NIEM Newsletter
The Status of Suspicious Activity Reporting (SAR)
By Donald Sutherland, Senior Project Manager, IJIS Institute
Suspicious Activity Reporting (SAR) represents an activity that law enforcement and homeland security professionals have been involved with for many years. Whether the jurisdiction or agency calls them field reports, incident reports, or various other names, agencies have long had processes in place to receive tips and leads, evaluate/investigate the information, and take subsequent action, such as reporting, creating documentation, or referring the information to another jurisdiction or agency. Unlike incidents that are clearly criminal in nature, such as car thefts, burglaries, or assaults, a SAR involves the reporting of suspicious behaviors that have been associated with terrorist activities in the past and may be predictive of future threats to public safety. Observed behaviors may include such activities as surveillance or photography of critical infrastructure or monitoring of facility security processes. Although these behaviors may not be illegal, they could be potential indicators of suspect activity that should be recorded and investigated by law enforcement agencies charged with this mission.
In 2007, the Office of the Program Manager, Information Sharing Environment (PM-ISE), agreed to fund a pilot effort now referred to as the ISE-SAR Evaluation Environment (ISE-SAR EE). The U.S. Department of Justice’s (DOJ) Bureau of Justice Assistance (BJA) is providing overall program management services for the ISE-SAR EE with support from the IJIS Institute, the Institute for Intergovernmental Research® (IIR), Tetrus Consulting Group, and several other firms designated by participating state and local fusion centers. The ISE-SAR EE project centers on the concept of “Shared Spaces,” representing locally controlled SAR information nodes that are accessible using federated search technology over secure networks.
The technology architecture being deployed to support the ISE-SAR Shared Spaces concept is mandated by the Intelligence Reform and Terrorism Prevention Act of 2004. Specifically, the act states that “The President shall . . . ensure that the ISE provides and facilitates the means for sharing terrorism information among all appropriate Federal, State, local, and tribal entities, and the private sector through the use of policy guidelines and technologies. The President shall, to the greatest extent practicable, ensure that the ISE provides the functional equivalent of, or otherwise supports, a decentralized, distributed, and coordinated environment . . . .”
In accordance with the goals of the Intelligence Reform and Terrorism Prevention Act of 2004, the ISE-SAR EE project is deploying common computer systems at up to 14 sites in the United States, to include the U.S. Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) eGuardian system, and 12 state and major city fusion centers from September 2008 through May 2009, Figure 1. Each system will consist of a common NIEM SAR IEPD-based database server and Web services components to process secure user queries generated by a federated search tool, as well as ingest SAR reports contributed by the host fusion center. Both LEXS-SR and LEXS-PD data exchange standards will be applied. Users will be able to access an ISE-SAR EE portal hosted by DOJ at www.ncirc.gov from several Controlled Unclassified Information (CUI) networks, including the Regional Information Sharing Systems® (RISS), Law Enforcement Online (LEO), and the Homeland Security Information Network (HSIN). In addition, the DOJ Trusted Broker solution will be used to authenticate users through a single sign-on process.
Figure 1
More important, however, the technology architecture merely serves as the enabler of standard SAR business processes that are being validated and institutionalized to demonstrate the effectiveness of the ISE Shared Spaces information sharing concept from a national perspective involving all levels of government. Figure 2 represents a Nationwide SAR Cycle that identifies government roles, responsibilities, and products associated with the five fundamental SAR activities: planning, gathering and processing, analysis and production, dissemination, and reevaluation.
Specifically, the ISE-SAR EE is about developing and implementing consistent national policies, processes, and best practices by local, state, tribal, and federal partners. For the purposes of the current ISE-SAR EE, one of the major goals is to help ensure that SARs with a potential connection to terrorism are expedited to FBI Joint Terrorism Task Forces (JTTF) as quickly as possible. The SAR process involves development of risk assessments, training, public outreach, vetting, and privacy and the sharing of information with other applicable local, state, and federal law enforcement agencies.
Figure 2
A key objective of the project is to apply policies and procedures that will ensure that citizens’ privacy and civil rights are protected under law. To support that objective, PM-ISE has issued a privacy policy template specifically directed towards the ISE-SAR EE project that clearly outlines the responsibilities of each of the participating agencies and appropriate business processes regarding the use and protection of privacy information. A critical strategy to meet this objective is ensuring that consistent national training for law enforcement executives, street officers, and investigative analysts serves as the underpinning of the work. A central focus of each curriculum is the identification of suspicious behaviors that may have a potential nexus with terrorism so that all levels of government share a common understanding of the indicators and the business processes to rapidly analyze and report incidents. The FBI, DHS, PM-ISE, and the Office of the Director of National Intelligence (ODNI)—among other partners, including the Major Cities Chiefs Association (MCCA), the International Association of Chiefs of Police (IACP), the Major County Sheriffs’ Association (MCSA), and the National Sheriffs’ Association (NSA)—have all been playing a very active role in designing core curricula and identifying instructors for the training that will be taking place for ISE-SAR EE participating agencies over the next several months.
From December 2008 through September 2009, several system evaluation activities will be jointly conducted by BJA, PM-ISE, IJIS Institute, IIR, and fusion center staffs to examine various quantitative and qualitative performance measurement metrics with a focus on objective outcomes that are actually achieved or prove the viability of the Shared Spaces concept. An important area of interest is an examination of the ISE-SAR Functional Standard (FS-200) issued by PM-ISE in January 2008 and any recommendations for improvements in the standard, the IEPD specification, and other associated artifacts.
As of January 2009, ISE Shared Spaces configurations have been installed and operational at fusion centers in Virginia, Florida, New York, and Washington, DC. Deployments to Chicago, Boston, and Miami-Dade are scheduled for early February, and additional deployments at DHS, the FBI, Los Angeles, Seattle, Phoenix, Houston, and Las Vegas will follow shortly thereafter.
For more information on the Nationwide Suspicious Activities Reporting (SAR) Initiative, visit http://www.ise.gov/pages/sar-initiative.html.
NEWSFLASH
The NIEM Program is proud to announce that the National Sheriffs’ Association (NSA) approved a resolution supporting the Nationwide Suspicious Activity Reporting (SAR) Initiative that was recently launched by the Office of the Program Manager for the Information Sharing Environment in 2008. Sheriff Rich Stanek, Hennepin County (Minnesota) Sheriff’s Office, set up meetings with the appropriate NSA committees and introduced the resolution to the full NSA Board of Directors on January 21, 2009; the NSA Board unanimously passed the resolution on behalf of the membership in support of the Nationwide Suspicious Activity Reporting (SAR) Initiative.
The NSA’s passing of the resolution brings all four major law enforcement associations to the table in support of the NSI: International Association of Chiefs of Police, Major Cities Chiefs Association, Major County Sheriffs’ Association, and the National Sheriffs’ Association. This is great news for the project; a testament to the local, state, tribal, and federal partners; and another building block in this history-making project.
NIEM Case Study: National Capital Region Data Exchange Hub Program
Synopsis
In an effort to establish the technology architecture needed across the jurisdictions, the National Capital Region (NCR) created a Data Exchange Hub (DEH) to act as a switching station for providing secure access to communications systems and applications. As a part of this effort, four information exchanges were identified as priorities and documented: NCR Resource Typing, Crisis Incident Management System (CIMS) Data Exchange, Records Management System (RMS) Exchange, and Computer-Aided Dispatch Data Exchange. These exchanges were developed using the National Information Exchange Model (NIEM), and the resulting Information Exchange Package Documentation (IEPD) successfully demonstrated the utility of NIEM in the NCR project. The Computer-Aided Dispatch Data Exchange will be the first production exchange and will be implemented in March of 2010. All of the message structures and the IEPD to support the exchange are complete and awaiting implementation.
Agency Overview
The National Capital Region (NCR) encompasses the District of Columbia and parts of Maryland and Virginia, including the cities of Alexandria, Fairfax, Falls Church, Manassas, and Manassas Park; the counties of Arlington, Fairfax, Loudoun, and Prince William in Virginia; and the counties of Frederick, Montgomery, and Prince George’s in Maryland, which include the municipalities of Bladensburg, Bowie, College Park, Frederick, Gaithersburg, Greenbelt, Rockville, and Takoma Park. These jurisdictions, operating as a regional partnership—Metropolitan Washington Council of Governments (MWCOG)—have been working together since 1957 to implement “intergovernmental policies, plans, and programs.”
In 2005, MWCOG Chief Information Officers Committee established the NCR Interoperability Program (http://www.ncrnet.us/), a regional initiative to create a common communications infrastructure and systems interoperability for public safety and emergency response using funding from the U.S. Department of Homeland Security (DHS) Urban Areas Security Initiative Grant Program.
Challenge
The National Capital Region needed to establish an information technology architecture across the region to strengthen the flow of information between Emergency Support Functions (ESFs), across independent governmental entities. These first responders need the ability to share information and data in a reliable and secure manner. As part of the regional interoperability infrastructure, the Data Exchange Hub (DEH) acts as a switching station of sorts, providing secure, noncommercial, restricted access to critical regional communications systems and applications to facilitate real-time, anytime, interoperable data communications.
Solution
The DEH is predicated on a comprehensive framework that addresses not only the technology needs but also the business, applications, and data requirements for regional interoperability. Using the National Information Exchange Model (NIEM), the program focused on four initial Information Exchange Packet Documentations (IEPDs) to define certain electronic transmissions of information from one computer system to another: NCR Resource Typing, Crisis Incident Management System (CIMS) Data Exchange, Records Management System (RMS) Exchange, and Computer-Aided Dispatch Data Exchange.
Results
The first three IEPDs were demonstration type projects; the Computer-Aided Dispatch Data Exchange will be the first production exchange and will be implemented in March of 2010. All of the message structures and the IEPD to support the exchange are complete and awaiting implementation. The Computer-Aided Dispatch Data Exchange IEPD is NIEM-conformant and leverages the Law Enforcement Information Technology Standards Council (LEITSC) NIEM 2.0 CAD RMS IEPDs. The NCR DEH development team worked directly with LEITSC representatives to improve the NIEM 2.0 CAD RMS IEPDs to support additional functionality required in the CAD Exchange.
Donna Roy to Receive 2009 Federal 100 Award
Donna Roy, Director of DHS’s Enterprise Data Management Office (EDMO) and Executive Director of the National Information Exchange Model Program Management Office (NIEM PMO), is to be awarded a 2009 Federal 100 Award. The Federal 100 is awarded by the 1105 Government Information Group and Federal Computer Week and recognizes individuals in government and industry who made significant contributions to the federal information technology community in 2008. Winners will be recognized and honored at a gala dinner on March 25, 2009.
Ms. Roy is being recognized for making remarkable IT progress in the areas of data architecture, information sharing, governance, and performance measurement. She is credited with being the principal DHS voice and thought-leader for the successful data management and NIEM strategies.
Paul Wormeli to Discuss NIEM on Blog Talk Radio
Join Deborah Osborne, author and host of Analysts’ Corner, and Paul Wormeli as they discuss the evolution of the role of the analyst in policing, as well as information sharing via the National Information Exchange Model (NIEM)—a federal, state, local, and tribal interagency initiative providing a foundation for seamless information exchange. Mr. Wormeli is the Executive Director of the IJIS Institute and has more than 40 years of experience in law enforcement and criminal justice technology. Listen live on March 4, 2009, at 10:00 a.m.
NIEM PMO Call for Papers and Participation
The NIEM National Training Event will be held in Baltimore, Maryland, from September 30 to October 2, 2009. There will be six concurrent tracks focusing on three major topic areas—program management, architecture, and implementation. The NIEM Program Management Office (PMO) is seeking papers that will support the nationwide implementation and use of NIEM in a variety of domains, including justice, public safety, homeland security, health and human services, maritime, courts, and corrections. The Call for Papers is open to practitioners, the private sector, and educators.
Featured FAQ: What is the scope of the NIEM initiative?
Rather than nationwide integration of all local, state, tribal, and federal databases, NIEM focuses on cross-domain information exchanges between communities of interest (COIs), across all levels of government. NIEM will provide the data standards to ensure a semantically consistent information exchange package, but other exchange layers will be left to the individual implementer to ensure that NIEM is compatible with any platform or software.
NIEM Training News
NIEM Practical Implementer’s Course—Martinsburg, West Virginia
A NIEM Practical Implementer’s Course was held February 10–12, 2009, in Martinsburg, West Virginia. This session was hosted by the U.S. Coast Guard and was attended by 27 students. Course participants included representatives from the U.S. Coast Guard, the U.S. Navy, and the U.S. Department of Homeland Security, as well as industry representatives from MITRE Corporation and CACI. The combination of federal agencies and industry representatives provided the setting for an engaging and informative training session. The instructors for this training engagement were Joe Mierwa and Marc Clifton. The class was well-received based on the student evaluations.
NIEM Practical Implementer’s Courses are funded through grants from the Bureau of Justice Assistance, U.S. Department of Justice, in cooperation with the U.S. Department of Homeland Security. For more information about the NIEM Technology Training Program, contact training@ijis.org.
Upcoming Events and Training
March 17–19, 2009: Department of Motor Vehicles (DMV), Carson City, Nevada
April 14–16, 2009: NIEM Practical Implementer’s Course, Ashburn, Virginia
September 30–October 2, 2009: NIEM National Training Event, Baltimore, Maryland
