INCIDENT SCENE AUTHORIZED ACCESS USING A MOBILE DEVICE



Similar documents
Commonwealth of Virginia Personal Identity Verification-Interoperable (PIV-I) First Responder Authentication Credential (FRAC) Program

For Official Use Only (FOUO)

Attribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements

Incident Management Software Solution

National Capital Region. Electronic Designation and Validation of Federal/Emergency Response Officials (F/EROs) in support of National Preparedness

National Infrastructure Coordinating Center Hurricane Sandy State Access Control Procedures

Interagency Advisory Board Meeting Agenda, May 27, 2010

STATEMENT OF WORK. For

GFIPM & NIEF Single Sign-on Supporting all Levels of Government

ABAC Workshop Minutes

Identity & Privacy Protection

Office of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC)

HOMELAND SECURITY EMERGENCY AIR TRANSPORTATION SYSTEM (HSEATS)

Identity Management for Interoperable Health Information Exchanges

NATIONAL INCIDENT MANAGEMENT SYSTEM

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board

J.D. Power Reports: Strong Network Quality Performance Is Key to Higher Customer Retention for Wireless Carriers

ESF 02 - Communications Annex, 2015

Verizon Wireless Ranks Highest in Wireless Network Quality Performance in Five Regions; AT&T Ranks Highest in One Region

FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM

Georgia Emergency Operations Plan. Emergency Support Function # 5 Annex Emergency Management

Identity, Credential, and Access Management. Open Solutions for Open Government

Expanding Your Business Through Franchising What Steps You Need to Take to Successfully Franchise Your Business. By Robert J.

CoSign by ARX for PIV Cards

Chex Systems, Inc. does not currently charge a fee to place, lift or remove a freeze; however, we reserve the right to apply the following fees:

Public School Teacher Experience Distribution. Public School Teacher Experience Distribution

Licensure Resources by State

Three-Year Moving Averages by States % Home Internet Access

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

I have been asked to pose the following questions to the list serve regarding disaster recovery plans

State-Specific Annuity Suitability Requirements

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

NON-RESIDENT INDEPENDENT, PUBLIC, AND COMPANY ADJUSTER LICENSING CHECKLIST

NIMS Study Guide. Lesson One: What Is the National Incident Management System (NIMS)? What is NIMS?

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D

NIMS GUIDELINE FOR THE CREDENTIALING OF PERSONNEL DRAFT NOVEMBER 21, 2008

Low-Profit Limited Liability Company (L3C) Date: July 29, [Low-Profit Limited Liability Company (L3C)] [July 29, 2013]

Northrop Grumman White Paper

Healthcare Incident Management System

Impacts of Sequestration on the States

Workers Compensation State Guidelines & Availability

Federal Identity, Credential, and Access Management Trust Framework Solutions. Relying Party Guidance For Accepting Externally-Issued Credentials

Strong Identity Authentication for First Responders

Deputy Secretary for Information Technology Date Issued: November 20, 2009 Date Revised: December 20, Revision History Description:

Radio Over Wireless Broadband Pilot. Project Report

IRS Request for Assistance re New EIN and True Owner. Question by: Sarah Steinbeck on behalf of Leslie Reynolds. Date: 5 August 2010

Data show key role for community colleges in 4-year

PUBLIC INSURANCE ADJUSTER FEE PROVISIONS 50 STATE SURVEY AS OF 6/29/07. LIKELY YES [Cal. Ins. Code 15027]

Alabama Kentucky North Dakota Alaska Kentucky Ohio Arkansas Louisiana Oklahoma

Entitlements Access Management for Software Developers

BUSINESS DEVELOPMENT OUTCOMES

TEXAS HOMELAND SECURITY STRATEGIC PLAN : PRIORITY ACTIONS

Written Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications

Recent GAO Work on Disaster Recovery: FEMA s Long-term Assistance Was Helpful to State and Local Governments but Had Some Limitations

All Eyes: A Security Breach Exercise. Disaster Recovery/Security and Business Continuity Readiness

What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, DC

Entrust IdentityGuard Comprehensive

NAIC Annuity Suitability Requirements by State

Library ebook Survey hosted by OverDrive

Deputy Chief Financial Officer Peggy Sherry. And. Chief Information Security Officer Robert West. U.S. Department of Homeland Security.

State Government Subsidies for Retirement Plans Sponsored by Local Governments. National Conference of State Legislatures, January 2010

STATE OF LOUISIANA STANDARD OPERATING PROCEDURE. Statewide Credentialing/Access Program. All Hazards Access

W H I T E P A P E R. Hub and Spoke Approach to Computer-Aided Dispatch

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

STATE-SPECIFIC ANNUITY SUITABILITY REQUIREMENTS

Use of "Mail Box" service. Date: April 6, [Use of Mail Box Service] [April 6, 2015]

Hosted and Cloud-Based VoIP and UC Services Template

SMALL BUSINESS. the basics. in telecommunications solutions

Law Enforcement Justice Information System

Federal Identity, Credentialing, and Access Management. Identity Scheme Adoption Process

State Agency Name Link to and/or Information about Complaint Process

Current State Regulations

Traffic Management Centers

An Introduction to SCIM: System for Cross-Domain Identity Management

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

Department of Homeland Security Cyber Resilience Review (Case Study) Matthew Butkovic Technical Manager - Cybersecurity Assurance, CERT Division

Modeling and Simulation (M&S) for Homeland Security

Transcription:

INCIDENT SCENE AUTHORIZED ACCESS USING A MOBILE DEVICE Karyn Higa-Smith DHS Science and Technology Directorate Homeland Security Advanced Research Projects Agency CyberSecurity Division Session ID: PNG-F42A Session Classification: Intermediate

Daunting Task of Emergency Response Credentialing Challenges Multi-jurisdiction coordination to large-scale disasters Stove-piped credentials Lack of trust and interoperability Too many credentials! Insecure/isolated physical and logical access Current Issue: No standard credential to identify CIKR responders CIKR: Critical Infrastructure and Key Resources

R&D Identity Management Program

S&T Technology Transition Working Group PIV-I/FRAC Technology Transition Working Group (TTWG) Public Safety/Emergency Response Security Federated Identity for First Responders National standard, Interoperable, and trusted ID credential One voice from the TTWG to policy makers Sharing lessons learned Provide innovative, Cost-effective solutions

Hurricane: PRICE OF CREDENTIALING Credentialing Cost Reactive Proactive PIV-I Credential @ $25/3,000 personnel/year $0 $75,000 400 Bucket trucks @ $3,000 delayed $1,200,000 $0 personnel/per day 3,000 deployed personnel @ $200 per day $600,000 $0 Power restoration of 200,000 delayed one day @ $5 per day Mike McAllister Deputy Secretary of Veterans Affairs and Homeland Security Office of Governor Robert F. McDonnell Commonwealth of Virginia $1,000,000/com munity Total cost per large scale incident $2,800,000/ disaster $0 $0

Research and Development (R&D) Incident Scene Access Control Mission Need: Making informed decisions at incident scene entry points Customer: FEMA, State, and Locals Technology: Develop a standard, interoperable protocol Transition: FEMA, State/Local, and Federal CIO Impact: Cost effective, better security, faster process, standards-based, Interoperable

INCIDENT SCENE ACCESS CONTROL MISSION Federal State/Local/Tribal S&T providing an open standard solution for the FEMA and State/Local emergency response mission: Provide informed decision making tool for authorized access using a mobile device Single record or multiple record operations (batch attribute transmission) Critical Infrastructure Volunteers Give me a list of all Users with Attribute X, Y, and Z Give me all the Emergency Support Function (ESF) attributes of User X Give me all authorized users for the incident

S&T IDENTITY MANAGEMENT TESTBED

INCIDENT SCENE ACCESS CONTROL PILOT DHS S&T IdM Testbed State and Local F/ERO Entitlements Authoritative Source SPML Read-Only Request Unique Identifier 1. DHS, FEMA (PIV) 2. DOD (CAC) 3. Chester Co PA (PIV-I) F/ERO Repository SPML Read-Only Profile Web Service Field Station Handheld Credential NO COMMUNICATIONS PIV: Personal Identity Verification PIV-I: PIV Interoperability CAC: Common Access Card OASIS: Organization for the Advancement of Structured Information Standards F/ERO: Federal/Emergency Response Official SPML: Service Provisioning Markup Language SPML Read-Only Response

END-TO-END TOOL USING STANDARDS SAML Service Agency 1 Authoritative Source Tablet Agency 2 Authoritative Source Agency 3 Authoritative Source SPML Gateway SPML Create, Read, Update, Delete profile F/ERO Repository (Attributes) SPML Service SPML Read-Only Profile Web Service (submitted to FICAM) Local Workstation Smartphone Handheld

Smart Phone Attribute-based Access Control (SPAAC) Fire Police Medical Bucket Trucks FEMA Other Feds Samsung Galaxy Nexus smartphone Apps screen

Technology Transition Transition to TTWG: FEMA is adopting the standard specifications for the F/ERO Repository and attribute model State and local users will utilize the model for their own repositories The architecture specifications will be transitioned to Federal CIO for government-wide adoption of the open standard-based protocol The capability may be used across other domains for control physical locations such as port security Local and State Participants Colorado Maryland Virginia District of Columbia Missouri Southwest Texas Pennsylvania Chester County, PA Pittsburgh, PA West Virginia Hawaii Rhode Island Nevada

CAPABILITY IMPACT The standard technology developed by S&T will save me an initial outlay of $365,000 and then $41,500 per year on operations and maintenance. Chester County, Pennsylvania Emergency Management No Solution Delayed access Risk of wrongful permissions Proprietary Solution High cost due to license expense Since it is not interoperable, partners need to buy into proprietary vendor solution S&T Solution Standard communications allow for transactions across multiple platforms Low cost allows for widespread adoption Provides real-time ability to electronically validate users

RESOURCES Websites http://www.ahcusa.org/piv-i%20ttwg.htm https://www.cyber.st.dhs.gov/idmdp.html http://www.idmanagement.gov/documents/bae_v2_ov erview_document_final_v1.0.0.pdf

Karyn Higa-Smith Program Manager DHS Science and Technology Directorate HSARPA Cybersecurity Division Karyn.Higa-Smith@dhs.gov 202.254.5335

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information