Shared from the 9/1/2019 MissionCritical Communications eEdition

The Critical Need for Data Interoperability

A National institute of Standards (NIST) report details the importance of public-safety data interoperability and recommendations for improvement.

Picture

Twenty years ago, most first respon-

T

ders relied only on LMR networks and CAD systems to communicate with each other. Each of these systems covered only the footprint of the infrastructure installed by the local jurisdiction and likely was not interoperable with other nearby publicsafety communications networks. In a relatively short period of time, this landscape has dramatically shifted.

Many public-safety agencies now also use mobile phones, laptops and tablets loaded with software that push and pull data from any source connected to the internet — at least in theory. Some of the interoperability issues associated with LMR networks do not exist for mobile broadband technologies because commercial cellular networks are designed to transmit data regardless of a user’s service provider or hardware. However, as broadband data-sharing technologies have proliferated in recent years, significant interoperability challenges that may severely limit the operational value of these new capabilities have emerged.

On a technical level, simply because data can be sent and received does not automatically mean its recipient can use and interpret it. Such a level of technical interoperability requires both data providers and users to implement standards or translators in their systems. In addition, data flows must be mediated by an access control system capable of evaluating which recipients are permitted access to which types of information. On a governance level, entities wishing to share data must also agree on the technical specifications of interoperability and possess the policy tools and financial resources to implement a shared interoperability framework across disciplines and jurisdictions.

For a field such as public safety, which constitutes a relatively small portion of the commercial broadband technology market and has a geographically distributed governance structure, meeting these challenges is no small feat. However, the emergence of the First Responder Network Authority (FirstNet) gives the publicsafety community an opportunity to leverage the tremendous potential offered by a nationwide public-safety broadband network as a foundation for a fully interoperable emergency communications ecosystem.

A recent report from the U.S. National Institute of Standards and Technology (NIST) details the components of these challenges and offers examples of governance models and use cases to develop a vision of realtime public-safety data-sharing interoperability. The report concludes with recommendations for the public-safety community to build the resources and infrastructure that can pave the way toward this vision.

Interoperability Roadblocks

The public-safety community has long recognized the technical challenges of data interoperability. Attempts to standardize public-safety data have produced protocols such as the Emergency Data Exchange Language, Emergency Incident Data Document and National Fire Protection Association (NFPA) 950. These standards could be used in public-safety data-sharing technologies to provide interoperability for many key information types, such as patient and resource tracking, hospital bed availability and 9-1-1 call data. However, adoption of these standards in commercial technologies has thus far been limited. There is little commercial incentive for technology developers to implement such standards in their products, and individual agencies have little bargaining power to demand them.

Picture

Source: Department of Homeland Security

Access control is also a key component of data interoperability. If an agency implements a data-sharing system that can’t share information with other agencies during complex mutualaid scenarios, it will not be appealing as a mission-critical technology. The potential capability and complexity of an access control system span a wide range, from systems assigning credentials and associated privileges to individual users, groups of users or users possessing evidence of specific attributes such as role, security clearance or training. Many agencies use access control systems that require a password to obtain access to data during an incident; however, this approach cannot be seamlessly scaled up when new users who are not already credentialed in the system need to be added. For example, if a neighboring fire department dispatches an engine in a mutual-aid situation, assigning login credentials to individual firefighters from the arriving engine will present a time-consuming obstacle.

On the other end of the spectrum, if first responders could use an access control system that automatically detected the attributes of potential users regardless of what agency they belong to, they could be confident that the right information reached the right people without wasting time evaluating individuals manually while an incident is underway. Such a policybased identity, credentialing and access management (ICAM) system is being developed for public safety through the Trustmark Framework by the Georgia Tech Research Institute (GTRI). If this system is successfully implemented in public-safety technologies, it could allow real-time federated access control for public-safety data sharing.

Picture

The data potentially relevant to emergency response comes from a variety of sources spanning multiple disciplines and jurisdictions.

Even if all technical challenges are solved, additional barriers could prevent first responders from realizing seamless data sharing. Often, the greater functionality offered by interoperability features is reflected in a higher cost to users. And even if data interoperability is not financially restrictive relative to comparable noninteroperable products, cooperating public-safety agencies will have to implement upgrades to their existing technologies to adopt interoperable solutions. Given the vast disparities in resources across public-safety agencies nationally and the generally limited budgets of even the best-resourced

agencies, financial barriers will likely inhibit the adoption of fully interoperable data-sharing technologies.

The final challenge addressed in the report is governance. Public-safety agencies are primarily accountable to, and funded by, their local jurisdictions. This can create difficulties when agencies wish to make collective decisions about technology specifications and procurements. Additionally, agencies need guidance to develop policies for the use of data-sharing technologies to address questions of data ownership, privacy protections, security procedures, retention and redaction requirements, and many other elements. Rather than expecting every agency to draft its own data-sharing policy, it would be beneficial if a group of technology, legal and public-safety experts developed guidance and template policy language that agencies could adapt for their own use.

Future Interoperable Data Sharing

Data interoperability is a spectrum, as shown by the Interoperability Continuum developed by the Department of Homeland Security (DHS) on Page

21. Some approaches that do not offer complete interoperability may nonetheless be easier to accomplish, and therefore, appealing to agencies with limited resources. It is important to recognize, however, that partial solutions carry risks.

Choosing common applications or a one-off translator between two systems are straightforward solutions that confer a narrow kind of interoperability. A one-off translator is clearly limited to providing interoperability only between the systems it is designed to understand and must be carefully updated anytime changes are made to either component. Common applications, where all cooperating agencies simply buy or subscribe to the same product, carries significant scalability risks because every new collaborator will have to agree to the choice the founding parties made.

Both approaches encourage the development of monopoly control over a given product type and inhibit collaboration between groups that have chosen different products. They do not create the freedom for agencies to select the products that best meet their needs. Such approaches should therefore not be considered stepping stones to full interoperability but rather Band-Aids that do not tackle the underlying issues and may delay progress toward long-term solutions.

When conceptualizing approaches that lay a foundation for full data interoperability, public safety can draw inspiration from a number of efforts in related fields. The report highlights four examples of data-sharing initiatives in which software platforms and governance structures were designed to facilitate cross-system data sharing. Key elements of these examples include the development of use cases to drive decisions about which pieces of information are most critical to share, adoption of clear security and user-credentialing procedures, formation of an authoritative body or advisory committee to address governance or misuse issues, and the use of data standards where possible.

A key message of the report is that achieving data interoperability for public safety requires collaboration and coordination among a wide range of disciplines, geographies and stakeholder groups. Emergency response involves much more than just first responders themselves, and therefore, the technologies used during incident response must interoperate with tools used by supporting groups. It is a daunting enough challenge to build systems that allow firefighters, EMS personnel, law enforcement officers and telecommunicators to seamlessly share real-time data. Extending interoperability to other government agencies, hospitals, courts, private businesses, nonprofit organizations and others makes this an even larger, more complex task. But, the risks of narrow interoperability “solutions” such as common applications previously described demonstrate why the public-safety community needs strategies that will incorporate the needs and wisdom of a wide range of stakeholders. To give a sense of the scale of relevant collaborators in this effort, the report provides a snapshot of key players across sectors.

The report also includes two use cases that explore what full, real-time interoperability of public-safety data could look like. In the first use case, a high-rise apartment fire involving fire and EMS response from two jurisdictions highlights how a data-sharing policy and collaborative technology acquisition by all participating agencies could create an environment where information about firefighter health and location, patient medical records and aerial imagery instantly streams to the appropriate individuals, regardless of the agency. This scenario envisions that agencies are able to acquire technologies using dataexchange standards, allowing each agency to buy products from different vendors and still share data. A carefully developed data policy ensures that all agencies agree on how data is used during and after the incident, including security procedures, ownership provisions, privacy protections, retention and redaction requirements, and other features.

In the second use case, a more comprehensive data-sharing system allows public-safety agencies and supporting organizations to share information in response to a large earthquake affecting a multistate area. Many entities are pre-enrolled in the system, allowing them to quickly link their data sets across agencies. The system leverages data standards to ensure that all users are able to integrate incident data into their own technologies and platforms, and use data provided by others, regardless of its source.

More Information

The NIST Report

https://nvlpubs.nist.gov/nistpubs/ir/2019/ NIST.IR.8255.pdf

The GTRI Trustmark Report

https://trustmark.gtri.gatech.edu/wpcontent/uploads/2017/09/trustmarkwhite-paper.pdf

Individual responders’ data access privileges are evaluated dynamically based on their roles, certifications, security clearances and other features, according to standardized policies. Individual responders are able to request additional data privileges ad hoc. Each agency has a team of data managers that facilitates sharing resources with the system and processes requests for data access. As an incident winds down, the system automatically generates records for each agency detailing how its data was used and by whom, to aide with billing and reimbursement documentation and any necessary auditing. While such a streamlined, coordinated scenario may be difficult to imagine at present, this use case offers a picture of the significant potential advantages of fully interoperable data sharing.

Recommendations for Public-Safety Leaders

With the growth of internet of things (IoT) tools, artificial intelligence and edge computing, 5G network capabilities, and other dataintensive technologies, the need for public-safety leaders to chart a path toward full data interoperability is more urgent than ever. The creation of FirstNet offers a unique opportunity to build the momentum and cross-disciplinary and cross-jurisdictional bridges needed for success. There are opportunities for progress at both the agency and communitywide levels, which should be pursued simultaneously.

Individual agencies can support data interoperability by specifying their interoperability needs as explicitly as possible in requests for proposals (RFPs), requiring conformance with data standards as appropriate, participating in efforts to develop advanced access control solutions, developing partnerships with other agencies to share incident data, building datasharing collaborations across and beyond the public-safety community, and leveraging their own data to support continued investments in data sharing. The more agencies that engage in these activities, the broader the base of technical and governance support will be across the publicsafety community for implementing communitywide solutions.

However, individual agencies cannot be expected to create such farreaching solutions on their own. Leadership is needed at the regional and national levels, possibly in the form of new initiatives, to bring lasting solutions. The report offers two recommendations for the entire public-safety community. First, funding bodies should prioritize support for data integration tools and datasharing governance work. This will allow technology developers and agencies to dedicate resources to building the technical capabilities and policy structures needed to develop data interoperability solutions.

Second, a communitywide task force should be established to develop data-sharing governance resources and a data-sharing interoperability framework. Governance resources should include template language for RFPs, grant applications and contracts, and should be updated frequently so that they do not become outdated. This would give individual agencies confidence that their technology procurements are based on expert-vetted standards and address all relevant technical and policy issues. The datasharing framework task force would be assigned to develop consensus on what mission-critical data elements must be standardized across products, identifying gaps and existing capabilities in data-exchange standards for public safety, and building reference implementations to support vendors and agencies in demonstrating and testing the data-sharing interoperability capabilities of products.

The time is ripe for the publicsafety community to collectively address the challenge of data interoperability and chart a path toward a desired future state. With sustained engagement and support from leaders across the public-safety community, this vision can become a reality.

Britta Voss is an American Association for the Advancement of Science (AAAS) science and technology policy fellow with the Public Safety Communications Research (PSCR) division at the U.S. National Institute of Standards and Technology (NIST). Email feedback to editor@RRMediaGroup.com.

See this article in the e-Edition Here