Embed Size (px)
Citation preview
Emergency Data Interoperability Agenda
Emergency Interoperability Consortium October 22, 2013
The National Response Framework (Second Edition, May 2013) calls for accurate and accessible information sharing and warning for the public, particularly when dealing with incidents that start small but may evolve to have greater consequences. The Department of Homeland Security (DHS) has developed an Integrated Public Alert and Warning System (IPAWS) to address this need. However, data exchange standards are critical to enabling informed emergency response. Information sharing among the tens of thousands of safety organizations at the local, state and national levels is simply impossible, much less efficient, unless it is based on data standards. The experience of our national economy is that modest investments in information technology standards create outsized returns, while improving information interoperability and operations performance. This value is already clearly accepted in healthcare, where a major national effort is being expended to bring about digital, standards-based interoperability. We strongly support that work, in our case seeking to bring the benefits of health information technology and standards to emergency medical response. A similar commitment needs to be made for the rest of emergency response.
In both cases, broader use of the significant standards we already have and the rapid creation of new ones will be critical drivers in the national priority of increasing deployment and use of broadband. Most emergency agencies today are not significant users of broadband. Even though an enormous amount of valuable information exists electronically, it is not available to emergency responders because of the lack of information sharing standardization.
The Administration needs a clear agenda for developing standards to achieve interoperability in emergency information and communication, and deploying the ones we already have. It should pursue this agenda through a variety of projects and existing partnerships, using established and new stimulus funds. This agenda needs to include projects and resources. The White House needs to provide on-going leadership because so many different federal departments, state and local agencies, NGOs, and the private sector need to be involved. Agency management, budgets, and funding are “vertical” (i.e., earmarked for specific organizations or functions). Emergency response and the required standards are “horizontal” (i.e., cutting across organizational and functional boundaries). Our organization has worked with emergency practitioners, government, and industry on this problem for five years. We respectfully suggest that the federal government needs to:
Significantly increase funding to support emergency response practitioners in developing detailed requirements for all-domain standards of all kinds
Provide direct funding of emergency practitioner organizations, and groups such as EIC and the Integrated Justice Information System (IJIS) Institute, so they can devote the time needed to establish requirements for standards
Supplement messaging standards with all-domain taxonomy efforts, and network-centric interoperability service standards such as standards for core services
Offer significant funding for organizations such as the OASIS Emergency Interoperability Member Section to provide necessary staff and other support for actual standards development
Fund demonstrations and trials of draft standards Conduct economic and outcome analyses to show the costs and benefits of
standards and the resulting interoperability, and Mandate strong requirements for recipients of Federal funds (contracts or
grants) to demonstrate compliance with and use of validated open standards.
We specifically recommend the following:
1. Strong White House leadership for standards development activities in the emergency area. The federal Chief Technology Officer and the Office of Science and Technology Policy need to coordinate the overlapping (and sometimes conflicting) activities of DHS, DOJ, HHS, DOC and DoD, of professional organizations, and of private standards bodies. In addition to this centralized oversight role, we suggest creating an affiliated and supporting NGO clearinghouse to support the coordination of both the requirements development and emergency response standards efforts.
There are a number of entities that are or may be actively pursuing applicable open emergency-related standards, and detailed requirements for them. Some of these deal with subsets of the data exchange problem (such as sensor data exchange). Some deal with taxonomy; some with messages; some with enterprise services. We need an all-encompassing perspective from the federal level, the emergency professions, and standards groups. These groups need to be aware of the standards others have helped develop, and how these might serve their needs as well. The OASIS Emergency Data eXchange Language (EDXL) Distribution Element (DE) is a perfect example. It can route payloads developed by any of the other standards bodies.
The EIC is prepared to work closely with other industry groups and standards bodies to enhance cooperation, including where appropriate formalizing our relationship with them through written agreements. This “community of interest” should include, among others, emergency organizations such as EIC, IJIS Institute, NENA, APCO, Global Justice, HITSP and others like them, along with standards groups like OASIS, the Open Geospatial Consortium, IEEE, HL7, IETF, TIA, ANSI and NIST. (See Attachment A: List of Acronyms).
2
2. Developing detailed specifications for standards. We critically need a major expansion of the effort by emergency practitioners from all the affected domains to develop detailed requirements for inter-domain emergency messaging standards. A small program to do this is now part of the DHS Science and Technology Directorate; the pace of this activity needs to be substantially accelerated. This effort was successful in producing detailed requirements and specifications for several emergency message standards. These came from an intensive process involving a very diverse group of practitioners working through multiple use cases. The result has been some extremely useful, all emergency domain message standards, including the OASIS EDXL Distribution Element, OASIS EDXL HAVE (hospital resources) and OASIS EDXL Resource Messages. Most recently a detailed set of requirements for Situation Report messages was produced, and formally submitted to OASIS by the EIC and DHS.
Unfortunately, this process is hampered by lack of resources, and so moves very slowly, developing one message specification proposal at a time. HHS has a much larger commitment of this kind to achieve electronic health record data interoperability. Justice funds this kind of activity through various law enforcement groups. None of these are coordinated. We suggest the White House leadership we call for in section 1 above determine how to fund and manage a major expansion of DHS and other agency staff support for the development of detailed messaging specifications, shared taxonomy and other needed emergency standards.
We also suggest that DHS establish a means to support practitioner groups (through rapidly awarded grants or subcontracts with existing contractors) so they can afford to participate in an intensive way. Industry can fund experts who do nothing but standards development. Practitioner groups have far fewer resources, although it is their input that is most needed for these kinds of standards. Modest annual grants of about $50,000 each to key national emergency response professional groups had been approved in principle when the Disaster Management (DM) standards development program was under the Federal Emergency Management Agency (FEMA) a few years ago; this would speed up the standards development process.
In addition, the EIC has been effective in bringing industry into the standards process early and effectively, and to promote the use of standards within the emergency response vendor communities. But it lacks sufficient funding to do this intensively or in depth despite the volunteer services of its Board and members. IJIS is the same position within the Justice community. We recommend that the EIC and IJIS be treated in the same manner as the practitioner groups with grant funding, and that they coordinate their efforts.
3. Support the OASIS Emergency Technical Committees (EM-TC, EMA-TC). The OASIS Emergency Management Technical Committee (EM-TC) is a volunteer committee that has produced a number of international, emergency data messaging standards. It has enjoyed almost no federal support, and what it has received is
3
intermittent and limited. DHS should encourage its leading IT contractors to participate in the EM-TC activities and in the new OASIS EM Adoption TC (EMA-TC) activities. In publicly disclosed contracts, we recommend that DHS fund the OASIS Emergency Interoperability Member Section so it may select and pay staff to support these technical committees’ volunteer members and leadership, and fund travel and related expenses for quarterly face-to-face meetings, and more frequent project meetings.
DHS should provide funds to the OASIS Emergency Interoperability Member Section sufficient to: Support two staff members helping the EM-TC and EMA-TC on a half time
basis, a total of about $200,000 per year, and Pay the expenses of XML focus groups, face-to-face meetings, OASIS
adoption forum, technical committee workshops, technical committee face-to-face meetings, and EM-TC and EMA-TC travel, a total of about $140,000 annually.
4. Upgrade and Enforce the Integrated Public Alert and Warning System (IPAWS). The IPAWS Alert Aggregator, also known as the IPAWS Open Platform for Emergency Networks (IPAWS-OPEN), is a set of securely hosted web services that enable the routing of standards-compliant emergency messages from alerting authorities to the public through a variety of communication pathways, including:
Emergency Alert System (radio and television) Commercial Mobile Alert System / Wireless Emergency Alerts (cell
phones and mobile devices) National Weather Service Dissemination Services Internet Services Local Systems (sirens, digital road signs, etc.)
IPAWS improves alert and warning capabilities by allowing alerting authorities to deliver their message from a single portal to multiple communication pathways including EAS, NOAA, and CMAS/WEA. The CMAS/WEA leverages a new partnership between commercial mobile service providers (CMSP), FEMA, and the FCC to allow alerting authorities to send geo-targeted alerts to capable cell phones, even when cellular voice and data service are overloaded.
IPAWS governance falls to FEMA. FEMA must ensure that all aspects of the public safety and emergency preparedness communities are represented when defining requirements for IPAWS. In addition, DHS should ensure that the IPAWS implementation support the broadest dissemination of alert and warning information, to include specific definable geographic regions and sectors of the population including nonresident visitors, tourists, and individuals with disabilities and access and functional needs. FEMA should also streamline the process for authorized government entities at all levels to generate an alert and warning message to be disseminated by the IPAWS system.
4
To gain broadest acceptance of the IPAWS deployment among state and local government entities, the Federal government will need to provide incentives for adoption and use of the system. A portion of that incentivization will need to be in grants and funding assistance to offset the initial costs of deployment.
5. Broadening National Information Exchange Model (NIEM) to all emergency domains. Common terminology across agencies is important. The National Information Exchange Model (NIEM) is an excellent idea, but is significantly under-resourced in general. We support the recent DHS initiative to broaden the scope of components within NIEM beyond its core of justice terminology to include all DHS domains (portfolios) in the NIEM data model. We request that this be broadened to include all emergency domains (e.g. EMS, hospitals, 9-1-1, public health, transportation, and others not represented in DHS), including close coordination with HHS. NIEM historically was composed of the Global Justice XML data dictionary and model, with modifications to meet some DHS needs for Screening, Immigration, International Trade, Radiological / Nuclear Detection and recently for Maritime Domain Awareness. Justice provides the primary and most mature governance to NIEM through the Global XML Structure Task Force (XSTF). Global currently has only one DHS representative from Intelligence and Analysis. The DHS Chief Information Officer has undertaken work (such as the NIEM Blue Team) to broaden the NIEM model to support a broader range of DHS missions. The EIC strongly supports this initiative, but it needs to go much farther to achieve one of its key goals of being a common terminology for all emergency agencies. It needs cross-jurisdictional representation, and from state and local levels as well. The strength of the Disaster Management process (in which the EIC has been a partner) has been that it reached out to every profession involved in emergency response. The NIEM data model and the governance of it should do likewise.
We suggest this broadening of NIEM begin with two specific projects: Getting all the non-Justice emergency domains to review and come to
resolution on common definitions for the limited set of defined terms the XSTF developed (called “universal core” at the time) that were thought to be needed in common by all emergency response agencies.
Completion of a project the EIC began with its own funds to reach agreement across all domains on common names for incidents, and common names for the roles involved in emergency response. This will enable much easier routing and security for emergency messages.
6. Coordinating NIEM and OASIS. Similarly, a concentrated effort needs to be made to harmonize the NIEM taxonomy with OASIS and other messaging standards to ensure interoperability between OASIS EDXL standards and NIEM. NIEM defined terms should fit easily into EDXL defined messages. Since NIEM came into existence after EDXL began, and DHS grant language requires conformance to both, it is imperative these two DHS-stewarded programs align.
5
7. NIMS Testing Support. The National Information Management System (NIMS) was established by Presidential Directive in February 2003. Its purpose is to provide a consistent nationwide approach for Federal, state, and local governments to work effectively and efficiently together to prepare for, respond to, and recover from domestic incidents. Systems operating in an emergency response environment must be able to work together and not interfere with one another. Interoperability and compatibility are achieved through the use of tools such as common (compatible) communications and data standards. To ensure that commercial and government products comply with the guidelines and standards incorporated into NIMS, FEMA established the NIMS Supporting Technology Evaluation Program (NIMS STEP), now called the Preparedness - Technology, Analysis, and Coordination Center (P-TAC). The P-TAC supports NIMS implementation by providing an independent, third-party evaluation of commercial and government products against NIMS standards, concepts, and principles, including whether they comply with the OASIS data standards. The NIMS Service Center in Kentucky performs this testing on behalf of FEMA. We suggest that this program be supported and expanded to test against the full NIMS Recommended Standards List of Communications and Information Management Standards.
8. Standardizing Core Services. Using the same vocabulary (taxonomy) and sentences (message structure) are critical first steps. But to have interoperable data communications we also need standards for shared, network-centric services that the full range of authorized emergency systems can access. These services would include: access control, agency location, identity management and the like. We need government to fund developing the first reference models for these, and a process to standardize a set of core services which can then be copied and federated (exactly like a variety of federated Domain Name Services support the whole internet world). The Open Geospatial Consortium has proposed a plan to do this. As part of this, there needs to be a review of how existing standards that support elements of these core services (e.g., SAML, XACML, SOA-RM, LoST, etc.), can be incorporated within the broader core service concepts.
9. Demonstrations. Nothing causes positive change more than showing active use of the standards in functional systems. DHS should fund some of the costs of demonstrations and trials according to proposals the EIC has made to DHS in the past, including a “persistent web-based demonstration site,” participation in a limited number of professional shows and events, and a limited number of field trials. For a DHS contribution of $175,000, supported by in-kind contributions from our participating members, we propose to create:
a. An on-going web-based demonstration that “goes live” on a regular basis (e.g. once a week), so people from all over the country can see what is possible. It would be advertised on and accessed from DHS’s DisasterHelp.gov as well as other organizations’ websites.
b. A “road show” intended to be shown at events (e.g. conventions, conferences) where some or all the participants send staff to explain and manage the demonstrations.
6
c. On-line and printed materials explaining the demonstration, standards, participants and scenarios used.
10. Require Use of Standards by Contractors and Grantees. DHS should make a serious effort to communicate with all its IT contractors and grantees about the importance of these specific standards and this standards development process. DHS should lead by example, and use the standards in its own directly-funded pilots. We understand that that is already being done by certain DHS components, notably the Domestic Nuclear Detection Office. But DHS should require use of those standards on a wider basis, especially by all grantees and contractors, rather than “suggesting” through grant guidance. The EIC has developed recommended grant guidance language for the Department’s consideration (see Attachment B).
11.Sponsor Annual Demonstration/Workshop/Conference on Interoperability. The Administration should promote workshops and conferences to advance awareness and adoption of validated open data exchange standards. Additional benefits include opportunities for increased networking among public, private and non-profit entities interested and involved in open standards, and positive publicity. The EIC has led a number of these in past in partnership with other emergency organizations.
12. Undertake Academic Review of the Costs and Benefits of Standardization in
this Field. There are a variety of homeland security centers of excellence. None of these to our knowledge has been charged with studying the human and economic costs of the lack of emergency response interoperability, and the costs and benefits of interoperability. The conduct of economic and outcome analyses to show the costs and benefits of standards and the resulting interoperability could be an important part of a more expansive focus on next generation emergency information and communications technologies (NG EICT) generally. There is no academic focus on this critical topic either.
13.Establishment of an Emergency Data Interoperability Caucus. To focus the oversight of the Congress on the important issues involved with interoperable emergency data exchange, the EIC recommends the establishment of a new Emergency Data Interoperability Caucus, to be chaired by the Committee on Homeland Security of the House of Representatives, with day-to-day management support provided by the EIC.
Attachments:
a. Partial List of Emergency Data Standards Acronymsb. Interoperability Grant Requirement Languagec. DHS – Emergency Interoperability Consortium Memorandum of Agreement
7
Attachment A: Partial List of Emergency Data Standards Acronyms
ANSI American National Standards Institute
APCO Association of Public-Safety Communications Officials, International
CAP Common Alerting Protocol
CMAS Commercial Mobile Alert Service
COMCARE COMCARE Emergency Response Alliance
DM Disaster Management
EAS Emergency Alert System
EDXL Emergency Data eXchange Language
EDXL-DE EDXL Distribution Element
EDXL-HAVE EDXL Hospital Availability
EDXL-RM EDXL Resource Management
EDXL-SitRep EDXL Situation Reporting
EDXL-TEC EDXL Tracking of Emergency Clients
EDXL-TEP EDXL Tracking of Emergency Patients
EIC Emergency Interoperability Consortium
HITSP Health Information Technology Standards Panel
HL7 Health Level 7
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering and Technology Forum
IJIS Integrated Justice Information System Institute
IPAWS Integrated Public Alert and Warning System
LoST Location to Service Translation Protocol
NENA National Emergency Number Association
NG EICT Next Generation Emergency Information and Communications Technologies
NGO Non-Governmental Organization
NIEM National Information Exchange Model
NIMS National Information Management System
NIST National Institute for Standards and Technology, Department of Commerce
NOAA National Oceanic and Atmospheric Administration
NWS National Weather Service
8
OASIS Organization for the Advancement of Structured Information Standards
OGC Open Geospatial Consortium
SAML Security Assertion Markup Language
SOA-RM OASIS Service Oriented Architecture Reference Model
TIA Telecommunications Industry Association
WEA Wireless Emergency Alerts
XACML eXtensible Access Control Markup Language
9
Attachment B: Suggested Principles for Grant Guidance
We propose that the following principles be turned into rules and attached to DHS and other federal and state emergency information and communications technology grants.
1. Scope. Applies to all emergency data communications funding for all agencies that provide or support emergency services.
2. Standards. All direct or indirect recipients of funding must comply with all applicable data models and interchange standards formally recognized by the Department of Homeland Security. Such data models and interchange standards may include all current versions of:
a. National Information Exchange Model (NIEM)b. OASIS Emergency Data Exchange Language (EDXL)/CAP
3. Open Data Interchange Architecture. All direct or indirect recipients of emergency data communications funding must utilize published interfaces with preference given to solutions that utilize open standards.
4. Guidelines should not require the use of any specific product or service created by a single organization.
10
Attachment C: DHS – Emergency Interoperability Consortium Memorandum of Agreement
11
12
13
14
15
