Commercial Coalition Tackles Security Complexities

Firms join forces to provide integrated solutions.

Corporate America is helping assemble the homeland defense jigsaw puzzle that includes thousands of pieces being put together by hundreds of people looking at a multitude of different pictures. Industry leaders agree that the biggest challenge is the complexity of the problem and the plethora of solutions being proposed by companies with a range of specialties taking widely varying approaches.

Establishing the U.S. Department of Homeland Security is just the first step in getting a handle on the many aspects of protecting U.S. citizens. Agencies must determine the best way to provide security on a variety of fronts—from border control to infrastructure protection to information security. Firms big and small have been busy proposing technologies, so the challenge security implementers now face is how to sift through the possible solutions and choose those that will be most effective.

The Homeland Security Department has taken some specific steps toward finding those solutions. It has set aside funding and has established a process for piloting solutions in certain categories of technologies that cost less than $1 million and can be implemented in less than six months. The biggest challenge industry faces will be managing the complexities involved in providing integrated security solutions.

Just as information systems companies teamed with corporate colleagues to offer end-to-end solutions to conventional government requirements, today many firms are joining forces to create and produce integrated solutions. One such firm, Oracle Corporation, Redwood Shores, California, has been working on homeland security issues for many years. Oracle Senior Vice President for Public Sector Sales Steve Perkins leads the company’s homeland security operations. He notes that the company’s technology already plays a significant role in each of the 22 agencies that will be part of the Homeland Security Department.

Security is an infrastructure issue, and communicating securely while managing systems was critical for government agencies even before September 11, 2001, Perkins relates. After the terrorist attacks, however, it became apparent that the government would be looking for comprehensive rather than individual solutions.

One of Oracle’s key assets addresses this challenge. Its homeland security-focused partnership program, which was established in January 2002, includes 225 companies. More than 45 of these firms are new Oracle partners that joined the company’s long-standing worldwide partnership program of more than 12,000 firms specifically to be part of homeland security efforts.

“Oracle has always had a very strong partnership program, even before 9/11. [After 9/11,] we determined that we should be out looking for homeland security solutions within our current alliances and then with those companies that we think have solutions,” Perkins explains.

Oracle is working with several partners to develop prototypes of technologies and also working with integrators who will take part in developing and managing security programs. In addition, the company is investigating how partners can take advantage of Oracle’s technology, he says.

To become a partner in the security effort, companies must be able to exploit Oracle technologies so that there is a good business match. They must also demonstrate strong research, offer proven technologies, show expertise in specific business domain processes and know how to work with the government.

Oracle’s partner companies offer products that address a range of homeland security issues. For example, BIO-key International Incorporated, Eaton, Minnesota, has developed a new science for biometric fingerprint verification to police access to facilities or information systems. Don Rosacker, president of the company, says that, because it collects more data, his firm’s software out performs current biometric technologies in the three major areas of fingerprint verification: false accept, failure to enroll and false reject rates.

“Up until now, the most discriminating biometric technology has been [scanning] the iris. BIO-key’s technology is 200 times more discriminating than iris identification,” Rosacker states.

The Automated Fingerprinting Identification System (AFIS), for instance, is the most widely used system. It collects data about 50 to 75 fingerprint minutiae points then determines the relationship between them, which results in 100 to 200 data elements. The BIO-key system collects a total of 1,500 to 2,000 data elements. The software is what Rosacker calls “hardware agnostic,” so organizations can use their current fingerprint identification devices.

The failure-to-enroll rate is a critical issue in fingerprint biometrics, Rosacker says. Differences in physical characteristics can preclude fingerprints from being collected. In AFIS, for example, five to 12 percent of the population cannot be enrolled in the system. BIO-key software reduces this percentage to less than one-tenth of one percent.

Rosacker relates that current biometric systems also do not address the problem of multiple enrollments for a single individual. A person could enroll using one identity one day, then re-enroll using another identity the next, yet other technologies do not spot the duplication. BIO-key software can review existing databases to determine if an individual is enrolled multiple times. The ability to look across a large database is key to effective implementation of the company’s software, and Oracle’s database strength is one of the reasons BIO-key is working with the company, he says.

Increased security concerns have prompted many agencies and businesses to take a layered approach to monitoring their facilities. However, coordinating input from multiple devices can create information overload for security personnel.

Vigilos Incorporated, Seattle, has created a software solution to this dilemma that connects various types of access control, intrusion alarm and video surveillance devices into one system.

Geoffrey T. Barker, chairman and chief executive officer, Vigilos, points out that security screening data is just information and should be organized in a database, which is what led to his company’s work with Oracle.

Using Avanta, Vigilos’ open architecture software platform, an organization sets the security parameters to monitor its facilities. The firm’s security solution collects, stores and responds to data from existing intrusion detection systems and video equipment then notifies designated security personnel. For example, when an unauthorized person attempts to enter a restricted area, security cameras can be directed to view the location. On-site security personnel will be alerted, or notification can be relayed via telephone, fax or e-mail to off-site personnel. If this first group does not respond, the system will alert a second tier of personnel designated by the organization.

Barker contends that Vigilos’ software addresses the three pillars of protection. First, it directs security breach information to the people who need it. Second, it is state-of-the-art technology that leverages the existing investments in security systems at facilities. Finally, the software reduces required training because security personnel have to learn only one system. Barker refers to this as network-centric security. Several financial institutions, an oil refinery and a freight shipping facility currently use the technology.

Oracle also is working with a company that addresses the security concerns surrounding the cargo transport industry. For more than 13 years, Savi Technology Incorporated, Sunnyvale, California, has been in the business of asset management, offering a variety of products that employ radio frequency identification.

The company’s smart tags allow in-transit visibility and asset location that supports military and commercial logistics; however, the tags do not provide the level of security required for today’s homeland security efforts. To meet this need, Savi Technology developed EchoPoint, a patent-pending technology that allows shippers, carriers and logistics service providers to actively monitor the security of their shipments from point of origin through destination. The technology ensures that contraband or dangerous substances cannot be added to containers during transit.

Ken Wykle, senior vice president for public sector, Savi Technology, explains that the SmartSeal secures a container prior to shipment. If someone attempts to tamper with the container by opening the bolt, security personnel can be alerted via fax or telephone. The product is reusable, provides tracking information and works with standard off-the-shelf bolt seals available from many manufacturers.

Savi Technology developed a pilot program with companies in the Asia-Pacific region and is conducting site surveys with European firms. It is in discussions with Sandia National Laboratories about red-team testing the security capabilities of the SmartSeal, Wykle says.

SmartSeal was built on an Oracle database so that information can be shared with the customer. In addition, Savi Technology is negotiating with Oracle to collaborate on a technology demonstration for the U.S. Customs Department during fiscal year 2003.

Partners and customers can evaluate the effectiveness of security products at Oracle’s Information Assurance Center in Reston, Virginia, which was opened just prior to September 11, 2001. “The purpose of that group is to prove the efficacy of security solutions by taking component parts like visual recognition, fingerprint recognition or geospatial capabilities and integrating them with Oracle’s middleware and our security capability and demonstrate that they work with government customers and Oracle. So we obviously accelerated that facility and dedicated it largely to homeland security efforts,” Perkins says.

The center showcases how the company’s technologies integrate with a range of other security products such as access controls, secure Web servers, enterprise access control, security command and control systems, intrusion detection systems, encryption systems and firewalls.

Perkins identifies several types of technologies that will be critical to homeland security efforts both now and in the future. Products that collect geospatial data will help organizations identify potential terrorist targets to assess and mitigate risk. In addition, mapping and a searchable database of this information will assist emergency personnel who respond to incidents.

Many new biometric products are being developed, and this is an important security area. Perkins points out that these technologies address the volume of information that biometric security measures involve. For example, it is simple to match a person’s fingerprint on a reader to one that is imprinted on an identification card. But matching a fingerprint to a voluminous set of records requires heartier technology.

Perkins also believes that wireless communications capabilities will be very important. At the first-responder level, emergency personnel will need to be able to communicate with each other as well as receive instructions from agency and emergency-response coordinators and access information from large databases.

Cyberspace also will play a key role in homeland security as it enables agency and emergency services leaders to manage an event from a central location. Technologies are required that facilitate this capability in a secure and reliable manner, Perkins says.

Additional information on Oracle Corporation is available on the World Wide Web at www.oracle.com, on BIO-key International at www.bio-key.com, on Vigilos Incorporated at http://www.vigilos.com and on Savi Technology Incorporated at http://www.savi.com.