In Memoriam

The Committee on Assessment of Security Technologies for Transportation is deeply saddened by the recent loss of one of its members. John B. Daly had a distinguished career serving our nation in a broad range of positions involving transportation security and technology. He was the worthy recipient of numerous awards and commendations for outstanding contributions to his field. John was selected to serve as a member of this committee in 2005, and he continued to serve with distinction until his illness no longer permitted his participation. He was a hardworking professional of the highest integrity and we will miss him. We dedicate this report to his memory in appreciation for his contributions.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 1
Fusion of Security System Data to Improve Airport Security In Memoriam The Committee on Assessment of Security Technologies for Transportation is deeply saddened by the recent loss of one of its members. John B. Daly had a distinguished career serving our nation in a broad range of positions involving transportation security and technology. He was the worthy recipient of numerous awards and commendations for outstanding contributions to his field. John was selected to serve as a member of this committee in 2005, and he continued to serve with distinction until his illness no longer permitted his participation. He was a hardworking professional of the highest integrity and we will miss him. We dedicate this report to his memory in appreciation for his contributions.

OCR for page 1
Fusion of Security System Data to Improve Airport Security This page intentionally left blank.

OCR for page 1
Fusion of Security System Data to Improve Airport Security Executive Summary More than 1,100 bulk explosive detection systems (EDSs) and 6,000 explosive trace detection (ETD) systems have been deployed in the 438 commercial airports that service the United States. The rapid and universal deployment of these systems has resulted in minimal coordination and interface compatibility among the different systems and system manufacturers. These detection systems often stand alone, and only direct interaction by the operators enables coordination among them. Many of these multiple stand-alone inspection systems operate with undesirably high false-alarm rates, slow throughput, and excessive demands on individual operators. In addition to EDSs and ETD systems, a large number of checkpoint and access-control systems have been deployed to prevent unauthorized entry into regulated areas of

OCR for page 1
Fusion of Security System Data to Improve Airport Security airports. These systems use a variety of security systems, including video cameras, metal detectors, and biometrics, as well as observation by security personnel. Externally, ground-scanning radars and video cameras enable the monitoring of perimeters over large areas. Again, these access-control security systems operate primarily in stand-alone configurations. Airport security personnel currently gain situational awareness by manually combining outputs from these access-control systems. The current widespread existence of stand-alone inspection systems and the uncoordinated operation of inspection and access-control systems leave the nation’s airports and transportation network more vulnerable to a variety of potentially significant attacks than they would be if these systems were integrated. Essentially stand-alone systems are single points of failure. This means that if an attacker successfully evades discovery by a single system, that person gains access to the supposedly secure parts of the airport infrastructure. Improving the detection and prevention of a broad range of attacks will require combining data from multiple inspection and access-control systems by means of a model which uses that input to estimate the threat level of a situation in a meaningful way. In short, being able to accomplish this task requires “data fusion.” Because the concepts in this discipline are evolving, the Committee on Assessment of Security Technologies for Transportation has chosen to specify the concept definitions as used in this report; they are presented in Box ES-1. Within the context of airport security, data fusion is the combination of data from multiple inspection and/or access-control systems into a single output, which can be used to make more-informed decisions. An effective data fusion system might prevent a “team bomb-making” scenario1 by formally combining data from multiple inspection or access-control systems to indicate a higher probability for an overall alert condition. BOX ES-1 Definitions of Concepts Data sharing: The exchange of data, possibly in different and incompatible formats, among organizations. Data integration: The assembly of data from multiple sources into a common data structure by means of a common data model. Data fusion: The combination of data from multiple sources to produce a “state estimate”—for example, the probability of a bomb in a piece of luggage. Decision-data fusion: The combination of binary decisions (e.g., yes or no) from multiple sources to produce a state estimate. Parametric-data fusion: The combination of analog measurements from multiple sources to produce a state estimate. To enable data fusion, data sharing and data integration are required. Data sharing, by which data from different sources are made available to all cooperating organizations, became a concern after the attacks of September 11, 2001, when it became 1 That is, several terrorists working in concert bring components of a bomb through a security checkpoint to be reassembled beyond the checkpoint. Singly the items are not a threat; together they are.

OCR for page 1
Fusion of Security System Data to Improve Airport Security clear that various law enforcement and intelligence agencies had pieces of evidence about the impending attacks but none of them alone had the complete picture.2 Data sharing is fundamentally an organizational and policy concern, with only minor technical issues relating to data latency and communications bandwidths. For example, two law enforcement agencies share data on calls for service or reported criminal incidents with an airport. The technical issues in data sharing are well understood and easily addressed in specific instances where data sharing is desired. Data integration expands on data sharing so that data from multiple sources are placed in a common data structure, which enables their management and processing. The challenges to accomplishing data integration are technical; they concern the registration and transformation of data collected and processed in possibly different and competing frames of reference and data models. These concepts are addressed more fully in Chapter 2. Data integration frequently is confused with data fusion. However, while data integration is necessary for data fusion, the integration alone is not sufficient to provide threat estimates. To accomplish this, the data must not only be integrated into a common data structure, but they must be combined by data fusion to produce a threat estimate. Data fusion would process the integrated data using mathematical models to provide an estimate of the threat at each point in time during the inspection and access-control processes. As defined in this report, data fusion, unlike data integration, also provides an effective approach to reducing false alarms (false positives) while maintaining or improving the probability of detection. These improvements are obtainable with existing systems, and hence data fusion represents a cost-effective approach to the reduction of false alarms. Data fusion could enable these improvements because it takes detection and access-control systems out of their current stand-alone operational modes, providing the security personnel and the downstream systems with the data fusion results from the upstream security personnel and systems. These downstream systems and security personnel could use the information produced by data fusion to alter their inspection protocols in order to determine if an unusual occurrence was in fact a threat. The combining of inspection and checkpoint systems made possible by data fusion means that detection thresholds could be adjusted dynamically, on a case-by-case basis, to reduce false alarms while maintaining desired detection probabilities. Automated data fusion might also remove the dependency on individual initiative and reduce the load on operators. Operators could then focus their efforts on resolving less-frequent, higher-probability alarms. This report discusses two different data fusion models: (1) decision-data fusion (AND logic or OR logic) and (2) parametric-data fusion. Understanding the advantages and disadvantages of these models will allow technology program staff, such as those at the Transportation Security Administration (TSA), to derive the most benefit from their data fusion efforts. Decision-data fusion merges simple binary results (e.g., “threat” or “no threat”) from individual detection and access-control systems. It is thus cheaper and easier to 2 National Commission on Terrorist Attacks Upon the United States, T.H. Kean, Chair, and L.H. Hamilton, Vice-Chair. 2004. The 9/11 Commission Report. St. Martin’s Press, New York, August.

OCR for page 1
Fusion of Security System Data to Improve Airport Security implement than parametric-data fusion, but it yields less robust state estimates.3 Parametric-data fusion combines actual analog measurements (as opposed to binary results) from multiple systems and provides the most potential for improvement in the reduction of false alarms (false positives) at constant or improved probabilities of detection. However, parametric-data fusion requires very precise data integration, which costs more to implement in both time and resources than does decision-data fusion. Finding: Decision-data (versus parametric-data) fusion does not necessarily allow for the greatest improvements in throughput, reduction of false alarms, or improvements in probability of detection. Most TSA data fusion efforts in current programs employ decision-data fusion. Recommendation 1: Before implementing a data fusion approach for a specific set of security systems, the TSA should perform a formal analysis to select the specific data fusion approach that would increase the detection rate, or that would raise throughput and/or reduce false alarms while maintaining the existing detection rate. This report reviews data fusion as a technological tool for improving air transportation security and the use of data fusion for inspection and access-control systems within airports. These airport-level mechanisms could be implemented more easily and inexpensively than could inter-airport data fusion. Many of the technologies for data fusion within airports are already developed and understood from other applications. A focus on an airport-level implementation provides the best opportunity to develop a systems approach that can be expanded beyond individual airports as the systems mature. The TSA is well aware of the importance of using data fusion to improve security and is funding a number of programs in this discipline. Many of the data fusion technologies under consideration by the TSA for use in air transportation security have been used by the Department of Defense (DOD). For example, the DOD has employed data fusion to improve the useful information from existing intelligence and surveillance systems. The committee review of these DOD systems has led to the following findings: Finding: While the DOD has achieved successes in data fusion, information sharing, and networked operations, it has also had numerous unsuccessful programs in these areas. Those involved in transportation security can learn a lot from both the successes and the failures of the DOD. Finding: Improvements can be made in security operations by effectively employing data fusion. These improvements can be accomplished with existing technologies. Experience in the DOD indicates the potential effectiveness of and benefits to security operations from applying data fusion. Private industry has also used data fusion to improve quality and production in manufacturing. Private-industry methods include the combination of data and operator 3 A “state estimate” is a determination of the underlying status of a system at any point in time, based on an analysis of the available data.

OCR for page 1
Fusion of Security System Data to Improve Airport Security inputs for real-time process control. This experience provides further motivation for the TSA to develop data fusion implementation strategies. Finding: Private industry has employed data fusion to enhance quality and to improve production and has developed data fusion infrastructure, including interface specifications and data structure, to allow the collection and analysis of information. The Transportation Security Laboratory (TSL) of the Science and Technology Directorate of the Department of Homeland Security (DHS S&T) has current programs in data fusion covering areas such as secure network design, security system evaluation, and deployment of demonstration systems. While this list demonstrates an interest in employing data fusion technologies to improve transportation security, these efforts lack a unifying systems perspective. Finding: The TSL of the DHS S&T has identified the need for applying data fusion and has addressed this need by implementing a number of projects at the system and checkpoint levels. However, these projects are not the output of a systems engineering analysis (which would involve formal requirements analysis and derivation) of data fusion at all levels: baggage screening, checkpoint, and access control and surveillance. Recommendation 2: The TSA should establish a means to ensure that the following tasks and functions are carried out: Creation of a set of system-level data fusion requirements for checked-baggage screening, checkpoint, and access-control systems; Performance of a systems engineering analysis of these areas; Validation of these requirements against threat projections, current and projected security systems, and facility idiosyncrasies; and The monitoring of fundamental research in the field and adjustment of requirements where appropriate. The threat projections against which data fusion requirements would be validated must be clearly developed so that the equipment is accurately tested against whatever it is designed to be detecting. While the TSA can improve its programs by adopting a systems approach, industry also must participate in the integration of disparate systems. Manufacturers of inspection and access-control systems have only recently begun considering the integration of data from their systems with data from other systems in order to achieve a total security system. A notable exception involves manufacturers of biometric-based access-control systems; these manufacturers have begun the systems engineering process of defining the necessary data standards for data integration. As noted earlier, data integration provides a necessary, but not sufficient, condition for data fusion, and the range of potential detection technologies must be considered when setting the standard data format. Data fusion of access-control systems at checkpoints could link data from video cameras, metal detectors, and other access-control systems with inspection systems. Data fusion of inspection systems requires a common or standard frame of reference for

OCR for page 1
Fusion of Security System Data to Improve Airport Security locating and identifying objects in bags. Similarly, sharing data between video cameras and metal detectors will require a standard frame of reference for locating and identifying objects on people. Further, combining bag and passenger inspection systems will require a standard frame of reference for locating and identifying people and baggage within the checkpoint and within the airport. Existing technologies can perform these functions within checkpoints, but to locate objects and people in airports will require more extensive use of video surveillance and other technologies, such as radio-frequency tagging and biometrics. In addition to screening, the needs of airport security, or access control, require data fusion methods to enable and inform situational awareness. The components of these data fusion methods are kinematics, identity, and behavior. The kinematics component describes the motion of objects, such as people, within the airport and that of vehicles outside the airport; each object is described by a trajectory that includes state estimates for future locations. Facility data fusion requires kinematic descriptions of people, vehicles, and objects. The identity component provides classifications for all objects in the environment and includes all systems and subsystems used: this means, for example, identifying weapons and components of weapons systems. The behavior component specifies the intent and actions of the objects, giving meaning to the kinematic observations and estimates. Suspects repacking suspicious items before entering a checkpoint would be an example. Behavior should be specified to enable rapid and effective response to airport threats. Each of these components—kinematics, identity, and behavior—possesses appropriate measures of uncertainty. Finding: Most of the detection systems now fielded in U.S. airports were built without regard for the need for data fusion or data integration among systems. Many manufacturers are attempting to create systems that not only fuse data, but also link information about passengers and baggage. However, there is little direction from the TSA with respect to the establishment of standards or requirements. The solution to this problem of interoperability is to require manufacturers to agree to common standards and to have systems integration companies provide the integrated designs and solutions. Rather than performing this function internally, the TSA could contract with entities that have systems integration experience to develop fusion approaches and also to oversee the implementation of these efforts. Several companies and institutions possess the required competencies, including much experience with DOD developmental programs of similar complexity. Recommendation 3: The TSA should work (that is, contract) with the leading integrators and manufacturers to form a representative working body and require it to develop initial strategies and standards for the integration of airport security, checkpoints, checked-baggage screening, and access control, including legacy systems. Human operators are much better than automated systems at detecting hard-to-specify but salient events. Computer-based systems without human oversight are better at detecting easy-to-specify events, such as the presence of a substance with a particular density or atomic number. The advantage of providing human inputs into a data fusion

OCR for page 1
Fusion of Security System Data to Improve Airport Security system is that the human operators and the automated inspection and access-control systems exercise their respective and complementary strengths and so allow greater potential for the detection of terrorist events. The requirement to provide input into a fusion system is unlikely to distract operators from their other tasks, as the need to provide human input would likely be quite a rare event. In fact, many of the human tasks in security require vigilance that can actually be enhanced by the addition of a subsidiary task. Finding: Data fusion would enhance security system effectiveness if it were to combine inputs from security personnel with data from detection systems into a unified situational awareness system. Recommendation 4: The TSA should develop formal data-entry mechanisms for security personnel that will enable the combination of human observational data with security system data. These mechanisms should be designed so as to maintain performance on existing tasks. The implementation of data fusion does not come without risks. The TSA can significantly reduce these risks by implementing data fusion deployments in stages. Rather than simultaneously attempting to incorporate data fusion into all inspection and access-control systems, a staged approach would select a subset of these systems for fusion. Once data fusion was accomplished in one subset, the next phase would involve the next subset of systems selected for fusion. This process would proceed until data fusion had been incorporated into all inspection and access-control systems in an airport. Finding: The implementation of data fusion based only on laboratory testing is a highrisk strategy. Operational testing conducted as a subset of certification testing is required to ensure data fusion system effectiveness. Recommendation 5: The TSA should implement any data fusion systems through a series of staged deployments at an operational testbed as designated by the TSA and/or at selected airports. The experience from these early staging events can then be incorporated and used in the data fusion systems rolled out in later implementations.

OCR for page 1
Fusion of Security System Data to Improve Airport Security This page intentionally left blank.