Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/19/2013
09:49 AM
John Foley
John Foley
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Boston Bombers Can't Elude City's Tech Infrastructure

Video surveillance played a key role in identifying the suspects in Monday's tragic Boston Marathon bombing, setting a precedent for increasing use of sophisticated security IT systems nationwide.

We don't yet have a conclusive report on the data gathered and analyzed in the aftermath of the Boston Marathon bombings on Monday, but this much we do know: Video surveillance and other information technologies played a huge role in identifying the two main suspects, one of whom was killed by police early Friday morning amid a shootout.

In fact, the city's Office of Arts, Tourism and Special Events was testing a new operations dashboard from IBM on April 15, the day of the marathon, and Boston CIO Bill Oates was on hand to oversee its use.

Oates talked to InformationWeek contributor Michael Fitzgerald that morning from Boston's call center on the eighth floor of City Hall, where he and IT staffers were able to view on a monitor the marathon route and a two-block span around it. At the time, just a few hours before the bombings, Oates said the goal was to use the marathon "to get a sense of what the system is going to show us, so we can look at leveraging how to improve our coordination of events."

The system wasn't available to police and emergency management officials in their event-control trailers near the finish line. But the city does plan to add 911 data and potentially video surveillance feeds in the future, Oates said. "Following the event, we'll be able to go to all the folks that have planned and operate the event and show them what's in this system so they can think about it," he said on Monday morning.

[ Beware of hackers who exploit tragedy for malicious purposes. Read Malware Attackers Exploit Boston Marathon Bombing. ]

In the wake of the terrorist attack, the data gathered by Boston's operational dashboard could be invaluable. Oates certainly had high expectations that it would help the city plan, coordinate and manage the marathon more effectively. "It's the city's job to make sure all goes according to plan," he said in a blog post on the morning of the marathon.

Among the challenges to be addressed, Oates wrote, "How many emergency personnel will we need, and where do we place them?" That blog post has since been taken down from the IBM website where it appeared. InformationWeek hasn't been able to reach Oates to ask about how the operational dashboard performed or whether data useful to the investigation was generated.

Valuable Clues

Video recorded in the vicinity of the explosions provided important clues to law enforcement. On April 18, the FBI distributed a video clip and still images in hopes of identifying two suspects, now identified as brothers from Chechnya: Tamerlan Tsarnaev, 26, the man killed by police Friday morning, and Dzhokhar A. Tsarnaev, 19, who as of this writing was still on the run.

In recent years, cities worldwide have been investing in video surveillance in an attempt to lower crime and improve public safety. The Boston Police Department in 2010 opened a "real-time crime center" that gets video feeds from dozens of street cameras positioned across the city. During the center's unveiling, the police demonstrated how they used video from a closed-circuit TV camera to arrest suspects in a shooting incident.

Boston is now expanding its smart city initiative with sensors, predictive analytics software from IBM and performance-reporting software from SAP. In recent years, Boston has expanded the number of surveillance cameras on its street corners, under its bridges and in its local shopping areas, according to The Boston Globe.

In the wake of the 9/11 terrorist attacks, Baltimore, Chicago, Dallas, New York, San Francisco and other U.S. cities have done the same, often with funding from the federal government. Municipal IT pros tend to favor broader use of cameras and related technologies. 58% of respondents to InformationWeek Government's Future Cites Survey, completed in October by 198 municipal IT pros, say that cameras, motion sensors and other public safety devices have high potential for improving city operations and performance.

Video surveillance on city streets is increasingly being used to deter and solve criminal activity. Scotland Yard used video footage to identify suspects in 2011 when rioters wreaked havoc on the streets of London and other English cities after the shooting death of a man who had traded gunfire with police. Last year, the New York Police Department used video to identify, arrest and charge a Staten Island man -- dubbed John Doe Duffel Bag because he was seen in pictures carrying a duffel bag -- in the slayings of three Brooklyn store owners.

New York City is deploying a full-scale surveillance system, the Domain Awareness System, that pulls in data from 3,000 closed-circuit TVs, 2,600 radiation detectors and 100 license plate readers. Microsoft, which developed the system with the NYPD's Intelligence Division and Counter-Terrorism Bureau, is marketing the platform to other municipalities. The day after the Boston bombings, New York Mayor Michael Bloomberg outlined steps his administration has taken to guard against similar attacks. "Our camera network now has the capacity to alert police to abnormalities it detects on the street, such as an abandoned package that is left on a corner," he said.

Inevitably, the rising number of street cameras feeding into police nerve centers raises cries of Big Brother from privacy watchdogs. In Seattle, activists earlier this year destroyed more than a dozen security cameras to protest the city's growing surveillance network.

But the Boston attack and the effectiveness of video in identifying the suspects provide a clear message to mayors and CIOs that they can't be deterred from taking additional steps to prevent and respond to acts of terrorism as well as everyday crimes. And there's more that city officials can and must do.

Facial recognition, analytics and other advanced technologies can sift for signs of trouble in real time. IBM, as part of its Smarter Public Safety line of products, sells a video correlation and analysis suite that offers real-time alerts, facial recognition and "situational awareness" of a location. The FBI is developing facial recognition capabilities as part of its $1 billion Next Generation Identification program.

At the same time, city officials must be transparent about their use of surveillance technologies. In January, Kratos Defense & Security Solutions, which counts the Pentagon and the Department of Homeland Security among its clients, announced it had received an $18 million contract to install a municipal transportation security and surveillance system for "one of the largest municipalities in the United States, located in the Northeast." Such obfuscation is what makes people nervous.

Yet, as Boston reminds us, cities must take decisive action. Responsible use of video surveillance is part of the answer.

A well-defended perimeter is only half the battle in securing the government's IT environments. Agencies must also protect their most valuable data. Also in the new, all-digital Secure The Data Center issue of InformationWeek Government: The White House's gun control efforts are at risk of failure because the Bureau of Alcohol, Tobacco, Firearms and Explosives' outdated Firearms Tracing System is in need of an upgrade. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dufas_duck
50%
50%
dufas_duck,
User Rank: Apprentice
5/2/2013 | 4:26:49 AM
re: Boston Bombers Can't Elude City's Tech Infrastructure
The same argument is ongoing in the use of drones. Many of the legislature was all for wide open drone use until TMZ stated that they could use drones to a good advantage. All of a sudden, politicians realized that they could find their missteps flashed across Youtube or on some scandal mongering TV show.... Now they want to limit who uses drones and what they are used for....

Seems that it OK to snoop on we peons but the elite are going to protect themselves...
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
4/23/2013 | 3:10:22 PM
re: Boston Bombers Can't Elude City's Tech Infrastructure
Misidentification in the rush to publish is certainly an aspect to consider. While the article addresses increased use "nationwide" as many individual freedoms in the electronic age are forfeited in the name of security, it may be worthwhile to consider some of the discussion already undertaken in Europe where there are many case studies already underway and laws enacted. From Google's legal battles and policies of how their video/imagery can be used, to England's extensive use of street cams, to the highly restrictive Italian privacy laws including requirements for automatic imagery erasure in as little as 24 hours, a lot of discussion has already occurred on the issue. Unfortunately, the record for "responsible use" when one is presented with intrusive systems where there is a high risk of abusive use is probably not all that positive in extremely competitive environments.
John Foley
50%
50%
John Foley,
User Rank: Apprentice
4/22/2013 | 9:38:34 PM
re: Boston Bombers Can't Elude City's Tech Infrastructure
Agreed. It's the 21st Century, homeland security version of the old needle in the haystack problem, where the haystack is hundreds of hours of video and thousands of still images from many, many sources, including public, business, and man on the street. Since this column was published, I've been contacted by several companies in the video surveillance business that are pushing the state of the art in deriving actionable intelligence from all that noise and irrelevant data.
John Foley
50%
50%
John Foley,
User Rank: Apprentice
4/22/2013 | 2:09:57 PM
re: Boston Bombers Can't Elude City's Tech Infrastructure
Deirdra -- Yes, in the same way we saw that video surveillance played a pivotal role in the Boston bombings case, we witnessed the ugly side of that as innocent bystanders found themselves in the spotlight of public scrutiny. The situation was complicated by the fact that it was unfolding in real time, but that can't be an excuse. As video surveillance becomes increasingly pervasive, and as social media spreads rumors and innuendo like wild fire, the onus is on everyone in the breaking news supply chain is to weight their actions carefully.
spintreebob
50%
50%
spintreebob,
User Rank: Apprentice
4/19/2013 | 11:56:30 PM
re: Boston Bombers Can't Elude City's Tech Infrastructure
Not only governments, but companies, political movements and others will need to consider quick response to events and how to collect and evaluate massive amounts of data. Most importantly how to filter out the noise and irrelevant data.
Deirdre Blake
50%
50%
Deirdre Blake,
User Rank: Apprentice
4/19/2013 | 5:10:11 PM
re: Boston Bombers Can't Elude City's Tech Infrastructure
Unfortunately, those same technologies were used by the press to publicize images of entirely innocent bystanders as "persons of interest" prior to identifying the actual suspects in the Boston case. While access to such information is a godsend to law enforcement, "responsible use of video surveillance" should apply to everyone with access to such images -- and, at present, that is most certainly not the case.
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12881
PUBLISHED: 2019-06-18
i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.
CVE-2019-3953
PUBLISHED: 2019-06-18
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
CVE-2019-12133
PUBLISHED: 2019-06-18
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system ...
CVE-2019-12592
PUBLISHED: 2019-06-18
A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.
CVE-2017-8328
PUBLISHED: 2019-06-18
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery prot...