Securing emergency operations
The role of the Traffic Management Center (TMC) or Traffic
Operations Center (TOC) has evolved from monitoring traffic and incidents and
coordinating response to a much broader role in acting as an Emergency Management
Agency Operations Center. TMCs addressed this role in the New York area and
northern Virginia during 9/11. These facilities have been chosen as possible
emergency operation centers as a result of their wide-area surveillance,
communications, command and control infrastructure and operational experience.
This expanded role creates a number of challenges for operations in the area of
logical and physical security.
Experience with emergencies
The role of the TMC has prepared transportation and management
center professionals and their first-responder partners for the operational
requirements for emergency situations. In certain cases a first response must
be coordinated at a greater scale than that encountered on a normal daily
basis. It is natural for the TMC team to use their institutional knowledge and
leverage it to terrorist events as well. In order to do this a number of access
control challenges must be met.
First step: "hardening" the TMC
Some TMCs exist in office buildings without any particular
physical intrusion prevention. Sometimes they exist in multi-use facilities
without the requirement for emergency operation. A number of low-cost, low-tech
approaches such as fences and gates provide a simple upgrade. As evidenced by a
November 60 Minutes piece on chemical plants, many facilities that are part of
the nation's critical infrastructure lack a solid perimeter. Unfortunately this
is not a unique case. Typical security measures such as bars and alarms on
windows and doors provide another easy step that would be addressed as part of
any security assessment. Once a reasonable perimeter exists next steps can be
[if !supportEmptyParas] [endif]
There are two aspects to access control: logical and
physical. This is simply who is allowed to access what and when and the means
to control, monitor, log and alarm. This can refer to specific rooms or doors
or it can refer to computers, networks, files or video feeds. Access control
rules change based on time of day (personnel shifts and restricted access) and
whether the center is operating in normal or emergency conditions or in some
case based on threat level.
As is the case with hardening the TMC, implementing access
control includes some initial steps that need to be considered. Looking at
normal operations involves an analysis of both logical and physical security
requirements such as the perimeter security described above. Identifying a
security team consisting of physical and logical security and executive
management is a good start. Many enterprises have chief information officers
and some have chief security officers. Getting these folks to share knowledge
in the case where there is not a unified security management structure is a
Start with the list of individuals who need to gain access.
Ideally an organization would use its human resources system in a centralized
location to specify who you are and your job status. These types of things
change infrequently (if ever) and should be accessed infrequently. Organizations
need to treat this information just as they would any other organizational
secrets. It increases security for the organization and it protects the
individual. This type of information should be separated from the information
for control of physical access rights to an individual building.
Once establishing team member identity and role their
credential can be created. The creation of the credential like the
establishment of identity and role should be done in a secure location by a
limited number of trusted individuals. Like a cash register in a retail outlet,
the identity, role and credential creation process should be under constant and
preferably archived surveillance.
Many different types of credentials exist. The card (key) to
access the building seldom is used for accessing computer systems. Smart card
solutions can address both of these needs but few examples exist outside of
places such as Microsoft and the State Department. In some cases legacy systems
exist and given current budget constraints will unlikely be swapped out.
Therefore implementing access control is often an incremental process. In cases
where there are multiple key types key management becomes a concern. Passwords
and computer network control aren't any good if someone has a key to a room
with computers and walks out with the PC or hard drive.
Various levels of access control systems exist from simple
access lists in a panel controlling a single door to smart cards with multiple
authentication (including biometric) factors, and real-time monitoring and
surveillance. The point made here is that there should be an access control
system. Good control of the perimeter, secure credential creation and key
(credential) management have to be addressed regardless of access control sophistication.
Another point is that the security system needs to be managed, PIN numbers on
doors that everyone knows and never get changed give a false sense of security
and can be more dangerous than just leaving a door wide open.
Information security at control centers needs to be taken as
seriously as physical access even under normal operations. If these controls
are not put in place during normal operation it will be increasingly difficult
to just throw a switch to "secure" mode in the case of an emergency.
A serious challenge exists here. Centers are charged with sharing and
disseminating information with the public in the form of traffic flow, incident
detection and traffic imagery. In certain situations this information can
contain sensitive information not for general consumption. Vehicle location and
tracking technology, E9-1-1, 5-1-1, electronic toll collection (and multi-use
of ETC infrastructure) and other intelligent transportation systems (ITS)
technologies are becoming a part of normal operations. This puts an increasing
burden of information security and becomes part of the operational requirement.
Solutions exist for all of these issues but it starts with awareness.
Fortunately the same procedures used in the logical realm
for establishing a perimeter, identities, roles and credentials can be used in
the physical world. An opportunity exists to use a common security
infrastructure to meet the needs of both. Once established some method of
access control needs to be put in place.
In the case where the TMC is used for emergency management
the list of individuals requiring access expands greatly. One solution is for
each authority to use their existing credentials and for this set of
credentials to be recognized by the access control system or to create a common
credential. While this challenge exists it needs to be put in place. Leaving
access to subjection creates a risk that outweighs the cost of implementation.
The same process gets followed except that a new level of access
needs to be implemented. This should be part of the system security and
response plan. Pre-establishing the list of who, what, where and when and
associating this with the credential set for the emergency level creates a
procedure to follow. An approach where the same normal access control
procedures get expanded to include the larger group presents the way forward.
Allowing individual organizations to establish emergency
team members reduces institutional barriers over controlling personnel. Establishing
a security team with oversight and execution responsibilities provides a way to
get this done.