-designated authorized personnel when not beng used and at the end of each shft. Employment polces and procedures for screenng/rejectng, transferrng, or removng personnel havng drect access wll be adopted. When direct remote terminal access is authorized by partcpatng agences, polces and procedures addressng the followng addtonal securty measures shall be adopted: Identification of authorized remote terminals and security of termnals.
44
Identification and verification of an authorized access officer (remote terminal operator). Identification of levels of dissemination of information as drected by the submttng agency. Rejection of submissions unless critical data fields are completed. Technologcal safeguards on access, use, dssemnaton, and revew and purge. Physcal securty. Training and certification of participating agency personnel. Audts and nspectons of partcpatng agences, ncludng file data-supporting submissions, security of access termnals, and polcy-and-procedure complance. Documentaton for audt trals of the entre operaton.
45
46
Guideline 10
the ablty for moble capacty, contngency operatons durng emergencies, and flexibility in offering services and support. The Publc Safety FCFG acknowledged that wth the ncluson of publc safety enttes, colocaton may not always be feasble. Lasons may be establshed wth the varous publc safety enttes that can be made operatonal when the need arses. Furthermore, the Prvate Sector FCFG noted that due to the vast number and types of prvate ndustry wthn a jursdcton, colocaton may not be attanable. Instead, the focus group developed optons for ntegratng prvate sector enttes. One opton s to nsttute a rotatng prvate sector desk. Ths wll allow dfferent enttes full-tme partcpaton wthn the fuson center to both understand the workngs of the fuson center and partcpate n the processes that take place. By ntatng a rotatng desk, varous prvate sector enttes wll have the ablty to partcpate and valdate ther nvestment n the fuson center. Another opton for ntegratng the prvate sector s to dentfy subject-matter experts wthn the prvate sector who can provde fuson centers wth expertse as the need arses. For example, when a threat is made on the transportation industry, identified subject-matter experts from varous transportaton enttes can be contacted by the fuson center to determne how the threat wll mpact the jursdcton and ndustry.
47
A number of logstcal ssues must be addressed when decdng on a faclty and locaton for a fuson center. The prmary ssues, not n prorty order, nclude: Connectvty Wll the fuson center, emergency operatons center, or other partners be connected? If so, how? Scalablty Ensure the faclty allows for future and emergency expanson. Securty Ensure securty for the faclty, data, personnel, and vstors (see Gudelne 9). Redundancy Ensure redundancy for the nfrastructure, resources, personnel, systems, etc. Emergency Power Contnuty of Operatons Plan (COOP) Threat/Vulnerablty Assessments Use prvate sector subject-matter experts to determne rsks based on threat assessments. Poltcal Issues Recognize that the political climate will be different for each center. Work with and inform political officials and policymakers regularly. Access Ensure center personnel have seamless access to each other. Personnel Ensure full and equal representaton at local, state, and federal levels. Ensure representaton from law enforcement, publc safety, and prvate sector components. Authorty/Regulatons Follow approprate polcy, statutes, Concept of Operatons (CONOPS), and other gudelnes. Roles and Responsbltes Clearly define personnel responsibilities, including roles durng emergency stuatons.
If the center plans on managng multple stes, addtonal consderaton should address connectvty and collaboraton ssues. The followng lst contans some key components to assst agences n developng a plan to locate, acqure, and/or renovate, and mantan a faclty: Identfy faclty needs. Identfy a faclty project team to manage faclty ssues. Ensure that center personnel are nvolved n ste selecton. Communcate wth center leadershp. Identfy and secure needed fundng (see Gudelne 17). Conduct a space-needs analyss. Utilize existing resources, when possible. Consult the U.S. General Servces Admnstratons Facilities Standards for the Public Buildings Service when buldng a faclty to house the fuson center. Conduct ste vsts. Consder geographcal and envronmental ssues, as well as convenence and locaton. Consder the survvablty of the buldng. Conduct a msson/operatonal contnuty assessment. Develop a transton plan and tmetable for occupancy. Work wth techncal personnel to ensure that connectvty and securty ssues are establshed. Tran staff regardng faclty, securty measures, and polcy requrements. Conduct Contnuty of Operatons exercses to ensure the operatonal reslency of the center. Ensure plans and/or procedures are n place for regular faclty evaluaton and buldng mantenance.
Physical Security
Physcal securty ncludes all elements that make up the faclty: t protects people, property, and processes. Centers should plan, dentfy, desgn, tran, and mplement all approprate securty measures; adhere to them; dentfy and create a program that identifies physical assets, threats, and vulnerabilities; assess and prioritize risks; and identify ways to resolve and respond to concerns or breaches.52 A physcal securty plan should have, at a mnmum, the followng components:53 Rsk assessment Operatng procedures Tranng, testng, and rehearsal plan Managng threats Communcatons plan
Site Selection
When selectng or buldng a ste for a fuson center, t s mportant for the ste to be based on the functonal needs of the center. At a mnmum, a ste should be desgned based on the followng functonal elements: Collecton/data management Analyss Command and control/executve Deconfliction Communcaton and dssemnaton
52 Davd Hochman, Disruption Defense: Facility Security Breaches, 2002. 53 U.S. General Servces Admnstraton, 3d ed., www.gsa.gov, 2004.
48
Centers may consder mantanng a faclty/securty manager or officer who is responsible for preparing the facility security polcy, montorng and adherng to the polcy, and tranng center personnel regardng the securty polcy and protocols. Tranng of users s crtcal. Users must understand ther role and responsblty n adherng to a securty plan, as well as how to notfy the approprate management when ssues or concerns arse regardng securty, such as lost badges or noncomplance (see Gudelne 9).
can usually be accomplshed at the Secret level. Resources regardng securty clearances are ncluded on the resource CD. Law enforcement should be cognizant of classification levels when dstrbutng nformaton to publc safety and prvate sector enttes. One of the goals of the fuson center s to enhance information sharing, and information classification barriers should be minimized. Rather than rely on clearances, fusion centers should attempt to declassfy nformaton and ntellgence, when possble, to dssemnate to publc safety and prvate sector partners. Centers also need a secure operation to perform classified work. Centers may consder use of the Senstve Compartmented Information Facility (SCIF) concept. An SCIF is defined as an accredted area, room, group of rooms, buldng, or an nstallaton where Senstve Compartmented Informaton (SCI) may be stored, used, discussed, and processed. SCI is classified nformaton concernng or derved from ntellgence sources, methods, or analytcal processes that s requred to be handled wthn formal access control systems establshed by the drector of the Central Intellgence Agency.54
Contingency Plan
The Law Enforcement Intellgence FCFG recommended that fuson centers dentfy a skeleton model for emergency operatons. Centers should develop a contngency plan. A contngency plan enables the sustaned executon of mssoncrtcal processes and nformaton technology systems durng an extraordnary event that causes these systems to fal. In addton, t s recommended that fuson centers develop and adopt a COOP to perform essental functons at an alternate locaton durng an emergency. COOP enables each level of government and jursdcton to preserve, mantan, and/or reconsttute ts capablty to functon effectvely n the event of a threat, dsaster, or emergency. Consult the U.S. Department of Homeland Securty (DHS) Federal Emergency Management Agencys (FEMA) Interim Guidance on Continuity of Operations Planning for State and Local Governments, dated May 2004.
Security Clearances
Most nformaton needed by state or local law enforcement can be shared at an unclassified level. However, in those cases where it is necessary to share classified information, it
49
50
Guideline 11
Achieve a diversified representation of personnel based on the needs and functions of the center.
Furthermore, the governance body should contnually evaluate center membershp and partners. In short, the fuson center represents a fluid environment, and as new businesses and organizations are established within the jurisdiction, the governance body should reach out to these organizations.
51
Ensurng a Memorandum of Understandng (MOU) addresses human resources management and ssues. Institutionalizing professionalism. Establshng a mechansm to manage temporary personnel. Usng a personnel checklst when assgnng or removng personnel from the center (see Sample Checklst on resource CD).
Example Staffing
Arizona Counter Terrorism Information Center (ACTIC)
The ACTIC wll operate on a 24-hour-a-day/7-day-a-week bass and will function as a multiagency, all-hazard effort staffed by members of the Department of Publc Safety and other local, state, and federal agences.
California State Terrorism Threat Assessment Center (STTAC) and Regional Terrorism Threat Assessment Centers (RTTAC)
The STTAC and four RTTACs are all-crimes, all-hazards fuson centers that ntegrate local Jont Terrorsm Task Forces (JTTFs), FBI Feld Intellgence Groups (FIG), Terrorsm Early Warnng Groups (TEWG), and other state agences n ther operations. Terrorism Liaison Officers (TLO) are designated at local agences and have network access to the Calforna Jont Regonal Informaton Exchange System (CAL JRIES) to lnk local operatons and nformaton gatherng wth the STTAC and RTTACs.
This staffing model follows the functions within the intelligence process. Focus group members recommended that the intelligence process dictate the number and level of staffing. It s also mportant to consder the need for supervsory and management postons, as well as tranng and nformaton technology support personnel.
52
Guideline 12
will assist fusion centers in institutionalizing partnerships with publc safety and the prvate sector through strategc and tactcal ntegraton and wll also ad n testng the communcatons plan (see Gudelne 18). Fuson center partcpaton n these types of exercses wll also ad n dentfyng the nformaton requrements of the fuson center, prvate sector, and publc safety enttes.
53
The publc safety and prvate sector components represent nontradtonal gatherers of nformaton and present an opportunty to enhance and ncrease the amount and types of data that fuson centers receve. Because these enttes are nontradtonal and may not be aware of the ntellgence cycle and the nformaton requrements of the fuson center, fuson centers should provde tranng to fuson center staff and publc safety and prvate sector lasons. Ths tranng explans the types of nformaton that nontradtonal gatherers should be aware of, the mportance of ths nformaton, how to gather the nformaton, and who to report t to.
States Law Enforcement and Other Criminal Justice Agencies and have been endorsed by the GIWG Tranng/Outreach Commttee, the Crmnal Intellgence Coordnatng Councl (CICC), the CTTWG, and the Global Advsory Commttee. The report s ncluded on the resource CD. These recommended mnmum crmnal ntellgence tranng standards were developed for the following training classifications: Intellgence analyst Intellgence manager Law enforcement executve General law enforcement officer (basic recruit and n-servce) Intelligence officer/collector Tran-the-traner These efforts are significant, not only in implementing the tenets of NCISP but also in building awareness, institutionalizing the mportance of crmnal ntellgence, ncreasng the value of ntellgence personnel, fosterng relatonshps among the law enforcement communty, mprovng the ablty to detect and prevent acts of terrorsm and other crmes, and creatng a safer home for citizens. The U.S. Department of Homeland Security (DHS), Office of State and Local Government Coordnaton and Preparedness, is currently developing training in the field of intelligence and information sharing capabilities. Once finalized, this training will be available for widespread utilization by state and local governments, as well as all relevant fuson center partcpants.56 It s also recommended that center staff receve tranng regardng faclty securty and operatons and nformaton securty, as well as the centers polces and procedures.
56 More nformaton about the tranng opportuntes avalable can be found at the Office for Domestic Preparedness Web ste at www.ojp.usdoj.gov/odp/.
54
Guideline 13
Provide a multitiered awareness and educational program to implement intelligence-led policing and the development and sharing of information.
and executves offer gudelnes and nformaton pertanng to the importance of intelligence, process collecting, and analyzing and dssemnatng ntellgence; how to manage and support an ntellgence functon; and how to develop and adhere to approprate polces. Nontradtonal collectors of ntellgence, public safety entities such as fire, health, and agriculture, and the prvate sector should have awareness tranng, ncludng nformaton gatherng. Many local, state, and prvate organizations provide awareness-level training. Centers should dentfy approprate tranng mechansms and provde outreach to personnel. The general publc should be knowledgeable and prepared. Ths level of publc awareness and educaton requres a focused and concentrated effort. Optons for leadershp to nform the publc about fuson centers nclude partcpaton at town hall meetngs, cty commsson meetngs, or meda nteracton (newspaper artcles, televson news stores). It s mportant n order for the publc to support the fuson center to understand ts purpose and msson.
Training standards for analysts, officers, and collectors should nclude elements regardng how to dentfy and collect ntellgence. In addton, the recommendatons for managers
55
Ensurng tranng ncludes awareness of prvacy ssues assocated wth nformaton collecton, storage, and dssemnaton.
56
Guideline 14
Intellgence support for nvestgatons Vsual nvestgatve analyss Alerts and notifications Deconfliction Target identification Crtcal nfrastructure analyss Tranng opportuntes Geospatal magng Criminal backgrounds and profiles Case correlaton Crme-pattern analyss Assocaton, lnk, and network analyss Telephone-toll analyss Flowchartng Fnancal analyss Intelligence reports and briefings Threat assessments Terrorsm calendar
Centers should prioritize their intelligence function, based on specific threats in their jurisdictions/regions, and integrate intelligence-led policing to support customer needs, define tasks, and prioritize functions. When specific threats are identified, centers should partner with agencies and organizations that can ad n analyss, e.g., computer analyss and forensc analyss. For example, f a government network has been hacked nto, then computer resources from law enforcement and the prvate sector may help the nvestgaton and analyss.
57
Assocaton of Law Enforcement Intellgence Analysts (IALEIA) Law Enforcement Analytic Standards booklet provdes standards for analyss that correspond to the ntellgence process. These standards focus on: Plannng Drecton Collecton Legal constrants Evaluaton Collaton Analytc accuracy Computerized analysis Analytc product content Analytc outcomes Dssemnaton plan Analytc report Analytc product format Analytc testmony Data source attrbuton Analytc feedback Analytc producton evaluaton
Center personnel must utilize the relationships between regulatory government agences and the prvate sector when conductng rsk assessments, these relatonshps have already been established and expertise identified. For the nonregulated industry, center personnel should meet with industry officials to dentfy the crtcal nfrastructure and what s avalable. These meetngs wll also lay the foundaton for developng trusted relatonshps wth subject-matter experts. The fuson center should be aware that nformaton gathered by regulatory agences may be protected by regulatons and, therefore, not be subject to dssemnaton. In addton, the center may develop assessments of the vulnerabltes and securty protocols for crtcal facltes. Ths may range from smply mantanng the assessments completed by others to actually partcpatng n on-ste assessments. Ether way, t s mportant that the center receve rsk assessments to aid in threat identification and prevention. The fusion center may consder workng wth the area Jont Terrorsm Task Force (JTTF), Ant-Terrorsm Advsory Councl (ATAC), Informaton Sharng and Analyss Center (ISAC), and the U.S. Department of Homeland Securty (DHS), ncludng the USP3 portal, as well as other state and local authortes, to desgn and mplement operatonal reslency objectves to nclude protectve measures that mtgate vulnerabltes. Included n the resource documents s a secton from the Florda Department of Law Enforcement (FDLE) Terrorism Protection Manual that covers crtcal nfrastructure assessments. Industry-specific subject-matter experts should be used to aid in infrastructure assessments and the identification of rsks assocated wth the prvate sector. Subject-matter experts have the knowledge and tranng to dentfy and assess crtcal nfrastructure assocated wth the prvate ndustry and are valuable assets for fuson centers. Furthermore, workng wth subject-matter experts wll demonstrate contnued collaboraton between prvate ndustres and fuson centers and wll foster trust and the creaton of successful partnershps. If fuson centers are tasked wth conductng crtcal nfrastructure assessments, every effort should be made to protect the results of these assessments. Ths nformaton s senstve and must not be released to nonauthorized personnel. Center management should be aware of local, state, and federal laws regardng the storng and release of ths nformaton. The DHS Office of Preparedness and Office of Intelligence and Analyss (OPOIA) helps deter, prevent, and mtgate consequences in all-hazard environments, assessing threats, explotable vulnerabltes, and consequences. Developed as a result of the Crtcal Infrastructure Informaton Act, the OPOIA can ad centers wth assessments, rsk analyss, and complatons of crtcal nfrastructure assets. More nformaton regardng these programs can be vewed at www.dhs.gov.
It is recommended that analysts or individuals fulfilling the analytc functon adhere to the standards outlned n the booklet. A copy of the booklet s ncluded on the resource CD.
58
Guideline 15
Implementng an annual revew of center drectves and purgng or revsng outdated polces and procedures. Establshng a contractors code of conduct. Ctng of the polcy and procedures manual n the Memorandum of Understandng (MOU) and Non-Dsclosure Agreement (NDA) (Gudelne 5). Outlnng how and from whom ntellgence requrements are determned; e.g., the prvate sector has ntellgence requrements for protecton of ts facltes. Ensurng understandng of and complance wth local and state confidentiality laws and how to appropriately safeguard data. Ctng prvacy polces (local, state, and federal), ncludng the separaton of nformaton, to ensure understandng of and complance wth the prvacy gudelne.
57 Mchael Carpenter, M.A., M.A.T., Put It n Wrtng: The Polce Polcy Manual, FBI Law Enforcement Bulletin, Vol. 69, No. 10, October 2000. 58 Ibd.
59
and adhere to them at all tmes. Areas that may requre polces and procedures nclude: Intellgence process (see Gudelne 1, NCISP). Intellgence collecton requrements. Securty for data, faclty, personnel, and systems (for more nformaton, see Securty (Gudelne 9); Faclty, Locaton, and Physcal Infrastructure (Gudelne 10); and Human Resources (Gudelne 11). Communcatons (for more nformaton, see Interconnectvty [Gudelne 7]). Prvacy (for more nformaton, see Gudelne 8, Prvacy and Cvl Lbertes). Accountablty and revew. Sanctons and volatons of polces and procedures.
In addton to the regulatons of 28 CFR Part 23, the National Criminal Information Sharing Plan (NCISP) also recognizes the followng documents and gudelnes for creatng and mplementng a polces and procedures manual: the Law Enforcement Intelligence Unit (LEIU) Criminal Intelligence File Guidelines and the Justice Information Privacy Guideline.
28 CFR Part 23
Agences that use federal funds to set up or mantan a crmnal ntellgence database (and share nformaton between jursdctons) may need to comply wth the regulatons of 28 CFR Part 23. The regulatons requre agences to have polces and procedures n place regardng ntellgence operatons. The specifics of the policies are left to the individual agencies. A copy of ths regulaton s ncluded on the accompanyng resource CD. Addtonal nformaton may also be found at www.r.com/28cfr.
60
Guideline 16
61
Contnually evaluatng performance measures to extend beyond the crmnal justce nformaton sharng envronment, to nclude publc safety and the prvate sector. Lasng wth the U.S. Department of Homeland Securty (DHS), Office of State and Local Government Coordination and Preparedness, regardng the Target Capabltes Lst.
62
Guideline 17
Establish and maintain the center based on funding availability and sustainability.
Funding Justification
Fundng s crtcal to establshng fuson centers, drectly mpactng a centers longevty and ablty to effectvely and efficiently operate. Often, new initiatives receive start-up funds through government programs and/or grants. Ths seed money s an excellent means of begnnng new projects or programs. Unfortunately, some efforts end because ntal fundng has been spent and no additional funding was identified or obtained to contnue the project. For the long term, t s essental that centers take responsblty for fundng to ensure sustanablty. Fuson centers that have been surveyed regardng ther ongong needs repeatedly cte fundng as a prorty n the development and sustanment of the center.60 It s recommended that management dentfy the needs of the center and dentfy avalable fundng sources from local, state, federal, and nongovernmental sources. Fuson center leadershp should seek to lnk the performance of the center to fundng. As seed money ends, performance measures may be an effectve tool for fuson centers to use n securing funding. Performance measures that cover notifications and ntellgence servces and products demonstrate the success and return on nvestment of a fuson center.
Adherng to reportng requrements (.e., annual report). Ensurng fuson center sustanablty. Identfyng return on nvestment for fuson center partners (e.g., defining what partners will receive as a result of partcpaton).
Center Expenses
To effectvely operate a fuson center, a number of cost elements must be identified and addressed in a budget. Some of these expenses can be shared among partcpatng agences. The followng s a sample lst of budgetary expenses that wll requre fundng: Salary Vehcles Equpment Supples/commodtes Faclty Furnshngs Informaton technology support Communcaton equpment Tranng Travel Contractual (coper, delvery) Prntng Physcal securty (personnel, sensors, specal rooms for federally classified information, and related systems) Communications (high-bandwidth, federally classified nformaton)
60 NGA, Center for Best Practces, State Intellgence Fuson Centers: Recent State Actons, 2005.
63
64
Guideline 18
Develop and implement a communications plan within the fusion center; among all involved law enforcement, public safety, and private sector agencies and entities; and with the general public.
Personnel and partners wthn the fuson center should be aware of the dfferent types of nformaton that may be communcated wthn the fuson center, ncludng publc, senstve, propretary, and secret. These different classification types should determine how fuson centers share nformaton. Fuson center personnel should have a clear understanding of what the classifications are and how they apply to nformaton sharng. When fuson centers develop a communcatons plan, leadershp should antcpate that n the event of a terrorst attack or largescale emergency, phone lnes wll quckly be ted up or dsabled and phone servce lost; therefore, alternate communcaton means should be ncluded n the communcatons plan. For example, f landlne and all phone voce crcuts are jammed, the use of text messagng may be a vable opton. Smlarly, f power s avalable and voce crcuts are jammed, Internet messagng can be utilized. The communications plan should also include personnel recall procedures and, for those enttes that do not supply a full-tme member to the fuson centers, lason call-out procedures. Fusion centers should identify a public information officer (PIO) to ad n the coordnaton of publc and meda nqures nto the fuson center. In the event of a dsaster (man-made or natural), a PIO wll ad n ensurng that fuson center staff are not hndered from conductng ther dutes and redrected to answerng meda queres. A PIO may also perform n a proactve awareness capacty, nformng the meda and the publc of ongong operatons and success stores wthn the fuson center.
65
Ensurng that all enttes have approprate communcaton tools (e.g., vdeo-teleconferencng equpment, pagers, or cell phones wth text-messagng capabltes). Incorporating current communications plans that are utilized by law enforcement and emergency servces (ncludng hospitals, EMS, and fire). Obtanng a cache of rados for fuson center personnel to use n emergency stuatons. If the communcatons plan ncludes rado communcaton, meetng wth law enforcement to dentfy a fuson center rado channel (e.g., specal events channel or specal operatons channel). Settng asde a phone lne only accessble to fuson center personnel and partnerng enttes for emergency communcatons.
Includng a secton that addresses testng the plan to ensure operablty and mantenance of current contact nformaton for fuson center partcpants. Creatng redundancy n the communcatons plan. In advance of an emergency, consultng wth the local telephone provder about avalable backup and alternatve communcatons optons for the fuson center, ncludng moble cellular stes. Equppng the center wth a satellte phone to ensure communcaton beyond the local rado net when, n an emergency, standard connectvty s lost.
66
Next Steps
Fusion centers should strive to institutionalize the relationships establshed wth ts law enforcement, publc safety, and prvate sector partners. It s through these relatonshps that the center wll be truly effectve n the preventon and deterrence of crme and terrorism. As relationships are institutionalized, mistrust and fear of nformaton dsclosure wll dmnsh and effectve and efficient information and intelligence sharing will be seamless. Furthermore, n the event of a dsaster or major crme ncdent, these relatonshps wll be vtal n successfully nvestgatng the crme or gettng essental servces back onlne. In order for the relationships within the fusion center to be institutionalized, fuson center governance should have ongong dalogue wth publc and prvate sector leadershp and agency heads. Fuson centers should become nvolved n exstng ndustry networks and organizations, such as credit card fraud networks. Through these establshed networks, fuson centers can demonstrate effectveness n usng the ntellgence and fuson processes. Tranng must also occur between center personnel and ther publc and prvate partners for successful ntegraton. Ths tranng ncludes awareness of the ntellgence and fuson processes, the types of nformaton and ntellgence crucal to crme preventon, the functon of the fuson center and how t operates, and an understandng of the types of nformaton that the publc and prvate sector enttes can provde to the center. Fuson center tranng should also nclude jont tabletop, functonal, and full-scale exercses wth law enforcement, publc safety, and prvate sector partners. These exercses wll ad
67
n dentfyng the role and the nformaton requrements of both the fuson center and the components and wll also test the communcatons plan. Fuson centers represent a capablty for law enforcement, publc safety, and prvate sector enttes to securely develop and share nformaton and ntellgence n an nnovatve, effectve, and efficient manner. Many of the issues impacting fusion centers have been addressed in this report, specifically those affectng ther ntellgence functon. Undenably, as centers are establshed, addtonal ssues wll arse, best practces wll emerge, and future needs will be identified. This document is not meant to be all nclusve; nstead, the recommendatons contaned heren are the foundaton for a much larger and complex enterprse. As ths process contnues, the members of the three focus groups reman commtted to sharng nformaton about fuson center development, operatons, and servces wth all levels of law enforcement. Further developments and materials will be provided on the Office of Justice Programs (OJP) Web ste at www.t.ojp.gov. As recommended n ths report, fuson centers should be establshed n all states to allow for the maxmum capablty of ntellgence and nformaton exchange. Although these gudelnes are not meant to be mandatory, focus group members urge fundng agences and others to promote and adhere to these mnmum gudelnes.
Movng from a reactve response approach to a proactve and preventve approach wll mprove law enforcements ablty to detect and prevent crme and publc safety personnels capablty to respond to emergences. The fuson center concept s an opportunty to brng together crtcal resources and produce meanngful nformaton and ntellgence for dssemnaton to the rght people at the rght tme for the rght reasons. Through collectve and collaboratve mplementaton, the center, ts personnel, and the citizens the center serves will benefit. A key benefit of fusion centers is minimizing duplication. The U.S. Department of Homeland Securty (DHS), the U.S. Department of Justice (DOJ), and the states must be cognizant of exstng fuson centers and those currently under development (ncludng the Urban Area Securty Intatve [UASI] regons) and leverage and enhance the centers that currently exst. Dstrbuton of the Fusion Center Guidelines: Law Enforcement Intelligence, Public Safety, and the Private Sector s mportant for the maxmum effectveness of fuson centers. It s recommended that DOJ and DHS spearhead efforts to ensure that the gudelnes are dstrbuted to all key components and enttes of fuson centers, ncludng law enforcement, publc safety, and prvate sector enttes.
68
Appendix A
Bob Hardin, Inspector Georga Bureau of Investgaton Chris Holmes, Deputy Program Manager ManTech Informaton Systems and Technology U.S. Department of Homeland Securty Cliff Karchmer, Director Polce Executve Research Forum Clark Kimerer, Deputy Chief Seattle, Washngton, Polce Department Mark Marshall, Chief Smithfield, Virginia, Police Department Jerry Marynik, Administrator State Terrorsm Threat Assessment Center Calforna Department of Justce Mary Meyer, Officer Mnnesota Department of Publc Safety Peter A. Modafferi, Chief Rockland County, New York, Dstrct Attorneys Office Doug Poole, Acting Chief U.S. Drug Enforcement Admnstraton Russ Porter, Chief Iowa Department of Publc Safety Don Robertson Georga Bureau of Investgaton Richard A. Russell, Director U.S. Department of Homeland Securty
Kurt Schmid, Senior Advisor Office of National Drug Control Policy Clark Smith, Senior Information Technology Specialist U.S. Department of Justce Mike Snyders, Lieutenant Colonel Illnos State Polce Nicholas Theodos, Major New Jersey State Polce Mark Zadra, Chief of Investigations Florda Department of Law Enforcement
A-1
Thomas J. Richardson, Captain Seattle, Washngton, Fre Department Mark Zadra, Chief of Investigations Florda Department of Law Enforcement
Freeman Mendell, First Assistant Informaton Technology Systems Laurence Mulcrone, Director of Security and Safety McCormck Place/Navy Per Colin Nurse, National Technology Officer, State and Local Government Mcrosoft Corporaton Thomas J. OReilly, Administrator New Jersey Office of the Attorney General Russell Porter, Assistant Director Iowa Department of Publc Safety Daniel Rattner, Principal D. M. Rattner and Assocates Richard Ryan, Assistant Deputy Director, Corporate Security Archer Danels Mdland Company Dan Sauvageau, Vice President Fdelty Investments Thomas Seamon, Chair Prvate Sector Lason Commttee Charman Internatonal Assocaton of Chefs of Polce
A-2
Acknowledgements
Robert G. Beecher, Private Sector Liaison U.S. Department of Homeland Securty Daron Borst, Supervisory Special Agent Federal Bureau of Investgaton Tom Brozycki, Investigator Upstate New York Regonal Intellgence Center Hyuk Byun, Program Executive, Communications and Information Technology Natonal Insttute of Justce Scott Charbo, Chief Information Officer U.S. Department of Homeland Securty David Clopton, Ph.D. Natonal Insttute of Justce R. Scott Crabtree, Section Chief Federal Bureau of Investgaton Harvey Eisenberg, Coordinator Ant-Terrorsm Advsory Councl of Maryland Richard T. Garcia, Regional Security Advisor Shell Internatonal Donald J. Good, Unit Chief Federal Bureau of Investgaton Bob Greeves, Policy Advisor U.S. Department of Justce Corey Gruber, Director U.S. Department of Homeland Securty
Julie Hamilton DFI Government Servces Kelly Harris, Deputy Executive Director SEARCH, The Natonal Consortum for Justce Informaton and Statstcs Ronald P. Hawley, Executive Director SEARCH, The Natonal Consortum for Justce Informaton and Statstcs Matthew Jack, Supervisory Special Agent U.S. Department of Homeland Securty Richard Kelly, Director New Jersey State Polce Joseph Eric Kennedy, Deputy Director Liaison U.S. Department of Homeland Securty Harri J. Kramer U.S. Department of Homeland Securty Erin Lee, Senior Policy Analyst Natonal Governors Assocaton, Center for Best Practces Christopher Logan, Senior Policy Analyst Natonal Governors Assocaton, Center for Best Practces George Marenic U.S. Department of Homeland Securty Erik Miller Federal Bureau of Investgaton John Millican New Jersey State Polce John Morgan, Ph.D., Assistant Director for Science and Technology Natonal Insttute of Justce
Rodney A. Morgan, Jr., Unit Chief Federal Bureau of Investgaton Brady K. OHanlon, Program Manager U.S. Department of Homeland Securty Diane Pitts, Intelligence Analyst U.S. Department of Homeland Securty Richard Randall, Sheriff Kendall County, Illinois, Sheriffs Office Sue Reingold, Associate Director U.S. Department of Homeland Securty Robert Riegle, Executive Officer U.S. Department of Homeland Securty Diego Rodriquez, Unit Chief Federal Bureau of Investgaton Jeffrey Sands, Special Advisor U.S. Department of Homeland Securty Lane B. Scheiber, Ph.D. Insttute for Defense Analyses Dennis Schrader, Director Maryland Governors Office of Homeland Securty Kelly Tapp, Communications Manager U.S. Department of Justce Karen Waterman U.S. Department of Homeland Securty Colleen Wilson U.S. Department of Homeland Securty
A-3
A-4
Appendix B
Guideline 4Collaboration
Communty Collaboraton, www. communtycollaboraton.net
FBIs LEO Program, www.fb.gov/hq/cjsd/leo.htm Fnancal Crmes Enforcement Network (FnCEN), www.fincen.gov High Intensity Drug Trafficking Areas (HIDTA), www.whtehousedrugpolcy. gov/hdta/ndex.html Homeland Securty Informaton Network (HSIN), www.dhs.gov/ dhspublc/dsplay?content=3350 Internatonal Assocaton of Crme Analysts (IACA), www.aca.net Internatonal Assocaton of Law Enforcement Intellgence Analysts (IALEIA), www.alea.org Internatonal Crmnal Polce Organization (INTERPOL), www. usdoj.gov/usncb Law Enforcement Intellgence Unt (LEIU), www.leu-homepage.org/ ndex.php Natonal Crme Informaton Center (NCIC), www.fb.gov/hq/cjsd/ncc.htm Natonal Drug Intellgence Center (NDIC), www.usdoj.gov/ndc Natonal Whte Collar Crme Center (NW3C), www.nw3c.org and www. tranng.nw3c.org NletsThe Internatonal Justce and Publc Safety Informaton Sharng Network, www.nlets.org RISS Automated Trusted Informaton Exchange (ATIX), www.rssnfo.com/ rssatx.htm RISSNET, www.rssnfo.com
Guideline 3Governance
Bylaws Sample Template Board Gudelnes, www.mapnp.org/ lbrary/boards/boards.htm Global Justce Informaton Sharng Intatve Advsory Commttee Bylaws, http://t.ojp.gov/documents/ GACBylaws.pdf Parlamentary Procedures, www. rulesonlne.com
B-1
Guideline 7Interconnectivity
A Critical Look at Centralized and Distributed Strategies for LargeScale Justice Information Sharing Applications (a whte paper prepared by the IJIS Insttute) A Framework for Justice Information Sharing: Service-Oriented Architecture (SOA), http://t.ojp. gov/documents/200409_Global_ Infrastructure_Report.pdf Global Justce XML Data Model (Global JXDM), www.t.ojp.gov/gjxdm Justce Informaton Exchange Model, www.search.org/programs/nfo/jem.asp Model Intellgence Database Polcy
Minimum Criminal Intelligence Training Standards for United States Law Enforcement and Other Criminal Justice Agencies, www.t.ojp.gov/ documents/mnmum_crmnal_ntel_ tranng_standards.pdf Natonal Whte Collar Crme Center (NW3C), www.nw3c.org
Guideline 9Security
Applying Security Practices to Justice Information Sharing, http://t.ojp.gov/ documents/asp/ntroducton/ndex.htm Crtcal Infrastructure Informaton Act of 2002, www.dhs.gov/nterweb/ assetlbrary/CII_Act.pdf Natonal Insttute of Standards and Technology (NIST) template and example polces, http://csrc.nst. gov/fasp Safeguarding Classified and Sensitive But Unclassified Information, Reference Booklet for State, Local, Tribal, and Private Sector Programs, U.S. Department of Homeland Securty, May 2005
Guideline 17Funding
Summary of Fundng Resources The U.S. Governments Official Web Portal, www.firstgov.gov
B-2
Organization Links
CopNet, www.copnet.org Defense Informaton Systems Agency, www.dsa.ml FBI Terrorsm Informaton, http://www. fb.gov/terrornfo/counterrorsm/ waronterrorhome.html Internatonal Assocaton of Crme Analysts (IACA), www.aca.net Internatonal Assocaton of Law Enforcement Intellgence Analysts (IALEIA), www.alea.org Integrated Justce Informaton Systems Insttute, www.js.org
Natonal Assocaton of Countes, www.naco.org Natonal Assocaton of State Chef Information Officers, www.nasco.org Natonal Governors Assocatons Project on Justce Informaton Sharng, www.nga.org Office of Management and Budget, www.omb.gov Office of Justice Programs, U.S. Department of Justce, www.t.ojp.gov Regonal Informaton Sharng Systems, www.rssnfo.com
SEARCH, The Natonal Consortum for Justce Informaton and Statstcs, www.search.org Terrorsm Research Center, www.terrorsm.com U.S. Department of Defense News, www.defendamerca.ml U.S. Department of Homeland Securty, www.dhs.gov U.S. Department of Justce, www.justce.gov U.S. Department of State, www.state.gov/s/ct
B-3
B-4
Appendix C
Functional Categories
Collaboraton and ntegraton are key to the success of fuson centers. The Publc Safety and Prvate Sector Fuson Center Focus Groups (FCFGs) developed overarchng functonal categores composed of the dfferent enttes that make up these components. The categores are not comprehensve but provde a startng pont for fuson centers to utilize when integrating the dfferent facets of law enforcement, publc safety, and the prvate sector. Indvdual fuson centers should dentfy the crtcal enttes wthn ther partcular jursdcton to ncorporate nto the center. The categores nclude: Agrculture, Food, Water, and the Envronment Bankng and Fnance Chemical Industry and Hazardous Materals Crmnal Justce Educaton Emergency Servces (Non-Law Enforcement) Energy Government Health and Publc Health Servces Hosptalty and Lodgng Informaton and Telecommuncatons Mltary Facltes and Defense Industral Base Postal and Shppng Prvate Securty Publc Works Real Estate Retal
Informaton receved from these categores and assocated enttes should be used for threat and crme preventon. Applcable local, state, and federal laws should be followed when nformaton s provded to fuson centers. In addton, ths nformaton may be used for crmnal investigations with an identified criminal predcate.
Lsted below are varous enttes that fuson centers should consder for ntegraton. U.S. Department of Agrculture (USDA), www.usda.gov/ U.S. Department of Health and Human Servces, www.hhs.gov U.S. Envronmental Protecton Agency, www.epa.gov State agrculture departments Food/water producton facltes (farm/ ranch/preharvest) Food/water processng facltes Grocery stores/supermarkets Restaurants Informaton Sharng Analyss Centers (ISAC) Agrculture Food Water Food and Agrculture Sector Coordnatng Councl
C-1
n ongong crmnal nvestgatons, e.g., account nformaton and credt hstory (with applicable legal authorization). The enttes nclude: U.S. Department of the Treasury, www.ustreas.gov Fnancal Crmes Enforcement Network (FnCEN), www.fincen.gov State financial departments Bankng companes Investment companes Credt card companes Credt report companes Securities firms Fnancal servces ISAC Fnancal Servces Sector Coordnatng Councl www.fsscc.org/
U.S. Secret Servce U.S. Postal Inspecton Servce U.S.P.S. Office of Inspector General
Criminal Justice
These are components of local, state, trbal, and federal governments and are responsble for the management of crmnal convcton, ncarceraton, reform, and rentegraton (.e., law enforcement, courts, and correctons). Ths category can provde fuson centers wth a varety of nformaton, ncludng crme trends and threat assessments. In addton, ths component can provde bookng photos, bographcal nformaton, and hstorcal crmnal actvty regardng persons, businesses, and organizations. Criminal justce enttes can provde fuson centers wth strategc and tactcal nformaton and ntellgence. The followng s a complaton of organizations that should be considered when ntegratng the crmnal justce sector nto fuson centers. Ths lst s not exhaustve but should be used as a foundaton. Also provded are examples of the types of nformaton avalable to share. The enttes nclude: Law Enforcement Agencies: Can provde fuson centers wth a varety of nformaton, ncludng crme trends, drug and threat assessments, case nformaton (volent crme, economc crme, narcotcs, and terrorism), seizure information, and crmnal actvty, both hstorcal and current, on persons, busnesses, organizations, and locations. Local law enforcement Cty and county College and unversty polce departments State law enforcement Hghway patrol State agences wth nvestgatons bureaus Trbal law enforcement Federal law enforcement Federal Bureau of Investgaton U.S. Marshals Servce U.S. Drug Enforcement Admnstraton Bureau of Alcohol, Tobacco, Frearms and Explosves U.S. Immgraton and Customs Enforcement
Court System: Can provde nformaton on crmnal cases, crmnal hstory, dspostons, and bographcal nformaton on targets.
Corrections Agencies: Can provde fuson centers wth bookng photos, last known addresses, gang nformaton, names of assocates and relatves (vstors), and bographcal nformaton. County jal State prson system Federal Bureau of Prsons
Probation and Parole Agencies: Can provde nformaton regardng employment nformaton of suspects and current addresses of suspects. Probation officers Parole board
Education
Ths category s composed of organizations and businesses that are responsble for the educaton of chldren and adults. Enttes wthn ths component can provde fuson centers wth nformaton regardng suspcous actvtes occurrng on and around school grounds, as well as nformaton on crtcal nfrastructure and assocated rsk assessments. In addton, n the event of a terrorst ncdent or crme relatng to schools, t s mportant for fuson centers to have establshed partnershps to ad n communication and information flow. The enttes nclude: Day care centers Preschools Prmary and secondary schools Postsecondary schools Colleges and unverstes Techncal schools
C-2
Emergency Services
(Non-Law Enforcement) Enttes wthn ths category are components of local, state, trbal, and federal governments and are responsble for the protecton and safety of lves and property wthn a jursdcton. Commonly one of the first responders to an incident, the Emergency Medcal Servces category can provde both strategc and tactcal nformaton. Below s a lst of emergency servces enttes; ths lst s not comprehensve but provdes fuson centers wth a foundaton to buld on. The enttes nclude: Fire: Can provde assessments on types of fires, how specific fires are started, and ongoing fire investigation information. Local fire departments Private fire departments U.S. Fre Admnstraton, www.usfa.fema.gov U.S. Fre Marshal Forestry departments
Civil Air Patrol: Can offer a varety of servces, ncludng homeland securty mssons, counterdrug mssons, and search-and-rescue operatons. Health: Dependng on the ncdent (e.g., whte powder ncdents), health department representatves may take part n response efforts. See the Health and Publc Health Servces category for addtonal health nformaton.
Motor Vehicle Administration: Can provde tactcal nformaton to fuson centers regardng drvers lcense nformaton, motor vehcle regstraton, vehicle body files, and suspicious nformaton concernng attempts to obtan drvers lcenses. Parks and Recreation Departments: Can provde nformaton regardng suspcous actvty n and around local parks. U.S. Division of Forestry: Can provde nformaton regardng suspcous actvtes wthn a natonal park nvolvng persons, vehicles, and fires.
Energy
Ths category contans enttes that focus on the development and dstrbuton of energy-related products. These enttes can provde strategc and tactcal nformaton, ncludng crtcal nfrastructure nformaton, rsk assessments, and suspcous ncdents. Ths lst s not comprehensve, and the energy component should be evaluated n each jursdcton to determne fuson center needs. The enttes nclude: U.S. Department of Energy, www.energy.gov Nuclear power plants Electrcty companes Utltes Ol companes Natural gas companes North Amercan Electrc Relablty Councl
Emergency Medical Services (EMS): Can provde nformaton regardng types of njures occurrng at an ncdent and suspcous actvty that EMS techncans may observe while performing official dutes. Local fire departments Hosptal Prvate EMS servces
Government
Ths category s composed of enttes that enable the government to carry out its official duties, including licensing and regulaton of enttes (people, busnesses, and organizations). These entities vary but should be consdered for ncluson nto fuson centers. The followng lst s not exhaustve, and the fuson center should determne what enttes to nclude. Game and Fish: Can provde fuson centers wth nformaton on suspcous actvty as t relates to boatng, such as nformaton regardng crmnal nvestgatons (e.g., drug nterdcton and vessel identification). Government Administration: Can provde varous types of nformaton pertanng to tax and ttle, crtcal nfrastructure, emergency plannng, and cvl records, ncludng property appraser, mortgages, deeds, and cvl suts.
Hazardous Materials: Can provde nformaton on dfferent types of hazardous materials and hazardous materal splls, as well as ncdent and operatons data. Local fire departments Envronmental Protecton Agences U.S. Department of Transportaton, Office of Hazardous Materials Safety, http://hazmat.dot.gov/ Private hazardous material contractors
Emergency Management: Can provde nformaton on locaton of crtcal infrastructure, notifications of declared emergences, and threat assessments. Emergency management drectors Federal Emergency Management Agency
C-3
Health Departments: Can provde nformaton on dsease trends, local dsease outbreaks, and vtal statstcs. Local and state health departments U.S. Department of Health and Human Servces, www.hhs.gov
Cyber Security Informaton Technology ISAC Research and Educaton Networkng ISAC Mult-State ISAC Unted States Computer Emergency Readness Team (US-CERT), www.us-cert.gov Natonal Cyber Securty Dvson (NCSD) Law Enforcement and Intellgence Branch
Hospitals: Can provde nformaton regardng suspcous ncdents and patent nformaton. In addton, hosptals are vtal n response efforts to gauge types of njures, total number njured, and hosptal capacty. Disease Control: Can provde dsease assessments, nformaton regardng dsease outbreaks, and nformaton on laboratores that can assst wth response and recovery efforts. Local and state health departments Centers for Dsease Control and Preventon (CDC), www.cdc.gov
Food Safety: Can provde nformaton regardng food and waterborne dseases, ncludng reportng of suspcous ncdents and nvestgatve efforts. Health departments Centers for Dsease Control and Preventon, www.cdc.gov/ foodborneoutbreaks/ U.S. Department of Agrculture, www. fss.usda.gov/Fact_Sheets/ndex.asp
Medical Examiners/Death Investigators: Can provde nformaton regardng suspcous deaths, types of death, and causes of death. Mental Health Facilities: Can ad n response and recovery efforts. Pharmaceutical: Can provde stockple nformaton and nformaton relatng to crtcal nfrastructure and suspcous actvty surroundng chemcal plants. Primary Care Physicians: Can provde nformaton regardng suspcous njures and dseases and bographcal nformaton. Veterinary: Can provde nformaton relatng to suspcous actvtes regardng dsease outbreaks n anmals and can ad n response efforts.
Communications
C-4
to fuson centers about the types of mal that are beng sent to target homes or busnesses. The enttes nclude: U.S. Post Office Shppng companes
Private Security
When establshng a fuson center, prvate securty enttes should be consdered because they may be able to provde crtcal nfrastructure nformaton, suspcous actvty reports, and busness contnuty plans. The enttes nclude: Corporate security offices Prvate securty companes Alarm companes Armored car companes Investigative firms
dstrbuton centers, and onlne stores. These enttes may provde nformaton on suspcous actvty n and around the shopping complex, identification of vulnerabltes assocated wth the complex, crtcal nfrastructure nformaton, and nvestgatve leads, ncludng CCTV nformaton. The enttes nclude: Malls Retal stores Shoppng centers
lst s not exhaustve but should be used as a foundaton. Ths category can provde access to nformaton regardng the varous transportaton corrdors throughout the Unted States. Further, t can offer both strategc and tactcal nformaton that can be ncorporated nto the ntellgence and fuson processes. Transportatonrelated agences can dentfy the rsks and vulnerabltes of potental target areas, such as roads and ralways that have direct access to hazardous waste sites and ports that house nformaton on the types of shps that are docked and the cargo they carry. The enttes nclude: Aviation: Can provde nformaton regardng arport crtcal nfrastructure, suspcous actvty, tems that have been confiscated, accident analyses, and types of cargo that are beng shpped. Transportaton Securty Admnstraton (TSA), www.tsa.gov Office of Aviation Safety (Component of Natonal Transportaton Safety Board [NTSB]), www.ntsb.gov Federal Avaton Admnstraton (FAA), www.faa.gov Avaton Safety Reportng System (ASRS), http://asrs.arc.nasa.gov/ State department of transportaton State aeronautcs commsson Arport authorty Commercal arlne carrers Prvate shppng companes (e.g., FedEx and UPS)
Social Services
These enttes are composed of local, state, trbal, and federal government agences and the prvate sector and are responsble for provdng servces that help mprove peoples standard of lvng. Ths category can provde nformaton regardng the functon and responsbltes of many avalable programs and servces. Socal servce agences can be the source of a varety of nformaton, ncludng welfare fraud. These programs and servces can provde communty support, educaton, and plannng assstance n preparaton for and response to a potental terrorst attack. The enttes nclude: State and Child Welfare: Can provde nformaton regardng welfare fraud, electronic benefits transfer fraud, bographcal nformaton on targets of nvestgatons and, wth proper authorization, employment-related nformaton on targets. U.S. Department of Health and Human Servces Department of Chldren and Famles
Public Works
These enttes are responsble for nfrastructure created for publc use. Enttes wthn ths category may provde nformaton regardng suspcous actvty and crtcal nfrastructure, as well as subject-matter experts who may help dentfy rsks assocated wth publc works. The enttes nclude: State department of transportaton Water management dstrcts Santaton Waste management Road constructon companes
Real Estate
These enttes focus on the real estaterelated ndustry. Enttes wthn ths category can provde nformaton regardng suspcous actvtes (e.g., suspicious fires, persons, and activities) and ongong case-related nformaton wth proper authorization. The entities include: Apartment facltes Faclty management companes Housng authortes Real Estate ISAC
Highway: Can provde nformaton on critical infrastructure, traffic crashes, nterdcton efforts, llegal products that have been seized, and cargo information. Federal Hghway Admnstraton (FHWA), www.fhwa.dot.gov Federal Motor Carrer Safety Admnstraton (FMCSA), www.fmcsa. dot.gov National Highway Traffic Safety Admnstraton (NHTSA), www.nhtsa. dot.gov Office of Highway Safety (Component of NTSB), www.ntsb.gov/Surface/ hghway/hghway.htm State department of transportaton Turnpke authorty Publc transt
Transportation
Each level of government (local, state, trbal, and federal) and the prvate sector have transportaton enttes whose responsbltes nclude avaton, ral, publc transportaton, hghway, and martme servces. Both governmental and prvate transportaton enttes should be consdered when jursdctons are establshng a fuson center. The following is a compilation of organizations that should be consdered when ntegratng the transportaton sector. Ths
Retail
These companies and organizations are nvolved n the retal ndustry; ths can nclude shoppng malls, wholesale stores,
C-5
Maritime: Can provde nformaton on port crtcal nfrastructure, vessel nformaton, cargo nformaton, suspcous activity, and contraband seizures. U.S. Coast Guard, http://www.uscg. ml/USCG.shtm Martme Admnstraton (MARAD), www.marad.dot.gov/ndex.html Sant Lawrence Seaway Development Corporaton (SLSDC), www.seaway. dot.gov Office of Marine Safety (Component of NTSB), www.ntsb.gov/surface/marne/ marne.htm Port authorty Ports councl Brdge and tunnel authorty Harbor master and/or commander
Rail: Can provde nformaton on crtcal nfrastructure (e.g., the locaton of ral lnes) and types of cargo beng shpped, including hazmat information. Various prvate sector ral enttes also have law enforcement components. Federal Ralroad Admnstraton (FRA), www.fra.dot.gov Federal Transt Admnstraton (FTA), http://transt-safety.volpe.dot.gov Surface Transportaton Board (STB), www.stb.dot.gov Office of Railroad, Pipeline, and Hazardous Materials Safety (Component of NTSB), www.ntsb. gov/ralroad/ralroad.htm State department of transportaton Ral authorty Amercan Ralroad Assocaton
C-6
Appendix D
HSAC Homeland Security Intelligence and Information Fusion Report April 28, 2005
U.S. Department of Homeland Securty Homeland Securty Advsory Councl Intellgence And Informaton Sharng Intatve: Homeland Securty Intellgence & Informaton Fuson Joseph J. Grano, Jr. Charman Homeland Securty Advsory Councl William H. Webster Vce Charman Homeland Securty Advsory Councl Daniel J. Ostergaard Executve Drector Homeland Securty Advsory Councl Mitt Romney Charman Intellgence & nformaton Sharng Workng Group John Cohen Executve Drector Intellgence & nformaton Sharng Workng Group Michael J. Miron Drector Intellgence & nformaton Sharng Workng Group
and how they operate, how they are supported, the targets the enemes ntend to attack, and the method of attack they ntend to use. Ths nformaton should serve as a gude for efforts to: Identfy rapdly both mmedate and long-term threats; Identfy persons nvolved n terrorsmrelated actvtes; and Gude the mplementaton of nformaton-drven and rskbased preventon, response, and consequence management efforts.
Terrorsm-related ntellgence s derved by collecting, blending, analyzing, and evaluatng relevant nformaton from a broad array of sources on a contnual bass. There s no sngle source for terrorsmrelated nformaton. It can come through the efforts of the ntellgence communty; Federal, State, trbal, and local law enforcement authortes; other government agences (e.g., transportaton, healthcare, general government), and the prvate sector (e.g., transportation, healthcare, financial, Internet/nformaton technology). For the most part, terrorsm-related nformaton has tradtonally been collected outsde of the Unted States. Typcally, the collecton of ths type of nformaton was vewed as the responsblty of the ntellgence communty and, therefore, there was lttle to no nvolvement by most State and local law enforcement enttes. The attacks of September 11, 2001, however, taught us that those wantng to commt acts of terrorsm may lve n our local communtes and be engaged n
crmnal and/or other suspcous actvty as they plan attacks on targets wthn the Unted States and ts terrtores. Important ntellgence that may forewarn of a future attack may be derved from nformaton collected by State, trbal, and local government personnel through crme control and other routne actvtes and/or by people lvng and workng n our local communtes. Successful counterterrorsm efforts requre that Federal, State, trbal, local, and prvatesector enttes have an effectve nformaton sharng and collaboraton capablty to ensure they can seamlessly collect, blend, analyze, disseminate, and use nformaton regardng threats, vulnerabltes, and consequences n support of preventon, response, and consequence management efforts. The Presdent and the U.S. Congress have drected that an nformaton sharng envronment (ISE) be created n the next two years to facltate nformaton sharng and collaboraton actvtes wthn the Federal Government (horizontally) and between Federal, State, trbal, local, and prvate-sector enttes (vertcally). The concept of ntellgence/nformaton fuson has emerged as the fundamental process (or processes) to facltate the sharng of homeland securty-related nformaton and ntellgence at a natonal level, and, therefore, has become a gudng prncple in defining the ISE.
Background
Effectve terrorsm-related preventon, protecton, preparedness, response, and recovery efforts depend on tmely, accurate, and actonable nformaton about who the enemes are,61 where
61 Includng ther capabltes, ntentons, strengths, weaknesses.
D-1
and trends that may be ndcatve of an emergng threat condton. Although the prmary emphass of ntellgence/ nformaton fuson s to dentfy, deter, and respond to emergng terrorsm-related threats and risks, a collateral benefit to State, trbal and local enttes s that t wll support ongong efforts to address nonterrorsm related ssues by: Allowng State and local enttes to better dentfy and forecast emergng crme, publc health, and qualty-of-lfe trends; Supportng targeted law enforcement and other multdscplnary, proactve, rsk-based and communty-focused, problem-solvng actvtes; and Improvng the delvery of emergency and nonemergency servces. Effectve ntellgence/nformaton fuson requres the followng: The use of common termnology, definitions, and lexicon by all stakeholders; Up-to-date awareness and understandng of the global and domestc threat envronment; A clear understandng of the lnks between terrorsm-related ntellgence and nonterrorsm-related nformaton (e.g., flight school training, drug trafficking) so as to identify those actvtes that are precursors or ndcators of an emergng threat; Clearly defined intelligence and nformaton requrements wth the Federal ntellgence communty that prioritize and guide planning, collecton, analyss, dssemnaton, and reevaluaton efforts; Identfyng crtcal nformaton repostores62 and establshng the processes, protocols, procedures, and techncal capabltes to extract nformaton and/or ntellgence from those repostores; Relance on exstng nformaton pathways and analytc processes as ssble;
All-hazards and all-crimes approach to defining information collection, analyss, and dssemnaton; Clear delneaton of roles, responsbltes, and requrements of each level and sector of government nvolved n the fuson process; Understandng and elmnaton of mpedments to nformaton collecton and sharng (.e., t should be a prorty for the Federal Government to provde State, local, and trbal entities unclassified terrorism-related nformaton/ntellgence so that t can be ntegrated nto statewde and/or local fuson efforts); Capacty to convert nformaton nto operatonal ntellgence; Extensve and contnuous nteracton wth the prvate sector and wth the publc at large; Connectvty (techncal and/or procedural) wth crtcal ntellgence streams, analyss centers, communcaton centers, and nformaton repostores at all levels of classification as necessary; Extensve partcpaton of subjectmatter experts (SMEs) n the analytcal process; and Capacty and commtment to ensure aggressve oversght and accountablty so as to protect aganst the nfrngement of consttutonal protectons and cvl lbertes.
The fuson process s a key part of our natons homeland securty efforts. Ths process supports the mplementaton of rsk-based, nformaton-drven preventon, response, and consequence management programs. Smultaneously, t supports efforts to address mmedate and/or emergng, threat-related crcumstances and events. Although the collecton, analyss, and dssemnaton of terrorsmrelated ntellgence s not the sole goal of the fuson process, one of the prncpal outcomes should be the identification of terrorsm-related leadsthat s, any nexus between crme-related and other nformaton collected by State, local, trbal, and prvate enttes and a terrorist organization and/or attack. The fuson process does not replace or replicate mission-specific intelligence and nformaton management processes and systems. It does, however, leverage nformaton and ntellgence developed through these processes and systems to support the rapid identification of patterns
62 These repostores are not lmted to those mantaned by law enforcement enttes. For example, crtcal nformaton may be contaned n systems supportng medcal examners (unattended death), publc health enttes, emergency rooms (nformaton smlar to the Drug Abuse Warnng Network program), envronmental regulatory nspectors, transportaton enttes, housng nspectors, health nspectors, buldng code nspectors, etc.
D-2
fuson process establshed by the State. Other localtes, trbal governments, and even prvate-sector enttes should develop a process to nterlnk and partcpate n these statewde (or UASI) fuson efforts. The publc should be engaged through publc educaton programs that descrbe what they should look for and what to do f they observe suspcous actvtes or crcumstances. Efforts should be organized and managed on a geographc bass and scalable so adjustments can be made based on changes n the operatng and/or threat envronment. Whle natonal standards and gudelnes should gude the institutionalization of the process, the actual technologcal nfrastructure and operatonal protocols used by ndvdual jursdctons should be based on the management structure, specific needs, and capabltes of each ndvdual jursdcton.
Define collection requirements based on results of rsk assessments. Identfy the crcumstances or events (e.g., crme, publc health) that represent ndcators and/or precursors of threats. Identfy the sources and/or repostores of data and nformaton regardng ndcators and precursors. Identfy the exstng capacty to collect key nformaton from exstng sources. Identfy collecton gaps and mtgate. Define public education, and other actvtes necessary to enhance stuatonal awareness by the publc. Develop tranng for front lne law enforcement and other personnel so that they can better dentfy suspcous actvtes that may represent plannng and/or operatonal actvty by terrorst group. Ensure a mechansm exsts to support reportng of collected nformaton (e.g., 9-1-1, tplne, Internet, connectvty to key nformaton systems). Identfy regulatory, statutory, prvacy, and/or other ssues that mpede collecton and sharng of nformaton. Develop (n partnershp wth private-sector officials) detailed knowledge of vulnerabltes and consequence n the prvate sector to possble terrorst attacks to assess the lkelhood of attack, the lkely methods of attack, the lkely equpment and substances used to carry out such an attack, and dentfy plannng actvtes. Collection Communcate collecton requrements to relevant State, trbal, local, and prvate-sector enttes. Implement stuatonal awareness actvtes (e.g., tranng, publc educaton). Mtgate mpedments to collecton. Compile classified and unclassified data, information and
ntellgence generated by people and organizations. Serve as the 24/7/365 ntal pont of contact for nformaton provded by the U.S. Department of Homeland Securty, Department of Defense, Department of Justce, Federal Bureau of Investgaton, and other Federal enttes (va telephone calls, Homeland Securty Informaton Network/Jont Regonal Informaton Exchange System, LEO, e-mal bulletns, VTC, fax) for the recept of the followng: Immediate threat-specific information (classified and unclassified) Long-term threat information (classified and unclassified) Tactics and methods used by terrorists (classified and unclassified) Integrate wth other reportng systems (e.g., 9-1-1, 3-1-1), and establsh and mantan further, easy-to-use capablty for the publc reportng of suspcous actvty n conjuncton wth the Jont Terrorsm Task Force (e.g., nternet, toll-free tplne). Establsh a process to dentfy and track reports of suspcous crcumstances (e.g., preoperatonal survellance, acquston of tems used n an attack). Analysis Blend data, nformaton, and ntellgence receved from multple sources. Reconcile, deconflict data, and valdate as to credblty of data, nformaton and ntellgence receved from collecton sources. Evaluate and analyze data and nformaton usng SMEs. Identify and prioritize the risks faced by the jursdcton (e.g., State, local). Produce value-added ntellgence products that can support the development of performancedrven, rsk-based preventon, response, and consequence management programs. Identify specific protective measures to dentfy and dsrupt
D-3
potental terrorst attacks durng the plannng and early operatonal stages. Dissemination, Tasking, and Archiving Identfy those enttes and people (e.g., officials, executives) responsble for developng and mplementng preventon, response, and consequence management (publc and prvate) efforts. Provde relevant and actonable ntellgence n a tmely manner to those enttes responsble for mplementng preventon, response, and consequence management efforts (publc and prvate sector). Archve all data, nformaton, and ntellgence to support future efforts. Support the development of performance-based preventon, response, and consequence management measures. Establsh the capacty to track performance metrcs assocated wth preventon, response, and consequence management efforts. Provde feedback to nformaton collectors. Reevaluation Track the achevement of preventon, response, and consequence management program performance metrcs so as to evaluate mpact on the rsk envronment. Update threat, vulnerablty, and consequence assessments so as to update the rsk envronment.
Assess effectveness of natonal (.e., Federal, State, trbal, and local) ntellgence and nformaton collecton requrements process. Modification of Requirements Modfy collecton requrements as necessary. Communicate modifications in a tmely manner.
D-4
Appendix E
Justification
Law enforcement and homeland securty partners operate myrad systems for collecting, maintaining, analyzing, and sharng data and nformaton crtcal to carryng out ther respectve mssons. Creatng the capacty to share nformaton among and between agences, levels of government, and a varety of dscplnes ndeed, creatng an enterprse approach means overcomng establshed barrers to data exchange. It nvolves understandng cross-jursdctonal nformaton needs and the data exchanges that cross sometmes radcally dfferent lnes of busness. Informaton exchange n any envronment s trggered by nternal or external events. In the justce system and homeland securty envronments, these trggerng events are the key decson ponts n our routne busness processes, such as an arrest, a traffic accident involving hazardous materials, a release from prson, or a terrorst ncdent. In order to share ntellgence electroncally, t s essental to understand the nature of these busness processes, decson ponts, and trggerng events. Most organizations do an adequate job of applyng technology n ther nternal envronments. On the other hand,
most nformaton exchange between organizations is not developed with smlar rgor, followng the anarchy model. In the anarchy model, each nterface s a custom nterface, and decsons about nformaton sharng are made wthout regard for other data that may pass between the same two organizations and without regard for other agences that may need the same nformaton. As nterfaces are constructed wth ths anarchy model, archtectural decsons are made that may constran future efforts to share data by organizations that may have no nterest n these orgnal exchanges. For example, a decson by courts and prosecutors to establsh a data warehouse as a central locaton for sharng documents electroncally wll make it more difficult and expensive for law enforcement agences to develop a mddleware approach for sharng traffic accident information. In a second example, law enforcement agences and the courts may decde on an approach for sharng ctaton nformaton electroncally, wthout consultng the prosecutor, the state motor vehcle dvson, or the state crmnal hstory repostory, whch also have an nterest n electronc ctaton data. There are two problems that result from applcaton of the anarchy model: 1) the archtecture that evolves s seldom optmal and often s nadequate for most other nformaton exchange, and 2) efforts to expand nformaton exchange generally end up collapsng beneath ther own weght as the number of data tradng partners ncreases. What s needed s an enterprse model for desgnng
nformaton exchange for fuson centers. An enterprse approach consders all of the nformaton exchange needs of all stakeholders when developng the ntegraton archtecture. Whether nterfaces between systems for sharng ntellgence consst of smple queres and responses, or are more sophstcated transactonal processes that buld central ndex entres or populate data warehouses, t s mportant to document and analyze this information exchange at the plannng stage of a project and to create a blueprnt at the enterprse level for sharng data electronically that capitalizes on efficiency, accuracy, and tmelness. Ths desgn should be created by busness experts from the participating organizations, under the drecton of polcy leaders and wth the assstance of technologsts. It should be based on a dscplned examnaton of current busness practces, exstng technology, and paper and electronc exchange of ntellgence that already s occurrng.
E-1
wth the Global Justce XML Data Model (GJXDM), allowng easy mportng of model components to desgn electronc documents. Soon t wll be lnked wth the ablty to mport and export XML schema and other Informaton Exchange Package Documentaton (IEPD) artfacts that are essental to mplementng the GJXDM. Ths wll eventually enable justce agences to seamlessly generate (and, f need be, re-generate) GJXDM complant nformaton exchanges from the busness rules encapsulated n JIEM, ensurng that they can be rapdly adapted to the needs of an ncreasngly dynamc envronment. JIEM s also beng enhanced to support the exchange of nformaton not only wthn domans (as n the justce doman today) but between dfferent domans, such as justce, emergency management, transportaton, and ntellgence, n support of emerging organizations such as Fusion Centers. JIEM was developed to collect requrements from practtoners for justce nformaton sharng ntatves; specifically to assist justice system leaders in analyzing and documenting exstng nformaton exchange at the enterprse level, n desgnng new electronc exchange processes as a part of an ntegrated justce ntatve, and n adoptng and mplementng natonal busness, data, and technology models to save tme, effort, and money. It helps justce and publc safety practtoners to artculate requrements that can be communcated to technologsts who develop systems and nterfaces. It s beng expanded to support the needs of developers who wll buld the systems and nterfaces needed to share ntellgence n the law enforcement and homeland securty communty. JIEM was created by SEARCH, the Natonal Consortum for Justce Informaton and Statstcs, wth fundng from the Bureau of Justce Assstance, Office of Justice Programs, U.S. Department of Justce. It has been used in dozens of integrated justice initiatives in the Unted States and has been adopted by the Canadan government.
E-2
Access, mport, and extend natonal models, such as the JIEM Reference Model, the Global Justce XML Data Model, and Informaton Exchange Package Documentaton (IEPD). Regster locally developed IEPD artfacts n a natonal repostory for use by others. Provde data to support natonal efforts to develop and mprove models, methodologes, and tools to support ntegrated justce.
language and methodology to focus on busness practces of mutual concern at the enterprse level. Access to best practces from around the naton to avod renventng the wheel. Free software and support to preserve scarce resources; a personal computer and Internet access are the only requrements to access JIEM. Partcpaton n natonal efforts to mprove the ntegraton of justce nformaton resources.
Understandng the dversty n format and structure of nformaton n all of these agences. Analyzing the diversity of technology applcatons, communcatons protocols, and development envronments that exst n justcerelated organizations. Acknowledgng the ssues that relate to busness processes that overlap organizational boundaries and the need to coordnate these practces between enttes. Mantanng relatonshps wth leaders of these organizations to ensure that nternal changes n busness processes do not dsrupt nformaton exchange. Recognizing the organizational, poltcal, legal, and budgetary constrants that operate on justce organizations and drive efforts to mprove operatons whle conservng resources.
JIEM Benefits
The JIEM analyss requres the actve nput of stakeholders from all partcpatng organizations. It delivers a number of benefits to local, state, and regional ntegrated justce efforts that go beyond the specific products provided by the system, ncludng: An opportunty to brng staff from dverse but nterdependent justce dscplnes together wth a common
E-3
E-4
Appendix F
28 CFR Part 23A gudelne for law enforcement agences that operate federally funded multjursdctonal crmnal ntellgence systems (Crmnal Intellgence Glossary, November 2004). Administrative AnalysisThe provson of economc, geographc, or socal nformaton to admnstrators (Gottleb, Sngh, and Arenberg, 1995, p. 13). The analyss of economc, geographc, demographc, census, or behavoral data to dentfy trends and condtons useful to ad admnstrators n makng polcy and/or resource allocaton decsons (Crmnal Intellgence Glossary, November 2004). Advanced AuthenticationDefinitively dentfyng users before they access an organizations network is a key component n protectng nformaton resources. Start by choosng an authentcaton system wth encrypted password protocols. Before choosng an advanced authentcaton system, t s mperatve that data owners evaluate user access, hardware, and other requrements (Crmnal Intellgence Glossary, November 2004). AnalysisThe revew of nformaton and ts comparson to other nformaton to determne the meanng of the data n reference to a crmnal nvestgaton or assessment. (Peterson, 1994, p. 269) That actvty whereby meanng, actual or suggested, s derved through organizing and systematically examining dverse nformaton and applyng nductve or deductve logc for the purposes of crmnal nvestgaton or assessment (Crmnal Intellgence Glossary, November 2004).
Association/Link/Network Analysis Collecton and analyss of nformaton that shows relatonshps among vared ndvduals suspected of beng nvolved n crmnal actvty that may provde nsght nto the crmnal operaton and whch nvestgatve strateges mght work best (Law Enforcement Analytic Standards, November 2004). The entry of crtcal nvestgatve and/or assessment varables nto a two-axs matrx to examne the relatonshps and patterns that emerge as the varables are correlated n the matrx (Crmnal Intellgence Glossary, November 2004). Audit TrailsThe use of audt procedures (e.g., trackng who s accessng the data or what data was accessed) combned wth analyss of audit logs and follow-up for unauthorized or anomalous actvty s essental for long-term system securty and prvacy (Crmnal Intellgence Glossary, November 2004).99 AuthenticationThe process of dentfyng an ndvdual, usually based on a username and password. In securty systems, authentcaton s dstnct from authorization, whch s the process of gvng ndvduals access to system objects based on ther dentty. Authentcaton merely ensures that the ndvdual s who he or she clams to be but says nothng about the access rghts of the ndvdual (www.webopeda.com). AuthorizationThe process of grantng or denyng access to a network resource. Most computer securty systems are based on a two-step process. The first stage s authentcaton, whch ensures
that a user s who he or she clams to be. The second stage is authorization, whch allows the user access to varous resources based on the users dentty (www.webopeda.com). Classified Information/Intelligence A unform system for classfyng, safeguardng, and declassfyng natonal securty nformaton, ncludng nformaton relatng to defense aganst transnatonal terrorsm, to ensure certan nformaton be maintained in confidence in order to protect citizens, U.S. democratic nsttutons, U.S. homeland securty, and U.S. nteractons wth foregn natons and enttes (Crmnal Intellgence Glossary, November 2004). Top Secret Classification Appled to nformaton, the unauthorized disclosure of which reasonably could be expected to cause exceptonally grave damage to the natonal securty that the original classification authority s able to dentfy or descrbe (Executve Order 12958, March 25, 2003). Secret ClassificationAppled to information, the unauthorized dsclosure of whch reasonably could be expected to cause serous damage to the natonal securty that the orgnal classification authority is able to dentfy or descrbe (Executve Order 12958, March 25, 2003). Confidential Classification Appled to nformaton, the unauthorized disclosure of whch reasonably could be
F-1
expected to cause damage to the natonal securty that the orgnal classification authority is able to dentfy or descrbe (Executve Order 12958, March 25, 2003). Collation (of Information)The process whereby nformaton s assembled together and compared crtcally (Law Enforcement Analytic Standards, November 2004). A revew of collected and evaluated nformaton to determne ts substantve applcablty to a case or problem at ssue and placement of useful nformaton nto a form or system that permts easy and rapd access and retreval (Crmnal Intellgence Glossary, November 2004). Collection (of Information)The drected, focused gatherng of nformaton from all avalable sources (INTERPOL, 1996, p. 9). The identification, location, and recordng/storng of nformaton, typcally from an orgnal source and usng both human and technologcal means, for nput nto the ntellgence cycle for the purpose of meeting a defined tactical or strategc ntellgence goal (Crmnal Intellgence Glossary, November 2004). Commodity Flow AnalysisGraphc depctons and descrptons of transactons, shpments, and dstrbuton of contraband goods and money derved from unlawful actvtes n order to ad n the dsrupton of the unlawful actvtes and apprehend those persons nvolved n all aspects of the unlawful actvtes (Crmnal Intellgence Glossary, November 2004). Concept of Operations (CONOPS)A statement outlnng how an operaton or organization will achieve its mission and goals. The concept s desgned to gve an overall pcture of the operaton. Continuity of Operations Plan (COOP)A plan that specifies the actvtes of ndvdual departments and agences and ther subcompartments to ensure that ther essental functons are performed n the event of an emergency or dsaster. CoordinationThe process of nterrelatng work functons, responsbltes, dutes, resources, and ntatves drected toward goal attanment (Crmnal Intellgence Glossary, November 2004).
Crime-Pattern AnalysisA process that looks for lnks between crmes and other ncdents to reveal smlartes and dfferences that can be used to help predct and prevent future crmnal actvty (Law Enforcement Analytic Standards, November 2004). An assessment of the nature, extent, and changes of crme based on the characterstcs of the crmnal ncdent, ncludng modus operand, temporal, and geographc varables (Crmnal Intellgence Glossary, November 2004). Criminal Investigative AnalysisThe use of components of a crme and/or the physcal and psychologcal attrbutes of a crmnal to ascertan the dentty of the crmnal (Peterson, 1994, p. 42). An analytc process that studes seral offenders, vctms, and crme scenes n order to assess characterstcs and behavors of offender(s) wth the ntent to identify or aid in the identification of the offender(s) (Crmnal Intellgence Glossary, November 2004). Critical Infrastructure Resiliency (CIR)The ablty of crtcal nfrastructure systems to mantan or rapdly recover essental functons and structure n the face of nternal and external change and to degrade gracefully f they must. (Science Magazine and the Report of the Crtcal Infrastructure Task Force, January 2006, by the U.S. Department of Homeland Securtys Homeland Securty Advsory Councl.) Database IntegrityIt may be advsable, dependng on the senstvty of the data, to utilize multilevel, secure database products to ensure the safety of data. In addton, lmtng data access va database engne passwords or dgtal certificates separate from the operating system password adds another layer of securty (Crmnal Intellgence Glossary, November 2004). DeconflictionThe process or system used to determne whether multple law enforcement agences are nvestgatng the same person or crme and whch provides notification to each agency nvolved of the shared nterest n the case, as well as provdng contact nformaton. Ths s an nformaton and ntellgence sharng process that seeks to minimize conflicts between agencies and maximize the effectiveness of an nvestgaton (Crmnal Intellgence Glossary, November 2004).
Dissemination (of Intelligence)The release of nformaton, usually under certan protocols (Peterson, 1994, p. 271). The process of effectvely dstrbutng analyzed intelligence utilizing certain protocols n the most approprate format to those n need of the nformaton to facltate ther accomplshment of organizational goals (Criminal Intelligence Glossary, November 2004). EncryptionThe process of encodng information so that unauthorized ndvduals wll be unable to read, understand, or use the nformaton. A password or key s requred to decode (decrypt) the nformaton back nto ts orgnal, useable form. Evaluation (of Information)An assessment of the relablty of the source and accuracy of the raw data (Morrs and Frost, 1983, p. 4). All nformaton collected for the ntellgence cycle s revewed for ts qualty, wth an assessment of the valdty and relablty of the nformaton (Crmnal Intellgence Glossary, November 2004). Event Flow AnalysisGraphc depctons and descrptons of ncdents, behavors, and people nvolved n an unlawful event, ntended to help understand how an event occurred as a tool to ad n prosecuton, as well as preventon of future unlawful events (Crmnal Intellgence Glossary, November 2004). The complaton and analyss of data relatng to events as they have occurred over tme allow the analyst to draw conclusons and recommendatons based on the analyss (Peterson, 1994). Financial AnalysisA revew and analyses of financial data to ascertain the presence of crmnal actvty. It can nclude bank record analyss, net worth analysis, financial profiles, source and applications of funds, financial statement analyss, and/or Bank Secrecy Act record analyss. It can also show destnatons of proceeds of crme and support prosecutons (Law Enforcement Analytic Standards, November 2004). Flow AnalysisThe revew of raw data to determne the sequence of events or interactions that may reflect criminal actvty. It can nclude tmelnes, event flow analysis, commodity flow analysis, and activity flow analysis; it may show mssng actons or events that need
F-2
evolvng trends. The bulletns are typically sensitive but unclassified and avalable for dstrbuton to local, state, trbal, and federal law enforcement. Intelligence Information Reports (IIR) Raw, unevaluated ntellgence concernng pershable or tme-lmted nformaton concernng crmnal or natonal securty ssues. Whle the full IIR may be classified, local, state, and tribal law enforcement agences wll have access to sensitive but unclassified information n the report under the tear lne (Crmnal Intellgence Glossary, November 2004). Intelligence-Led PolicingThe collecton and analyss of nformaton to produce an ntellgence end product desgned to nform polce decson makng at both the tactcal and strategc levels (NCISP, October 2003). The dynamc use of ntellgence to gude operatonal law enforcement actvtes to targets, commodtes, or threats for both tactcal responses and strategc decson makng for resource allocaton and/or strategc responses (Crmnal Intellgence Glossary, November 2004). Intelligence Process (Cycle)Plannng and drecton, collecton, processng and collatng, analyss and productons, and dssemnaton (Morehouse, 2001, p. 8). An organized process by which nformaton s gathered, assessed, and distributed in order to fulfill the goals of the ntellgence functont s a method of performng analytc actvtes and placng the analyss n a useable form (Crmnal Intellgence Glossary, November 2004). Intelligence ProductsReports or documents that contan assessments, forecasts, assocatons, lnks, and other outputs from the analytc process that may be dssemnated for use by law enforcement agences for preventon of crmes, target hardenng, apprehenson of offenders, and prosecuton (Crmnal Intellgence Glossary, November 2004). National Criminal Intelligence Sharing Plan (NCISP)A formal ntellgence sharng ntatve, supported by the U.S. Department of Justce that securely lnks local, state, trbal, and federal law enforcement agences, facltatng the exchange of crtcal ntellgence. The Plan contans model polces and standards and s a blueprnt for law enforcement admnstrators to follow when enhancng or buldng an ntellgence functon. It
Act, 5 U.S.C. 552, enacted n 1966, statutorly provdes that any person has a rght, enforceable n court, to access federal agency records, except to the extent that such records (or portons thereof) are protected from dsclosure by one of nne exemptons (Crmnal Intellgence Glossary, November 2004).
descrbes a natonwde communcatons capablty that wll lnk all levels of law enforcement personnel, including officers on the street, ntellgence analysts, unt commanders, and polce executves (Crmnal Intellgence Glossary, November 2004). Need to KnowAs a result of jurisdictional, organizational, or operatonal necesstes, ntellgence or nformaton s dssemnated to further an nvestgaton (Crmnal Intellgence Glossary, November 2004). Operational AnalysisIdentfyng the salent features, such as groups of or ndvdual crmnals relevant premses, contact ponts, and methods of communcaton (Europol, 200, Insert 3). An assessment of the methodology of a criminal enterprise or terrorist organization that depcts how the enterprse performs ts actvtes, ncludng communcatons, phlosophy, compensaton, securty, and other varables that are essental for the enterprse to exst (Crmnal Intellgence Glossary, November 2004). Perimeter SecurityRouters, firewalls, and ntruson detecton systems should be mplemented to tghtly control access to networks from outsde sources. Routers and firewalls filter and restrict traffic based upon very specific access control decsons made by the network operators, thereby limiting the types of unauthorized actvtes on a network (Crmnal Intellgence Glossary, November 2004). Physical SecuritySystem and network admnstrators should tghtly control physcal access to computer and network hardware. Only authorized members of the techncal staff should be allowed access to systems (Crmnal Intellgence Glossary, November 2004). PlanningThe preparaton for future situations, estimating organizational demands and resources needed to attend to those stuatons, and ntatng strateges to respond to those stuatons (Crmnal Intellgence Glossary, November 2004). Privacy (of Information)The assurance that legal and consttutonal restrctons on the collecton, mantenance, use, and dsclosure of personally identifiable information will be adhered to by crmnal justce agences, wth use of such nformaton to be strctly
Fusion CenterA collaboratve effort of two or more agences that provde resources, expertse, and/or nformaton to the center with the goal of maximizing the ablty to detect, prevent, apprehend, and respond to crmnal and terrorsm actvty (Recommended Fuson Center Law Enforcement Intellgence Standards, March 2005). Inference DevelopmentDrawng conclusons based on facts (Peterson, 1994, p. 48). The creaton of a probablstc concluson, estmate, or predcton related to an ntellgence target based upon the use of nductve or deductve logc n the analyss of raw nformaton related to the target (Crmnal Intellgence Glossary, November 2004). Intelligence (Criminal)The product of systematc gatherng, evaluaton, and synthess of raw data on ndvduals or actvtes suspected of beng, or known to be, crmnal n nature. Intellgence s information that has been analyzed to determne ts meanng and relevance. Information is compiled, analyzed, and/or dssemnated n an effort to antcpate, prevent, or montor crmnal actvty (NCISP, October 2003). The product of the analyss of raw nformaton related to crmes or crme patterns wth respect to an identifiable person or group of persons n an effort to antcpate, prevent, or montor possble crmnal actvty (Crmnal Intellgence Glossary, November 2004). Intelligence AssessmentA comprehensve report on an ntellgence ssue related to crmnal or natonal securty threats avalable to local, state, trbal, and federal law enforcement agences (Crmnal Intellgence Glossary, November 2004). Intelligence BulletinsA finished ntellgence product n artcle format that descrbes new developments and
F-3
lmted to crcumstances where legal process permts use of the personally identifiable information (Criminal Intellgence Glossary, November 2004). Privacy (Personal)The assurance that legal and consttutonal restrctons on the collecton, mantenance, use, and dsclosure of behavors of an ndvdual, ncludng hs/her communcatons, assocatons, and transactons, wll be adhered to by crmnal justce agences, wth use of such nformaton to be strctly lmted to crcumstances where legal process authorizes surveillance and nvestgaton (Crmnal Intellgence Glossary, November 2004). Profile/Criminal ProfileAn nvestgatve technque by whch to identify and define the major personality and behavoral characterstcs of the crmnal offender based upon an analyss of the crme(s) he or she has commtted (Crmnal Intellgence Glossary, November 2004). ReliabilityAsks the queston, Is the source of the nformaton consstent and dependable? (Crmnal Intellgence Glossary, November 2004) RequirementA valdated ntellgence nformaton need (IIN) submtted to address an ntellgence gap. Requrements can be standng (normally vald for months or years) or ad hoc (processed as they are identified, normally outside of planned, perodc requrements development and prioritization cycles) (FBI Intelligence Requrements and Collecton Management Process, August 2003, p. 9). Right to KnowBased on havng legal authority, ones official position, legal mandates, or official agreements, allowing the ndvdual to receve ntellgence reports (Crmnal Intellgence Glossary, November 2004). Risk AssessmentAn analyss of a target, llegal commodty, or vctm to dentfy the probablty of beng attacked or criminally compromised and to analyze vulnerabltes. Sensitive But Unclassified (SBU) InformationInformaton that has not been classified by a federal law enforcement agency whch pertans to significant law enforcement cases under nvestgaton and crmnal ntellgence
reports that requre dssemnaton crtera to only those persons necessary to further the nvestgaton or to prevent a crme or terrorst act (Crmnal Intellgence Glossary, November 2004). Sensitive Compartmented Information (SCI)Classified information concerning or derved from ntellgence sources, methods, or analytcal processes that s requred to be handled wthn formal access control systems establshed by the drector of the Central Intellgence Agency (Crmnal Intellgence Glossary, November 2004). Sensitive Compartmented Information Facility (SCIF)An accredted area, room, group of rooms, buldngs, or an nstallaton where SCI may be stored, used, dscussed, and/or processed (Crmnal Intellgence Glossary, November 2004). Spatial AnalysisThe process of usng a geographc nformaton system n combnaton wth crme-analyss technques to assess the geographc context of offenders, crmes, and other law enforcement actvty (Crmnal Intellgence Glossary, November 2004). Strategic IntelligenceMost often related to the structure and movement of organized criminal elements, patterns of crmnal actvty, crmnal trend projectons, or projectve plannng (Law Enforcement Analytic Standards, November 2004). An assessment of targeted crme patterns, crime trends, criminal organizations, and/or unlawful commodty transactons for purposes of plannng, decson makng, and resource allocaton; the focused examnaton of unque, pervasve, and/or complex crme problems (Crmnal Intellgence Glossary, November 2004). Tactical IntelligenceInformaton regarding a specific criminal event that can be used mmedately by operatonal unts to further a crmnal nvestgaton, plan tactcal operatons, and provde for officer safety (Law Enforcement Analytic Standards, November 2004). Evaluated nformaton on whch mmedate enforcement acton can be based; intelligence activity focused specifically on developng an actve case (Crmnal Intellgence Glossary, November 2004). TerrorismPremedtated, poltcally motvated volence perpetrated aganst noncombatant targets by subnatonal
groups or clandestne agents, usually intended to influence an audience (Title 22 of the Unted States Code, Secton 2656f[d]). Terrorism InformationAll nformaton, whether collected, produced, or dstrbuted by ntellgence, law enforcement, mltary, homeland securty, or other Unted States government actvtes, relatng to 1) the exstence, organization, capabilities, plans, intentions, vulnerability, means of finance or materal support, or actvtes of foregn or nternatonal terrorst groups or ndvduals, or of domestc groups or ndvduals nvolved n transnatonal terrorsm; 2) threats posed by such groups or ndvduals to the Unted States, U.S. citizens, or U.S. interests or to those of other natons; 3) communcatons of or by such groups or ndvduals; or 4) nformaton relatng to groups or ndvduals reasonably beleved to be assstng or assocated wth such groups or ndvduals (Executve Order 13356). Threat AssessmentA strategc document whch looks at a groups propensty for volence or crmnalty or the possble occurrence of a crmnal actvty n a certan tme or place (Peterson, 1994, pp. 56-57). An assessment of a crmnal or terrorst presence wthn a jursdcton ntegrated wth an assessment of potental targets of that presence and a statement of probablty that the crmnal or terrorst wll commt an unlawful act. The assessment focuses on the crmnals or terrorsts opportunty, capablty, and willingness to fulfill the threat (Criminal Intellgence Glossary, November 2004). ValidityAsks the queston, Does the nformaton actually represent what we beleve t represents? (Crmnal Intellgence Glossary, November 2004). Vulnerability AssessmentA strategc document whch vews the weaknesses n a system that mght be exploted by a crmnal endeavor (NCISP, October 2003). An assessment of possble crmnal or terrorst group targets wthn a jursdcton ntegrated wth an assessment of the targets weaknesses, lkelhood of beng attacked, and ablty to wthstand an attack (Crmnal Intellgence Glossary, November 2004).
F-4
Appendix G
Acronyms
ACTIC ATIX CAP CDC CFR CICC CII Act CITCS CONOPS COOP CTTWG DHS DISA DOJ EPIC FAQ FBI FEMA FinCEN FOIA FOUO GISAC GISWG GIWG Global Global JXDM GTRI
Arizona Counter Terrorism Information Center Automated Trusted Informaton Exchange Common Alertng Protocol Centers for Dsease Control and Preventon Code of Federal Regulatons Crmnal Intellgence Coordnatng Councl Crtcal Infrastructure Informaton Act Crmnal Intellgence Tranng Coordnaton Strategy Concept of Operatons Contnuty of Operatons Plan Counter-Terrorsm Tranng Coordnaton Workng Group U.S. Department of Homeland Securty Defense Informaton Systems Agency U.S. Department of Justce El Paso Intellgence Center Frequently Asked Questons Federal Bureau of Investgaton Federal Emergency Management Agency Fnancal Crmes Enforcement Network Freedom of Informaton Act For Official Use Only Georga Informaton Sharng and Analyss Center Global Infrastructure/Standards Workng Group Global Intellgence Workng Group Global Justce Informaton Sharng Intatve Global Justce XML Data Model Georga Tech Research Insttute
GXSTF HIDTA HIFCA HSAC HSIN HSOC HSPD IACA IACP IADLEST IALEIA ICE ICSIS IJIS INTERPOL JICC LEIN LEIU LEO LES MOU NCISP NCJA NCSD NDA NDIC NIST
Global XML Structure Task Force High Intensity Drug Trafficking Areas Hgh Intensty Fnancal Crme Areas Homeland Securty Advsory Councl Homeland Securty Informaton Network Homeland Securty Operatons Center Homeland Securty Presdental Drectve Internatonal Assocaton of Crme Analysts Internatonal Assocaton of Chefs of Polce Internatonal Assocaton of Drectors of Law Enforcement Standards and Tranng Internatonal Assocaton of Law Enforcement Intellgence Analysts U.S. Immgraton and Customs Enforcement Integrated Convergence Support Informaton System Integrated Justce Informaton System International Criminal Police Organization Justce Intellgence Coordnatng Councl Law Enforcement Intellgence Network Law Enforcement Intellgence Unt Law Enforcement Onlne Law Enforcement Senstve Memorandum of Understandng National Criminal Intelligence Sharing Plan Natonal Crmnal Justce Assocaton Natonal Cyber Securty Dvson Non-Dsclosure Agreement Natonal Drug Informaton Center Natonal Insttute of Standards and Technology
G-1
Nlets NW3C OASIS OEP OJP RCIC RISS SARA SBU SCI SCIF
The Internatonal Justce and Publc Safety Informaton Sharng Network Natonal Whte Collar Crme Center Organization for the Advancement of Structured Informaton Standards Occupant Emergency Plan Office of Justice Programs Rockland County Intellgence Center Regonal Informaton Sharng Systems Superfund Amendments and Reauthorization Act Sensitive But Unclassified Senstve Compartmented Informaton Senstve Compartmented Informaton Faclty
SME SOA STTAC STIC TRS UNYRIC US-CERT USP3 VICAP XML
Subject-Matter Expert Servce-Orented Archtecture State Terrorsm Threat Assessment Center (Calforna) Statewde Terrorsm Intellgence Center (Illnos) Terrorsm Research Specalsts Upstate New York Regonal Intellgence Center Unted States Computer Emergency Readness Team Unted States Publc-Prvate Partnershp (formerly DHSs HSIN-CI) Volent Crmnal Apprehenson Program Extensble Markup Language
G-2
About GlobAl
The U.S. Department of Justices Global Justice Information Sharing Initiative (Global) serves as a Federal Advisory Committee to the U.S. Attorney General on critical justice information sharing initiatives. Global promotes standards-based electronic information exchange to provide justice and public safety communities with timely, accurate, complete, and accessible information in a secure and trusted environment. Global is administered by the U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Assistance.
A companion CD has been developed in conjunction with the Fusion Center Guidelines report. This CD contains sample policies, checklists, resource documents, and links to Web sites that are referenced throughout the report. For copies of the resource CD, contact DOJs Global at (850) 385-0600.
The fusion center resources are also available at DOJs Global Web site, www.it.ojp.gov/fusioncenter, DHSs Web site, and the Homeland Security Information Network (HSIN).
For more information about the Fusion Center Guidelines, contact DOJs Global at (850) 385-0600. For more information about DOJs initiatives, go to
www.it.ojp.gov.