Seamless info sharing for first responders
Connecting state and local government leaders
The Department of Homeland Security is funding two small businesses developing technologies that would facilitate information sharing among first responders from multiple jurisdictions.
The Homeland Security Department’s Small Business Innovation Research (SBIR) program awarded a total of $1.97 million to two small businesses to develop technologies that would facilitate information sharing among first responders from multiple jurisdictions converging at an incident scene.
DHS’ Science and Technology Directorate (S&T) announced Aug. 3 that Oasys International and Waverley Labs had won the awards as part of Phase II of Identity, Credential and Access Management (ICAM) On-the-Fly SBIR project. Both won Phase I awards to develop proofs-of-concept last year.
The challenge they’re working to overcome is the difficulty first responders arriving on a scene from various jurisdictions have in getting access to IT systems that could give them all common situational awareness.
“Without that shared view, they’re certainly not working as efficiently and effectively as possible,” S&T Program Manager Norman Speicher said.
Today, to get access to another jurisdiction’s IT system, responders often have to call a help desk and enter a ticket that system administrators might act on in minutes – or in hours or days. “Their ability to be quickly added to that system is just not practical in an operational environment,” Speicher said.
ICAM On-the-Fly could change that.
“Oasys and Waverley were unique because … they’re both satisfying the primary objectives of ICAM On-the-Fly, but they have particularly complementary solutions in two particular areas,” Speicher said. The Waverley research involves a secure perimeter, where responders’ credentials are established and then they “become a part of this federation – almost a group to be trusted in that moment in time, for the duration of the incident,” he said. “Oasys’ biggest strength had to do with the way they were determining application access and how that ultimately controlled what data [responders] could see, what applications they could see.”
Oasys is building out an Event Management System that will support enhanced and streamlined ICAM functions for responders at large planned events. Waverley, on the other hand, is further developing its Dynamic AccessID Network and Toolkit for use by crisis managers.
AccessID lets incident responders dynamically associate disparate credentials and devices with first responder systems. They can stand up ad hoc networks, dynamically federate participants and onboard privately owned systems on-the-fly. Waverley's open-source specification validates both the IDs -- such as driver’s licenses -- and the devices that those IDs are used on.
“You can actually scan multiple credentials into your device with a little simple app, kind of like how you can do now with bank checks,” said Juanita Koilpillai, founder of Waverley.
When responders arrive on the scene, incident managers can scan those credentials with their own devices. On validation, all responders get a common operational picture and access to relevant data and metadata in the systems of the agency that put out the call for help.
Koilpillai likens the process to an ATM network, where banks have already agreed that the code on a credit card is valid.
A software-defined perimeter that Waverley has been working on ensures that networks can be set up on-the-fly and remain hidden when they are running on public infrastructures such as the cloud or the public internet.
“We’re at that point where there are these tremendous advances in technology, including great increases in mobile broadband capacity, there’s this explosion of internet of things devices … there’s this evolution in enterprise data,” Speicher said. With “all that potential to enhance situational awareness, we need to ensure that there is the identity, credential and access management solutions available so that we can safely and securely share that information,” he said.
Where Phase I was about developing a proof-of-concept, Phase II, which lasts two years, involves testing a minimum viable product. Exactly how that plays out has been affected by the coronavirus pandemic.
“One of the biggest impacts on our research and development in the COVID situation is that our field experiments are scaled back,” Speicher said. The plan, though, is to call on first responders who can create a scenario in which they can then test Oasys’ and Waverley’s solutions.
The third and final phase of this effort will focus on the commercialization of the products.
“You’ve got to have these fundamental components in place so that everyone trusts the environment, trusts that the right person is getting that information for the appropriate reasons, it’s operationally relevant to them,” Speicher said.
NEXT STORY: 5 ways to bolster cybersecurity maturity