Maritime Security Partnerships (2008)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

3 Information Sharing, a Key Enabler Maritime Security As discussed in the foregoing chapters, information collection and sharing are central to building trust; they also provide a basis for decisions and actions. In fact, the resulting transparency in and of itself arguably contributes to the maritime security of the United States and its partners. This chapter covers mat- ters relating to the presence and activities of ships and craft on the surface of the oceans—from the high seas well into territorial waters. Such information helps us to understand—and therefore respond to—potential threats to maritime secu- rity. Also of interest is information on various cargoes, crew, the supply chain, and even ownership and management affiliations, which helps to identify illegal, suspicious, or threatening activities. The Maritime Security Partnership Initiative The committee believes that the formation of partnerships to improve mari- time security is characterized by a number of fundamental principles: • Maritime security around the globe will be advanced by strengthening existing partnerships and building new ones, with shared information the key enabler. • It is envisioned that not only will action on the maritime security situation generally be accomplished at the regional or subregional level, but it will also have a collective global effect as well and will require some local improvements in the maritime security situation. • It is in the interest of both the United States and its partner nations to share 52 

INFORMATION SHARING, A KEY ENABLER 53 information as widely as possible within regions and subregions and beyond, taking into account that threats to security often cross regional or subregional boundaries. • The related objectives of extending reach and maximizing inclusiveness suggest that both the information to be shared and the system architecture for doing this involve unclassified information and the use of commercial, Internet- based mechanisms. • Beyond information collection and sharing—viewed here as having intrin- sic value and serving as a fundamental building block when forging new partner- ships—there is, of course, the matter of taking endgame action to deny or deter illegal or threatening activities. • Improved information collection and sharing can be expected to gener- ate a positive spiral in terms of increasingly effective coordinated action among maritime partners. • The U.S. Navy, as one of the nation’s main repositories of technical exper- tise and, often, the primary entity that interfaces with a potential partner entity, is well positioned to support the initiative on maritime security partnerships (MSP). The initiatives of the combatant commander (COCOM) and the Navy reflect the above fundamental principles. After presenting some context and characterizing the current systems and capabilities, this chapter focuses on technical considerations—including archi- tectures and technical options—for building and strengthening capability in three functional areas: sense/collect, analyze/fuse, and decide/act. Before new capa- bilities for maritime information collection and sharing can be shared with the partners, it will be necessary to agree on mutual responsibilities and obligations. Particularly in the case of nontraditional partners, it is the committee’s view that some additional principles apply: 1. COCOM and Navy fleet experience has shown that the new partners are generally interested in local rather than regional or global maritime domain   Pursuant to Executive Order 12958, classified information refers to official information that has been determined to require protection against unauthorized disclosure in the interest of national security and that has been so designated. Unclassified information refers to information that has not been determined to warrant classification; however, some unclassified information may be approved for public release whereas certain other information, such as International Traffic in Arms Regula- tions information, may not. Some maritime information that does not pertain to U.S. national security, such as Automatic Identification System reports, can be viewed as publicly available and therefore can be freely shared (subject only to constraints imposed by international agreements, such as IMO, as opposed to U.S. policy). When referring to such information, the U.S. Navy has coined the term “not classified,” apparently to convey the notion of useful information sharing without the potential complexities of codified protection requirements. The term “unclassified,” as used in this report, is viewed as encompassing “not classified” information. 

54 MARITIME SECURITY PARTNERSHIPS awareness (MDA). Yet, this desire for local awareness can contribute to the larger global picture by enabling the early identification of vessels of interest. 2. When developing agreements on the sharing of information with members of the emerging partnership, it will be important to take into account the informa- tion that is currently available from local law enforcement (ports, supply chains, etc.) as well as information collected by technologically sophisticated surveil- lance systems. Each partner, including the United States, will have to consider what boundaries, if any, to place on the sharing of information, even unclassified information. 3. When seeking to strengthen and expand local surveillance capabilities, reaching agreement may well require a modest level of U.S. support and invest- ment, ranging from technical support for the partner to obtaining permission to site our radar installation on the partner’s sovereign territory. Broadly speaking, the notion of a partnership usually entails reciprocity, which can take many different forms, including the exchange of money, informa- tion, and technical know-how. Other Initiatives to Enhance Maritime Domain Awareness The information that is being shared here is the kind that makes us and our partners aware of our maritime domain. MDA encompasses a growing spectrum of initiatives to develop capabilities, including the National Strategy for Maritime Security (NSMS) and the National Plan for Achieving MDA. As this committee was completing its efforts, the Department of Defense (DOD) was assigning to various federal agencies their responsibilities for MDA capability development and was securing the required funding. A memorandum from the Secretary of the Navy, dated May 17, 2007, called for an MDA “spiral 1” initial operational capability (IOC) by August 2008 for the U.S. Central Command (CENTCOM), the U.S. Pacific Command (PACOM), associated fleet elements, non-DOD U.S. organizations, and selected foreign partners in the western Pacific. On May 29, 2007, the Chief of Naval Operations (CNO) issued the document Navy Maritime Domain Awareness Concept to guide Navy efforts to improve MDA-related capa- bilities and develop related Fleet Concept of Operations (CONOPS).  A memo- randum from the Deputy Secretary of Defense dated August 3, 2007, designated the Navy as DOD’s executive agent for MDA and outlined the responsibilities and mechanisms for addressing requirements, investing resources, and support- ing interagency efforts. This memorandum called for preparing a plan within 180 days to develop MDA capabilities. Additionally, DOD appointed a flag-level director of global maritime situation awareness (GMSA), a position that would   Chief of Naval Operations (ADM Michael G. Mullen, USN). 2007. Navy Maritime Domain Awareness Concept, Department of the Navy, Washington, D.C., May 29. 

INFORMATION SHARING, A KEY ENABLER 55 complement the closely related, previously established position of director of global maritime intelligence integration (GMII). Additionally, a national CONOPS for maritime domain awareness was pub- lished in August 2007, just as the committee was completing the draft of its report. This CONOPS formally established the interagency GMSA office at the Coast Guard. The GMSA’s current mission calls for it “to create a collabora- tive global, maritime, information sharing environment through unity of effort across entities with maritime interests.” Although the committee did not have an opportunity to review this CONOPS, which was in response to the NSMS, the document apparently supports at least three notions that are elaborated on below from an MSP standpoint: (1) the importance of a modern, network-centric information technology (IT) capability for collecting, processing, and sharing information to support the MDA community; (2) the need for developing and managing an MDA information architecture to guide the evolution of this capa- bility; and (3) the technical leadership that the Navy can and should exercise in this domain, presumably building on its role as executive agent for MDA within DOD, as noted above. The committee notes, however, that the ongoing MDA-related initiatives identified above are largely focused on the analysis and dissemination of existing information and do not deal with the need for additional information from surveil- lance sensors, noted later in the section “Building Mission Capability.” The MDA efforts outlined above have of course been motivated by the U.S. commitment to implementing the maritime component of the global war on ter- ror and addressing the associated homeland security and defense concerns.  This focus notwithstanding, it is clear that the issues being addressed (e.g., barriers to information sharing) and the capabilities being developed (e.g., improved vessel tracking) apply to the broader maritime security interests embodied in the MSP concept. The prosecution of MSP initiatives, then, is an outcome of the ongoing and emerging MDA efforts triggered by the earlier NSMS. The findings and recommendations in this chapter are intended to advance   See Emelie Rutherford, Inside the Navy, 2007, “CONOPS Finalized This Month: Metcalf Heads Up New Global Maritime Situational Awareness Office,” August 20, pp. 1, 10; and Inside the Navy, 2007, “GMSA Office Will Target Policy Barriers: Challenges Cited in Sharing Data for New Maritime Awareness Effort,” September 10, pp. 1, 9.   The National Research Council’s Naval Studies Board recently conducted a study on the role of naval forces in the global war on terror (GWOT; see NRC, 2007, The Role of Naval Forces in the Global War on Terror: Abbreviated Version, National Academy Press, Washington, D.C.). Background information pertaining to the origins of the term “GWOT” can be found in documents such as (1) The White House (George W. Bush), 2006, The National Security Strategy of the United States of America, Washington, D.C., March, p. 12; (2) Office of the Chairman, Joints Chiefs of Staff, 2006, National Military Strategic Plan for the War on Terrorism, Washington, D.C., February 1, p. 3; and (3) Secretary of Defense, 2006, Quadrennial Defense Review Report, Department of Defense, Wash- ington, D.C., February 6. The NRC Committee on the “1,000-ship Navy”—A Distributed and Global Maritime Network saw its charter as being neither to endorse nor to replace the term “GWOT.” 

56 MARITIME SECURITY PARTNERSHIPS the MSP concept by leveraging, complementing, and in some cases extending the broader U.S. MDA efforts. Operational Models As elaborated in the Chapter 2 review of existing and emerging international partnerships, “one size does not fit all” when it comes to information-sharing arrangements and the enabling technical mechanisms. Differences are traceable to a number of factors: • Different levels of trust, • The distinction between bilateral and multilateral arrangements, • A focus on coordinated action at the tactical level rather than on informa- tion sharing, and • Uneven levels of technological maturity and sophistication. Much of the current activity is associated with the burgeoning of automatic identification systems (AISs) on all commercial ships over 300 gross tons (GT) and on U.S. Navy ships. Figure 3.1 is a modified version of Figure 2.1 (which Coordinated Plus action shared situation emphasis awareness Strengthened Multilateral Strengthened Partnerships Partnerships arrangements, regional or Info subregional Enablers Info Enablers Current Current Center of Bilateral Center of Gravity Info arrangements Gravity Enablers FIGURE 3.1  Current and emerging international maritime security partnerships. Figure 3-1, editable, b&w R01141 

INFORMATION SHARING, A KEY ENABLER 57 characterizes the nature of existing or emerging partnership arrangements). The modifications are intended to highlight the role of “information enablers” (both the information content and the systems capabilities) as a foundation for effec- tive partnerships. These enablers would support both information sharing to gain situation awareness and subsequent coordinated action. As depicted, the center of gravity of current maritime partnerships resides in bilateral arrangements focused on the coordinated execution of tactical actions such as interdiction that support common security interests. Figure 3.2 depicts an example of the sharing of information referred to in the upper-right quadrant of Figure 3.1. It shows the position and movement of ves- sels around the island nation of Singapore, reflecting the merging of information broadcast automatically by ships that comply with international AIS standards and data obtained from coastal radar installations. Figure 3.2 suggests how the sharing and combining of particular sets of infor- mation could enable coordinated multilateral or bilateral action. Later sections of this chapter explore these enablers, and the committee then develops some findings and recommendations regarding their conceptualization, design, and implementation. It is noted here, and elaborated on below, that activities being carried out by the Navy and the larger maritime security community represent substantial initiatives to advance these enablers. The committee’s aim is to refine the original 1,000-ship concept and thereby contribute to further progress. Current and Emerging Information Architectures Not surprisingly, having a range of information architectures allows the sharing of information among maritime partners, from mature partnerships among alliance members—for example, the North Atlantic Treaty Organization [NATO])—through temporary coalitions formed for a specific mission purpose (e.g., Joint Task Force-150 supporting operations in Iraq), to less mature and often more ad hoc arrangements with “nontraditional” partners (e.g., the Gulf of Guinea Initiative). It is instructive to review existing and emerging informa- tion-sharing systems and networks and to identify their fundamental architectural characteristics. Some regions have already established networks to share MDA information. For example, the Malacca Strait Initiative partnering Singapore, Indonesia, and Malaysia is already operational; the Gulf of Guinea network, still in its formative stage, has generated a great deal of interest on the part of the potential partners; and the Joint Interagency Task Force-South (JIATF-S), addressing drugs and other law enforcement concerns in the Caribbean region, is functioning effec- tively. However, while many capabilities support MDA systems around the world, they are a patchwork of efforts. There is no overarching MDA architecture. With the exception of the International Maritime Organization (IMO)-sanctioned AIS and the Long-Range Identification and Tracking (LRIT) reporting systems for 

58 FIGURE 3.2  Singapore area maritime “picture.” SOURCE: COL James Soon, Republic of Singapore Navy, Head, Defence Technology Of- fice, Embassy of Singapore, “The 1,000 Ship Navy: A Perspective from Singapore,” presentation to the committee, Washington, D.C., March 14, 2007. Figure 3-2, bitmapped, color, broadside R01141 

INFORMATION SHARING, A KEY ENABLER 59 commercial ships, current arrangements for sharing MDA information, though sometimes multilateral, are mostly inefficient and lack broad application. It will take considerable effort to coordinate all the existing capabilities, extend them, and disseminate information on a timely basis to those maritime law enforcement organizations that can take the appropriate action while still respect- ing commercial and national sensitivities and proprietary interests. Mobilizing the U.S. government to assist other nations in creating more comprehensive MDA and enlisting, connecting, and sustaining the capabilities of the maritime law enforcement organizations will be a long, continuing process. At the same time, this process would build trust and transparency with other nations, contributing substantially to global cooperation. The unifying concept behind maritime security partnerships is informa- tion sharing. Using the vocabulary that has been adopted by the U.S. initiatives responding to the NSMS, the information to be shared is referred to as MDA. Because a more comprehensive MDA system would facilitate the identification of threatening activities and anomalous behavior, it would be useful for the U.S. government, encouraged by the CNO, to devote additional effort to the collec- tion, analysis, and distribution of maritime domain awareness information and to support the development of regional partnerships that could mount a concerted response to regional threats. Current Systems for Sharing Information Table 3.1 summarizes seven representative systems selected because (1) they specialize in the sharing of maritime domain information and (2) they span a spectrum of kinds of information challenges, from Secret to unclassified. The table covers a variety of systems, from operational networks that facilitate the sharing of Secret information among both traditional alliance and coalition mari- time partners in Iraq (Joint Task Force-150 CENTRIXS) to emerging demonstra- tion networks for the sharing of unclassified, commercially available AIS (and other) information with nontraditional partners (such as the U.S. Naval Forces, Europe (NAVEUR)-led Gulf of Guinea Initiative). Noting the positive charac- teristics of the Regional Maritime Awareness Capability (RMAC) and Compre- hensive Maritime Awareness (CMA) Joint Concept Technology Demonstrations (JCTDs) as well as some differences in approach between them, the committee strongly endorses the notion of regional pilots—generally led by the COCOMs and supported by the associated fleet elements as a pragmatic way to make prog- ress while building fundamental relationships. It would seem that a maritime pilot involving the northeast African coastal nations might warrant consideration as the new AFRICOM begins to undertake outreach. Further descriptive information for each of the seven systems follows. 

60 TABLE 3.1  Current and Emerging Information-Sharing Systems Systems and Initiative Lead Organizations Status Users Information Shared Communications CENTRIXS DISA MNIS JPO Fielded 5 COCOMs, 77 Releasable Secret Dedicated nets nations, and NATO; COP, e-mail, chat all U.S. Navy ships CNIES U.S. Southern Fielded JIATF-S Unclassified COP, Internet Command e-mail, chat MSSIS U.S. Navy Sixth Fleet Fielded U.S. Navy, other Automatic Internet navies, NATO (26 Identification System countries) (AIS) (identification, position, other) NAIS U.S. Coast Guard Increment 1 (IOC) U.S. Coast Guard AIS Department of Homeland October 2007 Security net 

RMAC JCTD U.S. European Demonstration Demonstration AIS, other sensor VHF/UHF radio, cell Command data (radar) phones, Internet CMA JCTD COMPAC (PACFLT), Demonstration Demonstration SCI, Genser, JWICS/SIPRNET/ USNORTHCOM, unclassified, NIPRNET/Internet COMNAVEUR, C6F, coalition releasable U.S. Coast Guard LRIT International IOC December 2008 Flag states, port Ship identification, Commercial COMSAT, Maritime states, coastal states position, date/time Internet Organization NOTE: CENTRIXS, Combined Enterprise Regional Information Exchange System; CNIES, Cooperating Nations Information Exchange System; MSSIS, Mari- time Safety and Security Information System; NAIS, Nationwide Automatic Identification System; RMAC JCTD, Regional Maritime Awareness Capability Joint Concept Technology Demonstration; CMA JCTD, Comprehensive Maritime Awareness Joint Concept Technology Demonstration; LRIT, Long-Range Identifica- tion and Tracking; DISA MNIS JPO, Defense Information Systems Agency Multinational Information Sharing Joint Program Office; COMPAC, Commander, Pacific; PACFLT, U.S. Pacific Fleet; USNORTHCOM, U.S. Northern Command; COMNAVEUR; Commander, Naval Forces Europe; C6F, Commander Sixth Fleet; IOC, initial operational capability; COCOM, combatant commander; NATO, North Atlantic Treaty Organization; JIATF-S, Joint Interagency Task Force- South; COP, common operational picture; SCI, sensitive compartmented information; GENSER, General Service; VHF, very high frequency; UHF, ultrahigh frequency; JWICS, Joint Worldwide Intelligence Communications System; SIPRNET, Secret (formerly Secure) Internet Protocol Router Network; NIPRNET, Nonclassified Internet Protocol Router Network; COMSAT, communications satellite. 61 

62 MARITIME SECURITY PARTNERSHIPS Combined Enterprise Regional Information Exchange System CENTRIXS is a combination of separate multilateral and bilateral govern- ment networks. Key CENTRIXS networks include the Global Terrorism Task Force (GTTF) network (supporting Operation Enduring Freedom, 66 nations) and the Multinational Coalition Forces–Iraq (MCF–I) network (51 nations). Five combatant commands (COCOMs) are CENTRIXS-enabled, and there are 77 participating nations plus NATO, 11 bilateral agreements, and over 26,000 users. CENTRIXS evolved from various networking initiatives developed by the COCOMs to meet their regional information exchange needs. Although there are many individual CENTRIXS networks, they are now centrally supported and managed by the Joint Program Office’s (JPO’s) Multinational Information Shar- ing (MNIS) under the Defense Information Systems Agency (DISA). CENTRIXS is Web-centric and employs both commercial off-the-shelf (COTS) and releasable government off-the-shelf (GOTS) products. It includes MS Office automation tools, the GOTS command and control personal computer (C2PC) tool for situation awareness display, collaboration tools, and the GOTS integrated imagery and intelligence (I3) tool. A CENTRIXS workstation user is able to access browser-based products and databases, receive and display non- real-time track data feeds on a map background, send e-mail with attachments, and conduct collaboration sessions. While CENTRIXS provides significant operational capability and has become an essential tool for conducting current operations, areas for improve- ment have been identified and are being worked on. According to CENTCOM, “. . . inconsistencies in data owner guidance from various producers, a lack of manageable technical solutions, and a cumbersome accreditation and certification process have combined to frustrate seamless data dissemination via electronic (such as CENTRIXS) networks. These problems have directly contributed to the proliferation of multiple separate networks. The burden of additional networks has consumed limited resources and manpower and imposed an opportunity cost on CENTCOM’s coalition warfighting efforts.” The MNIS JPO has initiatives under way to address many of these issues, but this is clearly an area that needs continuing focus. The DISA MNIS JPO is implementing a plan to centralize CENTRIXS service provision at the Defense Enterprise Computing Centers (DECCs) in Columbus, Ohio, and Hawaii. The MNIS JPO also manages and supports the   Jill L. Boardman, Lockheed Martin Information Technologies, and Donald W. Shuey, Department of the Air Force, U.S. Central Command (CENTCOM). 2004. “Combined Enterprise Regional Infor- mation Exchange System (CENTRIXS); Supporting Coalition Warfare World-Wide,” CENTCOM, MacDill Air Force Base, Fla., April, p. 13.   Jill L. Boardman, Lockheed Martin Information Technologies, and Donald W. Shuey, Department of the Air Force, U.S. Central Command (CENTCOM). 2004. “Combined Enterprise Regional Infor- mation Exchange System (CENTRIXS); Supporting Coalition Warfare World-Wide,” CENTCOM, MacDill Air Force Base, Fla., April, p. 12. 

INFORMATION SHARING, A KEY ENABLER 63 Globally Reaching Interactive Fully Functional Information Network (GRIFFIN), supporting classified information sharing and collaboration with and among the United Kingdom, Australia, Canada, and New Zealand. Cooperating Nations Information Exchange System The Cooperating Nations Information Exchange System (CNIES) is used by JIATF-S and 11 cooperating nations in South and Central America to suppress illicit maritime drug traffic. The 11 include European nations with naval operations in the Caribbean basin. JIATF-S is staffed with personnel from the Departments of Defense, Homeland Security (USCG), Justice (Drug Enforcement Administra- tion, Federal Bureau of Investigation), and Treasury (U.S. Customs and Border Protection). JIATF-S is currently commanded by a USCG flag officer and reports to SOUTHCOM. Its mission is to counter illicit trafficking operations, to promote security cooperation, and to coordinate country team and partner nation initiatives in order to defeat the illicit flow. This mission was expanded after 9/11 to explore the linkage between drug trafficking and terrorism. Cooperating nations gain access to CNIES by entering into bilateral agree- ments with the United States. These agreements are negotiated through the U.S. Department of State in the context of United Nations conventions, including the 1988 United Nations Convention Against Illicit Traffic in Narcotic Drugs and Psychotropic Substances. The agreements describe procedures for the conduct of counterdrug operations in the waters, territories, and airspaces of the participat- ing nations. These procedures include provisions similar to those summarized in Table 3.1 for ship riders, personnel from one nation who embark on a vessel belonging to another nation and who can authorize the boarded vessel to assist in the enforcment of the laws of their nation. CNIES extracts and distributes portions of SOUTHCOM classified com- mon operational pictures (COPs) for South and Central America (both air and surface tracks) to each cooperating nation according to the respective bilateral agreements. Geographic filtering is used to give each nation a different picture, with 11 versions of the COP in all. The picture is displayed using “releasable GOTS” client software provided by the U.S. C2PC tool. Cooperating nations can add tracks to their operational picture, but these tracks do not affect the U.S. COPs and are visible only within the CNIES domain. An extensive network of U.S. over-the-horizon (OTH) radars and some cooperating nation radars provides persistent air surveillance of the drug transit zone, but surface radar surveillance is much more limited. The primary use of the COP is to coordinate drug inter- diction operations. For this reason, there is little emphasis in this theater on the acquisition or use of AIS data, because little drug trafficking is associated with registered commercial shipping. The CNIES is based on commercial Internet technology. A Radiant Mercury guard is used to strip classified data from the U.S. version of the COP. The portion 

64 MARITIME SECURITY PARTNERSHIPS of the COP provided to a particular nation is maintained on hardware dedicated to that nation. Commercial products are used to establish a virtual private network with each cooperating nation, and commercial firewalls and routers are used for information security. In addition to enabling the sharing of COPs, CNIES ensures e-mail and chat with automatic translation. In addition to technical capabilities, CNIES includes liaison officers assigned to JIATF-S from the other cooperating nations. These liaison officers provide the face-to-face contact that is essential in planning and conducting drug interdiction operations. Particularly sensitive information is generally handled by voice com- munication between individuals with trusted relationships. Maritime Safety and Security Information System The Maritime Safety and Security Information System (MSSIS), currently in use in the Mediterranean, Europe, and Africa, was conceived by the Depart- ment of Transportation’s (DOT’s) Volpe Center and the U.S. Navy’s Sixth Fleet as an unclassified, freely shareable MDA network. MSSIS is also a multi­national, I ­ nternet-based network primarily for sharing real-time AIS data derived from shore­side, waterborne, and airborne platforms. The received information is c ­ entrally processed on a server at the U.S. DOT Volpe Center using software developed by Volpe for this purpose. The resulting plots and associated informa- tion tags are then made available via protected Internet access (Secure Sockets Layer [SSL]/password protection) to the contributing sites and the headquarters, planning, and response organizations. MSSIS implementation in the field requires Internet connection, an AIS receiver, and a laptop PC running the Volpe Center’s TransView (TV32) geo- graphic information system software. TV32 is configurable to satisfy a range of display requirements, including enhanced navigation safety, waterway efficiency, traffic situation awareness, force protection, and data analysis. A client user can interrogate the MSSIS Web site by geography but needs to run the Volpe TV32 client software to get at the AIS data for the region. One important goal of MSSIS is to support the RMAC JCTD Gulf of Guinea Initiative, described below, to help and encourage littoral nations to better moni- tor and police their seaward approaches, with a goal of reducing poaching and piracy. An effort is just starting to establish metrics applicable to this effort—for instance, the fraction of time that an area is under effective surveillance. The current supplemental budget request to Congress includes Section 1206 funds for the U.S. Navy to buy AIS equipment for some Gulf of Guinea states. One problem is that many coastal state government facilities have little or no Internet connectivity. Further, only limited attention has been paid to date to the need to overlay AIS data with radar surveillance data, where available. MSSIS is currently feeding data to various U.S. and partner organizations, including research agencies such as the Defense Advanced Research Projects 

INFORMATION SHARING, A KEY ENABLER 65 Agency (DARPA), operational elements in the Mediterranean, and related dem- onstration initiatives (such as CMA JCTD). Nationwide Automatic Identification System The Nationwide Automatic Identification System (NAIS) is being developed by the USCG to enhance maritime safety, security, and mobility. NAIS will aug- ment current capabilties to receive, distribute, and utilize AIS data. NAIS is being developed in three increments: • Increment 1, AIS receive in critical ports and coastal areas, • Increment 2, AIS receive and transmit nationwide, and • Increment 3, long-range (2,000 nmi) AIS receive. NAIS IOC is scheduled for October 2007, and final operational capability (FOC) is scheduled for October 2013. AIS is intended to improve the safety of navigation by providing: • A ship-to-ship mode for collision avoidance, • A means for littoral states to obtain information about a ship and its cargo, and • A vessel traffic services (VTS) tool. As will be the case for the new LRIT system, the International Convention for the Safety of Life at Sea (SOLAS) already requires AIS for certain classes of ships (including ships of 300 GT or more), and IMO has developed performance standards for AIS, primarily to help prevent collisions. These standards require that ships broadcast their identity, position, speed, and heading and other informa- tion. The reporting interval depends on ship speed and maneuvering and can be as short as 2 sec. Each shipboard AIS system consists of one very high frequency (VHF) transmitter, two VHF time division multiple access (TDMA) receivers, one VHF digital selective calling (DSC) receiver, and standard marine electronic communications links to shipboard display and sensor systems. AIS uses self- organizing TDMA to handle over 4,500 reports per minute. Range depends on the transmitter and receiver antenna height; a typical value at sea is 20 nmi. The use of AIS information for other than local collision avoidance purposes depends entirely on the existence of, and distance to, equipment that can receive the AIS transmissions from the ships and direct the information to processing cen- ters that can combine it with information from other sources and assess its impli- cations for security. Many coastal nations are already well along in the installation   The USCG is considering requiring the AIS carriage on vessels smaller than 300 GT, including pleasure craft, tugs, barges, and so on. 

66 MARITIME SECURITY PARTNERSHIPS of coastal AIS receivers and the integration of the received information with that available from coastal radars. The absence of conforming AIS information from a large ship being tracked by radar could be considered suspicious. On the other hand, analysis of AIS information in areas without radar coverage is much more problematic. The NAIS program is concentrating initially on the approaches to ports that already have considerable radar surveillance in place or in train. NAIS Increment 1 is increasing AIS coverage to 55 critical U.S. ports and 9 U.S. coastal areas. In addition, a storage, correlation, and dissemination capabil- ity at the USCG Operations Systems Center and a management and monitoring capability at the USCG are being established. AIS data are being fed to the USCG COP and the Maritime Awareness Global Network (MAGNet) and are available to other users via an AIS Web service. NAIS Increment 2 will provide nationwide coastal AIS receive coverage out to 50 nmi and transmit coverage out to 24 nmi. It will implement a service-ori- ented, network-centric architecture that provides data dissemination services to all maritime stakeholders. NAIS Increment 3 will extend AIS receive coverage out to 2,000 nmi. To achieve this capability, the USCG is investigating approaches such as these: • AIS-equipped low-Earth-orbiting satellites, • AIS-equipped offshore platforms and buoys using commercial satellite communications, and • AIS-equipped aircraft and ships (USCG, Navy, and commercial). If the extension of U.S. AIS coverage well beyond the available radar cover- age is to be operationally useful, it will require the development and employment of sophisticated anomaly detection techniques, as described in a later section of this chapter. Regional Maritime Awareness Capability Joint Capability Technology Demonstration The Regional Maritime Awareness Capability (RMAC) Joint Capability Technology Demonstration (JCTD) is an international program sponsored by the U.S. European Command (EUCOM) and the U.S. Office of the Secretary of Defense (OSD). The RMAC JCTD provides an MDA capability for the under- standing of maritime activities that impact regional and international safety, security, economics, and environment primarily in the Gulf of Guinea. By inte- grating off-the-shelf maritime sensors, communications systems, and software, the RMAC system will allow detecting, tracking, identifying, displaying, and sharing information about surface vessels at least 20 meters long between 10 and 25 nmi from ports, harbors, and critical assets. The RMAC JCTD employs COTS sensors (radar, electro-optical infrared, 

INFORMATION SHARING, A KEY ENABLER 67 AIS, binoculars), COTS computers (Windows boxes, Solaris boxes), unclassified GOTS software (components of SureTrak, tactically integrated sensors [TISs], and TV32), commercial security technology, and TIS service-oriented architec- ture for publishing and subscribing information. RMAC can communicate using Link 11 or Link 16. Designed to provide maritime surveillance capability across a spectrum of coalition partners (from simple to sophisticated versions), RMAC is now set up in São Tomé and was planned for installation in Nigeria by the end of the summer in 2007. This capability will be operated, maintained, and sus- tained in a manner that fosters local ownership of regionally and internationally shared maritime security assets. The Department of State is an important player in this effort. Comprehensive Maritime Awareness Joint Concept Technology Demonstration The objective of the Comprehensive Maritime Awareness (CMA) Joint Con- cept Technology Demonstration (JCTD) is to improve maritime security by acquiring, integrating, and exchanging relevant maritime activity information on regional threats and focusing limited interdiction and inspection assets on the most probable threats. Participants include PACOM, NORTHCOM, and EUCOM. Singapore is an international partner. The Naval Research Laboratory is the technical manager. The technical focus of the CMA JCTD includes the development and dem- onstration of the importance of information sharing for improved maritime awareness—both interagency sharing and international sharing—along with dem- onstrating improved information management techniques, such as application of the DOD net-centric data strategy (see Figure 3.3). In addition, to cope with the large volume of maritime information to be made available under MDA intitiatives, the CMA JCTD is developing and integrating automatic tools to provide timely and accurate maritime situational awareness, to identify and prioritize relevant and actionable information, and to acquire, fuse, and manage disparate information. The CMA JCTD emphasizes the exchange of classified information, offering the requisite operational benefits but also introducing information protection requirements that are not fully compatible with a keep-it-simple, low-cost-of-entry approach to information sharing with nontraditional partners. The CMA JCTD is being conducted in three spirals, with a demonstration at the end of each spiral:   JCTD is a DOD program to rapidly move advanced technology into the hands of warfighters A in the field.   Chris Dwyer, Naval Research Laboratory. 2007. “Comprehensive Maritime Awareness (CMA) Joint Capabilities Technology Demonstration (JCTD),” Proceedings of SPIE [Society of Photo-Opti- cal Instrumentation Engineers], Vol. 6578, Defense Transformation and Net-Centric Systems 2007 [Conference], Orlando, Fla., April 9-13. 

68 Current MDA Future (Information Isolation) (Information Sharing) Service COCOM Service COCOM Operational Decision Support Operational Decision Support HLS Commanders HLS Commanders MDA Tactical Data Tactical Data Policy MDA Policy Barriers MDA Tools •Collaborative Networks •Security •Multiple Levels of Security •Interoperability •Tailored Functions •Culture Coast Intelligence Coast Intelligence Agency Agency Guard Coalition Guard Coalition Analytic Data Partners Littoral Data Littoral Data Analytic Data Partners Local Data Local Data FIGURE 3.3  The CMA JCTD: Demonstrating improved information sharing and management. NOTE: HLS, homeland security. SOURCE: Chris Dwyer, Naval Research Laboratory. 2007. “Comprehensive Maritime Awareness (CMA) Joint Capabilities Technology Demonstration (JCTD),” Proceedings of SPIE [Society of Photo-Optical Instrumentation Engineers], Vol. 6578, Defense Transformation and Net-Centric Sys- tems 2007 [conference], Orlando, Fla., April 9-13. Figure 3-3, editable, color, broadside R01141 

INFORMATION SHARING, A KEY ENABLER 69 • Demonstration 1. Communications pipe between the regional operating centers and selected COCOMs (December 2006). • Demonstration 2. Common distributed virtual database/information extraction (CDVD/IE) and other integrated capabilities and technologies across the participating COCOMs; selected U.S. federal, state, and local government entities; and coalition partners (fall 2007). • Demonstration 3. Demonstration of a net-centric interagency exchange network based on service-oriented architecture technologies (fall 2008). Long-Range Identification and Tracking System The LRIT system (Figure 3.4) is being developed under the auspices of the IMO, an agency of the United Nations concerned with safety, environmental con- cerns, legal matters, technical cooperation, maritime security, and the efficiency of shipping. LRIT is being implemented under the authority of the International Convention on the Safety of Lives at Sea (SOLAS) for security and search-and- rescue (SAR) purposes. The SOLAS regulation on LRIT does not create or affirm any new rights of states over ships beyond those already existing in international law. The transmission of LRIT information is intended to be operational by December 31, 2008. Ships subject to SOLAS (including cargo ships of 300 GT and up on inter- national voyages as well as several other categories of vessels) will be required to transmit their identity, position, and the date and time of the position hourly. This information can readily be transmitted using current shipboard Global Maritime Distress and Safety System equipment at a cost of about 50 cents per transmis- sion. Each ship will transmit its information to a data center specified by its flag state using services provided by communications service providers—for example, the International Maritime Satellite and Applications Service Providers. The data centers may be national, regional, cooperative, or international and may be associated with a Vessel Monitoring System. Using a data distribution plan and international routing rules established under the auspices of the IMO, this information will be provided to flag states, port states,10 and coastal states11 and for use in SAR. The Internet will be used where available. It should be noted that the resulting information, though consolidated and disseminated as shown, is not uniformly and freely shared among all using parties. It should also be noted that LRIT is being developed in parallel with U.S. efforts to demonstrate the utility of communications satellites to relay AIS from existing ships’ equipment when they are beyond the range of shoreside receiv- 10  A port state has the right to LRIT information for a ship that intends to enter a port facility, at a distance or time set by the port state, but not in internal waters of another contracting government. 11  coastal state has the right to LRIT information for all ships, regardless of flag, within 1,000 A nmi of the coast, but not in internal waters of another contracting government or in the territorial sea of the contracting government whose flag the ship is entitled to fly. 

The standard for 70 Contracting Contracting Contracting data format, set of Government A Government Government possible commands, B,C,D… E,F,G… security and Flag Status Flag Status Flag Status used interface can vary Local Port State Local Port State Local Port State from place to place. Rules Coastal State Rules Coastal State Rules Coastal State IMO SAR Authorities SAR Authorities SAR Authorities al r ion l al o n at na g ion e In ter LRIT Data LRIT Data a tio Re tiv N LRIT Data era CSP Distribution Center Center op ASP or VMS Co Plan or VMS LRIT DC D/B D/B D/B One standard for data format, set of commands, security, QoS. International Routing Rules International LRIT Data Journal Exchange FIGURE 3.4  LRIT system. SOURCE: Chris Trelawny, Head, Maritime Security Section, International Maritime Organization, “IMO Perspec- tive,” presentation to the committee, Washington, D.C., February 7, 2007. For definitions of acronyms, see Appendix G. Figure 3-4, editable, color, broadside R01141 

INFORMATION SHARING, A KEY ENABLER 71 ers. If such AIS global connectivity can be achieved, the need for LRIT would logically decline. Other Related Navy Maritime Domain Awareness Initiatives The systems described in Table 3.1 are good examples of existing technol- ogy and systems that are being leveraged to enable maritime information sharing. Beyond these systems and demonstration initiatives, the Navy—specifically, the Deputy Chief of Naval Operations for Communication Networks (N6) and the Program Executive Office (PEO) for Command, Control, Communications, Com- puters, and Intelligence (C4I)—has undertaken to develop a maritime informa- tion-sharing architecture that can be applied to sharing public and/or unclassified information with nontraditional partners. The Navy, working with the USCG (CG-6), has taken the lead in require- ments analysis for maritime domain collaboration and information sharing. Functional capabilities have been identified in the areas of (1) connectivity and reach-back, (2) interoperability tools, (3) collaboration tools, (4) data aggre- gation, (5) display/visualization, (6) correlation/fusion, and (7) cross-domain information sharing, including multilevel security and multinational information sharing. Given these requirements, the N6 and the PEO for C4I have launched (as of this writing) an investigation into a large set of MDA-related technologies and initiatives with the intent to develop a prototype system that leverages com- mercial software tools and select DOD research to fill technology gaps. The Navy (N6 lead) undertook a short-turnaround (18-month) effort, which will result in a prototype solution, demonstrating an architecture that should be considered as a starting point for implementing many initiatives. More recently, as noted above, the Secretary of the Navy has directed development of a spiral 1 MDA capability that builds on the N6 efforts reviewed by this committee. N6 efforts to leverage the MDA data sharing (DS) community of interest (COI) activity and the related prototyping effort deserve particular mention. The MDA DS COI aims to transform data discovery and access from stovepiped systems to Web services using commercial networking technology and the MDA COI data standards. The fundamental issue of data interoperability is being addressed in this MDA initiative as part of a broader Office of the Secretary of Defense/Networks and Information Integration assault on data interoperability, an issue that will become central as the nature and scope of shared information content broaden in an MSP context. Ongoing efforts (as of this writing) focus on the use of commercial technol- ogy in general and on the use of commercial information protection technology in particular to share information. Three information bins implying different levels of protection are depicted in Figure 3.5, with the Navy focused on unclassified information. 

72 CLASSIFIED UNCLASSIFIED UNCLASSIFIED COP (Proprietary) (Nonproprietary) • JWICS • Data not fully shared • AIS information • SIPR • IMO participation • Meteorological/ ROCs • CENTRIXS • AIS information hydrographic data Navy 1 • Collaborative tools • LRIT system • Non-DOD-led HQs • AIS information • Supply chain security • Stand-alone 3 • MOC/MHQ involvement • Law enforcement data • Low barriers to entry • Governance • Commercial proprietary • Open to all Navy 1 Navy 2 • Requires technical data • Market/commercial HQ relevance 2 standards/protocols • Governance • Investment strategy • Collaborative tools • No barriers to growth • Requires technological 1 standards/protocols Navy 2 • Investment strategy Some information NGO NGO exchange between NGO NGO MDA both COPs Free Market Security Trust FIGURE 3.5  MDA bins for data sharing. NOTE: JWICS, Joint Worldwide Intelligence Communications System; SIPR, Secure Internet Protocol Router; MOC/MHQ, Maritime Operations Center/Maritime Headquarters; ROC, Regional Operations Center. See also Appendix G. SOURCE: RADM Kenneth Deutsch, USN, Director, Warfare Integration, Office of the Chief of Naval Operations (N6F/N83), “National Academies Naval Studies Board,” presentation to the committee, Washington, D.C., January 10, 2007. Figure 3-5, editable, b&w, broadside R01141 

INFORMATION SHARING, A KEY ENABLER 73 The thrust of the Navy effort and that of the related MDA DS COI effort— along with the management steps outlined above—are generally applauded. Note, however, that this committee is recommending serious consideration of additional capabilities, particularly in the area of promising surveillance options, as elabo- rated in subsequent sections. Observations Architectural Commonalities Despite differences across the range of architectures described above, one can identify common themes and elements that appropriately reflect the pervasive adoption of modern, commercially based, Internet-like architectures. These are especially important in order to provide inherently low-cost, low-risk interoper- ability and commonality. Common themes reflect network-centric architectural principles and attributes, including these: • Networking based on applying the Internet Protocol as an interoperable mechanism for exchanging data; • Use of commercially based Web technologies and products for exploiting the IP-based networking: —Web-browser-based access to applications and data, and —Development of common MDA COI vocabularies that can be repre- sented in flexible markup languages like extensible markup language; and • Use of simple viewers for data presentation (sometimes releasable GOTS rather than COTS, with CNIES (JIATF-S) and the MSSIS TV32 viewers as cases in point). Tailoring for the Nontraditional Partner Case The higher-end CENTRIXS architectures provide substantial capability and, as elaborated above, are supporting critical coalition operations today. However, these architectures have features that violate the low-cost-of-entry and keep-it- simple principles when starting from scratch to build trust with nontraditional partners: • Risk and complexity associated with the sharing of classified information; • Reliance on government-developed software (versus COTS), which may also add technology-sharing issues and demand more operator training for the partner’s personnel; and • Reliance on U.S.-provided networking infrastructure, which may itself engender distrust. 

74 MARITIME SECURITY PARTNERSHIPS Positive Technical Vectors in Evidence These considerations are recognized and reflected in both Navy and COCOM initiatives. The committee was impressed by the positive steps being taken to lay the foundation for and to implement information-sharing architectures and coordinated tactical action arrangements with nontraditional partners. More spe- cifically, both the N6-led MDA connectivity effort and the EUCOM-led Gulf of Guinea RMAC Initiative have positive aspects such as the following: • Putting the keep-it-simple principle into action by sharing unclassified information (e.g., AIS), adopting the commercial Internet model, exploiting COTS products and tools, and so on; • Leveraging various related efforts, as exemplified by the U.S. emphasis on interagency information sharing in general and on strengthened MDA, to support the NSMS (e.g., the MDA DS COI pilot); and • Investing in available capabilities to facilitate the exchange of information between the partners (“fly-away” kits, satellite phones, and so on), as illustrated in Figure 3.6. Additionally, the N6 has developed a multitier (Figure 3.7) graphic as a way to look at the direct sharing of unclassified information with foreign part- ners while backing this exchange up on the national side of the interface with selected, often sanitized information that derives from more sensitive or classi- fied sources. This useful DOD-oriented depiction can be generalized as shown in Fig- ure 3.8, emphasizing the creation of a shared information space based on an agreement among partners and supported by partner nations while preserving national information sensitivities. Figure 3.8 reflects the fact, noted by a Chilean Navy officer during discussions with the committee, that all nations have sensi- tive information content and sources and attendant information sensitivities that must be protected. Accordingly, the reality of information sharing involves some combination of human judgment and prearranged safeguarding technology to filter information in accordance with the range of potentially complex criteria indicated in the figure, including operational sensitivities, capability sensitivi- ties, legal/statutory constraints, and policy/diplomatic constraints. Despite these sensitivities and constraints, it is the committee’s view that the resulting shared picture—complemented by trusted person-to-person communication of particu- larly sensitive information—can provide an adequate basis for cooperative efforts. The JIATF-S operations are evidence of this. Figure 3.8 also depicts an interest- ing, potentially useful paradigm for collecting and disseminating information that is deemed unclassified: the use of an information broker. The implementation of such a broker concept for MSSIS was discussed above—the accumulation and aggregation of reported AIS information and dissemination of the resulting product to designated users by the Volpe Center. 

• Small Portable Operations Kit – Iridium SATCOM radio – Sectera cryptographic device – Laptop computer – Designed for remote site or small ship FIGURE 3.6  Enabling hardware for the user terminal. SOURCE: Paul Dickson, CENTRIXS Operations/Plans, Naval Network Warfare Com- mand (NETWARCOM), “Allied/Coalition CENTRIXS Maritime,” presentation to the committee, Washington, D.C., March 13, 2007. 75 Figure 3-6, bitmapped, except for type in upper left, 

76 MARITIME SECURITY PARTNERSHIPS U.S. DOD SCI GENSER U.S. Interagency G CC S- M “UDOP” CC Radiant IS GMII MDA DS COI GMSA RM Mercury CAC PKI Guinea, Singapore Password Unclassified Freely shared MSSIS SSL Everybody can play FIGURE 3.7  N6 multilevel architecture depiction. NOTE: MDA DS COI, maritime do- main awareness data-sharing community of interest; MSSIS, Maritime Safety and Security Information System; CAC, common3-7, editable, b&w, broadside Figure access card; UDOP, user-defined operational picture; R01141 PKI, public key infrastructure; GCCS, Global Command and Control System; MCCIS, Maritime Command and Control Information System. See also Appendix G. SOURCE: RADM Kenneth Deutsch, USN, Director, Warfare Integration, Office of the Chief of Naval Operations (N6F/N83), “National Academies Naval Studies Board,” presentation to the committee, Washington, D.C., January 10, 2007. In the case of commercial sources and databases (e.g., Lloyd’s), this could be accomplished in several ways: by the designation of a national node as an agent for the partnership, through use of a broker for that class of information, or via a commercial node connected directly to the network. The last option, however, could insert commercial players too deeply into the maritime security operations of partner nations. IT Architectures for Information Sharing Based on the foregoing observations, the committee offers the following finding and Recommendation 7: Finding: Effective information-sharing architectures and systems are operating today at the classified and unclassified levels. Navy and combatant commander (COCOM) efforts with nontraditional partners rely on the Internet model and use of commercial products, including for information protection. However, there is 

Nation A Sources Nation Unclassified/ Sensitive/ Sensitive/ Sensitive/ B Public Classified Nation Classified Classified Private A Shared Nation Pr C d Unclassified/ Sh iva re e Unclassified/ Unclassified/ ar t e P ha vat Unclassified/ Public ed S ri Public Public Shared Public FILTER Information Space (MDA, COP, Other) Sh Pr ared d iva are te Sh vate Pri Nation Broker Nation D E FILTER •Operational sensitivities (e.g., military ship position, law enforcement sources) Possible intermediate •Capability sensitivities information broker to •Legal/statutory constraints (on “notional side,” e.g., foreign disclosure) collect, aggregate, etc. •Policy/political constraints (e.g., current diplomatic situation) (e.g., Volpe for MSSIS) FIGURE 3.8  An operational view of multilateral information sharing. 77 Figure 3-8, editable, b&w, broadside 

78 MARITIME SECURITY PARTNERSHIPS no known, concerted effort to ensure that the Navy’s technical efforts are fully connected to or fully leveraged by COCOM or other initiatives. This less than satisfactory level of effort could lead to interoperability problems or could distract COCOM or other operational elements from their mission focus. Recommendation 7: The Chief of Naval Operations and the Secretary of the Navy should jointly charter and fund an activity, led by the Deputy Chief of Naval Operations for Communication Networks (N6) and supported by appropriate laboratory/system command/program executive office (PEO) expertise, to pro- vide responsive, dedicated technical support across the full range of interagency initiatives for the design, engineering, and fielding of information technology (IT) infrastructure that would enable information sharing for maritime security. The activity called for by this recommendation would support combatant commanders, Navy operational elements, other U.S. government organizations, and—through them—foreign partners. It would: • Develop information-sharing design templates and a catalog of imple- menting products (these might be different for partners within the U.S. govern- ment, those within formal alliances, those in ad hoc coalitions, and those with whom information-sharing arrangements are independent of formal alliance or coalition agreements); • Assemble and engineer starter kits in support of operational initiatives; • Include available tools for communications, collaboration, and consulta- tion within the broader design templates, MSP catalogs, and the starter kits effort outlined above; • Explore potential value-added upgrades for the future and recommend upgrades and backward compatibility approaches; • Emphasize the sharing of unclassified MDA information, suitably pro- tected to respect privacy and law enforcement concerns; and • Perform an end-to-end information protection analysis to ensure that the protection meets the expectations of the partners for the several networks in operation or under development. These measures would increase coherence among inherently distributed regional or subregional initiatives. Several factors would determine which entity is responsible for providing the technical support called for by the recommendation. These factors would include both (1) the emerging MDA responsibilities and mechanisms outlined above and (2) the critical leveraging of existing organizational capabilities and ongo- ing efforts that provide similar support. DISA MNIS JPO has a broad charter, along with substantial capability and field presence, albeit focused today on the sharing of releasable Secret information with traditional coalition partners. The SPAWAR System Center in Charleston, South Carolina, has relevant capability 

INFORMATION SHARING, A KEY ENABLER 79 and has been supporting, as the committee understands it, the NAVEUR-led Gulf of Guinea JCTD. The committee understands that its main effort is to identify the job to be done without getting into specific management arrangements. Central to this effort is to specify the content and design of a starter kit along with a set of implementing technologies to support information-sharing initiatives with foreign partners. The discussion up to this point has emphasized the IT infrastructure (e.g., networking). However, as will be noted in subsequent sections, the starter kits should also include (1) available COTS or releasable GOTS tools that provide practical analytical and fusion capability, (2) hardware and software that support operational-level consultation/collaboration and tactical-level action coordina- tion (e.g., satellite phones and chat translators), and (3) commercial information protection tools and technologies. Regional Information-Sharing Architectures in a Global Context The committee (1) recognizes significant information sharing today among coalition partners (e.g., CENTRIXS networks and COCOM and Navy initiatives support the multinational coalition in Iraq), (2) then focuses on the adoption of Internet-based IT infrastructures to enable sharing of unclassified information with nontraditional partners, and (3) in Recommendation 7 proposes a Navy effort to strengthen IT-enabling infrastructure architecting, engineering, and field- ing in support of MSP initiatives. As was made clear at the beginning of the chapter, the committee believes that information sharing will generally be carried out among regional or subre- gional partners, although the global effect will be a collective one. Put differently, the committee does not perceive that MSP success demands global agreements on information-sharing content or top-down enabling system architecture. In fact, it seems clear that the common interests and the requisite relationships are often local. On the other hand, the following also seem to be clear: • Strengthening the international security regime for information sharing as well as for cooperative action, with the IMO as the central mechanism, should be an objective as MSP efforts proceed. • The combination of transregional operational situations (such as those that characterize human trafficking) and the potential for CONOPS to evolve as regional MSP matures may lead to more robust information sharing across regions if not around the entire globe. • Cross-regional information sharing, in turn, calls for an extensible net- centric architecture. Figure 3.9 attempts to depict the resulting broader architecture—regional information-sharing networks as the core realization of the MSP concept, but 

Sharing of Sharing of 80 Public/Unclassified Classified/Sensitive Information Information Information Sources Classified/ Public/ Broker(s) Public/ Classified/ (National, Sensitive Unclassified Unclassified Sensitive Commercial, Public) P P P P S S S S Nation A Nation B Nation 1 Nation 2 Regional Information Sharing and Internet-based CENTRIXS-based Collaboration Commercial National Networks Infrastructure Infrastructure S S S S P P P P Nation D Nation C Nation 4 Nation 3 Internet-based “Backplane” Key for Potential Interoperable IP-based Filter Interregional P Private Info Internet Backplane S Shared Info Exchange FIGURE 3.9  Enabling maritime security partnerships: a conceptual architecture for information sharing. Figure 3-9, editable, b&w, broadside 

INFORMATION SHARING, A KEY ENABLER 81 with enabling cross-regional networking to support specific operational needs and/or evolving CONOPS. • The top and middle layers of Figure 3.9, depicting information sources and regional networks, respectively, are generalizations of Figure 3.8. The dis- tinction between networks sharing releasable Secret information and those that share public/unclassified information is represented in a simplified form. • The lower layer—a cross-regional “backplane”—represents the IP-, Inter- net-based networking capability offered by modern global technology. It provides the potential to reach beyond regions as the international maritime security com- munity matures and evolves. The architecture depicted in Figure 3.9 provides for both interoperability (IP- based networking, common data vocabulary/representations within the COI, and the like) and commonality of technology/product building blocks (when doing so makes sense). Again, Navy efforts to pursue such an architecture are noted and applauded. The point here is not that information sharing within and beyond regions is easy. There are the challenges of achieving agreements that are actionable, protecting the legitimate information sources of partner nations and other infor- mation providers (e.g., commercial shippers), and so on, as discussed throughout this report. Rather, the point is that an extensible information system/network- ing architecture based predominantly on modern commercial technology can be practically envisioned, which enables rather than limits progress toward MSP objectives. Building Mission Capability The discussions above recognize and applaud the ongoing initiatives and efforts to advance information sharing and coordinated action capabilities with and among nontraditional partners. Much of the Navy and COCOM-related mate- rial discussed above dealt with architecting and prototyping early instantiations of an enabling net-centric information infrastructure and implementing useful, basic AIS-oriented information sharing. However, if the objectives of the MSP initiative are to be realized, it seems crucial to move beyond the enabling information infrastructure and the sharing of readily available, nonsensitive, unclassified information. More effort is needed to strengthen the mission capability that would employ this infrastructure: focus- ing on information content; enriching information sources and their coverage; enhancing information analysis/data fusion capabilities; and exploiting a rich menu of available tools to support collaboration and coordination. And, in all of these areas, it is important to investigate the role of advancing technology while 

82 MARITIME SECURITY PARTNERSHIPS recognizing that the challenges confronting new and emerging partnerships reside first with policy and trust, not with technology. The systematic exploration of capability enhancements requires some scheme for narrowing down the requisite functional building blocks and identifying the interactions and trade-offs among these. A generic security engagement chain based on an “interdiction continuum” presented to the committee by a JIATF-S representative is one such scheme (Figure 3.10). The mission execution process involves continuous feedback among the elements of the chain. For the purposes of this report, the committee adopted a three-part, somewhat simplified functional breakdown of the elements of the chain or, more broadly, of the classical C2 process: • Sense/collect. Defined to include partner as well as U.S. capabilities, ranging from technical surveillance (e.g., radars), through automated electronic reporting (e.g., AIS), to human reporting (e.g., local law enforcement); • Analyze/fuse. Defined to include the exploitation of multiple sources to improve the quality of a single class of information (e.g., vessel tracks) and to derive broader information (e.g., connecting multisource dots to detect suspicious patterns); and • Decide/act. Defined to include effective mechanisms, including feedback/ monitoring for coordination and consultation during the decision process and for the exercise of C2 once a decision has been made. Sense/Collect The effectiveness of any maritime security information-sharing regime will ultimately be limited by the quality, completeness, and timeliness of the underly- ing information sources. As shown in Figure 3.11, two broad sources of informa- tion relevant to improving regional and global maritime security can be identi- fied—intelligence and surveillance: • Intelligence. Traditional and nontraditional reporting of a broad spectrum of information relevant to maritime security includes clandestine human intel- ligence collection and reporting to overtly accessing a wide range of commer- cial and law-enforcement-related sensitive but unclassified data. Intelligence is defined here to include the information content of intercepted communications, as distinct from the possible surveillance value (location) of such intercepts. It also includes information gleaned from ship boardings. Intelligence is generally not very close to real time, so surveillance assets must often be employed to find a vessel of interest on the high seas and to take tactical action. • Surveillance. Reporting from all sensors on detection, identification, and tracking of ships and craft on the surface of the ocean. Includes a broad spectrum of sources, ranging from coastal vessel detection and tracking radar systems 

PROSECUTE ARREST HANDOFF or ATTACK Lead: LEA Lead: LEA/ INTERCEPT DOD Transition: Support: ou th JIATF-South MONITOR From: TF -S JIATF South JI A Lead: JIATF South To: LEA/ SORT Support: DOD LEA/ Lead: DETECT JIATF South DOD Lead: Support: LEA/ INTEL JIATF South Support: DOD Cueing: LEA/ ry p All-Source lita ce DOD / Mi Intelligence/ cies h Ste lligen Information gen A Eac s Inte te era Gen FIGURE 3.10  A representative maritime security engagement chain. NOTE: LEA, law enforcement agencies. SOURCE: Scott Cantfil, Joint Interagency Task Force-South (JIATF-S) liaison officer, “Interdiction Continuum,” presentation to the committee, Washington, D.C., May 16, 2007. 83 Figure 3-10, editable, b&w, broadside R01141 

84 MARITIME SECURITY PARTNERSHIPS Intelligence tip received DECISION MAKERS’ RESPONSE FIGURE 3.11  Two sources of information: broad-area surveillance and intelligence tips. SOURCE: Based on RDML Joseph L. Nimmich, USCG, Assistant Commandant for Policy and Planning, COMMANDER, USCG SECTOR KEY WEST, presentation to the committee, Washington, D.C., January 9, 2007. Figure 3-11, bitmapped, b&w R01141 to highly classified U.S. “national technical means.” (The notion of surveil- lance, broadly defined, of course applies to people and cargo as well as ships. However, the surveillance of people and cargo results in what is here defined as “intelligence.”) While the distinction between intelligence and surveillance sources is impor- tant, it is also important to recognize that the two mechanisms are frequently interdependent in the operational arena, such as when surveillance assets are required to detect and track a vessel that has been previously reported by intel- ligence to be of interest to maritime security officials. Intelligence The United States and other nations concerned with the many facets of maritime security, ranging from the efforts of the Proliferation Security Initiative 

INFORMATION SHARING, A KEY ENABLER 85 (PSI) to reduce the threat of weapons of mass destruction (WMD) smuggling to the routine interdiction of migrants, are now primarily dependent on intelligence cueing for initiating operational responses. Much of this intelligence is from law enforcement sources. The United States has had considerable experience in the collection and use of intelligence/law enforcement information in pursuit of its maritime security goals. U.S. expertise is currently located at two operational centers, the JIATF-S and the National Maritime Intelligence Center (NMIC). The organizations charged with preventing the smuggling of drugs into the United States by sea, primarily from South and Central America, rely on a robust information network, CNIES, to provide information on planned and ongoing maritime drug-smuggling activities. The nature and quantity of these inputs tax the ability of the available response and interdiction forces to take advantage of all such tips. JIATF-S is unique in having established effective procedures for routinely and quickly converting classified intelligence and sensitive law enforce- ment information into a form that can be shared at an unclassified level under bilateral agreements with partner nations capable of taking responsive actions. The CNIES information-sharing system is described in the section “Systems for Sharing Information.” JIATF-S experience in the Caribbean, as understood by the committee, is that broad-area, uncued maritime surveillance is a less important source of infor- mation about seagoing drug traffic than is intelligence. However, a considerably more local, directed surveillance effort is often mounted by response forces to convert intelligence tips into actionable ship tracks and identities. It would appear that improved broad-area maritime surveillance (BAMS) in the Caribbean and Eastern Pacific, for instance, could significantly improve the efficiency of intercept and interdiction assets. Understanding that achieving such surveillance capability presents its own challenges, the committee is unaware of any existing operations analysis that would help identify the most cost-effective combination of surveillance and intercept capability, although JIATF-S headquarters is begin- ning to collect the data that would be essential to such analyses. The second focus of information collection and use, the NMIC, is now under the purview of both the Director of Naval Intelligence and the USCG. This major operational intelligence facility has been expanded to keep track not only of all information on shipping worldwide (including warships) as traditionally reported by intelligence and reconnaissance sources, but also of information on the emerging maritime security challenges of particular concern to the United States. NMIC’s primary purpose is to provide timely maritime intelligence sup- port to Navy and USCG elements and to other government agencies needing such information. The NMIC has well-established links with traditional U.S. allies, and, in addition to the information it obtains from highly classified intelligence collection systems, it leverages law enforcement information, as appropriate, and increasingly takes advantage of a broad range of commercially available maritime 

86 MARITIME SECURITY PARTNERSHIPS information. However, because the NMIC’s primary sources are so sensitive, it is difficult to establish procedures for transferring information in a timely way to the nontraditional partners that are the focus of this study. Thus the informa- tion-sharing architecture postulated by the Navy and generalized in this chapter involves filters that reside between national sources (foreign as well as U.S.) and the shared information picture or database (see Figures 3.7 and 3.8), and the level of information to be shared may differ among the four levels of partners mentioned in the terms of reference. Vessels of Interest  A vessel might be designated “a vessel of interest” to one or more agencies responsible for some aspect of maritime security depending on the information available on its history, crew, cargo, and movements. Such informa- tion exists in a variety of forms and locations, ranging from shipping documents and including the content of automated reporting systems such as AIS as well as specific tips from intercepted communications or direct observation reported by the intelligence and law enforcement agencies of one or more cooperating nations (e.g., customs analysis of ship manifests). Such information might be sufficient in and of itself to arouse interest in a specific ship; alternatively, disparities in the information about a specific ship provided by different sources might prompt further investigation. Implications for Information Sharing  As noted above, sources of intelligence on maritime traffic range from traditional highly classified national intelligence collection and reporting systems that were originally developed primarily to deal with military ships, through a rich set of law enforcement information, to the broad and increasingly important category “commercial and nontraditional.” Information from all these sources, when fused with complementary data from a surveillance system’s sensors, could, in principle, provide a comprehensive COP of all activity on the surface of the ocean, or at least of all activity in an area of interest. In addition to the various human and technical information collection prac- tices of nations, many of which reside within the various national security and military organizations, the various law enforcement communities in most nations maintain databases on individuals and vehicles that fall into the general category “law-enforcement sensitive.” These include watch lists of known or suspected terrorists and long-standing Interpol procedures for exchanging information on specific individuals who are formal subjects of arrest or detention warrants. Simi- lar information collection and sharing arrangements exist and are being expanded by the customs officials of several coastal countries. The growing exchange of law-enforcement-sensitive information in sup- port of the MSP initiative could be very productive but is fraught with privacy and legal issues. For example, the United States and the European Union have engaged in a long-running dispute about the level of detail needed in the infor- 

INFORMATION SHARING, A KEY ENABLER 87 mation to be exchanged concerning passengers on flights bound for the United States. In any case, it is clear that increased sharing of these types of intelligence data would make maritime activities more transparent—a central theme of the MSP initiative. Nontraditional Sources of Intelligence  In addition to governments (U.S. and non-U.S.) as sources of maritime information, there are rich sources of intelli- gence that are not part of a nation’s formal intelligence and law enforcement col- lection and reporting systems.12 Increasing reliance on nontraditional sources of maritime information will greatly enrich the MSP information-sharing concept, and the concept will face fewer bureaucratic and political challenges. Examples of nontraditional sources of maritime intelligence information that could contribute to information sharing among MSP include the following: • The Global Integrated Shipping Information System (GISIS) (operational, under IMO, Web-based), • International LRIT Data Centre and Data Exchange (in development by IMO), • Port state information exchanges —Equasis (operational, Web-based) —European Communities: SafeSeaNet (operational, Web-based) • Information on fishing vessels: Fisheries Global Information System (FIGIS) (satellite/VMS-based; being fielded by the Food and Agricultural Orga- nization), and • International Network for Cooperation and Coordination of Fisheries- Related Monitoring, Control and Surveillance (MCS) activities (operational, under the National Oceanic and Atmospheric Administration). Summary  The proper use of intelligence information for either establishing a COP or identifying a particular ship as “of interest” is very complex, and many protocols have yet to be worked out. Much of the intelligence about ship crews and cargoes is law-enforcement-sensitive and subject to disclosure rules that can be even more restrictive than national security classification protocols. In addi- tion, intelligence systems that access proprietary commercial databases are also highly circumscribed in their ability to share information widely. Nevertheless, a fully effective, shared maritime security information system will need to integrate as much intelligence data as possible. Sensitivities and constraints can often be handled by sharing only the opera- tionally significant “finding” (e.g., a tactical alert without any trace of sources or 12  Appendixes C and F discuss international databases as potential sources of such shared information. 

88 MARITIME SECURITY PARTNERSHIPS methods). This paradigm can support the operational mission while protecting the legitimate information concerns of partner nations. Observations on Intelligence  Despite the apparent success of intelligence cue- ing as a primary source of information that enables maritime security operations, there is growing concern about the potential threats posed by vessels that are not typically subjected to the type of information reporting currently available. Such vessels are generally smaller than the vessels routinely reported on in intelligence and commercial shipping circles (except for drug boats), and they operate from noncommercial ports, where they are less visible than they would be in highly regulated commercial ports. Pirate ships and human traffickers are examples of such threats, if not directly to U.S. interests then to the interests of many of the nontraditional partners to which the United States seeks to provide useful information in order to gain better maritime cooperation. Future threats could well include the smuggling of WMD or direct attacks by low-visibility, noncommercial vessels. More broadly, there is a large class of ocean-going ships and craft that are not routinely subjected to observation and reporting. These are the myriad unregu- lated private craft and other vessels that can, if they choose, generally remain unobserved by existing reporting and surveillance systems that depend on radio frequency emissions. Such vessels are acknowledged to constitute a growing source of threats to maritime security from the smuggling of contraband and people, the poaching of resources, piracy, and even attacks from the sea. It is highly doubtful that even planned improvements in traditional intel- ligence and law enforcement collection and reporting capabilities will provide enough information about the existence and location of such threats to preclude their deployment. Detection of ships of this type will require better broad ocean surveillance capabilities than are available today. Surveillance As noted in the foregoing section, intelligence currently provides much of the information that enables responses to threats to maritime security. This is not to suggest that routine, uncued surface surveillance is currently unimportant or unproductive. Nations concerned about the enforcement of laws designed to protect marine fisheries and other resources frequently conduct routine or randomized surveil- lance patrols of high-value areas employing both ships and aircraft. Known smuggler’s routes are also routinely patrolled by ships and/or aircraft to deter and interdict if needed. This includes, for example, the USCG patrols in the Mona and Windward Passages and the Strait of Florida and the recently expanded cooperative patrolling and coastal radar surveillance of the Strait of Malacca by the riparian countries. Other examples include the routine employment by the 

INFORMATION SHARING, A KEY ENABLER 89 United States of its fixed-site over-the-horizon radars (OTHRs) to detect and track aircraft in the Caribbean and the use by many nations of coastal surveil- lance radars. Some nations also operate surveillance satellite systems that serve multiple purposes,13 including the detection and location of ships at sea—primarily those transmitting on various radio frequencies (mainly surface search radar frequen- cies). Such detection systems help to populate geographical plots (such as those at the NMIC) with large numbers of ship locations and, in some cases, identities. However, this may do little to enhance maritime security unless mechanisms exist for identifying specific ships as being “of interest” on the basis of supplemental intelligence information, as discussed above, or on the basis of anomalous behav- ior, as discussed below in the section “Analyze/Fuse.” The fact that the effectiveness of existing, mostly passive, broad ocean sur- veillance systems is highly dependent on the “cooperative” radiation of ships indicates that complementary active systems—primarily radar systems—are thought to be needed if truly persistent surveillance of important broad ocean areas is to be established, as envisioned by the U.S. NSMS and the associated MSP concept. U.S. Capabilities for Active Maritime Surveillance  The USCG is currently expanding its radar surveillance of port and harbor approaches, but such efforts are inherently restricted to relatively short inshore ranges. At present the U.S. ability to actively surveil broad ocean areas is concentrated in its fleets of mari- time patrol aircraft, operated principally by the Navy but also by the USCG and the customs and border patrols. The Navy’s capabilities are focused on protecting its forward-deployed military task forces against potential threats. The protection capabilities of the Navy’s maritime patrol aircraft fleet are planned to be mod- ernized—note, in particular, the current competition for a force of long-range, unmanned aerial vehicles for BAMS which can sustain five orbits when fully fielded. Little naval surveillance capacity is expected to be allocated for routine active surveillance in support of national or regional maritime security objec- tives other than fleet protection. One exception to this general observation is the ongoing surveillance support to maritime interdiction operations (MIOs) in the Persian Gulf. These operations help to enforce shipping laws and regulations and prevent the seaborne introduction of contraband into the Iraq theater of military operations. To date, the Navy has not found the need for more effective BAMS to be sufficiently compelling to initiate a major new sensor acquisition program for this purpose, such as a space-based radar, a fleet of high-altitude airships, or any one of a number of other expensive schemes that have been identified. Any such new 13 See <http://www.centennialofflight.gov/essay/SPACEFLIGHT/recon/SP38.htm>. Accessed Au- gust 28, 2007. 

90 MARITIME SECURITY PARTNERSHIPS program might come at the expense of other DOD—probably Navy—programs now deemed of more immediate importance. Instead of focusing on new or improved sensors that would extend the nation’s surveillance capability to include uncooperative ships (as detailed in the section “Current and Emerging Information Architectures”), the Navy has chosen to focus its near-term efforts on making better use of the intelligence and pas- sive surveillance information that is already available through improved fusion and analysis. There is considerable merit in these activities in that, when fully implemented, they should permit both greater responsiveness to intelligence cue- ing and, if it proves to be useful, the employment of anomaly detection concepts that could spotlight potential problem ships that are trying to appear legitimate by hiding in plain sight (see section “Surveillance,” below). Such anomaly detection concepts offer the only known way of identifying apparently compliant ships as potential problems if no tip is available—short of a dramatic and unlikely upgrade to the regulations for ships at sea that would be comparable to the regulations for aircraft operators. Potentially Affordable Surveillance Improvements Worth Additional Attention Historically the Navy has been the nation’s center of excellence for ocean surveil- lance, having fielded many innovative concepts over the years, from the airships used for coastal surveillance patrols in World War I and World War II, to the Cold War’s acoustic and electronic intelligence (ELINT) satellite systems. 14 As suggested above, it appears to the committee that the Navy has taken an understandably cautious approach to expanding its maritime surveillance capa- bilities to meet the surveillance challenges of the National Strategy for Maritime Security. While caution is clearly called for before the Navy becomes committed to a major new acquisition program and its attendant future operating costs, the committee believes that there are several potentially less costly opportunities for improved ocean surveillance that warrant technical development and concept exploration. It also believes that the U.S. Navy is in the best position both techni- cally and in terms of its traditional role and mission to pursue such opportunities. The next seven sections highlight those concepts that have elicited the greatest interest on the part of the committee. Exploitation of Data from Commercial Remote Sensors/Satellites.  The committee was impressed with the potential for fusion of data streams from cur- rent and planned commercial imaging satellites, both electro-optical and radar. A demonstration was witnessed at the University of Miami’s Center for Southeast- ern Tropical Advanced Remote Sensing (CSTARS) facility. While rudimentary, it indicated considerable potential for the employment of such data streams in 14  See <http://www.centennialofflight.gov/essay/SPACEFLIGHT/recon/SP38.htm>. Accessed August 28, 2007. 

INFORMATION SHARING, A KEY ENABLER 91 tracking uncooperative ships. At the time of the CSTARS experiment, feeds from only eight satellites were available. As shown in Figure 3.12 and in more detail in Appendix E, by the end of this decade there will be 58 commercial optical satellites on orbit, up from 31 now, and 13 radar satellites, up from 4 now (all foreign). Open ocean surveillance using commercial space-based imaging appears to have considerable potential. The committee performed a notional analysis of space-based imagers to assess the potential surveillance regions. It assumed a 50- nmi radius imaging footprint and a nominal resolution of 1 meter for the purpose of reidentification during each orbital pass. This resolution is consistent with 42 percent of the satellites shown in Figure 3.12. The resulting imaging footprint is larger than the individual footprints of these very high resolution systems and would represent the total footprints of several such satellites. Assuming a nominal 1,000-nmi orbital altitude, such an imaging satellite could sweep out 1.1 million sq nmi per hour. Of course the orbital trajectory would limit the field of view of such a vehicle. Another consideration is the cost of the large amount of data that would be needed if the satellite were to provide enough images for large-area coverage. For a 100 nmi by 100 nmi swath with 1-meter resolution (again, represent- ing four or more satellites), data reporting and processing rates would probably exceed gigabits per second. If the satellites transmitted imagery only when a detection was made, the data rate would be much more manageable. For example, assuming that the data content of the message, including imagery, is about 1 mil- lion bits, then for an open ocean density of one ship per 1,000 sq nmi, only 3.3 Mbps of downlink data would notionally be required. For denser environments, this rate would increase considerably. The committee concludes that if automated features were in place for reporting on only detected vessels and with cued imag- ing of limited areas of ocean, satellite downlink data rates should be well within existing capacities. For such a scheme to be implemented, the satellite design would need to include appropriate onboard software to automate the detections-only concept, and the nations interested in using such satellites for ocean surveillance in this way would need to come together and perhaps subsidize the development of such features. Potential Upgrade of U.S. Over-the-Horizon Radars (OTHRs).  The United States has a long history of employing continental United States (CONUS) fixed- site low-frequency OTHRs for the long-range detection of aircraft that may be threatening the United States. However, the use of such bistatic-Doppler radars for detecting and tracking surface ships and craft is impeded by the need to deal with the high level of clutter returned from sea waves. The U.S. Navy has taken the lead on behalf of the DOD in responding to a Presidential Directive for DOD to improve the detection and interdiction of drug 

92 MARITIME SECURITY PARTNERSHIPS 50 RADAR (Italy, Germany, China, India, ESA, Canada, Japan) Spain 45 Malyasia South Africa 40 Algeria DMC (Algeria, Nigeria, Turkey, Thailand, UK, China) 35 UK Thailand 30 Singapore Taiwan Number 25 Germany Israel 20 ESA China & China/Brazil 15 Korea Russia 10 Japan & Japan/US India 5 France USCOM 0 USG 99 0 1 2 3 4 5 6 7 8 9 10 11 Lsat End of Year FIGURE 3.12  Number of optical and radar land-imaging satellites. SOURCE: William E. Stoney, Mitretek Systems. 2006. “ASPRS Guide to Land Imaging Satellites,” updated for the NOAA Commercial Remote Sensing Symposium, Washington, D.C., September 12-14. Noblis, Inc. ©2007. Reprinted with permission. Figure 3-12, editable version downloaded from source, color traffickers en route to the United States. The Navy retained three relocatable R01141 OTHR (ROTHR) sites (Texas, Puerto Rico, and Virginia) after the end of the Cold War and now operates them in support of the JIATF-S drug interdiction mission, as described below. To that end, there have been only modest improvements to these systems over the years that have helped in the detection of surface craft, in 

INFORMATION SHARING, A KEY ENABLER 93 addition to the main goal of detecting light aircraft (see Figure 3.13 for current coverage of the aircraft). The committee did not assess the degree to which further improvements to these obsolescent radars targeted on surface vessels of a particular size, for instance, would be more cost-effective than their replacement with modern equip- ment. However, the prime contractor for the Navy’s ROTHR program, Raytheon, has proposed an expansion of the ROTHR coverage primarily in support of U.S. homeland defense/security, as shown in Figure 3.14. This suggests that a body of technical expertise is well established and available to the Navy and could be offered to other countries in support of the overall goal of improving the per- sistent ocean surface surveillance capability worldwide as a key to a successful MSP initiative. The Air Force OTH-backscatter radars (FPS-118), whose coverage is shown in Figure 3.15, became operational near the end of the Cold War and are now in warm storage, although they have undergone some testing by NOAA for observ- ing ocean surface parameters. Because these radars are owned and managed by the Air Force, whose mission does not normally include surveillance of ocean surface traffic, there appears to be little information on their prospective utility for FIGURE 3.13  Existing relocatable over-the-horizon radar (ROTHR) coverage (JIATF-S). SOURCE: Joint Interagency Task Force-South, “ROTHR Coverage,” June 25, 2007. Figure 3-13, bitmapped, color R01141 

94 MARITIME SECURITY PARTNERSHIPS ocean surface surveillance. However, they may have potential for ocean surface surveillance, which could be explored. Because OTH systems might be able to provide information on surface traffic far off each coast of the United States, as well as near other countries, analysis of the cost and effectiveness of hardware modernization and improved signal processing would appear to be warranted. Because the Navy is the de facto U.S. leader in ocean surface surveillance, Navy leadership of such an exploratory process would be essential. Potential for Improved Regional Maritime Surveillance Through Expanded Coastal Radar Surveillance Systems and AIS Receivers.  The committee has been impressed with the efforts of the naval component commanders working under the regional COCOMs to encourage and assist other countries in improving their maritime surveillance capabilities. EUCOM is devoting considerable effort to assisting coastal nations throughout its theater, including particularly the Gulf FIGURE 3.14  Prospective ROTHR coverage (Raytheon). SOURCE: Reproduced with permission from Raytheon Company, ©2004, relocatable over-the-horizon radar (ROTHR) for homeland security.Figure 3-14, bitmapped, color See <http://www.raytheon.com/products/stellent/groups/public/ documents/legacy_site/cms01_049201.psf>. Accessed August 28, 2007. R01141 

INFORMATION SHARING, A KEY ENABLER 95 FIGURE 3.15  OTH-B. SOURCE: Federation of American Scientists. 1999. U.S. Air Force, over-the-horizon-backscatter (OTH-B) air defense radar system, June 29. See <http://www.fas.org/nuke/guide/usa/airdef/an-fps-118.htm>. Accessed August 28, 2007. Figure 3-15, bitmapped, b&w R01141 of Guinea, to improve their maritime surveillance capabilities by installing coastal AIS receivers and radars and to provide the resulting information to the MSSIS Web-based distribution system. PACOM has been quite successful in encouraging cooperation in maritime surveillance and information sharing among the nations of Southeast Asia, particularly in the vicinity of the Strait of Malacca. Given these encouraging activities, it appears that a Navy-led initiative to expand such efforts worldwide and to include the cost of such technical assis- tance efforts in the Navy’s baseline budgets, rather than relying on the ephemeral nature of most COCOM direct funding sources, could have a significant payoff. To the extent that U.S. Navy expenditures for the technical assistance that other countries need to become full partners in the provision of ocean surveillance information are modest, such an initiative might be very cost-effective. Taking Advantage of Existing Commercial Ship Surface Search Radar and AIS Data.  In addition to the dedicated active and passive ocean surveil- 

96 MARITIME SECURITY PARTNERSHIPS lance systems that are already designed to feed various monitoring, analysis, and control centers, most ships and aircraft at sea, military and civilian, operate their own radars in the interest of safe navigation and the avoidance of collisions. It has been suggested that the local information from such sensors could greatly expand the coverage of networked ocean surveillance sensors. Of particular interest to the committee is the potential harnessing of the local radar and AIS displays available on all commercial ships that are already subject to IMO agreements. Given the tens of thousands of such ships that are usually at sea, this appears to constitute a significant source of surveillance informa- tion if it can be tapped at reasonable cost. The U.S. Navy is already fielding a SureTrak capability for its ships to integrate its own ship radar and AIS receiver data. Presumably that integrated picture can be transmitted ashore over military communications channels and integrated into the expanding U.S. MDA informa- tion system. The extent to which such information derived from military sources could be routinely shared with prospective MSP nations should be investigated. It should be noted here that the number of commercial ships at sea is much larger than the number of military ships and could considerably expand coverage. Figure 3.16 indicates the relative historical densities of several types of ships per square degree of latitude and longitude, including fishing vessels, merchants, and tankers. Smaller ships are not included. The maximum density (lightest shade) is greater than 25 ships per square degree. At about 50 degrees latitude, FIGURE 3.16  Commercial shipping density. Figure 3-16, bitmapped, color or b&w (?) R01141 

INFORMATION SHARING, A KEY ENABLER 97 this corresponds to more than one ship per 110 sq nmi. As a check, the committee examined an AIS snapshot near Portsmouth, England, taken on October 8, 2004, at 13:03:28 UTC, the area of highest density in the figure. The committee counted 43 ships per square degree, or one ship per 64 sq mi, which is consistent. As shown in Figure 3.16, the average density of commercial ships at sea is highest in the approaches to commercial harbors, along coastal routes, and in and near well-known choke points, as would be expected. This suggests that commer- cial shipborne navigation radars offer the potential for sufficiently robust cover- age in many areas of the world to largely preclude any ship from being able to slip through undetected and reported. Even in less frequented areas, ships attempting to remain undetected would be greatly challenged to find an evasion route. For such a concept to be effective, there would have to be an affordable method of piping the available surveillance information ashore from operationally sig- nificant standoff distances. The potential cost to shipowners of using commercial satellite telephony for such purposes appears to have inhibited serious exploration of this concept to date. Fortunately, modern image/data compression techniques promise to reduce the file size of such periodic reports to manageable levels. Such techniques, when combined with emerging government-sponsored (and perhaps government-subsidized) satellite communications services such as those being provided by Increment 3 of the DHS/USCG NAIS program and other systems that utilize the Iridium, ORBCOMM, or GlobalStar satellite communications constellations, offer considerable promise for providing the needed linkage at acceptable cost. For example, a simplified analysis indicates that in an area from which 1,000 ships are reporting every ship contact from radar or AIS with a 1,000-bit message every 15 to 60 minutes, a ship would require a data rate of no more than about 11 kilobits per second (kbps) even in areas of extremely dense traffic (such as one vessel per square nautical mile). At current International Maritime Satellite (INMARSAT-C) rates, this type of reporting incurs a modest price and is well within the capacities of commercial satellite communications systems. Assuming a radar coverage range of 24 nmi and an AIS range of 50 nmi, 1,000 ships with no overlapping coverage could cover 8 million sq nmi for AIS and 2 million sq nmi for radar. At an average ship speed of 15 kt (based on a cursory examination of vessels described in Jane’s Merchant Ships, June 2007), 1,000 ships would sweep out about 1.5 million sq nmi per hour for AIS and 0.75 million sq nmi per hour for radar, presuming that coverage separation remained the same. An isotropic distribution of ships is of course not likely, so the foregoing estimates are upper limits, but real-world performance of even half that amount could be very significant. It might, for example, provide nearly solid coverage of the U.S. East Coast out to 200 miles. As with other sources of information on commercial ship location, cargoes, and routing that are potentially competition-sensitive, the data handling system would have to provide appropriate safeguards. 

98 MARITIME SECURITY PARTNERSHIPS Feeding Routine Offshore Surface Contact Data Generated by Military Ships and Aircraft into the Surface Ship Database.  As noted above, the Navy is already planning to outfit at least some of its ships with the SureTrak feature that integrates surface search radar and AIS receiver information. A more general and widespread implementation of this concept among all of the navies of the MSP nations could further increase active surveillance coverage. If cooperating nations were to further expand the concept to include all of their radar-equipped government ships and aircraft, additional coverage would become available. Again, the U.S. Navy is well positioned to provide technical assistance for such an MSP initiative. A first step would be to seriously analyze the potential for coverage and its utility, along with cost. Reactivation and/or Expansion of an Integrated Undersea Acoustic Sur- veillance System.  The U.S. Navy has a long history of successfully employing fixed and mobile passive acoustic surveillance systems to detect vessels of inter- est in key areas of the world. During the Cold War, those vessels of interest were almost always Soviet, particularly the submarines and other warships. These surveillance systems were generally considered “fleet assets” and were managed outside the purview of the intelligence community—an arrangement that has certain “optical” benefits in the current international environment. With the end of the Cold War, the need for such labor-intensive acoustic surveillance systems declined appreciably, but the relevant expertise has been retained and even extended in the form of experimental distributed underwater arrays, towed surveillance arrays, tactical sonar systems, advanced sonar buoys, and acoustic capabilities for unmanned underwater vehicles. As with the airborne surveillance provided by MPA and BAMS, these acoustic surveillance efforts are currently focused largely on fleet protection, not persistent, broad ocean surveil- lance of the type envisioned by the MPS initiative. Modern signal processing techniques and automated data handling suggest that increased utilization of acoustic surveillance concepts may complement the other enhanced surveillance concepts summarized above. As with specific emitter identification (SEI) techniques employed in the passive ELINT regime, the acous- tic signatures of ships can provide considerable useful information in addition to the location of the ship. As the nation’s expert in ocean acoustic surveillance, the U.S. Navy is well positioned to expand its efforts in this field beyond the protec- tion of fleet assets to include the broader information collection and sharing goals of the MSP initiative. Again, the promise of integrating such capabilities into a broader maritime surveillance regime appears to warrant further investigation. Enhancements of Existing and Planned National Technical Means/ National Reconnaissance Office (NRO) Satellites.  In recent years the main threats against which the United States has postured its military capabilities in 

INFORMATION SHARING, A KEY ENABLER 99 general and its orbiting surveillance capabilities in particular have been terrestrial. Consequently there has been little apparent attempt to extend the capabilities of these enormously capable and expensive NRO systems to improved surveillance of important ocean areas in ways that would help locate and identify unco- operative ships. The committee believes that the prospect of large payoffs for relatively small enhancements of the functionality of planned new spacecraft are sufficiently attractive to warrant a detailed investigation of the cost and probable effectiveness of such enhancements. Findings and Recommendations The U.S. Navy is uniquely qualified to help expand international maritime surveillance in support of its and its partners’ maritime security goals. In particu- lar, as the nation’s primary repository of expertise on broad ocean surveillance, the U.S. Navy is best qualified to help improve the surveillance of key areas of the ocean surface and to provide the additional surveillance information to other nations whose maritime security it would enhance. Finding: There is a range of technical options for improved ocean surveillance, some of them near term, that should be less costly than fielding large, new sen- sor systems. Some of them exploit data from a growing inventory of commercial remote-imaging sensors and satellites, others entail maritime-directed upgrades to existing over-the-horizon radars and/or national reconnaissance systems, and, finally, still others involve coastal radar surveillance of the near-in waters of partner states. Finding: In many parts of the world, U.S. naval component commanders are well positioned to encourage coastal nations to improve their own maritime surveil- lance capabilities. To this end there are some relatively low-cost, high-payoff improvements for which the Navy could provide not only technical assistance (an example would be the selection and siting of coastal radars) but also material assistance by such means as the Section 1206 funding mechanism.15 In some places such programs are well under way, but many more opportunities could be productively pursued. Recommendation 8: The Chief of Naval Operations (CNO) should direct the Director of Naval Intelligence (N2) and the Deputy Chief of Naval Operations for Communication Networks (N6), and the Assistant Secretary of the Navy for Research, Development, and Acquisition should direct the appropriate laborato- 15  Section 1206 funding, named for the section of the 2006 National Defense Authorization Act that authorizes it, is designed to help other countries build capacity within their national military forces. The authority allows DOD, in consultation with the State Department, to spend up to $200 million a year to help other countries. 

100 MARITIME SECURITY PARTNERSHIPS ries, system commands, and program executive offices to increase their efforts to investigate, analyze, and help field, if appropriate, the most cost-effective combinations of capability across the potentially promising approaches to per- sistent, improved broad ocean surveillance that are identified in Chapter 3. To facilitate this initiative, the CNO should (1) seek a higher level of representation at the National Reconnaissance Office, where decisions are made on U.S. sensor performance goals, and (2) leverage its newly expanded role in the Office of the Director of National Intelligence (ODNI) to encourage the inclusion of maritime surveillance features in the next generation of commercial remote sensors from which the ODNI expects the agencies, particularly the nongovernmental agencies, to contract for products. Recommendation 9: The Chief of Naval Operations, in coordination with the combatant commanders, should direct the Director of Naval Intelligence (N2) and the Deputy Chief of Naval Operations for Communication Networks (N6), and the Assistant Secretary of the Navy for Research, Development, and Acquisition should direct the appropriate laboratories, system commands, and program execu- tive offices to ensure that naval component commanders have the appropriate expertise and other assets to facilitate an outreach program to coastal states that would benefit from improved maritime surveillance capabilities. Analyze/Fuse Framing the Challenges Given the variety of current and potential surveillance data and intelligence information that can be exploited, it is important to recognize the functions that will need to be performed in the analysis and fusion of this multimodal data. As depicted in Figure 3.17, there are four such functions required to transform data into actionable decision-making information: • Data conditioning is the development of a common ontology/data model. • Data fusion entails combining data at various levels. • Data mining involves the discovery of patterns and associations in large static datasets. • Human–systems collaboration environments entail the development of visualization and collaborative decision-making tools for maritime security analy- sis and tasking. For reference purposes, the Joint Directors of Laboratories (JDL) data fusion group model developed by the U.S. DOD JDL/Data Fusion Subpanel is cited. The 

INFORMATION SHARING, A KEY ENABLER 101 five levels of fusion are (1) subobject data association and estimation: pixel/sig- nal-level data association and characterization at the sensor level (L0), (2) object refinement (L1), (3) situation refinement (L2), (4) significance estimation or threat refinement (L3), and (5) process refinement: adaptive search and process- ing resource management (L4). For the foreseeable future, the technical challenges of data mining and data fusion will be heavily concentrated on the U.S. side. Clearly, the multinational shared information space—lower volumes from fewer sources of raw data, at least to start—will not demand this level of information analysis and exchange. However, overall data mining, analysis, and fusion technologies must advance in order to create rationalized alerts and actionable information that may then be shared with partner nations in sanitized form in accordance with bilateral agree- ments. As regional communities share information with the global community, the amount of multimodal data that will need to be mined, exploited, and shared in a timely manner in order to maintain maritime security will pose several tech- nology challenges in each of the MDA analysis/fusion functional areas. Data Conditioning  Central to the analysis and fusion problem is the need for a common language to describe the data in the context of maritime security. Data from disparate sources must be translated into a form that can be cross-associated, time-stamped, and/or correlated by the fusion and mining components. This data alignment challenge grows as the number and variety of data sources increase. And, as the data set expands to include internationally gathered information, special consideration must be given to language translation technologies such as those used in Translingual Instant Messaging (TRIM), employed in the CNIES program by JIATF-S, or in the Foreign Language Media Monitoring program sponsored by the Defense Advanced Research Projects Agency (DARPA). Overall, the committee notes that some good technology work is being done in this area; however, most of the efforts are focused on a specific regional MDA solution or a unique data conversion challenge. There is no broadly applicable maritime domain data model with associated translation technologies. However, the efforts of the MDA DS COI are an important first step in the development of an overall architecture for information management and dissemination in this domain. More specifically, the MDA DS COI effort is working to transform data discovery and access from stovepiped systems to Web services using DOD Net- Centric Enterprise Services and the MDA COI standards. The envisioned capabil- ity is aimed at full MDA data exposure at unclassified and Genser levels based on the MDA COI schema. Data Fusion  As shown in the diagram, data fusion as defined here involves (1) sensor data fusion, (2) anomaly detection, and (3) vessel context association (incorporating data such as crew, cargo, financial data, ownership, and so on). 

Sensor Human-Systems Collaboration 102 Decide/Act tasking Data Data Course of Research in motion- action planning based pattern Fusion Mining Behavior learning/normalcy Cargo/ database (PANDA), Need advances Crew rules-based anomaly Anomaly Information in automated detection Model Detection model (FASTC2AP) Development generation, Sensor hypothesis Data testing to reduce To produce human workload known good Fusion Known Vessel good Context Pattern tracks, need enough multisource tracks Association Discovery data to exploit. Challenge lies in data/algorithm Beginning to see ownership analysis in SEAPORT, Analyze/Fuse Common Ontology / Data Schema GlobalTrader CargoLink. More could be done to enhance availability and Gov’t Intelligence Commercial automation of Must have a Sense/Collect Surveillance maritime traffic Data Data Sources common Data information framework for Intelligence Data representing multi- source data to -AIS -HUMINT (tips, cues) -Lloyd’s enable rapid data -Radar -COMINT content -Customs manifest fusion, effective -Satellite imagery -Interpol/other LEA -Shipping company data data mining, and -ELINT -Port security eventual system extensibility/ -Post-arrest intelligence scalability. Includes language Signal Exploitation translation services Info Exploitation FIGURE 3.17  A functional view of maritime domain information analysis/fusion. Figure 3-17, editable, b&w, broadside R01141 

INFORMATION SHARING, A KEY ENABLER 103 Sensor Data Fusion.  This capability involves correlating available sensor information (emitter characteristics, imagery, AIS data, and so on) to positively identify a maritime entity and associate that entity with track data. To produce known good tracks (i.e., accurate positions and unambiguous updates) and sub- sequently detect anomalies (i.e., vessel behavior outside the norm), there must be enough multisource data to exploit. With the development of more data types and data sources to contribute to MDA (as described in the section “Sense/Col- lect”), and if the above recommendations for analysis and placement of surveil- lance sources with adequate sensitivity and coverage are exercised and assets are directed and utilized appropriately, the availability of data should not be an issue in the future. Instead, the challenge will lie in how well all the available information can be fused together into high-quality, multisource tracks, prefer- ably including vessel, crew, and cargo information. Rising to this challenge will require resolving competing claims to ownership of the data and the algorithms that process the data. Anomaly Detection.  The U.S. maritime security community currently moni- tors dozens of high-interest vessels at any one time that could be affiliated with entities or individuals that could be involved in terrorism or other threatening or illicit activity. As noted in an earlier section, the identification of vessels of interest is substantially dependent on tips, often from law enforcement sources. Information on cargo and crew, for instance, is analyzed as part of the process. Such analysis can be quite effective and will continue to be important. However, this analysis can involve a substantial amount of cognitive effort by those who stand watch and by analysts to infer intention or activity from patterns of motion and other observables. The purpose of the various anomaly detection initiatives is essentially to automate this manual process and enable early detection of an emerging threat. The current focus is on identifying threat vessels from among the more than 50,000 vessels over 300 GT that are engaged in international maritime commerce. Such an automated capability could then bring vessels of interest to an operator’s attention for manual verification and a decision on course of action. An essential step for the development of a robust, automated process is the under- standing of common practices of the maritime community and the representation of that understanding in a normalcy database. DARPA research in programs such as the Fast Connectivity for Coalition Agents Program (FASTC2AP) and Predictive Analysis for Naval Deployment Activities (PANDA) is advancing the technology used to predict potential threats. For example, FASTC2AP is designed to allow users and watch-standers to spec- ify vessel behaviors and characteristics that drive alerts and prompt operators to analyze those vessels further. Essentially a human-interactive, rule-based pro- gram, FASTC2AP represents a first step toward automated anomaly detection. For example, an analyst can specify a set of known suspicious behavior patterns 

104 MARITIME SECURITY PARTNERSHIPS (deviation from sea lane, slow speed in sea lane, close proximity/loitering with another ship, and so on) and specify rules that will trigger alerts. The PANDA program is aimed at developing a normalcy database for a given ship’s motion and using that normal behavior model to automatically identify anomalies or potential threats. Detection of potential threats based on analysis of vessel motion augmented with emission analysis is within the realm of possibility due to the increasing amount of information being collected by port authorities (by using human intelligence and law enforcement agencies), by the AIS, by other open sources, and by intelligence community sources that provide persistent, long-duration tracks on many surface vessels. The problem is highly challenging not only because there are so many monitored vessels but also because multiple organizations—continental United States (CONUS)-based intelligence centers, fleet-level fusion centers, and shipboard situation awareness cells—have separate roles, sensor ownership, and data access. Hence, any solution needs (1) to enable decentralized analysis; (2) to scale to different data availabilities, data rates, and levels of resolution; and (3) to permit efficient exchange of models, tracks, predictions, and alerts across organizations and classification levels. Essentially a fusion program, PANDA focuses on predicting vessel behavior given known good multisource track data, identifying potential threats, and cueing the further exploitation of the information (crew, cargo, financials, and so on) that is cor- related with that vessel. Both FASTC2AP and PANDA are research programs that will require a transition sponsor should they prove to be effective. FASTC2AP is at a technol- ogy readiness level (TRL) of 9 and is installed and has been used operationally by the Sixth Fleet and by NATO maritime elements. The goal is to harden the technologies and transition them to Navy programs of record by FY08-FY09. PANDA is in its first year (of four) as a DARPA program. A transition sponsor is to be determined. Moreover, the products of these programs, while valuable to U.S. interests, will probably not be available to all the regional partners with which information is often shared at the unclassified level. On the other hand, the committee’s view is that selected basic capabilities can and should be provided to partner nations to advance both trust and capability. A basic analysis/fusion tool set such as might be included in a starter kit could allow the examination of more anomalies within such regional networks. A first anomaly detection capability might be software that can detect a change in reported AIS identification for a given vessel or that can detect a vessel traveling in a manner not consistent with its destination. In addition, and apparently as was envisioned as part of the noted MDA spiral 1 effort, selected vessel tracking algorithms can be shared as releasable GOTS. Although they are well worth pursuing, anomaly detection schemes are likely to have only limited ability to identify vessels of interest among the large numbers of smaller ships whose historical behavior has been noisy—that is, ships that have no stable historical pattern against which current behaviors can be compared. 

INFORMATION SHARING, A KEY ENABLER 105 Beyond Vessel Information.  Clearly, much of maritime security involves tracking of people and cargoes. As evidenced in JIATF-S operations, that class of information is absolutely crucial to success and requires an extension of inter- agency relationships to better track the flow of people and cargoes of interest and relate them to shipping activity. Similarly, efforts in both the law enforcement and intelligence communities involve linking vessel track data with the informa- tion on a ship’s manifest to identify vessels of interest. To reduce the threat to maritime security, emphasis must be placed on analyzing and selectively sharing information on crew, cargo, supply chain, financials, ownership, and so on. The committee understands that access to this information implies the existence of a robust interface with the broad law enforcement community such that relevant vessel context information can be fuzed with vessel track and behavior predic- tions. Linking this context information is automated by the use of tools such as those sponsored by the Office of Naval Intelligence (ONI) and investigated as part of the N6 MDA activity. For example, one such tool, SeaPort, is establish- ing a global MIO database. Another tool, Global Trader, is currently focusing on foreign-to-foreign transport of shipping containers (60 to 70 percent of all global shipping data). Another unclassified module, Cargo Link, is expected to provide for research and prediction of cargo data and pattern mapping for cargo and manifests. Data Mining  Data mining involves correlating various kinds of information from both structured and unstructured databases and evaluating the correlated data sets to detect previously unknown patterns. It focuses on the relationships between objects in the databases and involves link analysis, which is building networks of interconnected objects in order to predict future events. The main tasks of link analysis are to extract, discover, and link together sparse evidence from vast amounts of data, to represent and evaluate the significance of the related evidence, and to learn patterns to guide the extraction, discovery, and linkage of entities. The discovered relationships may be transactional, geographical, social, or temporal. Data mining technologies of this sort have been applied in a number of domains—in commerce, stock-market analysis, medical research, and the insur- ance industry, to name a few. As a result, there are countless commercial tools available to help analysts in a variety of fields absorb a vast amount of structured and unstructured data, visualize patterns, and predict behavior based on the pat- terns that the analyst uncovers. While there are many commercial and custom tools to perform this pattern recognition, few tools exist to perform pattern discovery, specifically in the area of maritime security and threat analysis. Advances in automated model generation and hypothesis testing are required to reduce the human workload and expedite mining through the additional information that is likely to result from data sharing with nations in the MSP. The approaches under investigation appear consistent 

106 MARITIME SECURITY PARTNERSHIPS with the Internet search architecture, although perhaps only a subset of such min- ing tools may be releasable to regional partners for unclassified databases. Human–Systems Collaboration Environment  Visualization and analysis tools that allow an analyst to connect the dots (derive vessel intent, postulate threat scenarios, and so on) are an essential element in creating an MDA picture. Given known good tracks, predicted vessel activity, and maritime behavior models, command and control centers should be able to understand where—that is, on which vessels of interest—to focus their maritime security operations. However, there is a great need here as well for advances in automated model generation and hypothesis testing to further reduce the human workload. Current data mining and visualization techniques will have difficulty keeping up with increasing amounts of MDA-related structured and unstructured information. The state of the art in MDA data fusion and data mining requires much interaction with humans. Since most technology solutions in use today solve the level 0 (data source processing) or level 1 (object refinement) problem, no real capability has been implemented to handle fusion for the large amounts of diverse, uncertain maritime data at higher fusion levels. Indeed, automated fusion tools at JDL levels 2 (situation refinement) and 3 (threat refinement) are part of the science and technology (S&T) community research agenda. DARPA’s FASTC2AP program, for example, includes development of Web-enabled tools for global maritime awareness. FASTC2AP’s human–machine interface allows users to create and configure agents and deploy Web portal technology to auto- mate the currently manual processes. While there is some specific research work in this area, efficient and effective integration of humans into the fusion process is not yet widely understood. Higher-level decision support functions (detecting anomalies, predicting behavior, establishing relationships, deriving intent) is, as a result, primarily per- formed by analysts. To make good use of increasing amounts of diverse maritime- related data, research (and plans for subsequent technology transition) in human- guided fusion algorithms and automated fusion technologies must be included in an overall MSP strategy. More specifically, research is needed to take maritime situation awareness to the next level of data visualization, relationship explora- tion, and link analysis in order to strengthen maritime intelligence discovery. Advancing the State of the Practice Today, the majority of maritime domain information is in stovepiped sys- tems, and the focus is on tracking vessels of interest. While this manpower-inten- sive practice is useful in reducing the potential for harm by terrorists or criminals, more can be done through increased data collection, analysis, and fusion to further reduce this threat. As illustrated in Figure 3.18, future MDA capability could further support common maritime security interests, provided that (1) there 

INFORMATION SHARING, A KEY ENABLER 107 is a common baseline for situation awareness at the unclassified level and (2) current research and demonstration technology aimed at higher levels of fusion is successfully transitioned into the operational community. Although the figure focuses on the terrorism threat, it depicts principles that apply more broadly. Providing Shared Analysis and Fusion Capabilities in the Near Term  One way to advance the state of the practice is to start with a baseline for a well-under- stood maritime COP. In other words, we can advance the state of the practice by bringing all partner nations up to a base level of situation awareness through the dissemination of starter kits that include COTS or releasable GOTS fusion tools. These tools for merging AIS, imaging systems, and radar data would cre- ate an integrated and more reliable situational awareness capability for all MSP participants. Candidate starter kit tools can be provided that have been quite well Future (given transition of Current Threat Analysis research/demo technology) Known Vessel Known good Vessel good ID and tracks, vessel ID and tracks location anomalies, and intent location Terrorist or Potential criminal for Harm activity Missing data Missing Potential Terrorist or criminal data for Harm activity Maritime Domain Maritime Domain -Majority of information in stovepipes -Expanded sense/collect capability -Security focus on vessels of interest -Automated fusion and data mining -Link vessel tracks, crew, cargo, and human intelligence information to detect anomalies and reduce potential for harm FIGURE 3.18  Strengthening maritime domain threat recognition. SOURCE: Based on Chris Dwyer, Naval Research Laboratory, 2007, “Comprehensive Maritime Awareness (CMA) Joint Capabilities Technology Demonstration (JCTD),” Proceedings of SPIE [So- ciety of Photo-Optical Instrumentation Engineers], Vol. 6578, Defense Transformation and Net-Centric Systems 2007 [Conference], Orlando, Fla., April 9-13. Figure 3-18, editable, b&w R01141 

108 MARITIME SECURITY PARTNERSHIPS tested in operational implementations; they would be used primarily for vessel identification and tracking. Consider, for example, NavAir’s SureTrak, a proven MDA system capable of interfacing with existing sensor and C2 systems. Using data from a variety of sources (surface and air surveillance radar, video tracking systems, GPS, AIS, and so on), SureTrak is used primarily to improve harbor surveillance. This computer display system monitors marine harbor traffic, issues advisories to vessels in areas elected by the system operators, and provides the operators of the system with an early warning of unacceptable traffic conflicts in the confined waterways of the harbor. Each system consists of a number of remote sites providing radar, camera video, and audio communicated to a central vessel traffic center (VTC). VTC data integration and display provide the ability to identify and monitor vessel traffic by fusing multiple radars on a single display. SureTrak is a sample open-architecture, government-owned, and commercially available fusion system. The U.S. Navy should consider sharing some of these technologies at the unclassified level with nontraditional partners in order to boost rudimentary MDA. SureTrak and other such technologies are already being considered as part of the Navy MDA activity. Commercial tools for data fusion and data mining might also be of interest and should be considered a component that requires the participation of humans. Analyst toolkits designed to perform statistical processing would be of little value to a Navy operator; however, tools to associate data from disparate sources, threat and risk assessment tools, and collaboration and visualization tools could certainly augment the overall fusion and analysis capability. Leveraging Advanced Technology Research  The current focus appears to be on an evaluation of the available technology (both COTS and emerging GOTS) in order to solve first-order MDA problems (vessel tracking, rudimentary anom- aly detection, threat identification, communications, and collaboration). This approach strikes the committee as the right course of action to begin develop- ment of an integrated MDA capability. However, significant additional system design and engineering will be required to develop an intelligent, integrated, and automated MDA COP. At JDL levels 0 and 1, technologies exist and can be integrated into a pro- totype solution insofar as they have been developed for incorporation into a net- centric, service-oriented architecture. On the other hand, technology at higher JDL levels is currently a more advanced research problem, as discussed above. Higher levels of fusion technology are being developed under various S&T pro- grams sponsored by research-oriented government agencies. The aforementioned DARPA programs (PANDA, FASTC2AP) are examples of the results of such fusion research. In addition, the Office of Naval Research (ONR) has taken the initiative to leverage commercial technology in such programs as Pattern Analysis and Bayesian Link Discovery Tool for Transactional Networks ­(PALADIN) and Cleverset. Through ONR’s Commercial Technology Transition Office, ­PALADIN 

INFORMATION SHARING, A KEY ENABLER 109 was developed to detect threat activity and perform network analysis by effi- ciently searching massive, noisy data that may be unreliable, incomplete, or inconsistent. PALADIN’s anomaly detector, partial pattern matcher, hypothesis evaluator, and hypothesis merger can be used for maritime data fusion and analysis. They include a data model and database interface specification for extracting entities, links, and attributes from new data sources. PALADIN also includes a network visualization tool for exploring and discovering networks and evaluating threat hypotheses. In another ONR-sponsored example, Cleverset was given a small business innovation research award to apply its commercial algorithms in the development of improved report-to-track (RTT) fusion, track- to-track (TTT) fusion, and hybrid RTT/TTT fusion technology. Through both g ­ overnment-­sponsored research and commercial technology transition, the gaps in MDA can begin to be filled. In addition to needing funding and transition agency sponsorship, technology transition cannot occur efficiently without software engineering for the research work products. The DOD vision for net-centric warfare will necessitate a fresh view of the software engineering—that is, of the packaging of these emerging fusion technologies. For these technologies to fit into a net-centric information exchange environment, a common lexicon, software framework, and protocols must be developed and leveraged. In some cases, legacy technologies developed for closed-environment, stovepiped systems will need to be reengineered to ensure that the newly refactored software encapsulating a custom fusion algorithm is extensible, modular, portable, and self-describing. Clearly, a strong emphasis on software architecture and meta software project management must be considered in any large-scale systems integration effort for MSP. This is evidenced in the N6 MDA prototyping efforts, where the criteria for incorporating a technology into the demonstration spirals include not only the technology’s ability to address the requirements for MDA but also the ease with which the technology fits into a net- centric, service-oriented architecture. In short, if the technology is not or cannot be packaged correctly to fit, transition will be severely inhibited. Findings and Recommendation Finding: Research and demonstration programs sponsored by various agencies have produced good work that addresses some of the technology gaps in the cur- rent analysis and fusion of maritime domain awareness information. Much of the technology being developed to analyze and fuse data on maritime entities is in the early stage, in prototype form. However, as reflected in Navy efforts ongoing as of this writing, there are commercial off-the-shelf and potentially releasable government off-the-shelf analysis and fusion tools and software that offer early, useful capabilities for maritime security partnerships. Many ongoing maritime security and domain awareness efforts are currently funded under Iraq and Afghanistan supplemental budgets. This situation could 

110 MARITIME SECURITY PARTNERSHIPS result in an unfortunate loss of focus on MDA and a loss of momentum in the development of an overall MDA architecture when supplemental budgets for these nonmaritime contingencies wind down or stop. Recommendation 10: To leverage analysis and fusion technology and tools, the Chief of Naval Operations should assign the Deputy Chief of Naval Operations for Communication Networks (N6) (along with the relevant laboratories and systems commands) to take responsibility for maritime domain awareness-related analyze-and-fuse technologies, either for their short-term application as part of a starter kit (in releasable government or commercial off-the-shelf form) or for longer-term advanced research with identification of transition opportunities. Given that these efforts are of long-term importance, independent of the purposes of current supplementals, the Deputy Chief of Naval Operations for Resources, Requirements, and Assessments (N8) should work on funding maritime domain awareness efforts in the mainstream of the Navy budget. Recommendation 10 expands Recommendation 7, which calls for the devel- opment of IT infrastructure starter kits to facilitate and accelerate operational information-sharing initiatives that include analysis/fusion tools. Decide/Act As described above, the decide/act function calls for consultation and coor- dination mechanisms to support the decision process among partners and the execution of an action once a decision has been made. There is a very broad range of appropriate responses to the detection of suspicious activity and the sharing of the information. Such responses range from a simple maritime intercept opera- tion by the patrol craft of a coastal nation in response to information provided by another nation, to highly complex, coordinated multinational use of aircraft, ships, and port authorities to deal with a suspected perpetrator. Realizing the ultimate benefits of new or strengthened partnerships demands that such mechanisms exist at both the operational level (among partner nodes and centers) and the tactical level (among ships, boats, and aircraft and their com- mand nodes). Key enablers include the following: • Bilateral or multilateral agreements that specify the allowable scope of action, the rules of engagement, and so on. Table 3.2 illustrates some tactical actions that are codified in existing bilateral agreements, in this case a template of eight possbile actions taken from agreements between the USCG and partner nations in the south Atlantic and Caribbean (Coast Guard District 7); • Supporting procedures—for example, a partnership analogous to the U.S. interagency Maritime Operational Threat Response conference procedures devel- oped in response to the NSMS); and 

INFORMATION SHARING, A KEY ENABLER 111 • Supporting system capabilities, which are the focus of this section, “Decide/Act.” Several building blocks of the supporting system’s technical capabilities can be identified. For coordination and consultation, there is a substantial amount of readily available COTS tools/functionality—and sometimes even releasable GOTS—in areas such as multimedia collaboration and multilingual chat. The TRIM tool used by JIATF-S for Spanish translation—but supporting some 13 lan- TABLE 3.2 Representative Tactical Action Agreements Tactical Action Tactical Action Agreement Ship boarding Standing authority or procedures for the USCG to stop, board, and search foreign vessels suspected of illicit traffic located seaward of the territorial sea of any nation. Ship riding Standing authority to embark law enforcement (LE) officials on platforms of the parties, whom officials may then authorize to perform certain law enforcement actions. Pursuit Standing authority or procedures for U.S. government LE assets to pursue fleeing vessels or aircraft suspected of illicit traffic into foreign waters or airspace. May also include authority to stop, board, and search pursued vessels. Entry to investigate Standing authority or procedures for U.S. government LE assets to enter foreign waters or airspace to investigate vessels or aircraft located therein suspected of illicit traffic. May also include authority to stop, board, and search such vessels. Overflight Standing authority or procedures for U.S. government LE assets to fly in foreign airspace in support of counterdrug operations. Relay order to land Standing authority or procedures for U.S. government LE assets to relay an order to land in the host nation to aircraft suspected of illicit traffic. International maritime Standing authority or procedures for U.S. government LE interdiction support assets to moor or stay at national ports, entry of additional U.S. government LE officials (by ship and/or aircraft), entry of suspect vessels not flying U.S. or host nation flag, escort of persons from suspect vessels through and out of host nation (by ship and/or aircraft), and landing and temporarily remaining at international airports for logistics. Third-party platforms Provides for operations from vessels of nations other than the parties to the bilateral, usually by LE detachment from third-party vessel. 

112 MARITIME SECURITY PARTNERSHIPS guages—is an example of releasable GOTS. Such software offers support at both the operational and tactical levels and calls for only a modest PC capability. For the exercise of C2, there is the obvious need for connectivity extending to the tactical level. The solutions range from a rudimentary, beyond-the-line- of-sight radio voice capability to high-bandwidth, satellite-based data capability. Here, too, capability building blocks are readily available. For instance, Navy plans are leveraging CENTRIXS-provided capabilities and call for providing Iridium satellite phones to selected partner nodes as part of a fly-away package (see Figure 3.6). As mentioned earlier, DOD makes available a GOTS PC-based C2 package suitable for supporting these types of activities. Technology opportunities exist in this functional domain, too. For example, beyond the current technology for video teleconferencing, an emerging so-called telepresence technology is beginning to provide realistic and full contextual face- to-face experience. Further, the section “Analyze/Fuse” touched on the technolo- gies and decision-support tools in areas such as visualization. Clearly, the selection of technologies and fielded products must be tailored to the supporting infrastructure, defined broadly—for example, bandwidth (the well- known “disadvantaged user” issue) and sustainment and training capabilities. Providing collaboration, consultation, and coordination capabilities at the operational and tactical levels is not viewed as a complex technological challenge. The issues involved in sharing such support with nontraditional partners relate to the availability of COTS or releasable GOTS products and tailoring them to the situation at hand. The provision of communications and collaboration tools and systems should be included within the broader “design template,” “maritime security partnerships catalog,” and “starter package” referred to in Recommenda- tion 7. Protecting While Sharing Information The concept of MSP requires the collection, storage, and sharing of infor- mation, but the potential for disruption and compromise exists at each of these stages. Depending on a number of factors, including level of trust, potential vul- nerabilities, and cost and availability of information protection solutions, different connectivity architectures will be employed for different partnerships. In addition to the concerns inherent in maintaining secure communications and networks, there is the issue of protecting the information itself, with concerns ranging from revealing sensitive ship positions to giving away a competitive advantage. These are concerns for both the United States and the prospective maritime partners. The approach to assessing potential vulnerabilities when sharing information starts with an (open source) assessment for different levels of connectivity among the partners and is followed by a generic assessment of the vulnerability of the systems architectures envisioned to support these partnerships. This is followed by an assessment of residual vulnerabilities and their impact on the sometimes 

INFORMATION SHARING, A KEY ENABLER 113 difficult trade-offs between sharing and protecting information within a partner- ship context. Figure 4.2 in Chapter 4 lays out a spectrum of maritime security issues, from traditional military naval warfare at the high end to law enforcement issues such as illegal fishing at the low end of conflict. The issues will be resolved by different information security and protection regimes found across this spectrum. For example, U.S. ties to its closest allies deal with the entire security spectrum and often involve the sharing of Secret information (e.g., CENTRIXS networks), while its less mature partnership arrangement might involve sharing unclassified information, perhaps including sensitive law enforcement information, at the lower end of the spectrum. General Considerations Box 3.1 pairs the sources of potential threats to MSP and the tools they use to exploit system vulnerabilities. Although MSP does not think of nations per se as the only potential adversaries, a nation might be suspected of engaging in a hostile act if it were perceived to be behaving counter to its own interests in mat- ters such as fishing rights, navigational freedom, or environmental restrictions. Certain competitor nations have highly sophisticated capabilities in infor- mation operations, but the risk that they would mount an all-out attack on MSP information systems appears to be slight. On the other hand, a national power might wish to obtain or compromise MSP data to gain a commercial advantage. Terrorist and criminal organizations can hack into computer systems to steal information, alter databases, and disrupt networks. It is assumed that they would use these capabilities sparingly since their principal objective is to avoid detec- tion. The main concern is their acquisition of privileged information. The potential exists for nonstate actors to disrupt partnerships for political or ideological purposes. Such hackers or activists have demonstrated the ability to disrupt major networks with distributed denial-of-service attacks. BOX 3.1 Hierarchy of Threats and Vulnerabilities to MSP Connectivity and Information Protection • National (e.g., North Korea)—information operations, physical attack • Terrorist organization (e.g., WMD transport)—hacking, deception • Criminal organizations (e.g., drug cartels, piracy)—hacking, deception • Nonstate actors (e.g., hackers and activists)—network attack • Legal “infringers” (e.g., fishing rights, immigration)—deception 

114 MARITIME SECURITY PARTNERSHIPS At the low end of the threat spectrum are violations of a partner’s laws or rights, such as happens with illegal immigration or an encroachment on fishing rights. Many countries seek partnerships with the United States because it is in their interest to do so. The threat perpetrators pose to connectivity and informa- tion protection is minimal because, again, their priority is to remain undetected. The threat from an MSP standpoint is the potential for compromise of information that partner nations wish to keep private from nonpartner entities for reasons of national security or commercial advantage. If partners feel their information is not secure from unauthorized access or intentional data corruption, they may decline to share it. While breakdown in connectivity is a possibility that cannot be overlooked, it appears to be less of a threat to privacy. Protection Technology Table 3.1 listed seven systems that enable maritime information sharing, and Figure 3.7 depicted the N6 multilevel sharing architecture from unclassified systems such as MSSIS to classified systems such as CENTRIXS. Informa- tion protection issues exist with the sharing of unclassified as well as classified information (e.g., CENTRIXS nets for Joint Task Force-150). For instance, law enforcement information related to tips is generally viewed as sensitive even though the information has not been classified in a formal sense. Given the range of security regimes driven by sharing at different levels of classification and/or sensitivity, it is important to identify a corresponding range of readily available building blocks for information protection. The architecture for information sharing between or among nontraditional partners will be implemented with COTS products integrated into an open archi- tecture backbone context and protected by COTS security products. Classes of information and network protection technology are listed in Box 3.2. BOX 3.2 Classes of Information and Network Protection Technology • Multiple security levels (not the same as multilevel security) • Commercial security technology —IP Sec (IPv4, IPv6) —Secure Sockets Layer, Virtual Private Network • Multilevel security technology —Hardware-enforced security —Software-enforced security —Radiant Mercury —Trusted operating systems —Guards 

INFORMATION SHARING, A KEY ENABLER 115 Multiple security levels are required for protection of classified information as opposed to software-imposed multilevel security in an operating system. As an alternative to human-intensive “air gaps” to protect information and networks on the U.S. side of the interface, automated, filtered interfaces (e.g., Radiant Mercury guard) between security levels are needed to ensure capacity and timely workflow. Issues exist with current guard technology and products. For example, Virtual Private Network (VPN) security via commercial Internet service provider connection is blocked by some routers if Network Address Translation is applied behind a firewall to increase the number of users at a single IP address. However, these issues can be overcome with proper system design. U.S. policy with respect to protection is driven by the level of protection associated with the information. Some national security information can be deemed to be classified and possibly also compartmented. Other national security information can be deemed to be unclassified, with a wide range of Controlled Unclassified Information (CUI) designations, including relevant law enforcement information standards. Finally, some unclassified information is not considered as national security information but yet may require protection under a particular partnership agreement. Decisions made with respect to a particular partnership arrangement within which various kinds and levels of information are to be shared will dictate policy and derivative requirements for certification; acceptable choices among protection strategies; and products in areas such as user authentication, access controls, and information confidentiality. In the maritime sharing domain, concerns may arise about aggregate ship position information, which might compromise competitiveness, or about the potential exposure of law enforcement sources and methods. Therefore, even for unclassified information, commercial security such as Type 3 encryption, VPN, SSL, and Transport Layer Security (TLS) would be appropriate. Other commer- cial products for security and control of access to information include ID cards with biometrics for user authentication. Even networks and databases handling unclassified information need consis- tent application of COTS privacy and security products. DOD policy, although apparently not uniformly enforced, is that so-called common-criteria products certified by the National Institute of Standards and Technology (NIST; not the National Security Agency) are used in such cases. A difficulty with the NIST- certified products is that it costs vendors time and money to get certified, so the number of available building blocks is constrained. Managing Risks The application of an open architecture employing commercially available security technology basically ensures that there will be some degree of vulner- ability for system and data integrity. In general, then, the issue here is one of 

116 MARITIME SECURITY PARTNERSHIPS BOX 3.3 Information and Network Security Vulnerabilities • Insider threats • Directed denial-of-service attacks • Hacking (malicious code, interception of data, insertion of false data) • Jamming • System breakdown • Lack of configuration control (loss of interconnectivity) • Unintended recipients of information managing risk. It must be assumed that some of the shared maritime information will somehow become available to adversaries of the United States and its part- ners, including terrorists and criminal elements, through insider knowledge if not through network penetrations.16 Box 3.3, a listing of residual vulnerabilities assuming the application of com- mercial security protection, includes vulnerabilities associated with adversarial actions but also includes system design-level vulnerabilities that can bring down networks and compromise information. The most common forms of computer network attack are to overload the network to bring it down (distributed denial of service [DDOS] attacks) or to somehow gain access to the system (by hacking) to attack the operating system, create zombies, intercept data, or insert false data. Since ships require electromagnetic propagation for surveillance and connectiv- ity, their transmitted signals are subject to interception and jamming. Commercial business practice is to release new code early and apply patches as bugs are found in the software. Hackers have become very adept at exploiting bugs before the patches are applied. System-level vulnerabilities can also be anticipated if there is no configura- tion control. This issue can be addressed by U.S.-issued fly-away communication kits but would be a potential problem with partner-furnished equipment unless common standards for security products and their use are set. Unclassified infor- mation that provides information to low-end threats and assists them in avoiding detection may be broadcast. As a simple example, ship radars provide an early warning system for other ships equipped with simple radar detectors. However, for all other communications and data storage for unclassified networks, the committee foresees the common application of commercially available security products and practices. 16  Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, and John F. Farrell. 1997. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments, National Security Agency, Fort Meade, Md. 

INFORMATION SHARING, A KEY ENABLER 117 Summary The committee recommends the use of commercial products and network principles for information protection when sharing with and among partner nations at the unclassified level. Recommendation 7 assumes the Internet poses vulnerabilities associated with security. Commercial technologies exist to handle lower-end protection and are being extensively used by the Navy. Automated means exist to transition information to different levels of security for association and fusion, but these are cumbersome and limited. In addition, there is technol- ogy that allows data to be stored, communicated, and processed by a multilevel security approach. Despite the application of security technology, skilled opponents, design and configuration flaws, and equipment breakdowns will allow residual vulnerabili- ties. In particular, the insider threat is very difficult to prevent. The global busi- ness communities, such as banking, live in this environment and despite threats and occasional compromises continue to operate. Partnerships, particularly those dealing at the levels of sensitive but unclassified or controlled and unclassified should be able to operate in the face of an occasional compromise of information by criminals. Backup connectivity should be considered to maintain a sufficient level of trust with partners when the system is disrupted. The bottom line is that vulnerabilities will exist but are not seen as showstoppers for the overall concept of maritime partnerships. Risk can be managed by carefully selecting the infor- mation to be shared and adopting adequate protection measures. The committee strongly endorses the Navy’s adoption of commercial protec- tion technologies and products, as evidenced in emerging partnership initiatives. However, in this area and the area of networking infrastructure, there is a need to identify and test solutions and to attend to the devil-in-the-details issues inevita- bly associated with their integration into a working system. The committee did not, however, find any signs of an end-to-end information protection analysis, nor did it observe a NIST certificate for any information systems. Recommendation 7, which called for Deputy Chief of Naval Operations for Communication Networks (N6)-led architecting, engineering, and fielding ser- vice in support of operational initiatives, covers information protection technolo- gies and products. In addition to developing an MSP catalog of tested products and related starter kits, technical efforts should include an end-to-end information protection analysis to ensure that the protection meets the expectations of the partners for the several networks in operation or under development. 

118 MARITIME SECURITY PARTNERSHIPS Strengthening and Accelerating Partnership Operations and Initiatives—Mission-Driven System Engineering and Analysis The Case for Broad-Based System Engineering and Operations Analysis Beyond the technically based efforts to ultimately field the enablers discussed in the three functional areas discussed above, there are the system-of-systems or enterprise issues associated with (1) maximizing capability and performance of existing systems and assets, (2) identifying capability gaps and solutions for filling them, and (3) exploring the difficult trade-offs between capability choices in a constrained funding environment. For instance, the foregoing discussion of intelligence/surveillance identifies options for improving the maritime picture and the need to explore these, including, in the end, a prioritization of possible invest- ments based on their contribution to operational mission outcomes. Further, there are choices to be made in all the functional areas. Is the return on a $1 investment in additional surveillance capability as high as the return on that same investment in better fusion and mining of information from existing sources? The committee found fertile ground for mission-focused operational analysis during its visits and internal discussions. For instance, interactions with JIATF-S representatives clearly identified challenges associated with the allocation and deployment of scarce maritime surveillance and interdiction assets, a solid rec- ognition and understanding of these issues on the part of experienced staff, and an intent to build a base of operationally oriented data for analysis (an “enterprise database”). However, operational imperatives understandably continue to domi- nate or even preclude substantive, sustained analytic effort. Figure 3.19 illustrates a case in point: an analysis of surveillance coverage performance for different combinations of assets over a representative search box, noting the broader ques- tion of allocating assets among the more than 3,000 such search boxes that make up the JIATF-S area of interest. Even though such analytical challenges were not routinely discussed with presenters or during visits, they clearly exist wherever surveillance assets are being deployed and tactical actions are being taken and can be expected to persist as emerging partnerships mature. Furthermore, the pressure of day-to-day opera- tional imperatives as partnerships mature is not viewed as unique to JIATF‑S. The idea is that providing operationally oriented analytical support to part- nership operational elements in a responsive and tailored way would advance the cause of maritime security. The committee envisions that combining such analyti- cal support with support for enterprise-level issues will result in a broadly based systems engineering and analysis activity in support of partnership operational elements. The systematic execution of such an activity calls for a mission-ori- ented framework of some kind that encompasses all of the functional elements in a mission; Figure 3.10 shows an example. This mission-driven systems engineering and analysis would also accommo- 

INFORMATION SHARING, A KEY ENABLER 119 A m aritime patrol aircraft (MPA) is critical to success in detecting illicit trafficking. In a typ ical 75 × 150 nm i search bo x; —Ship alone: 9% detectio n rate —Ship an d helico pter:20% detectio n rate —Ship an d helico pter an d MPA: 70% detection rate i i FIGURE 3.19  Allocation of surveillance assets to search boxes: a JIATF-S example. SOURCE: Joint Interagency Task Force-South, “The Importance of MPA,” presentation to subgroup of the committee, June 12, 2007, Key West, Fla. Figure 3-19, type is editable, background map is bitmapped, b&w date planning for the future (“preplanned product improvements”) and enabling R01141 technology developments and insertions. Examples include automated decision aids such as rudimentary anomaly detection. A Corollary Effort— Strengthening the International Maritime Security Regime This report envisions the development of a two-pronged strategy for the building and strengthening of maritime partnerships—working regional and subregional initiatives and, at the same time, longer-term steps to strengthen international maritime security. Of particular interest here is the charter of the IMO, a central player in improving maritime security, and its successes in areas such as AIS and LRIT and in fostering standards for the reporting and exchange of relevant maritime information and working out agreements for the reporting and exchange procedures and obligations of its member nations. The committee believes that there are opportunities to extend and advance information reporting and sharing agreements that support maritime security and that the U.S. parties 

120 MARITIME SECURITY PARTNERSHIPS have opportunities to introduce constructive proposals and to support their further definition in an IMO working group. For example, one could conceive of report- ing and sharing some classes of shipborne radar information, as discussed above, a topic that will presumably be addressed in an upcoming (as of this writing) IMO-hosted conference on such matters. Technical analysis and support focused on topics like the relative merits of different data representation standards and mechanisms for collecting and sharing the reported information would of course be required. Such analysis and support is carried out today by the USCG as the U.S. representative to the IMO. The extension of such efforts, as envisioned here by the committee, is moti- vated by the view that the United States could be more proactive in tabling pro- posals and driving them to realization, with technically based recommendations as a key element. The Need for Technical Leadership by the Navy Finding: There is a need—unsatisfied today—for a systematic, analytical approach to optimizing the design of the end-to-end system for the collection and analysis of maritime security information and its follow-up. Satisfying this need would require a range of technical support from the Department of Defense and interagency arena to foreign partners. No matter how they are provided, support and advice should focus on system engineering for operational initiatives and would encompass related efforts such as the strengthening of U.S. technical participation in selected IMO initiatives as well as pragmatic, analysis-based advice to foreign partners on the most effective way to augment and deploy surveillance assets (e.g., radar siting). Recommendation 11: The Chief of Naval Operations and the Secretary of the Navy should jointly propose a Navy-led and Navy-housed executive agent on the technical aspects of an information-sharing system for the U.S. interagency maritime security partnerships initiative. This agent would provide systems engi- neering and operations analysis resources with technical support to International Maritime Organization initiatives. This mission-driven, enterprise-level systems engineering and analysis capability would be an extension of the Maritime Domain Awareness Executive Agent role already assigned to the Navy by the Department of Defense. It would support not only the U.S. elements but also, under the auspices of ongoing initiatives, its foreign partners. The enterprise-level systems engineering and analysis activity envisioned by the committee would address the following: • Maximizing the capability and performance of existing systems and assets, 

INFORMATION SHARING, A KEY ENABLER 121 • Identifying capability gaps and solutions to bridge them, • Exploring difficult cost/capability trade-offs, • Allocating scarce assets to support operations, • Mission-driven planning for future incremental improvements, and • Identifying and planning for enabling technologies. These activities would be accomplished from an end-to-end mission flow per- spective, adopting an explicit framework for analysis (see Figure 3.9). In this role, the Navy would be providing technical services to a range of customers: personnel at DOD, DHS, and at the Department of State elements responsible for leading and orchestrating MSP initiatives from a U.S. stand- point—for example, COCOMs, the USCG, and Department of State country teams as Navy’s customers. It is understood that the technical efforts envisioned here, to the limited extent that they are undertaken today, would be distributed among different ele- ments across the Navy, DOD, and the federal agencies. However, the committee came around to the view that a serious commitment to the MSP concept calls for a dedicated system engineering and analysis activity postured to work on all the regional and subregional operations and initiatives. A dedicated, centralized activity would consider both user responsiveness and a mature center of excel- lence that serves as a repository for analytical tools used for the kinds of effort described here. The committee understands that once such an effort is further defined and sized, it may well call for more funding than has so far been envisioned in MSP- related planning. At the same time as it realizes that new funding is always an issue, the committee also realizes that the funding requirements for the activity will probably be modest—a reasonable price for maximizing the mission perfor- mance of capabilities and assets involving substantially more investment and for informing decisions on future deployments and investments. Looking Forward— An Interagency MDA Portfolio to Be Defined and Managed The foregoing sections discussed system architectures and options for strengthening MDA information and its sharing in the 1,000-ship Navy context. Enabling management activities were called for in 11 recommendations. All of this, of course, implies investment. Just defining the options and assigning pri- orities is complicated by the fact that the MDA portfolio inherently cuts across multiple federal organizations and other systems (e.g., DOD, DHS, broader law enforcement, broader intelligence) and interfaces with international partner enti- ties. The creation of the Director of GMSA position and the charter for GMII is of course designed to address the horizontal nature of the MDA challenge. The committee believes it would be highly desirable for the GMSA and GMII—with 

122 MARITIME SECURITY PARTNERSHIPS substantive support from the Navy as executive agent for the DOD—to take on the task of defining and establishing a management mechanism for the MDA portfolio. Turning to the capabilities of interest and the Navy’s investment therein, it seemed to the committee during its initial work that the Navy’s focus was on exploiting the available information as much as possible (current dots) rather than, for instance, on seriously investigating potential new or enhanced surveil- lance capabilities, as outlined in this chapter (new dots). This focus and the resulting prioritization of modest resources seemed reasonable, and the reluctance to make potentially large investments in new surveillance systems without any clear and commensurate signs that they constituted a national security priority was understood. Later on, as the committee was finishing its deliberations, the issuance of Navy guidance and the Navy’s strong opposition to spiral 1 of MDA capability (the investment was apparently about $300 million) began to focus on and accel- erate cross-community sharing and exploitation of information. Although the sharing was mainly with federal agencies as opposed to international partners, the committee viewed it as a very positive move. Nonetheless, the committee remains concerned about the apparent lack of attention to strengthening maritime vessel surveillance. The idea here, reflected in recommendations in this chapter, is not that a large investment should be made in a particular system or capability but that a modest investment should be made now to explore in depth the full range of options, both those laid out here and others that will undoubtedly be identified. Known and potentially serious gaps exist in the technologies for active, assured surveillance. Clearly, promising options requiring significant investment would have to compete with other Navy and DOD needs. In any event, the notion of a well-defined and actively managed MDA port- folio at both the interagency level and within the Navy is strongly endorsed by the committee.