Connect & Protect: proof networked homeland security works

12/15/05

(Sorry that I didn’t blog this when it first came out: I was preoccupied with getting ready for my DC trip, and then didn’t find the time it deserved after I returned.)

Sweet! Icosystem Management CEO (and emergent behavior/”swarm intelligence” guru) Eric Bonabeau tipped me off to this article in the new issue of Wired with a note that “you will find it resonant with your approach. ”

He’s right!

The article, “Reinventing 911? (with a telling subtitle:”how a swarm of networked citizens is building a better emergency broadcast system” — my italics, to emphasize the relationship with emergent behavior) reinforces my 3 key points about why we need the smart mobs approach to deal with terrorism, natural disasters and/or pandemics:

Let’s just jump to the final paragraph, because it sums up this great grassroots program in Portland, and capsulizes my argument for a networked strategy that makes the public full partners in prevention and response:

“If national safety –the ability to respond to hurricanes, terrorist attacks, earthquakes — depends on the execution of explicit plans, on soldierly obedience, and on showy security drills, then a decentralized security scheme is useless. But if it depends on improvised reactions to unknown threats, that’s a different story. A deeply textured, unmapped system is hard to bring down. A system that encourages improvisation is quick to recover. Ubiquitous networks of warning may constitute our own asymmetrical advantage, and, like the terrorist networks that occasionally carry out spectacular attacks, their power remains obscure until they’re called into action.” (my italics for emphasis)

Here’s the low-down.

The article is largely about the work of Art Botterell, who I met online when I was checking out the EDXL schema for emergency data. Art, in addition to writing the Incident.blog (subtitle: “networks and services responding to sudden change.”!); created the Common Alerting Protocol (CAP), to standardize “the content of alerts and notifications across all hazards;” was part of the team who wrote the EDXL schema, and started the whole unified emergency information system with California’s Emergency Digital Information Service (which assures redundant messaging, as I’ve emphasized before, since you can’t tell which of the many communications forms will still function in an emergency, and because recipients’ confidence that the alert is real will increase if they receive it from a number of sources).

As Botterell told Wired’s Gary Wolf,

“The focus in homeland security is on the idea of America as an invincible fortress …. Most of the effort goes into prevention, law enforcement, and the military. But those of us in emergency management tend to think, ‘Well, stuff happens. So, what are you going to do about it?’”

and that was pre-Katrina!

Wolf emphasizes that human nature kicks in during an emergency, complicating the difficulty of making the emergency messages effective:

“Humans are encoded with a tendency to pause. When we receive new information that requires urgent action, we hesitate, testing the reality of the news and thinking about what to do. Emergency managers are all too familiar with this feature of human nature. They call it milling.

“Milling is rational - and dangerous. Even when a warning is successfully delivered, there are deadly delays before people respond. What are they doing in these minutes, hours, and even days? They are talking to friends and family, watching the news, listening to the radio, calling the police, counting their money, and trying to balance the costs of leaving against the risks of staying. When alerts are given through rarely used pipelines, milling increases. And when the information distributed by hard-pressed government officials is confusing or contradictory, milling increases even more.

“During a large disaster, like Hurricane Katrina, warnings get hopelessly jumbled. The truth is that, for warnings to work, it’s not enough for them to be delivered. They must also overcome that human tendency to pause; they must trigger a series of effective actions, mobilizing the informal networks that we depend on in a crisis.

“To understand the true nature of warnings, it helps to see them not as single events, like an air-raid siren, but rather as swarms of messages racing through overlapping social networks, like the buzz of gossip. Residents of New Orleans didn’t just need to know a hurricane was coming. They also needed to be informed that floodwaters were threatening to breach the levees, that not all neighborhoods would be inundated, that certain roads would become impassible while alternative evacuation routes would remain open, that buses were available for transport, and that the Superdome was full.” No central authority possessed this information. Knowledge was fragmentary, parceled out among tens of thousands of people on the ground. There was no way to gather all these observations and deliver them to where they were needed. During Hurricane Katrina, public officials from top to bottom found themselves locked within conventional channels, unable to receive, analyze, or redistribute news from outside. In the most egregious example, Homeland Security secretary Michael Chertoff said in a radio interview that he had not heard that people at the New Orleans convention center were without food or water. At that point they’d been stranded two days.

By contrast, CAP is a major step toward the kind of real-time, location-based information I’ve argued for that allows rapidly-changing plans as the situation unfolds, and which personal communications devices can increasingly capitalize on:

“CAP gives precise definitions to concepts like proximity, urgency, and certainty. Using CAP, anyone who might respond to an emergency can choose to get warnings for their own neighborhood, for instance, or only the most urgent messages. Alerts can be received by machines, filtered, and passed along. The model is simple and elegant, and because warnings can be tagged with geographical coordinates, users can customize their cell phones, pagers, BlackBerries, or other devices to get only those relevant to their precise locale. The EDIS system proved itself in the 1994 Northridge earthquake, carrying more than 2,000 news releases and media advisories, and it has only grown more robust in the decade since.”

Wolf goes on to explain that the problem, whether it’s a freak storm or a terrorist cell is asymmetry (something that the Minutemen exploited rather well in 1775 but we seem to have forgotten how to deal with):

“The wreck of a city by a hurricane is an example of asymmetry. So is terrorism — the relative ease of destruction is the edge terrorists use to compensate for their small numbers.

On the other hand, software designers have gotten pretty good at increasing resistance to asymmetrical threats. The principles are well known: Use uncomplicated parts, encourage redundancy, and open the system to public examination so flaws can be discovered and fixed before they become catastrophic. The key is not to anticipate every problem, but to create flexible networks that can route around failure. Yet ever since 9/11, the security establishment has gone in the opposite direction, building highly specialized tools, centralizing control, and increasing secrecy. (italics are mine)

“…rarely used (emergency warning) systems actually produce idiocy. Who could remain ready to act on a signal that seldom, if ever, comes through? [this is in line with my point about the dedicated Emergency Alert System, which most of us have never even heard and ain’t much help if broadcasters are off the air: the last thing you should subject people to when they’re already stressed out is to deal with a newfangled system..] Eventually, people zone out. They stop paying attention. They become idiots.

“…Real reactions to real threats take an entirely different form. Wherever they occur, major threats nearly always trigger instant ripples through electronic networks. Bursts of communication are unleashed as witnesses spread the word. [why everyone but Chertoff and Brown knew what was happening in New Orleans..]”

Wolf then says what’s needed resembles 911 call centers, to take the warnings and then analyze them

“into a real-time portrait of a bad event. We need a system to boost intelligence everywhere, providing the kind of distributed, networked resistance crucial for surviving asymmetrical attacks. Such work could hardly be performed by machines. Operators would have to take calls from people on the ground, separate out the cranks, dampen the hysteria, and keep a precise record. In theory, all that information could then easily be pushed back out to the public.”

In fact, he reports that Portland already has just such a system. Going a step beyond the normal inbound 911, the Portland version analyzes and synthesizes the warnings
coming in, then distributes them back to the public — a real enabling tool! The info is tagged using CAP, then as a result of a collaboration between city Emergency Communications Director Carl Simpson and a businessman with a social conscience, Charles Jennings, owner of Swan Island Networks (his Connect & Protect” package is the critical tool), the information is distributed via the Regional Alliances for Infrastructure and Network Security, a non-profit that Jennings also created.

Connect and Protect uses CAP, plus mapping, messaging, and security. What’s cool, according to Wired, is that Jennings went beyond the normal definition of public safety agencies, distributing the information to the public schools, security guards at the zoo, parole officers, public libraries — even dogcatchers.

But here’s the really hot thing, IMHO, especially when I think of my favorite 9/11 anecdote: about how actor James Woods might have prevented 9/11
if there’s only been a system in place that would have allowed him to have contributed directly the information about the suspicious dudes on his August 1 flight to LA: the various participants in the program now send bulletins to each other — i.e., they’re empowered!

“Network effects began to take hold, and by late 2005 recipients of the 911 alerts were sending warnings directly to one another every day. Messages about auto break-ins at the mall went to high-rises across the street, where the security office had 32 guards on staff. Parole officers sent alerts to the schools. On the Oregon coast, hotel managers used Connect & Protect to pass along news of storm threats. During a recent tsunami warning for the West Coast, Connect & Protect beat the beach siren in one coastal town by 24 minutes.

Connect & Protect is now a large conglomeration of overlapping alerts stretching across nine Oregon counties. Each stream of warnings is controlled by the agency that issues it. Fairly strict security features attempt to limit abuse of the warnings - certain categories of calls, such as reports of sexual crimes, are not transmitted publicly, the alerts can’t easily be copied or pasted, anonymity is forbidden.” (hmmm, this sounds not unlike what I’ve been telling the tech brain-dead types at the FBI they could do to solicit responsible anti-terror tips instead of their stupid tip form….)

Wolf does point out that there are privacy violations with the system, but evidently they’re kept in check in Portland and the public feels the benefits outweigh the risk. He concludes that, as I’ve argued, an informed an empowered public can become true partners in a networked security system:

“the spread of Connect & Protect exposes the region’s real security network, a ubiquitous but previously hidden tangle of private and public groups. The lines of authority through which the alerts travel on Connect & Protect do not form a simple pyramid, but extend in a mycelial net that grows thicker in some places, thinner in others. The network copies — but also broadens and blurs — the existing web of governance. Eventually, most people may be touched by such a network, but the origin and route of any message is unpredictable and constantly changing.”

IMHO, Connect & Protect is the most dramatic proof to date that I’m not blowing smoke when advocating a networked approach to security that empowers the public and uses personal communications technology to spread reliable information on a two-way basis far more rapidly than is possible with a klugy, dedicated governmental system. It’s here, it works, get over it. What do you think?

Social bookmark this page Technorati tags: