Protecting America With Information Technology

June 2003
By Lt. Gen. Joseph K. Kellogg Jr., USA, and Mark Powell

System facilitates suspicious incident data-sharing.

The U.S. Defense Department is introducing a new tool to protect military installations by transforming force-protection information sharing from a hierarchical, service-centric model to a network-centric model. The system will allow subscribers to have a common awareness of all suspicious events that are taking place in their vicinity.

In the post-terrorist-attack world, the value of information technology has multiplied. Effective information technology integration provides tremendous capability to react quickly to emerging situations. This is especially true in force protection. Today, if a suspicious incident occurs at a military installation managed by one service branch and a similar incident occurs at a nearby installation managed by another service, the force-protection personnel at each location may not be aware of the other incident in time to react because of a stove-piped reporting structure.

The Protect America system addresses this problem. Military commanders and force-protection personnel will be able to make smarter decisions based on more information. The Joint Staff is working with the U.S. Northern Command (NORTHCOM), U.S. Customs, the Secret Service, the U.S. Coast Guard, the Transportation Security Administration, the Federal Bureau of Investigation and others to develop this common information-sharing tool.

The system follows the model of a command and control information kill-chain that is made up of several different segments. These segments include receiving, filtering and analyzing information, disseminating the result then acting on it. Using the model, information is received from Defense Department personnel using a number of methods. It can be entered into the Protect America system through a standard 128-bit encrypted Internet browser running on a desktop computer or on a handheld personal digital assistant (PDA). In addition, information can be disseminated by calling a voice portal where speech recognition technology interprets the message and makes entries into the appropriate reporting fields or by accessing a subscriber organization’s data using Extensible Markup Language (XML).

XML is an acknowledged flexible way to create common information formats and share both the format and the data. It is based on a formal recommendation from the World Wide Web Consortium and is similar to the language of today’s Web pages, Hypertext Markup Language (HTML). Both XML and HTML contain markup symbols to describe the contents of a page or file. However, XML depicts the content in terms of what data is being described. For example, the term “bdate” placed within markup tags might indicate that the data that follows is a birthday. So, XML can be used by a group of organizations that want to share information in a consistent manner on the Internet.

With Protect America, the Defense Department is leveraging this emerging Internet technology to share information with current government databases. Government organizations that want to share information with the Protect America system can tag the fields that they wish to share within their existing databases. The system can then send an intelligent agent to each shared database to gather information. If there are fields that organizations do not wish to share with Protect America, they simply do not tag them.

For example, the Protect America system can execute a search for a white van in the system and may receive several hits from these shared databases indicating that the agent found a reference to a white van. However, the organizations that own the databases may not wish to share the reason the van is in their system. Interested subscribers would have to contact the organization that owns the data directly to obtain additional information. Consequently, in the Protect America architecture, no new massive database is created, and current database owners maintain control of their information.

The system also can be used in other environments. For instance, if military police turn away a suspicious car at a military installation gate, they may fill out a form that is eventually recorded in a log at the end of the shift. If the information is believed significant, it is forwarded up the chain of command to the service operations center. The military police officer will enter the data into a PDA or make a call on a cellular telephone and immediately transmit the information to the desk sergeant who will then check the entry for accuracy and send it into the Protect America system. The information is then sent to subscribers throughout the system who have indicated an interest in that particular type of event.

All the entries into the Protect America system are made using the Defense Department’s Talon format. This ensures that data entered from locations across the country adhere to the same reporting format and relate to possible terrorist activity. The format is currently under consideration by the Office of the Secretary of Defense to be the standard reporting format for all Defense Department intelligence, law enforcement and security organizations that have a mission to collect force-protection and threat information. It allows law enforcement officials to categorize events as specific threats to Defense Department interests, suspected surveillance of Defense Department facilities and personnel, elicitation attempts, tests of security, bomb threats, and other suspicious activity and incidents reasonably related to terrorist activity against the department.

When the receive-information part of the kill-chain has been completed, the event information is filtered and analyzed. First, the data is sent to the subscribers who indicated interest in receiving information about a particular type of event by installing a filter into their system. For example, an installation’s staff may be interested in receiving information about local events but may not want to receive information about events occurring across the country unless they meet certain conditions.

Once an installation receives information about an event, the data is analyzed by assigning it a numerical weight, or threat indicator score. This number is based on several pre-selected criteria, such as the priority of the event assigned by the installation commander, the credibility of the source of the data, the seriousness of the event and the location of the event. Each subscriber installation can tailor these criteria to fit its own needs and sensitivities. Over time, the scores of older events decrease.

The scores of all of the events received by that subscriber are added together to form an aggregate threat indicator for that particular installation. The installation can then monitor its own threat level as well as the threat levels developed by other subscriber installations. This composite threat level lets the installation commander and Defense Department law enforcement personnel learn not only the perceived level of the threat to the installation but also the threat perceived by the other installations in the vicinity.

Once the aggregate score of all the events reaches a certain predetermined level at a particular installation, an alert is sent to all the other subscribers in the system along with information about how to join a collaborative session to discuss the situation. So, all of the subscribers in the system now know that the security staff of an installation believes that the threat level is high enough to call an alert, and they can re-evaluate their own situation and alert levels in light of this new information.

The Protect America system contains only unclassified information. However, the information is sensitive and must be adequately protected during the dissemination section of the kill-chain. Rather than using secure military networks such as the secret Internet protocol router network to protect the data, the Protect America program runs on the commercial Internet but uses a defense-in-depth approach that consists of a number of well-established layers of protection. This protection includes the use of Internet protocol filtering, firewalls, intrusion detection devices, hardened operating systems, commercial encryption technologies and good overall security procedures. While it is possible to break into almost any computer network, the objective for system administrators is to make breaking into their system so difficult that it is not worth the effort.

Guard devices to allow communication between classified networks and unclassified networks are being investigated by the Defense Information Systems Agency, the National Security Agency and the Office of the Secretary of Defense and may be leveraged by the Protect America program. These devices automatically examine each message to be sent between the classified and unclassified networks and determine which information can be allowed to pass into the other network and which messages should be filtered. They hold the promise of providing Protect America with tremendous flexibility and may allow it to operate seamlessly with other homeland defense programs that have higher classification levels.

The Protect America approach to network security is to make it extremely difficult for an unauthorized user to obtain the information and to monitor the system usage so that, if a break-in is detected, the user’s session can be interrupted and the security deficiency corrected. At the same time, authorized users can either access or enter data into the system from anywhere in the world through an Internet connection and a browser with 128-bit encryption.

Finally, while each installation monitors the events in its local area, national command centers can monitor all of the events taking place across the country. So, NORTHCOM, which is responsible for Defense Department homeland security activities, can monitor all of the events taking place at military installations throughout the country and take appropriate action when conditions warrant.

The potential power of the Protect America system may be realized when other federal, state and local agencies adopt the Protect America architecture. The system could register events taking place not only at Defense Department installations, but also events at airports, ports and other government facilities that are in the system. This shared situational awareness of nationwide events will help law enforcement personnel acquire information faster, enabling them to make better decisions to protect the public.

While Protect America is one possible solution to the challenge of horizontally sharing information, it is certainly not the only solution. The Protect America team has been examining different government and commercial homeland defense solutions and is applying these solutions to different sections of the command and control process. The group is developing the necessary interface control documents and common XML schemas, reporting formats and other agreements to integrate these pieces into a seamless architecture.

Eventually, the Protect America architecture will be offered to the Department of Homeland Security as an interim solution to its data-sharing challenge. The system currently is leveraging commercial Internet technology as an agent of social change to overcome the technical, cultural and societal issues associated with horizontal information sharing within the government.


Lt. Gen. Joseph K. Kellogg Jr., USA, is director for command, control, communications and computer (C4) systems, J-6, the Joint Staff. Mark Powell is chief science and technology officer for C4, J-6, the Joint Staff.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.