From Small Clues to Big Picture

By Teresa Anderson

Since September 11, 2001, government officials, terrorism experts, and private citizens have emphasized the importance of intelligence gathering and analysis. The goal is to make it possible for government agencies to connect the dots from seemingly random incidents to find the big picture of a possible terrorist event in time to detect and deter any plans for an attack. The Transportation Security Coordination Center (TSCC) was created to take on that mission for the transportation sector.

TSCC Director Curt Powell characterizes the TSCC as a collaborative environment, leveraged with technology, in which employees strive to quickly analyze situations and assess countermeasures to take away the enemy's advantage of surprise. It has been working behind the scenes toward that end since its creation in early 2003. For example, when several flights from London to Washington, D.C., and Riyadh, Saudi Arabia, were cancelled in late December 2003, U.K. officials said that the decisions were based on specific intelligence from the United States. The coordination and analysis of the data came from the terrorism experts at the TSCC.

Under the Homeland Security Act of 2002, which established the Department of Homeland Security (DHS), the government was charged with developing a group to analyze transportation data and monitor critical infrastructure. Set up under the auspices of the Transportation Security Administration (TSA), the TSCC was the body that emerged.

The task.
The TSCC monitors the 429 commercial airports in the United States as well as thousands of miles of rail transportation and pipelines. Trucking routes are also scrutinized, as are the nation's more than 300 ports. The center gathers information from intelligence agencies, airport screeners, and federal air marshals. It also receives alerts from federal security directors and other leaders in the private sector who are responsible for transportation infrastructure, such as shipping company owners, port security personnel, and oil and gas industry professionals.

The job of those who work at the TSCC is to analyze the intelligence compiled from all of these sources and recommend action to mitigate any possible security risk. Testifying before the 9-11 Commission in April, CIA Director George Tenet said it would take five years to build the CIA to the level where it could gather global intelligence as effectively as needed to fight the war on terrorism. Clearly, one hurdle the TSCC faces in meeting its mission is that it can only work with the intelligence provided.

The expertise.
TSCC analysts are drawn from all federal agencies--especially the 22 agencies under the DHS. Also represented in the center are the Secret Service, the Department of Defense, the Capital Police, and the U.S. Park Police.

Information from the private sector comes from industry leaders and from information sharing and analysis centers (ISACs) formed by several different industries. For example, the TSCC works with ISACs from the food industry, water utilities, emergency services, state government, information and telecommunications, and the energy, transportation, banking and finance, real estate, and chemical industries. Representatives from each ISAC now work at the TSCC facility. Direct interaction with these industry representatives helps to keep the intelligence chain short and allows a quicker response to new threats.

Having all of the players in one room is an advantage because it facilitates employee collaboration in the search for any emerging patterns in the volumes of data analyzed. If the CIA analyst has a question on presidential protection, for example, he can walk across the room to the Secret Service representative and ask the question without delay.

The TSCC is focused on the transportation infrastructure. The infrastructure is divided into three core issue areas--air, land, and sea.

Air. Because of the nature of the 9-11 attacks, much of the TSCC's attention has been focused on intelligence related to the air transportation system (although the March train attacks in Madrid have since led to heightened concern for rail safety in the United States as well). In addition to high-profile actions, such as the flight cancellations discussed at the beginning of the article, the TSCC watches for any signs of suspicious activity that might raise concerns about certain flights from high-risk locations and keeps the lines of communication open among overseas contacts such as the heads of security at airports. These contacts help the center ensure that the appropriate screening measures are conducted on foreign flights and that foreign airports alert the center about any concerns. Analysts also screen unfiltered information from these airports.

If concerns are raised, TSCC employees can deploy resources to have suspicious flights rescreened. In one instance, a flight screening raised concerns because a seemingly full flight had fewer passengers than expected. TSCC requested that the flight be rescreened. Security personnel found that a significant number of people who had checked in to travel on that flight had not boarded the aircraft. As a precautionary measure, the flight was cancelled. The baggage was taken off the flight and rescreened, and the passengers were booked on other flights.

On the domestic side, TSCC employees collect reports from the field and analyze data on everything from unruly passengers to items captured at checkpoints. For example, the TSCC notes that more than 200 guns were captured at airport checkpoints in January and February 2004.

Incidents of unruly passengers on planes--which are reported at least two to three times a night--draw close attention because such actions could be a ploy. Similarly, information about incidents at checkpoints is analyzed to see whether it could be part of a pattern. If lessons are learned from the analysis, the findings are passed back to airports to provide guidance for airport screeners around the nation.

Airport screeners also report to the TSCC when new items that could cause concern start to show up in carry-on baggage. For example, in March 2004, a screener notified the TSCC that a new men's cologne is being sold in a bottle that looks remarkably like three sticks of dynamite with a fuse hanging from it. The TSCC notified all airports of the new item and then contacted the manufacturer to inform it of the problems caused by the design.

Land. This category covers rail and commuter lines, trucking and overland cargo movement, and pipelines. To effectively analyze these sectors of the transportation infrastructure, TSCC has relied on industry to provide information. For example, the companies that own oil and gas pipelines provide data they glean while monitoring their own properties.

Also, the TSCC is working with various port authorities around the nation to get access to internal CCTV cameras. These agreements will affect both land and sea security. For example, the TSCC already has an agreement with the Port Authority of New York and New Jersey to view its CCTV cameras, which include cameras in tunnels and on overpasses.

CCTV cameras will be a more significant part of the TSCC's operation in the future. The center is in talks with several pipeline owners to remotely receive feeds from their CCTVs. The center will endeavor to watch these cameras around the clock, to record certain feeds so that employees can go back and see what happened if concerns arise, and to have the ability to tune in live at a moment's notice in the event that an incident occurs.

Sea. The TSCC's efforts with regard to the tracking and analysis of maritime issues that include hijackings, piracy, and the security of commercial and cruise vessels is currently under development. TSCC has representatives from U.S. Customs and Border Protection (CBP), the Coast Guard, and various industry groups working on these issues. One critical source is the CBP's National Targeting Center, which serves as the focal point for evaluating the security of imported cargo and for distributing periodic intelligence alerts to the ports. The system was originally designed to identify narcotics contraband, but it has been altered to help port personnel identify containers that might pose a potential terrorist threat; these are then selected for further physical screening and inspection.

Because there are not as many federal agencies involved in the maritime industry as there are in the aviation industry, private industry has a greater role to play. The TSCC is continuing to reach out to civilian groups that it can partner with to leverage government resources.

One of the critical maritime responsibilities of the TSCC since its inception was the safety of the Queen Mary II. When the luxury liner--considered a potential terrorist target--was launched in Ft. Lauderdale, Florida, the TSCC was responsible for coordinating security.

The bigger picture.
Because an enemy can tailor an attack on numerous fronts, the TSCC often analyzes information that spans issue areas and comes from a variety of sources. And as it formulates recommendations for countermeasures to potential threats, it crafts a broad solution. For example, in December 2003, an Alaskan pipeline was identified as one of the targets being talked about in "chatter" intercepted from terrorist cells. In addition to restricting physical access to the pipeline, such as closing down streets near it, the TSCC also called for flights above the pipeline to be rerouted.

The facility.
The TSCC operates out of facilities in Alexandria, Virginia, that were retrofitted to serve the group's specialized needs. The facility also houses the Federal Air Marshal deployment center, and the remaining 13,500 square feet of unused space has been earmarked for a national-level training center.

The main working area of the TSCC is the watch floor. The 10,000-square-foot room is equipped with an elaborate briefing and display system. Large plasma screens fill one side of the room, which is known as the "knowledge wall."

Approximately 500 employees work at 84 workstations. All walls are waist-high so that there is unrestricted visual access on the watch floor. Various workstation monitors display different types of information, including data and video-stream images. Additionally, staff members have the ability to beam data and images around the world.

The floor design was created for flexibility. It can currently hold 50 subject-matter experts and could easily be reconfigured to place additional employees in the same physical area during a crisis or to accommodate the needs of a particular mission. Also planned is a multipurpose room that would be used for training, overflow emergency office space, or educational seminars.

The technology.
Given the volume of information collected, the only way that it can be managed is to have the data processed and analyzed by computers. All of the information-sharing systems at the TSCC feature fiber-optic connections, geospatial information systems, and common network architecture.

TSCC's systems were integrated by the Naval Space Warfare System Command (SPAWAR), a government agency that specializes in systems integration. John Lillard, the Washington security programs manager, led a team of more than 100 people to complete the project. They also designed, integrated, and installed the complete IT infrastructure at the site.

The TSCC monitors intelligence documents sent via e-mail as well as video feeds from remote CCTV cameras. While the specifics of the IT design are classified, the system had to provide an environment that could handle the different information sources and present them in a common way so that the data could be integrated.

SPAWAR designed a framework that supports almost all available media including voice, data, and video, and can be adapted for certain future technologies. The system also has a sophisticated switching method so that various media can be placed in one document. For example, if a TSCC employee needs to put a still photo from a CCTV camera into an e-mail, that can be done quickly.

While some of the systems were new, SPAWAR did have to deal with existing technology. For example, several agencies brought their legacy hardware with them to the site. The biggest challenge for SPAWAR was to get all of those agencies to work with it to make the integration possible. (The fact that government agencies prior to the September 11 attacks had numerous intelligence databases that could not share data with each other is another of the issues identified by Congress and the 9-11 Commission as needing to be addressed.)

It was SPAWAR's responsibility to ensure that the team captured all of the requirements for the various entities and developed a framework that would provide the open and flexible environment necessary for so many heterogeneous systems to work together while still maintaining security. The team brought together a number of existing systems, such as the Maritime Land Security eCOMM (MLS eCOMM) system--a Web-based and encrypted communications system designed to allow maritime officials to talk to each other.

It was a formidable systems engineering task to provide an environment that could accommodate the equipment needed for integration while allowing the users to still maintain close proximity to one another for interpersonal communications. The human factor and the systems factor often conflicted with one another. The team handled these issues with a simultaneous top-down and bottom-up approach to facility design.

Space planning analysts met at the organizational level to define the personnel requirements of the individual operating missions; at the same time, systems engineers surveyed existing platforms and fleshed out the requirements for systems and equipment at the new facility. The two groups then worked together to develop a solution that brought together an open-systems architecture that is designed to support the people using it, rather than forcing them to adapt their way of doing business to the constraints of the system.

The SPAWAR team's solution consisted of a reconfigurable, compartmentalized space layout--the watch-floor design discussed earlier--that provides areas of concentration but remains open enough to allow the different entities to interact. This configuration also allows the various analyst groups to focus on the information most critical to their missions and minimize noise and interference from the other people sharing the space.

The network design includes multiple levels of IT security, including firewalls, intrusion detection, and encryption systems for remote site connectivity. The TSCC facility was designed to deal with technology failure as well. Power systems have double redundancies; for example, the backup generators have backup generators.

Terrorists may always have the advantage of surprise. However, by sharing information, the TSCC hopes to negate that advantage and connect the dots before terrorists have an opportunity to strike.

Teresa Anderson is a senior editor at Security Management.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.