Nlets Policy Panel

Wednesday, May 22, 2013

Not your fathers Not your fathers  Nlets…anymore

Steve Correll, Nlets Executive Director

Nlets – the International Justice & Public Safety Network

Nlets

three One Billion Billion-three hundred million

2013 LEIM Conference Workshop ‐ Executive  Track 

1

Nlets Policy Panel

Wednesday, May 22, 2013

Nlets

•The number of times justice, public safety and LE in the U.S. and CN used Nlets in 2012.

Nlets

• 200 million –The number of times Nlets was used annually in the 90’s through early 2000’s –Before Before we “pioneered” then adopted Global national standards

2013 LEIM Conference Workshop ‐ Executive  Track 

2

Nlets Policy Panel

Wednesday, May 22, 2013

About Nlets • 501(c)(3) nonprofit – Owned and governed by the states – Operated by a professional staff of 30 full-time employees – Every operational dollar is earned income

• Operational site located in Arizona – Disaster recovery site located in Kentucky

About Nlets • Virtualized Nlets NJIN system and private y p network – Distributed system with state and federal members – ~150 data sets exchanged – Serves all U.S. territories, Federal U S states and territories agencies with a justice component, and select regional and international agencies – Nearly 30 industry strategic partners

2013 LEIM Conference Workshop ‐ Executive  Track 

3

Nlets Policy Panel

Wednesday, May 22, 2013

Information Exchange Not sexy, just solid • • • • • • • •

Legacy Services for… Driver and vehicle registration Criminal history records Wanted persons data Sex offender registry Probation and parole registry Concealed carry databases State warrant records Driver license and corrections images, BOLO (AM) images all interstate

• • • • • • • • • •

…and Access To Interpol (Lyon) Data from Canada and Mexico Homeland Alert messages LEO Flying Armed INS databases at LESC Amber Alerts Severe weather warnings Aircraft registrations GSA federal/diplomatic plates And many more!

Nlets • We were acting as a rudimentary community cloud before there was such a thing as a cloud – We have never held data, just connected those who needed it to those who have it, securely with shared services using readily available standards

• Most traffic passes through our facility in PHX by policy, no technical need. • FBI CJIS Security compliant plus plus, owned and managed by the state police – but a private corporation. Strange….but effective, efficient and successful.

2013 LEIM Conference Workshop ‐ Executive  Track 

4

Nlets Policy Panel

Wednesday, May 22, 2013

System & Network Statistics • Total Transactions in 2012: 333 721 297 –1 1,333,721,297

• System Uptime: – 99.95%

• Network Uptime: – 99.90%

• Avg. Round Trip Message Response Time: – 1.46 1 46 seconds d

• Top Message Keys: – RQ, DQ, IPQ, CR, AM, IQ

• Top Users: – CBP, TX, IP, CA, MI

Relationship Types • Principal – Non-federal criminal justice agencies in each state, the District of Columbia, Commonwealths, and Territories that are assigned Nlets control terminal responsibilities.

• International – Those criminal justice agencies under the authority of a g g y be assigned g foreign government that may Nlets control terminal responsibilities. Canada…but were trying!

• Federal – Federal agencies that may be assigned control terminal responsibilities. 27 and counting.

2013 LEIM Conference Workshop ‐ Executive  Track 

5

Nlets Policy Panel

Wednesday, May 22, 2013

Relationship Types • Associate – Those organizations that will provide a service to the Nlets community, are not eligible for any other type of membership, and may be assigned control terminal responsibilities. • Must be a non-profit agency

• Regional – Those Associate members who have a regional element, ARJIS, CAPWIN.

• Strategic Partners – Industry gaining access to Nlets network and system to serve JPS – Board approved

Nlets as a Funding partner

• Nlets has been innovative on how to facilitate change within our community through new funding ideas – Tough economic times generally bring forward the best new ideas – We cannot wait 20 years for gradual adoption of necessary enhancements

• States do not love the granting process. Instead of 50 states all applying for small grants, Nlets applies once and pays for the work to be done – direct to industry – on behalf of the states.

2013 LEIM Conference Workshop ‐ Executive  Track 

6

Nlets Policy Panel

Wednesday, May 22, 2013

Grant Process Nlets secures grant funding to support objective. g g pp j . Nlets supports the state in creating the SOW ‐ analysis, architecture  development & implementation planning. Nlets provides project management through final user acceptance  testing and implementation.  State approves final work product. Nlets writes check directly to states chosen industry provider Nlets publishes technical artifacts, specifications, & “lessons  learned” to support information sharing in the justice & public safety  community.

Money where…. ….Our mouth is! First challenge with Nlets Board was to break the myth that not-for-profits must be broke. Second was that we could be successful, technically very advanced while being very conservative financially And we could use our excess revenue over expenses – to give back to the community.

2013 LEIM Conference Workshop ‐ Executive  Track 

7

Nlets Policy Panel

Wednesday, May 22, 2013

Brodie Assistance Fund (BAF) • Nlets dollars budgeted to improve g p information sharing – short application process. • Goal to support the continued development of services and technologies that directly benefit the JPS community. b fit th it – Defined award criteria – Governed by the Nlets BAF Grant Committee and Nlets Board of Directors

Brodie Assistance Fund Process Nl t Nlets representative  t ti completes application  and submits to Director  of Business  Development.

Applications are  thoroughly reviewed by  the BAF Committee.

Awards are made  within 60 days or less of  application submission.

Final decision is made  by the Nlets Board of  Directors – through the  BAF Committee.

2013 LEIM Conference Workshop ‐ Executive  Track 

8

Nlets Policy Panel

Wednesday, May 22, 2013

Industry is… …a critical part of the solution Third thing I struggled with was to change the long held belief that industry existed to host hospitality suites – Not only was industry not to be feared, but they could be asked to become a trusted partner accessing our system, network and facility(s) to serve our mutual customers – public safety, LE, courts. Probation, parole… OH MY!

Industry Partnership Process

2013 LEIM Conference Workshop ‐ Executive  Track 

9

Nlets Policy Panel

Wednesday, May 22, 2013

List of Partners Strategic Partners

List of Partners Hosting Partners

2013 LEIM Conference Workshop ‐ Executive  Track 

10

Nlets Policy Panel

Wednesday, May 22, 2013

Strategic Partner Growth Areas • • • •

LPR Electronic toll collection Regional sharing systems CAD/RMS Records/Software as a service 10 new companies are currently being explored for potential partnership, including 8 potential hosting customers

Automated Secure Alarm Protocol (ASAP) ASAP to the PSAP • The Goal – To Automate the Communication process between Alarm Central Stations and Public Safety. • Reduce Dispatch Time – Speed response to emergencies. • Reallocate PSAP manpower needs by reducing time on the phone for alarms. A necessary step in today’s budget reality. • Eliminate Errors in verbal transfer and manual entry of alarm data. • Automated validation of address and agency data

• Partnership between APCO, CSAA and Nlets – In production and growing

2013 LEIM Conference Workshop ‐ Executive  Track 

11

Nlets Policy Panel

Wednesday, May 22, 2013

Disaster Recovery Project Ten years in the making...

• All systems managed by Nlets are now recoverable in under ten minutes at the Nlets Disaster Recovery Site in Louisville Kentucky. – All virtualized, same technical capabilities as primary site – all data backed up.

• We now use it as Nlets Production EAST moving nearly seamlessly from one to the other for upgrades and maintenance. 6/12/2013

23

Hey…

…It’s your Nlets Questions? Q ti ?

2013 LEIM Conference Workshop ‐ Executive  Track 

12

Nlets Policy Panel

Wednesday, May 22, 2013

Thank You

Security Issues and Emerging Technology in Security Issues and Emerging Technology in  Public Safety

Bill Phillips Information Security Specialist

2013 LEIM Conference Workshop ‐ Executive  Track 

13

Nlets Policy Panel

Wednesday, May 22, 2013

Overview • • • • •

What Data Emerging g g Technology gy - Methods of Access Policy Impact and Challenges Draft Policy Elements Leveraging Existing Technology

The Data • Criminal Justice Information (CJI) – – – – –

Biometric Data Identity History Data Biographic Data Property Data Case/Incident History

2013 LEIM Conference Workshop ‐ Executive  Track 

14

Nlets Policy Panel

Wednesday, May 22, 2013

The Data • Criminal History Record Information (CHRI) – Title 28, Part 20, Code of Federal Regulations (CFR) – “Restricted Data”

Access Method • Mobile Data Terminals • Thick Client • Web Applications • Mobile Application

2013 LEIM Conference Workshop ‐ Executive  Track 

15

Nlets Policy Panel

Wednesday, May 22, 2013

Access Method

Source: http://www.microsoft.com/en‐us/news/presskits/cloud/docs/the‐economics‐of‐the‐cloud.pdf

Emerging Technology

675,000 Applications

700,000 Applications

2013 LEIM Conference Workshop ‐ Executive  Track 

150,000 Applications

16

Nlets Policy Panel

Wednesday, May 22, 2013

Policy Challenges • • • • • • •

Pace of Innovation Virtualization Software-Defined…. CJI in Cloud Computing Near Field Communications Dual Persona Mobile Access to CJI

Policy Challenges

2013 LEIM Conference Workshop ‐ Executive  Track 

17

Nlets Policy Panel

Wednesday, May 22, 2013

Policy Update

Proposed Policy Update • Policy Area 13: Mobile Devices – – – – – – – – –

Wireless Communications Technologies Mobile Device Management (MDM) System Integrity Incident Response Auditing and Accountability Access Control Wireless Hotspot Capability Identification and Authentication Device Certificates

2013 LEIM Conference Workshop ‐ Executive  Track 

18

Nlets Policy Panel

Wednesday, May 22, 2013

Proposed Policy Update • Policy Area 13: Mobile Devices – establish usage restrictions and implementation guidance for mobile devices – authorize, monitor, and control wireless access to the information system

• Mobile Device Management Requirement – – – – –

Remote locking of device Remote wiping of device Setting and locking device configuration Detection of “rooted” rooted and “jailbroken” jailbroken devices Enforcement of folder or disk level encryption

Proposed Policy Update • Application of mandatory policy settings on the device • Detection and prevention of unauthorized configurations or software or applications • Track the location of agency controlled smartphones and tablets • Immediately revoke or disable unique device identifiers or certificates in the event of loss or theft

2013 LEIM Conference Workshop ‐ Executive  Track 

19

Nlets Policy Panel

Wednesday, May 22, 2013

Using Existing Technology • Application Virtualization • Defense in Depth p • Where the Data Resides

Bill Phillips Nlets Information Security Specialist

2013 LEIM Conference Workshop ‐ Executive  Track 

20

Nlets Policy Panel

Wednesday, May 22, 2013

LPR National License Plate Reader Pointer National License Plate Reader Pointer  Database

Randy DeForest Sr. Software Engineer

Randy DeForest

• Sr. Software Engineer for Nlets • 22 Years as professional geek • 2 Years with Nlets

2013 LEIM Conference Workshop ‐ Executive  Track 

21

Nlets Policy Panel

Wednesday, May 22, 2013

Nlets LPR Overview • National LPR pointer database resides at Nlets – Searchable index of LPR events stored in state and regional silos – Pointer database to contain event metadata and thumbnail images only • Detailed record obtained by search directly to record owner

– Geo-coded records

• Input from practitioner, practitioner vendor focus groups • Integration with Nlets Proactive Alerting

Nlets LPR Pointer Database Overview

• Microsoft SQL Server 2012 • License plate number data is cleaned when written to the database • License plate number stored using a dimentionallized data pattern • Storage pattern allows for “Fuzzy” searching

2013 LEIM Conference Workshop ‐ Executive  Track 

22

Nlets Policy Panel

Wednesday, May 22, 2013

Nlets LPR Pointer Database Dimentionallized Data Pattern

• Each character of the LPN stored as an individual entity • LPN is reversed and stored dimentionally to allow for “ends in” searches • Each entity column individually indexed

Nlets LPR Pointer Database Fuzzy Searching

• ABC123 – 4BCI23 – 4BC1Z3

2013 LEIM Conference Workshop ‐ Executive  Track 

A

A

B

B

A

4

B

8

B

3

C

C

3

1

1

2

2

3

1

I

2

Z

3

8

3

B

23

Nlets Policy Panel

Wednesday, May 22, 2013

Nlets LPR Data Submission • Secure web service provided for data submission – All transactions utilize SSL with Nlets generated certificate – Up to 100 events utilizing XML or JSON

• Bulk load available via CSV flat file and SFTP

Nlets LPR Data Submission

Law Enforcement Toll Roads Border Crossing

Nlets Secure Network

Towing/Recovery

Parking

2013 LEIM Conference Workshop ‐ Executive  Track 

24

Nlets Policy Panel

Wednesday, May 22, 2013

Nlets LPR Initial/List Search LPR Initial/List Search LPQ to  N L

Detective/Investigator

Nlets MPLS  Network

LPR

State Mes sage Switch

Nlets Mes sage Switch

Read ID: 296 Read Date: 2012‐11‐28T14:30:35 License Plate: SAMPLE Read Location: MAIN & 1st  Lat, Long: 00,000 Camera ID:  Confidence: 0 Record Owner: ZZ0032000

LPQ.AZNLETS99.NL.TXT LIC/SAMPLE

Nlets LPR Po in ter  Database

Read ID: 295 Read Date: 2012‐11‐28T14:30:22 License Plate: ABC123 Read Location: 123 BROADWAY Lat, Long: 00,000 Camera ID:  Confidence: 0 Record Owner: ZZ0032000

Nlets LPR Detail Search LPR Detail Search LPQ to   ZZ003200

Detective/Investigator

Nlets MPLS  Network State Mes sage Switch

LPR

Nlets Mes sage Switch

ZZ State LPR Repository  or State Switch

LPQ.AZNLETS99.ZZ0032000.TXT EID/296.DAT/20121128

2013 LEIM Conference Workshop ‐ Executive  Track 

Read ID: 296 Read Date: 2012‐11‐28T14:30:35 License Plate: SAMPLE Read Location: MAIN & 1st  Lat, Long: 00,000 Camera ID:  Confidence: 0 Record Owner: ZZ0032000

Make: HOND Model: CVIC Color: BLU SecColor: MVE Year: 2001 LPN: SAMPLE

25

Nlets Policy Panel

Wednesday, May 22, 2013

Nlets LPR: What’s Next

• Geospatial queries • Event mapping • Full integration with Nlets Justice Portal

Nlets LPR Pointer Database

2013 LEIM Conference Workshop ‐ Executive  Track 

26

Nlets Policy Panel

Wednesday, May 22, 2013

Randy DeForest [email protected] @ g 623.308.3517

National License Plate Reader Pointer Database

2013 LEIM Conference Workshop ‐ Executive  Track 

27