FHWA TMC/EOC/FC Handbook: 4.3 General Options and Principles to Address the Challenges

4.3 General Options and Principles to Address the Challenges

Overcoming the challenges and barriers addressed above will depend on the determination of both partners in any specific information exchange initiative—and their “political will” to revisit key policy and rules interpretations and to invest in the technical solutions needed. This, plus the inevitable investment of management attention, effort, and money, suggests that TMCs, EOCs, and FCs should study the needs and opportunities and carefully select their first initiative to pursue. Initial focus should be on selected information exchange solutions that are clearly needed, with benefits that can be convincingly demonstrated. This focus, of itself, is a formidable challenge.

4.3.1 IT and Data Management Policy

Many long-standing IT policies and rules are candidates for review and updating in light of the continuing development of firewall and secure communications technology. For example, one State agency (following its IT policy) did not permit one of its TMCs to connect to the State network because of the existence of other “open” Web-based applications being employed at the TMC.

Solutions can be found in clear definitions of information and appropriate use, security needs justified and defined, interagency MOUs, compartmentalization of sensitive data, and effective tools for secure communication available today.

4.3.2 Privacy

Each organization that shares information resources must have its own policies and procedures to comply with Federal, State, local, and tribal privacy laws. Processes and agreements are needed to assure that information transmitted is limited in form or content to conform to the policies of both organizations. Information that contains or might contain surveillance data should be covered in agreements to forms and content that comply with both organizations’ policies. Uses of such data should be specified, as well as the users authorized to access the data.

4.3.3 Classified Information

Transmission of classified information “in the blind” is neither practical nor lawful. This is a major barrier to sharing of classified information. The options are few. Two options are: (1) to require special handling, redaction, or processing to truncate information to exclude the classified information, or (2) to encrypt the transmission and ensure that access on the receiving end is only by properly cleared and authorized personnel (including methods to vet the actual identity of those persons) and that appropriate control can be maintained in the receiving facility. Both approaches are expensive.

The first approach (redaction/truncation) requires labor-intensive, time-consuming effort by cleared personnel, or very sophisticated programming and technology, and a secure facility. This approach generally compromises the value and timeliness of the information finally transmitted.

The second approach (encrypted transmission to cleared entities) also requires investments in facilities, technology, and properly cleared personnel—if not already available at the receiving center. If the information is properly received and secure, there would still be the potential for the value of the data to be reduced if only part of it can be passed on to un-cleared operators or decision-makers at the receiving center.

4.3.4 Legal Process and Rules of Evidence

The options for transmitting information that is—or could become—part of a legal process are fairly similar to the two options for classified data, with some additional hurdles. In this case, the restrictions needed may not be fully known or understood prior to the completion of an ongoing investigation, or until all subsequent legal processes are completed. Determining this would require expertise in law enforcement and legal process and possibly court orders.

Information that is public knowledge and otherwise recorded facts or qualified observations could probably be exchanged freely—but again, significant effort by qualified experts would be needed to “scrub” the exchange.

4.3.5 System Integration, Message Standards, Language

By leveraging technology, centers can begin to address some of the technical and vulnerability challenges described in the previous section. These technology solutions include interconnection equipment, database, middleware, integration, and business intelligence tools. But the best approach to developing and integrating these technologies is to implement solutions that utilize industry standard products, services, and processes.

The U.S. DOT encourages the use of the National Transportation Communications for ITS Protocol (NTCIP) and other related standards for ITS implementations. For FCs, U.S. DOJ encourages the use of industry standards including the Global Justice XML Data Model and the National Information Exchange Model (NIEM). The approach to successful information sharing includes the use of XML data models, the Common Alerting Protocol messaging standards, and service-oriented architectures.

With transportation departments seeking to emphasize corridor management and emergency preparedness, a document-centric single delivery information method poses several problems when broadcasting information to all parties regardless of relevance or appropriate level of detail, leading to circular reporting and information overload. A new trend in TMC traffic and fleet management systems is the development of automated decision support systems. New enterprise systems provide rapid information collection from not only their own devices and equipment but also from diverse network sources that can meet the center’s needs.

4.3.6 Vulnerability

Vulnerability to loss of operational effectiveness or continuity is a concern for all of the center types addressed in this guidebook. Whether damage to operations is direct (resulting from natural events, accidents, or intentional acts) or indirect (resulting from unforeseen technical problems or loss of utility support), the acceptable tolerance vulnerability varies considerably. In other words, the amount that each center is willing to spend to reduce vulnerabilities has to be a practical choice by type, category, and mission criticality of each center.

With practicality in mind, the most common measures for coping with vulnerability and operational continuity risks involve redundancy of systems, facilities, and supporting utilities. Common redundancy measures fall along a spectrum of investment, as follows:

Fully redundant and operational back-up systems and facilities
Redundant “hot sites” with back-up system equipment (non-operational, often shared)
Shared (usually) “cold sites” with space, utilities, possibly furnished
Cooperative agreements to utilize, work with, or shift functions to other operational centers.

Each of these general approaches has different implications on cost, operational continuity, recovery, and robustness of interim services. Appendix G of this report discusses these measures further.

4.3.7 Unique FC Issues

For many of the reasons cited earlier (security classification, privacy, legal process issues, etc.), FCs have had to cope with significant barriers to information exchange and interoperability with other FCs—not to mention TMCs and EOCs.

As a result, FCs have typically communicated via specifically prepared products, including alerts, bulletins, reports, and situational/risk assessments. This approach has obvious implications for the timeliness, detail, and value of information in some of the products, but it can facilitate direct communication with properly cleared decision-makers.

Appendix E of this report provides more information on these issues.

4.3.8 System Ownership and Funding Issues

Solutions to the policy and political issues with ownership and investment costs associated with information sharing must be addressed by agencies in an objective way, with thoughtful exposition (from the viewpoints of each center/agency) of the relative need and both the value and the cost of meeting the need, as well as the savings benefits of sharing some or all of the cost. A simple example of two centers deploying video resources at a common location illustrates this:

Center “A” requires a reliable, fixed video camera feed at a specific location, at 5-minute intervals to fill an important gap in traffic flow observation. This camera costs $3,000.
Center “B” requires a reliable camera with additional resolution and other functionality. This specification takes about $6,000 to meet.
Both centers have determined for their needs that the respective investments are justified by the cost of the respective cameras.
Both centers agree that the more expensive system could be shared operationally and could meet the needs of both centers.
Center “A” agrees to pay one-third ($2,000) of the cost, thereby saving $1,000.
Center “B” agrees to pay two-thirds ($4,000) of the cost, thereby saving $2,000.
Assuming Center “B” needs included movable surveillance, the automated routine could return to the traffic surveillance position every few minutes to send a feed to meet the needs of Center “A.”
On the (rare) occasion of an incident in the viewing range, Center “B” may have to train the camera and interrupt the regular traffic feed for a short time.

This simplistic scenario implies what some of the typical operational policy compromises might involve to better enable sharing of information and information-gathering resources, as well as to minimize the cost. The implications of this example also show how the benefits and needs for information exchange have to be considered objectively from the points of view of each entity involved in the exchange.

June 2010
Publication #FHWA-HOP-09-003