tion option is to situate the mechanism administratively in existing government or private organizations—for example, the National Institute of Standards and Technology, the Department of Homeland Security, the Department of Defense, the Computer Emergency Response Team of the Software Engineering Institute at Carnegie Mellon University. A second option is to create a national body to coordinate the private sector and local, state, and federal authorities.1 In the short term, a practical option for providing emergency operational support would be to exploit IT expertise in the private sector, much as the armed services draw on the private sector (National Guard and reserve forces) to augment active-duty forces during emergencies. Such a strategy, however, must provide adequate security vetting for private-sector individuals serving in this emergency role and must also be a complement to a more enduring mechanism for providing ongoing IT expertise and assistance to emergency-response agencies.

  • Upgrading the capabilities of the command, control, communications, and intelligence (C3I) systems of emergency-response agencies through the use of existing technologies and perhaps minor enhancements to them. One key element of such upgrading should be a transition from legacy analog C3I systems to digital systems. Of course, in the short term, this transition can only be started, but it is clear that it will be necessary over the long term to achieve effective communications capabilities. In addition, maintaining effective communications capability in the wake of a terrorist attack is a high priority, and some possible options for implementing this recommendation include a separate emergency-response communications network that is deployed in the immediate aftermath of a disaster and the use of the public network to support virtual private networks, with priority given to traffic from emergency responders. (Table 4.1 describes some illustrative advantages and disadvantages of each approach.) Given the fact that emergency-response agencies are largely state and local, there is no federal agency that has the responsibility and authority over state and local responding agencies needed to carry out this recommendation. Thus, it is likely that a program of this nature would have to rely on incentives (probably financial) to persuade state and local responders to participate and to acquire new interoperable C3I systems.


CSTB has a pending full-scale project on information and network security R&D that will address federal funding and structure in much greater detail than is possible in this report. See the Web site <http://www.cstb.org> for more information on this subject.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement