Using a Cloud Computing Model to Establish
Net-Enabled Emergency Response (NEER) Core ServicesNCOIC Cloud Computing Workshop
September 21, 2009presented by
MG Stephen Gross USAFRNEER IPT Chair
Deputy Director
Deloitte & Touche Center for Cyber Innovation
Recommendations for effectively
establishing NEER core services
We will begin with our concluding recommendations
Produce operational, capability and technical patterns for a network-of-networks based on nationally defined, locally implemented cloud computing storefronts hosting NEER core services interfaced to local mesh networks
– Subscribe and Publish architecture
• Information is both “pushed” and “pulled”
– Get the right informationto the right peopleat the right timeup and down allchains of command
– Focus on responder communities
– Focus on victims
– “Everything Over IP” is fundamental
– Security as requiredat all levels
SECURE,
CLOUD-BASED
DISTRIBUTED
STOREFRONTS
for NETWORK CENTRIC OPERATIONS
SUPPORTING PUBLIC SAFETY
and EMERGENCY RESPONSE CORE
SERVICES
AHAW
alerts
Identity
ManagementAccess
Control
Digital
Rights
Management
Shared
Directories
Logistics
Geo-
Spatial
Data
Mesh
Networks
Integration Broadband
Backbones
Fixed
Agencies
Mobile
Responders
2
Challenges to effectively
establishing NEER core services
Balkanized control of emergency IT
– 120,000 ER jurisdictions in the US alone, mostly small
– Nearly as many in the EU/NATO/allied European countries
Lack of coordinated national,
provincial/state leadership
Stove pipe agency consumer solutions
– Dominance by vendors; landmobile radios prevalent
>$100 Billion in legacy systemsrarely designed to interoperate
– >$1 Trillion worldwide
Lack of widely available broadband
infrastructure for emergency
responder COI
0
2000
4000
6000
8000
10000
12000
14000
16000
18000
20000
Number of Agencies
EOCs
Urgent Care
Hospitals
PSAPs
Public Health
EMS
Fire
Law
Source: and
Public Safety/Emergency Responder
COI (Non-Military) in the USA*
3
Challenges to effectively
establishing NEER core services (continued)
Wisconsin State Patrol Chairman Casey Perry
attributed a great deal of his problems to
squabbles among states, counties and
municipalities. He said more federal grant
money needs to be conditional to
hold state and local governments
accountable for creating interoperable
networks
"Each entity resists losing their share of
control," Perry said. "This is the underlying
root of the problems we face today."
4
Common requirements from multiple COI
not being effectively addressed today
Standardized communications from and to any device, source
Intelligence about people
– Responders and victims
– Secure when necessary
Access to special resources
– People, e.g., interpreters, neurosurgeons, mental health professionals, officials, telecomm manager
– Things, e.g., hospital beds, specialized vehicles, shelters, bulldozers, ambulances, generators, cell sites
– Decision Support, e.g., predictive algorithms, geospatial information, protocols, incident map, matching people to shelters, directories
Effectively addressing these requirements will require a national establishment of NEER core services implemented nationally, regionally and locally
5
What are NEER core services?
NEER core services are those services necessary for full
information interoperability of the emergency responder
communities of interest for both day-to-day operations and
for response to complex humanitarian disasters
6
Agency locator
Registration of all responders– Identify who each emergency
responder is
– Identify each emergencyresponder’s organization
– Describe organization type
• role-based access
– Define the incident types aboutwhich each responder needs to
be alerted
• Jurisdiction based and/or geographically based
• Help needed/wanted
• Just interested
– Define in advance where and to what devices each responder wants calls and data sent
– Define in advance each responder’s radio frequencies, gateways, CODECs, etc
7
Identity management
and access control
Identify each information recipient– Individual user and/or
organization
How is each recipient represented (Identifiers)– Username, Log-in (Password,
PINs, Smartcards, Biometrics, etc
Define how each recipient is tobe authenticated– Validation of identifiers
Describe what each recipient cando when authenticated(Authorization)– What functions can be performed
– What data can be accessed
– Role-based – tied to identifiers – user and organization
Define how each recipient will know the information exchange is working properly(Auditing)
8
Digital rights management
Classification of data– By data element, data
segment, entire record
Granting of access rights (informed consent)– Permissions - what grantee is
allowed to do by action (access, print, update, change, distribute, etc.)
– Constraints - restrictions on the permissions (i.e. cannot redistribute, access granted only if tied to an emergency, etc.)
– Obligations - what grantee has to do/provide/accept
– Rights Holders - who is entitled to what
9
All hazards – all warnings
(AHAW) alerting
Provide a practical, pragmatic methodology for efficient and
timely generation, authentication or confirmation and
distribution of emergency alerts and warnings
– Nationally mandated, integrated at the regional, state
and local levels
– Based on the latest version of the Common Alerting
Protocol (CAP) Standard from the Organization for
the Advancement of Structured Information
Standards (OASIS)
– Positions the use of CAP in a global system of
systems, network of networks, using a SOA which
will be reused in multiple NEER patterns
• The SOA which supports this set of patterns is based on the
Reference Model for SOA (SOA-RM)[RD/05], an OASIS standard
developed by the SOA-Reference Model Technical Committee (SOA-
RM TC) approved in March 2005
10
Examples of standards required for
NEER core services establishment
Examples of NEER core services standards (not an exhaustive list)
• SIP
• CAP
• EDXL-DE, other emerging EDXL standards
• Directory Services – EPAD
• Wireless Mesh Networks – 802.11, 802.16
• Wireless Local Area Networks (LAN) – 802.11
• Connectionless Networking – IPv6
• Connectionless Transport – UDP
• Connection-Oriented Transport – TCP, SCTP
• 3G cellular, both UMTS and CDMA2000
• Communications Security – IPSec, TLS, SCIP
• Satellite Communications – L band, Ku band
Broken Links
SATCOM Gateway
IP Connectivity
(Voice, Video, Data)
Cellular Comms Emergency
Kit
Wireless and
Terrestrial Systems
Portable WiMax C2 appliances
Restored link
MECI Demo / Sample Architectural Elements
IP Back-bone
Sub-nets
Software Defined Radio
JTRS
11
Recommendations for effectively
establishing NEER core services
Produce operational, capability and technical patterns for a network-of-networks based on nationally defined, locally implemented cloud computing storefronts hosting NEER core services interfaced to local mesh networks
– Subscribe and Publish architecture
• Information is both “pushed” and “pulled”
– Get the right informationto the right peopleat the right timeup and down allchains of command
– Focus on responder communities
– Focus on victims
– “Everything Over IP” is fundamental
– Security as requiredat all levels
12
SECURE
CLOUD-BASED
DISTRIBUTED
STOREFRONTS
for NETWORK CENTRIC OPERATIONS
SUPPORTING PUBLIC SAFETY
and EMERGENCY RESPONSE
CORE SERVICES
AHAW
alerts
Identity
ManagementAccess
Control
Digital
Rights
Management
Shared
Directories
Logistics
Geo-
Spatial
Data
Mesh
Networks
Integration Broadband
Backbones
Fixed
Agencies
Mobile
Responders
NEER core services
reference model
Information
– Facilitate knowledge
discovery and display (KD&D)
by making information from
all core services storefronts• Accessible
• Understandable
• Trustable
• Interoperable
• Manageable
Services
– Enable KD&D through an
open standards based service
oriented architecture that is• Secure as needed
• Highly scalable
• Highly distributed
• >99.9% available
– No single points of failure
• Decentralized for administration
13
ALL HAZARDS ALL WARNINGS
RIGHTS & PERMISSIONS
IDENTITY MANAGEMENT
AGENCY LOCATOR
KD&D CORE SERVICES
TRUSTED NETWORKS
STANDARDS
CLOUD STOREFRONTS
NEER Contacts
Please direct all inquiries regarding the NCOIC
Net-Enabled Emergency Response initiative to:
– Stephen Gross
NEER IPT Chair
+1.202.879.5678
Please copy:
– Paul Mangione,
Senior Technical Staff
+1.253.839.3395
14