Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
23 Operational Requirements for WBEMCT Implementation Line managers determining the costs and benefits of obtaining or installing a system can begin by contacting their local EMA(s). In most cases, these local agencies have the capability to pro- vide airport operators with a username/password to access their WBEMCT, which often results in improved communications and coordination functionality among the airport and involved agencies. While there may be no direct purchase cost, minimal costs will be incurred for site/user license(s), time, and materials training. On an operational level, the following core capabilities can satisfy the basic requirements for an airportâs WBEMCT system: ⢠Operation within the airportâs current network design, ⢠Communication tools within an airport system that help relay data to external emergency management systems, and ⢠Resource tracking tools to document and preserve time-stamped records of actions taken. Effective WBEMCTs track the following areas of concern for an airport: ⢠Internal Inventory. Provides the status of key internal airport items including airport emer- gency facilities, systems and equipment, and personnel. ⢠Immediate and Long-Term External Provisions. Provides the status of emergency facilities, regular facilities, systems and equipment, personnel, sustenance, and so forth. ⢠Intelligence and Communications. Provides tools to support real-time monitoring and situ- ational awareness through the use of radio, telephones, video, public address systems, and video displays. ⢠Logistics. Provides tools to support procurement efforts, production, distribution, recovery, and disposal. ⢠Conditions. Provides information regarding ongoing internal situations such as crowd con- trol, traffic control, and airspace management, as well as external conditions such as weather, unexpected events, and disaster relief efforts. ⢠Access. Provides tools for communicating with internal and external stakeholders such as gov- ernment, commercial entities, and public and private users. Schematics To determine the best approach to meet their needs, the sample network architecture depicted in this section can guide airport IT staff through follow-on discussions. Hierarchies and command links should be unambiguously wired into the architecture of any system adopted by an airport so that the role, responsibility, and status of each EOC (e.g., airport C H A P T E R 4 Creating a Successful WBEMCT
24 Integrating Web-Based Emergency Management Collaboration Tools into Airport OperationsâA Primer EOC, city/county EOC) and web-based system is clear. The greater the degree of interconnected- ness, the clearer the lines of command must be. Integrating application solutions into a cohesive system is a challenge for any airport, and as the number of systems incorporated increases, so does the cost. Software vendors can provide a fully integrated solution, but initial costs will be more substantial. If it is necessary to maintain data integrity within an airport, a dedicated server can be estab- lished for airport personnel. There are several positive aspects to hosting a network within the air- port, foremost of which are the speed of the application, direct access to the system at the airport, and protection from external access. The most prohibitive drawback is cost, as installing a central server (or a strategically distributed collection of servers) and interfacing with the appropriate systems require time and money. Figure 5 depicts a sample design for an airport-based server as well as the usual key participants. Two alternatives to a central server-based WBEMCT are SaaS (also known as a subscription service) and a direct tie-in to an EMA. While more cost-effective, connection to a SaaS system through a web-based server, which is stored and maintained at a host location, can often be sluggish, so access to needed applications may be delayed. Furthermore, if the connections pass through the Internet or other public networks, the security and integrity of data may not be guaranteed. For airports looking for purely emergency management software solutions, or for those unable to support a more robust system, a more cost-effective solution involves a direct tie-in with the system of the local or state EMA. Airports that tie in with their local EMA may have access to those systems at little to no additional cost, and most software vendors can provide this level of support at a significantly reduced price. These solutions can be cloud-based (purely web-based Figure 5. Sample WBEMCT features and users [RFID = radio- frequency identification, NLETS = National Law Enforcement Telecommunications System (justice and public safety infor- mation sharing network)].
Creating a Successful WBEMCT 25 collaboration) or supported by a central server at the airport. Figure 6 illustrates how software vendors can provide these services through SaaS by establishing servers at a primary location (i.e., at the airport) and a secondary location, perhaps in another city. Multiple servers improve redundancy and survivability. A great deal of integration is still required between systems. Some software vendors can pro- vide a fully integrated solution, or the airportâs own software team may integrate the vendorâs locally hosted system. Vendors can guide airport IT staff in follow-on discussions to determine the approach that best meets their requirements. Figures 7 and 8 provide examples of Web-based emergency management configurations. System Security and Concerns All of the systems surveyed require usernames and passwords for access, and most web-based systems have functional accounts where certain information is restricted or only accessible to those with a need to know. These functional accounts are generally based on emergency man- agement naming schemes or functions such as operations, plans, or security. Law enforcement- sensitive information is available on some systems, again strictly accessible on a need-to-know basis. Additional restrictions and procedures may be needed to ensure compliance with DHS requirements. For airports looking to tie into a web-based system such as an SaaS or vendor-hosted sys- tem, the vendor will provide enhanced security measures to mitigate cyber security concerns. For airports with a system hosted on an airport server, the IT manager or system administra- tor will need to address cyber security issues. Transport mechanisms such as the Emergency Figure 6. Sample SaaS WBEMCT network features and users (LEA = law enforcement agency).
26 Integrating Web-Based Emergency Management Collaboration Tools into Airport OperationsâA Primer Figure 7. Example of web-based emergency management configuration (DMZ = demilitarized zone, SQL = structured query language, IIS = Internet information services, SAN = storage area net- work, IP = Internet protocol, LAN = local area network, WAN = wide area network, VPN = virtual private network, NAT = network address translation). Figure 8. Example of web-based emergency management configuration.
Creating a Successful WBEMCT 27 Data Exchange Language-Distribution Element (EDXL-DE) also provide policy-based routing of messages, proper sequencing, tracking, and non-repudiation. Suggested WBEMCT security details are as follows: ⢠Login and password should be required. ⢠Biometrics should be used for access to sensitive areas. ⢠Security measures should be inherent in application. ⢠Input should be based on duty, position, or role. ⢠Application should support secure socket layer. ⢠Application should implement access controls. Regardless of where the software or hardware is hosted, all users should remain diligent about computer security procedures. A WBEMCT can also document and record actions taken, so, in the event of legal proceedings, the system can provide a useful historical record of actions taken by airport personnel.