Risk
4/19/2013
09:49 AM
John Foley
John Foley
Commentary
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Boston Bombers Can't Elude City's Tech Infrastructure

Video surveillance played a key role in identifying the suspects in Monday's tragic Boston Marathon bombing, setting a precedent for increasing use of sophisticated security IT systems nationwide.

We don't yet have a conclusive report on the data gathered and analyzed in the aftermath of the Boston Marathon bombings on Monday, but this much we do know: Video surveillance and other information technologies played a huge role in identifying the two main suspects, one of whom was killed by police early Friday morning amid a shootout.

In fact, the city's Office of Arts, Tourism and Special Events was testing a new operations dashboard from IBM on April 15, the day of the marathon, and Boston CIO Bill Oates was on hand to oversee its use.

Oates talked to InformationWeek contributor Michael Fitzgerald that morning from Boston's call center on the eighth floor of City Hall, where he and IT staffers were able to view on a monitor the marathon route and a two-block span around it. At the time, just a few hours before the bombings, Oates said the goal was to use the marathon "to get a sense of what the system is going to show us, so we can look at leveraging how to improve our coordination of events."

The system wasn't available to police and emergency management officials in their event-control trailers near the finish line. But the city does plan to add 911 data and potentially video surveillance feeds in the future, Oates said. "Following the event, we'll be able to go to all the folks that have planned and operate the event and show them what's in this system so they can think about it," he said on Monday morning.

[ Beware of hackers who exploit tragedy for malicious purposes. Read Malware Attackers Exploit Boston Marathon Bombing. ]

In the wake of the terrorist attack, the data gathered by Boston's operational dashboard could be invaluable. Oates certainly had high expectations that it would help the city plan, coordinate and manage the marathon more effectively. "It's the city's job to make sure all goes according to plan," he said in a blog post on the morning of the marathon.

Among the challenges to be addressed, Oates wrote, "How many emergency personnel will we need, and where do we place them?" That blog post has since been taken down from the IBM website where it appeared. InformationWeek hasn't been able to reach Oates to ask about how the operational dashboard performed or whether data useful to the investigation was generated.

Valuable Clues

Video recorded in the vicinity of the explosions provided important clues to law enforcement. On April 18, the FBI distributed a video clip and still images in hopes of identifying two suspects, now identified as brothers from Chechnya: Tamerlan Tsarnaev, 26, the man killed by police Friday morning, and Dzhokhar A. Tsarnaev, 19, who as of this writing was still on the run.

In recent years, cities worldwide have been investing in video surveillance in an attempt to lower crime and improve public safety. The Boston Police Department in 2010 opened a "real-time crime center" that gets video feeds from dozens of street cameras positioned across the city. During the center's unveiling, the police demonstrated how they used video from a closed-circuit TV camera to arrest suspects in a shooting incident.

Boston is now expanding its smart city initiative with sensors, predictive analytics software from IBM and performance-reporting software from SAP. In recent years, Boston has expanded the number of surveillance cameras on its street corners, under its bridges and in its local shopping areas, according to The Boston Globe.

In the wake of the 9/11 terrorist attacks, Baltimore, Chicago, Dallas, New York, San Francisco and other U.S. cities have done the same, often with funding from the federal government. Municipal IT pros tend to favor broader use of cameras and related technologies. 58% of respondents to InformationWeek Government's Future Cites Survey, completed in October by 198 municipal IT pros, say that cameras, motion sensors and other public safety devices have high potential for improving city operations and performance.

Video surveillance on city streets is increasingly being used to deter and solve criminal activity. Scotland Yard used video footage to identify suspects in 2011 when rioters wreaked havoc on the streets of London and other English cities after the shooting death of a man who had traded gunfire with police. Last year, the New York Police Department used video to identify, arrest and charge a Staten Island man -- dubbed John Doe Duffel Bag because he was seen in pictures carrying a duffel bag -- in the slayings of three Brooklyn store owners.

New York City is deploying a full-scale surveillance system, the Domain Awareness System, that pulls in data from 3,000 closed-circuit TVs, 2,600 radiation detectors and 100 license plate readers. Microsoft, which developed the system with the NYPD's Intelligence Division and Counter-Terrorism Bureau, is marketing the platform to other municipalities. The day after the Boston bombings, New York Mayor Michael Bloomberg outlined steps his administration has taken to guard against similar attacks. "Our camera network now has the capacity to alert police to abnormalities it detects on the street, such as an abandoned package that is left on a corner," he said.

Inevitably, the rising number of street cameras feeding into police nerve centers raises cries of Big Brother from privacy watchdogs. In Seattle, activists earlier this year destroyed more than a dozen security cameras to protest the city's growing surveillance network.

But the Boston attack and the effectiveness of video in identifying the suspects provide a clear message to mayors and CIOs that they can't be deterred from taking additional steps to prevent and respond to acts of terrorism as well as everyday crimes. And there's more that city officials can and must do.

Facial recognition, analytics and other advanced technologies can sift for signs of trouble in real time. IBM, as part of its Smarter Public Safety line of products, sells a video correlation and analysis suite that offers real-time alerts, facial recognition and "situational awareness" of a location. The FBI is developing facial recognition capabilities as part of its $1 billion Next Generation Identification program.

At the same time, city officials must be transparent about their use of surveillance technologies. In January, Kratos Defense & Security Solutions, which counts the Pentagon and the Department of Homeland Security among its clients, announced it had received an $18 million contract to install a municipal transportation security and surveillance system for "one of the largest municipalities in the United States, located in the Northeast." Such obfuscation is what makes people nervous.

Yet, as Boston reminds us, cities must take decisive action. Responsible use of video surveillance is part of the answer.

A well-defended perimeter is only half the battle in securing the government's IT environments. Agencies must also protect their most valuable data. Also in the new, all-digital Secure The Data Center issue of InformationWeek Government: The White House's gun control efforts are at risk of failure because the Bureau of Alcohol, Tobacco, Firearms and Explosives' outdated Firearms Tracing System is in need of an upgrade. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dufas_duck
50%
50%
dufas_duck,
User Rank: Apprentice
5/2/2013 | 4:26:49 AM
re: Boston Bombers Can't Elude City's Tech Infrastructure
The same argument is ongoing in the use of drones. Many of the legislature was all for wide open drone use until TMZ stated that they could use drones to a good advantage. All of a sudden, politicians realized that they could find their missteps flashed across Youtube or on some scandal mongering TV show.... Now they want to limit who uses drones and what they are used for....

Seems that it OK to snoop on we peons but the elite are going to protect themselves...
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
4/23/2013 | 3:10:22 PM
re: Boston Bombers Can't Elude City's Tech Infrastructure
Misidentification in the rush to publish is certainly an aspect to consider. While the article addresses increased use "nationwide" as many individual freedoms in the electronic age are forfeited in the name of security, it may be worthwhile to consider some of the discussion already undertaken in Europe where there are many case studies already underway and laws enacted. From Google's legal battles and policies of how their video/imagery can be used, to England's extensive use of street cams, to the highly restrictive Italian privacy laws including requirements for automatic imagery erasure in as little as 24 hours, a lot of discussion has already occurred on the issue. Unfortunately, the record for "responsible use" when one is presented with intrusive systems where there is a high risk of abusive use is probably not all that positive in extremely competitive environments.
John Foley
50%
50%
John Foley,
User Rank: Apprentice
4/22/2013 | 9:38:34 PM
re: Boston Bombers Can't Elude City's Tech Infrastructure
Agreed. It's the 21st Century, homeland security version of the old needle in the haystack problem, where the haystack is hundreds of hours of video and thousands of still images from many, many sources, including public, business, and man on the street. Since this column was published, I've been contacted by several companies in the video surveillance business that are pushing the state of the art in deriving actionable intelligence from all that noise and irrelevant data.
John Foley
50%
50%
John Foley,
User Rank: Apprentice
4/22/2013 | 2:09:57 PM
re: Boston Bombers Can't Elude City's Tech Infrastructure
Deirdra -- Yes, in the same way we saw that video surveillance played a pivotal role in the Boston bombings case, we witnessed the ugly side of that as innocent bystanders found themselves in the spotlight of public scrutiny. The situation was complicated by the fact that it was unfolding in real time, but that can't be an excuse. As video surveillance becomes increasingly pervasive, and as social media spreads rumors and innuendo like wild fire, the onus is on everyone in the breaking news supply chain is to weight their actions carefully.
spintreebob
50%
50%
spintreebob,
User Rank: Apprentice
4/19/2013 | 11:56:30 PM
re: Boston Bombers Can't Elude City's Tech Infrastructure
Not only governments, but companies, political movements and others will need to consider quick response to events and how to collect and evaluate massive amounts of data. Most importantly how to filter out the noise and irrelevant data.
Deirdre Blake
50%
50%
Deirdre Blake,
User Rank: Apprentice
4/19/2013 | 5:10:11 PM
re: Boston Bombers Can't Elude City's Tech Infrastructure
Unfortunately, those same technologies were used by the press to publicize images of entirely innocent bystanders as "persons of interest" prior to identifying the actual suspects in the Boston case. While access to such information is a godsend to law enforcement, "responsible use of video surveillance" should apply to everyone with access to such images -- and, at present, that is most certainly not the case.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2227
Published: 2014-07-25
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

CVE-2014-5027
Published: 2014-07-25
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.

CVE-2014-5100
Published: 2014-07-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_...

CVE-2014-5101
Published: 2014-07-25
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authn...

CVE-2014-5102
Published: 2014-07-25
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.