Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 70
Science and Technology for Army Homeland Security: Report 1 3 Denial and Survivability Technologies INTRODUCTION This chapter discusses denial and survivability (D and S) technologies for a broad range of terrorist threat scenarios against assets and activities that are within the Army’s mission area. Among the assets the Army will need to address for homeland security (HLS) D and S considerations are the following: Army bases, facilities, equipment, and troops; Assets the Army is temporarily responsible for safeguarding during times of threat; and Deploying forces in transit domestically. “Denial of an attack,” as used herein, refers to measures taken to prevent or otherwise thwart an intended terrorist attack, whether by preventing access through physical means (e.g., guards or barriers) or other means of interception (e.g., explosive detection, electronic surveillance). Survivability, in contrast, refers to measures taken to mitigate the effects of attack so as to reduce its effectiveness (e.g., by such means as structural hardening, protection of personnel, and duplication of resources). The elements of survivability also include the ability to absorb an attack with acceptable damage and casualties, redundancies that enable continued function after an attack, mitigation of the effects of the attack, and preparations for retaliation. The line between D and S is not always a clear one. Consider as an example, building security. Denial relates to issues such as perimeter protection and entry control—denying the terrorist the ability to enter. Survivability relates to miti-
OCR for page 71
Science and Technology for Army Homeland Security: Report 1 gating the effect of terrorist actions once the perimeter has been breached and entry obtained. Placement of barricades in such a way that a truck bomb produces inconsequential damage could be viewed as denial or survivability. Thus, it may not be useful to differentiate too finely between the two components when discussing applicable technologies. The fixed infrastructure targets of primary interest to the Army are presumed to be installations, conventional military buildings either inside a base or standing alone (e.g., barracks, office buildings, and command and control (C2) centers), bridges, tunnels, and dams as well as special facilities such as nuclear power plants and critical Department of Defense (DoD)/Army assets (e.g., ports and airfields). Infrastructure targets also can include those that are primarily cybernetic, such as computer networks, communication systems, and C2 systems or supervisory control and data acquisition (SCADA) based systems such as military base power grids and water systems. Cyber issues will be addressed separately in the last section of this chapter. Because many of these facilities are conventional, the technology that enhances their denial or survivability capabilities is equally applicable to civilian facilities and infrastructure. As was suggested in Chapter 1, technology transfer to the civilian sector will be necessary in order for the civilian sector to exploit Army technology. The principal element of successful denial is good security, both physical and cyber. Security techniques and technologies that will satisfactorily perform Army HLS missions and protect against terrorist attacks will require “leap forward” capabilities. Simply doing more of the same or incrementally improving today’s tool set will not result in affordable systems with acceptable performance. The Army must look for breakthrough technologies that not only enhance performance but also substantially reduce the resource demands of these functions. PHYSICAL SECURITY Security functions may provide the most leverage, both in terms of response options and resource savings. Security is also an area that could benefit enormously from new and innovative technology. Physical security includes activities at perimeters, gateways, and portals, as well as the detection of human agents. When the Army is deployed to protect a site in times of increased threat, the perimeters and portals may be temporary and not in optimal location or design, and portable or mobile systems may have to be used by the security force.1 The desired attributes of the physical security functions are in listed Box 3-1. 1 Providing adequate full-time protection for the dams, levees, bridges, tunnels, critical infrastructure, and Army structures will pose the challenge of balancing cost and public acceptability with available resources.
OCR for page 72
Science and Technology for Army Homeland Security: Report 1 BOX 3-1 Desired Attributes for Physical Security Perimeter Control Boundary line monitoring. All-weather, day-night surveillance. Low cost, standoff sensing. Fenceless borders, low false and nuisance alarms. High detection rate. CBRN detection. Low manpower requirements. Air and ground threat detection. Difficult to spoof. Scalable. Secure, reliable communication to central command post. Sensor- and algorithmic-based assessment tools. Tools and equipment, such as robotic investigators, to assist human assessment. Entry portal control. High throughput for authorized people and products. Rapid, positive ID of authorized personal. Forgery-resistant credentials. Rapid detection of threats in large vehicles (e.g. tank trucks, aircraft, or ships). CBRN detection and identification. Low risk to portal personal. Low manpower requirements. Rapid ID of nonauthorized attempts at entry. Safety setback for detected CBRN and LVBs. Deployable barriers. Temporary perimeters. Rapidly deployable, flexible, scalable, all-weather, day-night surveillance systems. Simple to deploy with modular features. Fenceless borders, low false and nuisance alarms. High detection rate. CBRN detection. Low manpower requirements. Air and ground threat detection. Difficult to spoof. Sensor- and algorithmic-based assessment tools. Tools and equipment, such as robotic investigators, to assist human assessment. Building and Facility Control External protection. Access control systems that efficiently allow access only to authorized personnel. CBRN detection, neutralize/destroy integrated with HVAC technologies. Alarm systems integrated with local emergency response network. Forces in Transit Mobile protection. Vehicle-mounted area detection of CBRN and LVB threats. NOTE: CBRN, chemical, biological, radiological, and nuclear; ID, identification; LVB, large-vehicle bomb; HVAC, heating, ventilation, and air conditioning. The technology needs for physical security are very broad. Improved sensors are key to solving many of the problems identified here and are broadly described in Chapter 2. New algorithms and techniques must be developed to allow rapid and faultless assessment of information about individuals attempting to gain access, material that is to be introduced into the facility, and detectors signaling a threat. Advances in data mining and cogitative modeling are essential. Tools to quickly identify unknown, unauthorized individuals using national law enforcement and intelligence databases need to be deployed to where the identification must take place. There is a need for an ability to search an integrated, seamless, real-time
OCR for page 73
Science and Technology for Army Homeland Security: Report 1 watch list. Such a capability does not now exist across all the relevant departments—e.g., Customs, the Immigration and Naturalization Service, the Federal Bureau of Investigation, the Central Intelligence Agency, and law enforcement at the state and local levels. These assessments and identifications must be made in an environment that protects our forces on the perimeter. This will require new concepts in perimeter and portal management and staffing. Table 3-1 identifies some of the technology challenges inherent in this task. SURVIVABLE STRUCTURES Blast Mitigation Explosive threats against conventional buildings of direct interest to the Army may range from small 1- or 2-lb explosives packaged in letter bombs or pipe bombs, to hundreds of pounds of explosives contained in cars, to thousands of pounds of trinitrotoluene (TNT) equivalent charge carried by large trucks, trains, or dockside ships. A bomb explosion in or near a building can have catastrophic effects, destroying or severely damaging portions of the building’s external and internal structural framework, collapsing walls, blowing out large expanses of windows, and shutting down critical fire- and life-safety systems, such as fire detection and suppression, ventilation, light, water, sewage, and power. Damage to a Building’s Structure Recent terrorist attacks against commercial buildings dramatically illustrate the influence of bomb placement and building design on the nature and extent of direct structural damage. Detonation of weapons inside or outside these buildings results in air-blast loadings that disintegrate the relatively weak front face slabs and curtain walls and/or damage columns through direct loading and partial transfer of the loads from the weak slabs. Failure of columns or load-bearing walls due to a combination of lateral air-blast loading plus axial gravitational forces from the weight of the structure above it may result in progressive collapse of the building or portions of it. Notable examples of the damage potential of external explosions against multistory buildings that led to progressive failure are the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City (the largest such terrorist attack in the United States up to that time caused 168 fatalities, numerous injuries, and an estimated $50 million in damage to about 75 buildings in the area) and the devastating 1994 car bomb attack against the Jewish Community Center in Buenos Aires (a masonry load-bearing wall building whose collapse killed 87 people and injured 200 others). By way of contrast, a similar attack in 1992 against a multistory office building of more modern concrete column and slab
OCR for page 74
Science and Technology for Army Homeland Security: Report 1 TABLE 3-1 Technologies for Physical Security Function Task Technology Characteristics Availabilitya (R, N, F) Priority for Army S&Tb Multiusec (H, O, C) Perimeter control Modeling of perimeter control system Advanced decision theory; high fidelity, interactive virtual reality; full feature models High-fidelity, flexible simulation of system performance N Medium H, C Rapid detection of LVBs X-ray assessment, swimming sensors Detection of LVB hidden in tank trucks and other normal base traffic N, F High H, O High-performance fenceless perimeters Laser interrogators; microwave networks; robotic rovers Perimeters with high probability of detection, low false-alarm rates for full threat spectrum N, F Medium H, O, C Tool to assess alarms Robotic investigators; cognitive networks Mobile, low-manpower requirements, multisensor, networked F Medium H, O, C High performance credentials Smart ID with bioinformation; ID tracking with area authorization Positively ID authorized personnel N, F Medium H, O, C Biometric recognition Iris ID, liveness tests, auto DNA ID Positively ID authorized personnel N, F Medium H, O, C ID nonauthorized visitors 3- D facial recognition; auto DNA matching Link to national database to ID attempted unauthorized entry F Medium H, O, C Protection of perimeter guard forces from LVBs and other WMD devices Remote interrogation, positive barriers Remote assessment capability and blast protection F Medium H, O
OCR for page 75
Science and Technology for Army Homeland Security: Report 1 Deployable perimeter control system Unattended sensor networks, advanced power sources, C2 and secure communication, low- power sensing elements Modular, robust deployable perimeter control system for use by Army in high- threat situations N, F High H, O Mobile perimeter system to include CBRN and LVB detectors for force protection during deployment C2 and secure communications, situational awareness tools, area sensors Vehicle- mounted, networked, detection systems to protect forces during transit to ports and airfields F High H, O Building and facility control CBRN detection and remediation See discussion in Chapter 2 Buildingwide system to detect, prevent wide dispersal, and mitigate or destroy CBRN agents. Secure communication to civilian N, F Medium H, O Automatic, high- confidence access control Smart ID with bioinformation, ID tracking with area authorization, iris ID, liveness tests, auto DNA ID Rapid and faultless ID of authorized individuals and detection of dangerous articles F High H, O, C NOTE: LVB, large vehicle bomb; ID, identification; 3-D, three-dimensional; C2, command and control; CBRN, chemical, biological, radiological, and nuclear; TRL, technology readiness level. aAvailability: R, ready (TRL 8-9); N, near-term (TRL 4-7); F, far-term (TRL 1-3). bPriority for Army S&T (investment): low, someone else has mission or technology is ready and available; medium, useful but of limited impact and some investment needed; high, very important, no one else working on it, considerable investment needed. cMultiuse: H, Army homeland security; O, Objective Force; C, civilian (first responders and others).
OCR for page 76
Science and Technology for Army Homeland Security: Report 1 construction at St. Mary Axe in London produced relatively minor structural damage but extensive glass damage2 (NRC, 1995). In addition to the direct effects of an explosion or impact, the causal event may initiate a fire that can be fed by existing materials in the building. These fires can reduce the strength of structural steel by 50 percent if they reach temperatures of 500°C and to near zero if the temperatures reach 1000°C (NRC, 2002). As noted in Chapter 8 of the NRC report, “columns, floor diaphragms, and connections between the columns and floor joists are the vulnerable members” (NRC, 2002). This weakening may occur despite the presence of fireproofing, because the force of the explosion or impact and the debris from it may strip the fireproofing from the structural elements and assemblies. In addition, the fireproofing may have been applied improperly or removed over the course of time. Current building codes3 do not consider the combined effects of fire and impact or blast on the integrity of the fire protection system. Generally, normal-strength concrete members demonstrate good performance under fire exposure. However, low-strength concrete and high-strength concrete may not perform as well under severe fire conditions (FEMA, 2002). Damage to Building Subsystems Certain building subsystems, if lost, render the building unable to protect the occupants or assist in their survival and otherwise make the building uninhabitable or unusable. Typical of these subsystems are fire-detection and fire-suppression systems; water and sewer service, including sanitation; means of egress, including corridors, stairs, lobbies, and exit doors; elevators; primary and emergency electrical systems; and rescue operation systems, including voice and data communications, ventilation, and smoke control. A bomb detonated inside a building’s parking garage can cause serious damage to building subsystems simply because several critical subsystems typically originate there, along with much of the control and distribution equipment. A garage-level detonation has a significant potential for fire and smoke production because the parked vehicles contain large amounts of combustible materials. Also, the fire-suppression system would likely be made inoperable, since it is exposed and very fragile. The 1993 World Trade Center bombing was, unfortunately, a good example of these observations: Extensive damage occurred to communications, life-safety, electrical, and mechanical systems; the emergency generator plant shut down 2 The offices were unoccupied at the time of the explosion (around midnight). It is thought that extensive injuries would have occurred to occupants had the bomb been detonated during working hours (NRC, 1995). 3 The building codes are referenced in Chapter 1 of FEMA (2002), and the fire protection codes are referenced in Appendix C of that document.
OCR for page 77
Science and Technology for Army Homeland Security: Report 1 because of loss of cooling water; the elevator and stair shafts were breached; smoke from burning automobiles on the parking levels was forced up the shafts of both towers; and the underground tower’s operations control center was put out of commission, leaving building occupants without important information (NRC, 1995). Hazards to People Injuries and loss of life can result directly from the explosion of a bomb. Blast pressure, impact of high-speed glass fragments or other structural debris, collapse of structural members, fire and smoke inhalation, or a variety of other causes associated with the general confusion that may follow an explosion and a possibly prolonged evacuation period can all contribute to casualties. After entrapment in collapsed building spaces, the next most serious source of injuries is missile penetration or smoke inhalation. Additionally, toxic gases and dusts from conventional blasts may become entrapped in the urban environment for days or weeks. This form of pollution may be another target for monitors (and sensors). The harmful effects of dusts, vapors, and gases on an urban civilian population could be quite serious. The breaching of elevator and stairwell doors (more likely from street-level explosions) allows smoke to migrate upward into the building, carried by the building’s stack effect during winter months. Elevators are likely to be occupied throughout the day, and persons may be trapped within them, as a result of either damage to the elevator shaft or hoists or the loss of power or controls. In the 1993 World Trade Center bombing, the north tower air locks were destroyed, and smoke and dust-laden air were forced to the upper floors, accounting for most of the more than 1,000 personal injuries (NRC, 1995). Conclusion 3-1. The current database describing injuries and fatalities due to blast-related terrorist activities is sparse. Recommendation 3-1. To gather valuable and perishable medical and other forensic data, the Army should support the establishment of rapid response data-gathering teams to investigate bombing attacks that may occur in the future. The data collected by these teams should be integrated with information from past events and made available to researchers and practitioners in emergency medicine, injury epidemiology, search and rescue, architecture, and engineering. Technology for Blast Mitigation The trend in civilian building design for the last 50 years has been toward the use of lighter but stronger materials. This has led to more economical buildings,
OCR for page 78
Science and Technology for Army Homeland Security: Report 1 with the structure accounting for less of the floor area and lower first costs. At the same time, engineers developed a better understanding of building performance when a structure is subjected to dynamic horizontal and vertical forces associated with wind and earthquake. Seismic design calls for the building to possess adequate strength (force- and ductility-resistance characteristics) to resist repetitive seismic motions in a manner that protects human lives and leaves the building usable or, at worst, with damage that is easily repairable. The dynamic loading on buildings caused by explosions differs in important respects from dynamic loads caused by earthquake and wind.4 The latter loads are of relatively low intensity, long duration (seconds to minutes), and essentially oscillatory (periodic in nature). Explosive loads, by comparison, are extremely large initially, act for very short durations of time (milliseconds), and are non-oscillatory (aperiodic). To effectively resist large, short-duration explosive loads localized in lower levels, characteristic of terrorist bombings, the mass of the lower levels of a structure should be increased. This goal is generally in keeping with seismic requirements, which call for significant strength in the lower levels. In other respects, however, the two design approaches differ considerably. Design of New Facilities A series of manuals exists for the design of new facilities subjected to the kinds of threats described above.5 These manuals include charts and/or fast-running computer codes to forecast the threat environments, including blast, fragments, and ground shock. Retrofit of Existing Facilities The retrofit of existing buildings presents a different challenge to the designer because of the many constraints imposed by the need to retain a building’s functionality while retrofitting is occurring. This need imposes limitations on volume and configuration available for retrofit approaches and imposes addi- 4 A discussion of the design and behavior of structural components typically used in modern civilian buildings subjected to a transient blast-wave form is contained in Chapter 4 of Structural Design for Physical Security (ASCE, 1999). 5 USACE TM 5-855-1, Fundamentals of Protective Design for Conventional Weapons, 1986; USACE TM 5-1300, Structures to Resist the Effects of Accidental Explosions, 1990; USACE TM 5-853, Security Engineering, 1993; and, most recently, the new joint services DAHS/CWE manual, The Design and Analysis of Hardened Structures to Conventional Weapons Effects, 1995, which is computerized and interactive. USACE TM 5-853 provides a systematic methodology to analyze “aggressor threats and tactics,” including a system for rating potential risks and developing appropriate responses. It discusses various design options to a limited degree, but the planning techniques are strongest in the area of supporting access control to the facility.
OCR for page 79
Science and Technology for Army Homeland Security: Report 1 tional hazards that must be addressed, e.g., the retrofit of masonry and brick must address the containment of projectiles of these materials created by an explosion. In addition, standoff—that is, the distance between the building and a potential device—may be minimal or nonexistent. Standard retrofit procedures consider the introduction of additional strength, ductility, redundancy, and mass and the replacement of weak structural components. They can include the enhancement of support conditions through better connections, span reduction, the strengthening of exterior facades such as curtain walls, the strengthening of interior partitions, and the installation of windows and doors with better blast resistance and seals. Many of these options are presented in Structural Design for Physical Security (ASCE, 1999). Chemical, Biological, and Radiological Threats Military and conventional buildings are susceptible to chemical, biological, and radiological (CBR) attacks by terrorists through their heating, ventilation, and air conditioning (HVAC) systems. The effectiveness of such attacks can be greatly reduced by incorporating a building automation system designed to manage specific threats and scenarios. Such systems can include detection, isolation, neutralization, and, possibly, decontamination. The HVAC systems can be improved and integrated with architectural/civil design features for both new buildings and retrofits to gain more effective resistance to CBR attacks. New developments in real-time monitoring devices, filtration and chemistry for detection, neutralization, and decontamination of CBR agents can be combined with modeling and simulation tools to isolate and manage the terrorist threat. Some simple steps that can be taken for existing buildings are presented in NIOSH (2002). This is the focus of a new DARPA research program for “immune buildings,” which seeks to modify and augment the building infrastructure to make buildings far less attractive targets for attack by airborne or aerosolized chemical or biological warfare agents. The program has three goals: to protect the human inhabitants of such buildings in the event of an attack; to restore the building to full function as quickly as possible after the attack; and to preserve forensic evidence for attribution and retaliation. Release of biological agents inside a building is the most challenging threat, as it requires a rapid response to stop or neutralize the agents before they affect humans. The utilization of large-volume, nonthermal diffused plasmas that can be generated at ambient pressure for contaminant conversion, along with existing or improved building filtration technology, looks promising (DARPA, 2002). Conclusion 3-2. Heating, ventilation, and air conditioning systems can be improved and integrated with architectural/civil design features for both new buildings and retrofits to provide better resistance to chemical, biological, and radiological attacks.
OCR for page 80
Science and Technology for Army Homeland Security: Report 1 Recommendation 3-2. The Army should monitor and integrate new heating, ventilation, and air-conditioning technologies developed by the Defense Advanced Research Projects Agency and other organizations into building and infrastructure design and retrofit guidelines. These technologies include detection, neutralization, filtration, and active ventilation defenses. Technology Gaps It might appear from the above discussion that ample information is available for the architect/engineer to provide blast-mitigation designs for both new and retrofit structures. Unfortunately, this is not the case, because much of the required information either is not directly applicable to the construction of modern commercial buildings or is inaccessible to most practitioners in the commercial building industry and difficult, if not impossible, to use. A 1995 report makes clear that translating blast-effects research into practice will be a major undertaking. It is in any case an undertaking that the committee believes the U.S. Army Corps of Engineers (USACE) is uniquely positioned to lead (NRC, 1995). Table 3-2 lists the technologies required to protect people and buildings from terrorist threats in both new and existing structures. Current Research and Development Efforts— Leveraging the Army’s Contribution The Technical Support Working Group (TSWG)/Defense Threat Reduction Agency (DTRA) Blast Mitigation for Structures Program is a focused and valuable program of research, testing, engineering analysis, and computational modeling to supplement existing knowledge on blast effects and blast-resistant design and construction. However, the full benefits of the program will be realized only if the results are widely disseminated and necessary improvements implemented. The USACE is the logical choice to facilitate a continuing technology development and transfer effort because of its long involvement in both research and development, and in developing design guidance for architects and engineers. The USACE and its Omaha District Protective Design Center are also participating in DARPA’s Immune Building Program. There is an opportunity for the USACE to play a more active role in the demonstration phase of this program and to be a principal source of technology transfer to the building industry. Physical Security Summary As was noted earlier, blast-hardening technologies and design principles developed by the Army and other DoD components for military purposes are generally relevant for federal force protection and civilian design practice. However, because the knowledge base is incomplete, this information must be adapted
OCR for page 81
Science and Technology for Army Homeland Security: Report 1 TABLE 3-2 Technologies for Blast Resistance of Building Structures for New and Retrofit Construction Function Technology Characteristics Availabilitya (R, N, F) Priority for Army S&Tb Multiusec (H, O, C) Environment definition Prediction of blast and impact loads on and in buildings, bridges, dams, etc. More effective designs for better defined loads N, F High H, O, C Effects of barriers on blast mitigation Reduce loads on buildings R, N Medium H, C Characterization of new explosives and gas deflagration Model new loads on structures N Medium H, O, C Characterization of debris Design for fragment impact and human injury N, F Medium H, C CBRN and fire propagation in buildings and tunnels Evaluate effects on structural integrity, equipment, and personnel N Medium H, C Structural strengthening Column blast design and retrofit using conventional and new materials Upgrade existing and new designs more efficiently R, N Medium H, O, C Slab retrofit Same as above R, N Medium H, O, C Wall retrofit, including load-bearing masonry walls Same as above with new complexity due to projectile resistance requirement due to masonry breakup R, N Medium H, O, C Connection details for steel and concrete structures (new and retrofit construction) Upgrade current approaches for dynamic environments and material behavior N High H, O, C
OCR for page 82
Science and Technology for Army Homeland Security: Report 1 Function Technology Characteristics Availabilitya (R, N, F) Priority for Army S&Tb Multiusec (H, O, C) Methodology to prevent/evaluate potential for progressive collapse Improve capabilities to evaluate collapse rapidly; new approaches for design N High H, O, C Windows and curtain walls Blast-resistant window concepts, including new glazing-to-frame connections Look at glazing and frame as system N High H, O, C Curtain wall concepts for energy absorption Explore system approach for windows and frames N Medium H, C Materials research Blast-resistant tempered and laminated glass (stiffness, strength enhancement, ductility) Little material characterization for constitutive modeling and evaluating new concepts F High (+ university, industry)d H, C Materials testing and analysis of fire resistance Ability of insulation and insulated structural members and connections to survive blast environment and specified duration of fire N Medium H, C High-temperature properties of building materials, including insulation and structural materials. Ability to evaluate collapse of structures in thermal environments F Low (+ university, industry)d H, C Special blast- and fire-resistant materials: Kevlar, LINEX, and other textiles; graphite epoxy and other composite materials for use in retrofit designs Material property characterization in blast and thermal environments lacking N Medium H, O, C
OCR for page 83
Science and Technology for Army Homeland Security: Report 1 Energy-absorbing materials for barriers New, efficient concepts that do not generate hazardous projectiles N Medium H, O, C Design guides and computer codes First-principles analysis techniques to supplement experimental databases for design of windows and structural component retrofits For design and evaluation of new concepts and configurations; supplement experimental database N High H, O, C Optimization software for new designs involving multihazard scenarios, including seismic, wind, tornado, blast, fire, and chem/bio threats Develop mathematical tool to achieve a balanced and economical design for multiple hazards N, F Low (+ university, industry )d H, C Software to include new test and analysis data and techniques for design and retrofit of structures in blast environments Upgrade existing packages to include new data and methodology R, N High H, O, C Integration of performance standards with building codes from a multihazard perspective Incorporate and integrate new design standards and procedures in official codes for multihazard environments N, F High H, O, C NOTE: CBRN, chemical, biological, radiological, and nuclear; TRL, technology readiness level. aAvailability: R, ready (TRL 8-9); N, near-term (TRL 4-7); F, far-term (TRL 1-3). bPriority for Army S&T (investment): low, someone else has mission or technology is ready and available; medium, useful but of limited impact and some investment needed; high, very important, no one else working on it, considerable investment needed. cMultiuse: H, Army homeland security; O, Objective Force; C, civilian (first responders and others). dParenthetical entries suggest that participation by universities and/or industry should be especially sought because their tech nology, understanding, experience, and/or scientific capabilities in these areas are advanced, their databases are useful, and their pa rticipation would provide new insight and/or information to the program and shorten the time frame for development.
OCR for page 84
Science and Technology for Army Homeland Security: Report 1 and expanded to be more specifically usable by and accessible to civilian architects and engineers. The ongoing TSWG/DTRA Blast Mitigation for Structures Program, in which the USACE Environmental Research and Development Center is a major participant, is a natural vehicle for such technology development and transfer. This should include research and testing of common building materials, assemblies, equipment, and associated designs applicable to the blast-resistant design of critical nonstructural, life-safety, building subsystems. Techniques and products for the retrofit of existing buildings to protect against multiple hazards such as earthquakes, extreme wind events, fire, and flood, as well as blast effects, should be developed. Implementation of blast-mitigation measures should utilize established risk management principles that integrate security and natural hazard mitigation objectives with new technologies and should be based on building mission, defined threat, acceptable risk, and available resources. Glass material properties must be characterized in a form suitable for modeling and simulation in order to be able to predict the response and failure of windows subjected to blast loading. Research in this area is being conducted by universities under government and private sponsorship. Universities also conduct research on blast and impact loading and the response of structures. Conclusion 3-3. Research currently being conducted by universities in window/glass behavior and structural response through failure in dynamic environments can help to improve the blast resistance of key structures. Recommendation 3-3. The Army should continue to survey and evaluate relevant ongoing university research with the objective of identifying and synthesizing technology that could improve the performance of buildings in a blast environment, and it should also consider inviting universities to directly participate in the research effort. INFORMATION SECURITY AND CYBER ISSUES The committee uses the word “cyber” to refer to any activities related to the computer and communications (C&C) infrastructure, including the information stored in and/or being transmitted by the systems. This infrastructure is rapidly becoming ubiquitous in all aspects of daily life as well as for first responders: C2 systems are often based on it, medical information systems and financial systems are based on it, other infrastructures such as water and energy are based on it through SCADA, and it is being used in newer versions of almost everything electronic, such as monitoring systems, from perimeter control to baby watching. One has only to read the popular press to hear of proposals to give an Internet Protocol (IP) address to every device from a toaster on up to a washing machine to appreciate the drive to interconnect everything. At the same time there is a
OCR for page 85
Science and Technology for Army Homeland Security: Report 1 movement to make almost all devices software-based so that updates can be downloaded over the connected network to provide the flexibility for future changes. The C&C infrastructure can be compromised in several ways, principally the following: An insider making use of authorized access, Unauthorized access via direct tapping into the physical facility, Unauthorized access via valid network connections and security flaws in the system, or Denial-of-service attacks. Protection against the first two threats is based on physical security of the facilities and control of personnel. These are common security issues where countermeasures have been well studied, so the committee will not discuss them further here. However, even if the perimeter or the hardware is breached, damage must be contained. In the cyber context, this means that gaining access to one subsystem within a security perimeter must not automatically grant access to other subsystems. Range of Threats There are three primary objectives of a cyberattack:6 Destroy or change data within the system itself, Take control of systems controlled by the C&C system, or Deny the user effective use of the system. Future terrorist incidents in the United States could attempt any of these. Institutions from financial to medical would have serious problems in the event of massive loss of data or of reasonably rapid network access to it, but neither protection against this nor remediation if it happens fall within the Army’s jurisdiction. (However, the Army does need to protect its own systems from such attacks.) When a computer system with control functions is compromised by attack, the community may face problems as the controlled entity fails to operate cor- 6 Attacks by hackers merely to prove they can do it by making annoying but inconsequential changes to the system are not discussed. It should be recognized that many of these hacker attacks are against that part of the network that is designed to be public—namely, the Web site. While it is desirable to keep those pages secure against unauthorized change, the level of security that can be achieved is necessarily lower than that which can be applied to nonpublic information.
OCR for page 86
Science and Technology for Army Homeland Security: Report 1 rectly. This could happen whether the attacker is actually able to take control of the system and redirect it or is just able to interfere with its correct operation. A denial-of-service attack is the overloading of a C&C system with superficially legitimate service requests via the network. It does not require any security flaws or other break-in technology, but such an attack could be used to deny or corrupt important services as a preliminary or follow-up to a physical attack. For example, if an emergency response group relied on public Web-based data access for its functionality, it could be susceptible to a denial-of-service attack. Non-public systems would require the exploitation of a security flaw to deny service. Mitigation Technologies The best defense is to physically isolate an important network from the public network. However, it is dangerous to assume that this will resolve all problems. The additional functionality that can be obtained by interconnecting units frequently leads to the addition of network interconnections or unauthorized access. For example, the committee learned of executives who connect their office phones to computer modems so they can work from home, thereby providing an opportunity for access by others.7 Some systems provide for progressive shutdown of connections as the perceived threat level increases. However, it should be realized that certain forms of cyberattack can be preplanted before there is evidence of a raised threat level and left to activate automatically later. For this reason, it is important to defend against threats to networked systems. The primary threat to networked computer systems comes by way of security flaws in the system that allow remote access to unauthorized users. It is important to realize that C&C systems are sufficiently complex that it is highly unlikely a system can be designed that does not contain any security flaws. One must therefore accept the fact that providing security is an ongoing operation and cannot be built in with 100 percent certainty. Hence the initial design must pay great attention not only to achieving a high initial level of security but also to locating and correcting flaws during the lifetime of the system. It is also important to realize that a C&C system is not a static design but typically evolves as new or changed functionality is introduced. Such changes often introduce new security flaws. Large organizations are often tempted to custom design their own systems because they believe that their needs are significantly different and because they believe they can achieve greater efficiency by dropping system requirements they do not have, at least not at the time of design. For general-purpose systems this is not only a false economy—the design costs are such that because of the rate of 7 Herb Lin, Computer Science and Technology Board, National Research Council, briefing to the committee on July 24, 2002.
OCR for page 87
Science and Technology for Army Homeland Security: Report 1 change in the field, the organization will soon be left with an out-of-date design that runs on out-of-date hardware—but it is also an invitation to security disasters. While it may seem that the use of commercial off-the-shelf systems means that more people will know where the flaws are, it also means that vastly more people are busy looking for those flaws and bringing their skills to the task of fixing them. Clearly the Army must work with other interested parties to achieve the maximum level of protection. Document P of the National Infrastructure Assurance Plan (Planning Guidance to Assist in the Development of the Response Functional Plan), notes as follows: Resolving the inherent overlap of responsibilities and capabilities while defining the roles of FEMA v. FBI (including the Cyber Emergency Support Team) in developing this plan will be a critical step in implementing this plan. Additionally, other government departments (e.g., Defense) are developing cyber response capabilities. There will be a need to share best practices among these efforts and clarify the responsibility across the government (NIPC, DoD, etc.) and with the private sector (DoC, 1998). From this the committee draws a conclusion and two recommendations: Conclusion 3-4. As the Army becomes more dependent on computer-based systems, cybersecurity becomes more of an issue. Recommendation 3-4a. The Army should partner with other agencies and the commercial sector to develop and adopt the appropriate tools and protocols for the protection of its own computer and communication systems. Recommendation 3-4b. The Army should continue to review its cybersecurity procedures to assure that the best practices from the community are adopted on an ongoing basis. The Army does not currently have a direct role in denial/survivability for any non-Army C&C systems, but should coordinate with those agencies that do. Survivability The Army must not only be concerned with the survivability of its own systems in the event of an attack, it needs to be concerned with the survivability of systems over which it has no or little control prior to the attack—or even, perhaps, after the attack, since if it is called on to provide support, it will need to establish links between its units and civilian responders. The characteristics of the systems are shown in Table 3-3.
OCR for page 88
Science and Technology for Army Homeland Security: Report 1 TABLE 3-3 Technologies for Cybersecurity Function Task Technology Characteristics Availabilitya (R, N, F) Priority for Army S&Tb Multiusec (H, O, C) Continuous monitoring of Army C&C systems Cyber perimeter protection Firewalls Limits traffic to trusted sites. Rd e Virus scanning Checks incoming files for viruses, worms. Rd e Ad hoc mobile C&C networks to rapidly reconfigure systems IP version 6 Imparts ability to dynamically reconfigure networks as systems arrive, leave, are destroyed, etc. Low power and security are issues. N High H, O, C Physical monitoring Sensor networks Developing Similar to above for sensors. Will couple to C&C networks. N Medium H, O, C Data fusion Combines multiple sensor information. N-F Medium H, O, C
OCR for page 89
Science and Technology for Army Homeland Security: Report 1 Security of rapidly deployed ad hoc networksf Developing Avoids enemy intrusions, guarantees functionality. F High H, O Rapid emergency deployment of C&C capacityf Various Gives ability to provide alternative C&C after a disaster. N High H, O Ad hoc interoperabilityf IP version 6 for networks, universal radio, etc. Allows the Army systems to interoperate with other emergency services. N High H, O NOTE: C&C, computers and communication; IP, Internet Protocol; TRL, technology readiness level. aAvailability: R, ready (TRL 8-9); N, near-term (TRL 4-7); F, far-term (TRL 1-3). bPriority for Army S&T (investment): low, someone else has mission or technology is ready and available; medium, useful but of limited impact and some investment needed; high, very important, no one else working on it, considerable investment needed. cMultiuse: H, Army homeland security; O, Objective Force; C, civilian (first responders and others). dTechnology available now is continuously being updated, and the Army must stay current. eThis should not be viewed as an S&T investment, but as necessary system administration. The Army should continuously adopt best practices from the community. fThese are adapted from Table 5.1 of Making the Nation Safer (mNRC, 2002).
OCR for page 90
Science and Technology for Army Homeland Security: Report 1 From considering the aftermath of the attacks of September 11, 2001, one can conclude as follows: Conclusion 3-5. Even if the attack does not directly inflict physical or cyberdamage on computer and communication systems, the public systems may become overloaded. Since the first responders often use components of public systems, command, control, communications, computers, intelligence, surveillance , and reconnaissance (C4ISR) may be a significant problem in the aftermath. The executive summary of the Hart-Rudman phase 3 report states We urge, in particular, that the National Guard be given homeland security as a primary mission, as the U.S. Constitution itself ordains. The National Guard should be reorganized, trained, and equipped to undertake that mission. (Hart and Rudman, 2001) In light of the aforementioned conclusion, the committee asserts as follows: Recommendation 3-5a. Whether through the Army National Guard or active or reserve Army units, the Army should play a major role in providing emergency command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) in the event of a major natural or terrorism disaster because it has both the skill set and the equipment to provide such services in hostile environments. Recommendation 3-5b. Equipment and trained personnel should be available to provide vital information and communications for interoperable command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) in the case that civilian systems are seriously impaired in an emergency event. In some situations an impairment would occur simply because existing public facilities would be overused by concerned citizens. In that case, it might be desirable for the Army to provide alternative systems for emergency services. The Army already has a strong interest in and need for mobile battlefield networks. One such system (MOSAIC) is currently an advanced technology demonstration (see Chapter 4.) These networks differ from civilian and most other networks in being ad hoc, since there can be no fixed hubs on a moving battlefield. Such systems would be very useful after an incident if there is significant disruption to the standard communications in the area (network and voice). For this to happen, Army systems must be interoperable with current civilian technology. Enhancements to existing Army systems should reflect the
OCR for page 91
Science and Technology for Army Homeland Security: Report 1 need for multiuse capabilities, and new battlefield systems should be designed with both civilian interface and domestic and foreign missions in mind. SUMMARY Denial and survivability (D and S) issues will affect a very broad range of activities that are within the Army’s mission area. The assets that the Army will need to counter the events that might arise during this period may, in some instances, differ quite dramatically from those required in a conventional wartime environment. However, whether the tools relate to the built environment or the cyber environment, the Army must prepare. REFERENCES ASCE (American Society of Civil Engineers). 1999. Structural Design for Physical Security: State of the Practice. Reston, Va.: ASCE. DARPA (Defense Advanced Research Projects Agency). 2002. Immune Building Program. Available online at <http://www.darpa.mil/spo/programs/immunebuilding.htm>. Accessed on October 2, 2002. DoC (Department of Commerce). 1998. National Infrastructure Assurance Plan, Document P: Planning Guidance to Assist in the Development of the Response Functional Plan. Washington, D.C.: DoC Critical Infrastructure Assurance Office. FEMA (Federal Emergency Management Agency). 2002. World Trade Center Building Performance Study: Data Collection, Preliminary Observations, and Recommendations, FEMA 403, May. Available online at <http://www.fema.gov/library/wtcstudy.shtm>. Accessed on October 2, 2002. Hart, G., and W. Rudman. 2001. Road Map for National Security: Imperative for Change: The Phase III Report of the U.S. Commission on National Security/21st Century. Available online at <http://www.nssg.gov/PhaseIIIFR.pdf>. Accessed on October 3, 2002. NIOSH (National Institute for Occupational Safety and Health). 2002. Guidance for Protecting Building Environments from Airborne Chemical, Biological or Radiological Attacks. Available online at <http://www.cdc.gov/niosh/bldvent/2002-139.html>. Accessed on October 7, 2002. NRC (National Research Council). 1995. Protecting Buildings from Bomb Damage: Transfer of Blast-Effects Mitigation Technologies from Military to Civilian Applications. Washington, D.C.: National Academy Press. NRC. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, D.C.: National Academy Press.
Representative terms from entire chapter: