4.3 General Options and Principles to Address the Challenges
Overcoming the challenges and barriers addressed above will depend on the determination of both partners in any specific information exchange initiative—and their “political will” to revisit key policy and rules interpretations and to invest in the technical solutions needed. This, plus the inevitable investment of management attention, effort, and money, suggests that TMCs, EOCs, and FCs should study the needs and opportunities and carefully select their first initiative to pursue. Initial focus should be on selected information exchange solutions that are clearly needed, with benefits that can be convincingly demonstrated. This focus, of itself, is a formidable challenge.
4.3.1 IT and Data Management Policy
Many long-standing IT policies and rules are candidates for review and updating in light of the continuing development of firewall and secure communications technology. For example, one State agency (following its IT policy) did not permit one of its TMCs to connect to the State network because of the existence of other “open” Web-based applications being employed at the TMC.
Solutions can be found in clear definitions of information and appropriate use, security needs justified and defined, interagency MOUs, compartmentalization of sensitive data, and effective tools for secure communication available today.
Each organization that shares information resources must have its own policies and procedures to comply with Federal, State, local, and tribal privacy laws. Processes and agreements are needed to assure that information transmitted is limited in form or content to conform to the policies of both organizations. Information that contains or might contain surveillance data should be covered in agreements to forms and content that comply with both organizations’ policies. Uses of such data should be specified, as well as the users authorized to access the data.
4.3.3 Classified Information
Transmission of classified information “in the blind” is neither practical nor lawful. This is a major barrier to sharing of classified information. The options are few. Two options are: (1) to require special handling, redaction, or processing to truncate information to exclude the classified information, or (2) to encrypt the transmission and ensure that access on the receiving end is only by properly cleared and authorized personnel (including methods to vet the actual identity of those persons) and that appropriate control can be maintained in the receiving facility. Both approaches are expensive.
The first approach (redaction/truncation) requires labor-intensive, time-consuming effort by cleared personnel, or very sophisticated programming and technology, and a secure facility. This approach generally compromises the value and timeliness of the information finally transmitted.
The second approach (encrypted transmission to cleared entities) also requires investments in facilities, technology, and properly cleared personnel—if not already available at the receiving center. If the information is properly received and secure, there would still be the potential for the value of the data to be reduced if only part of it can be passed on to un-cleared operators or decision-makers at the receiving center.
4.3.4 Legal Process and Rules of Evidence
The options for transmitting information that is—or could become—part of a legal process are fairly similar to the two options for classified data, with some additional hurdles. In this case, the restrictions needed may not be fully known or understood prior to the completion of an ongoing investigation, or until all subsequent legal processes are completed. Determining this would require expertise in law enforcement and legal process and possibly court orders.
Information that is public knowledge and otherwise recorded facts or qualified observations could probably be exchanged freely—but again, significant effort by qualified experts would be needed to “scrub” the exchange.
4.3.5 System Integration, Message Standards, Language
By leveraging technology, centers can begin to address some of the technical and vulnerability challenges described in the previous section. These technology solutions include interconnection equipment, database, middleware, integration, and business intelligence tools. But the best approach to developing and integrating these technologies is to implement solutions that utilize industry standard products, services, and processes.
The U.S. DOT encourages the use of the National Transportation Communications for ITS Protocol (NTCIP) and other related standards for ITS implementations. For FCs, U.S. DOJ encourages the use of industry standards including the Global Justice XML Data Model and the National Information Exchange Model (NIEM). The approach to successful information sharing includes the use of XML data models, the Common Alerting Protocol messaging standards, and service-oriented architectures.
With transportation departments seeking to emphasize corridor management and emergency preparedness, a document-centric single delivery information method poses several problems when broadcasting information to all parties regardless of relevance or appropriate level of detail, leading to circular reporting and information overload. A new trend in TMC traffic and fleet management systems is the development of automated decision support systems. New enterprise systems provide rapid information collection from not only their own devices and equipment but also from diverse network sources that can meet the center’s needs.
Vulnerability to loss of operational effectiveness or continuity is a concern for all of the center types addressed in this guidebook. Whether damage to operations is direct (resulting from natural events, accidents, or intentional acts) or indirect (resulting from unforeseen technical problems or loss of utility support), the acceptable tolerance vulnerability varies considerably. In other words, the amount that each center is willing to spend to reduce vulnerabilities has to be a practical choice by type, category, and mission criticality of each center.
With practicality in mind, the most common measures for coping with vulnerability and operational continuity risks involve redundancy of systems, facilities, and supporting utilities. Common redundancy measures fall along a spectrum of investment, as follows:
Each of these general approaches has different implications on cost, operational continuity, recovery, and robustness of interim services. Appendix G of this report discusses these measures further.
4.3.7 Unique FC Issues
For many of the reasons cited earlier (security classification, privacy, legal process issues, etc.), FCs have had to cope with significant barriers to information exchange and interoperability with other FCs—not to mention TMCs and EOCs.
As a result, FCs have typically communicated via specifically prepared products, including alerts, bulletins, reports, and situational/risk assessments. This approach has obvious implications for the timeliness, detail, and value of information in some of the products, but it can facilitate direct communication with properly cleared decision-makers.
Appendix E of this report provides more information on these issues.
4.3.8 System Ownership and Funding Issues
Solutions to the policy and political issues with ownership and investment costs associated with information sharing must be addressed by agencies in an objective way, with thoughtful exposition (from the viewpoints of each center/agency) of the relative need and both the value and the cost of meeting the need, as well as the savings benefits of sharing some or all of the cost. A simple example of two centers deploying video resources at a common location illustrates this:
This simplistic scenario implies what some of the typical operational policy compromises might involve to better enable sharing of information and information-gathering resources, as well as to minimize the cost. The implications of this example also show how the benefits and needs for information exchange have to be considered objectively from the points of view of each entity involved in the exchange.
United States Department of Transportation – Federal Highway Administration
Last Modified: June 21, 2010