Breaking The System

How Team GETS has Hacked Coastal Preparedness

Photo Courtesy of Amtrak.com

America, home to some of the most beautiful coastlines in the world is ripe for disruption. Until today, millions living on the United States’ coasts have relied on antiquated means of communication and information regarding emergency preparedness, warning, response and recovery. For preparedness, citizens have been responsible for finding guidance for preparing for a disaster online. Forced to search Federal Emergency Management Agency (FEMA) and other websites for information on how to shelter, what the necessary supplies are, creating family preparedness plans, and what to do in the event the emergency has read these plans and ruins them all. This is a lot of work that most Americans don’t even know how to begin. So, what’s the alternative?

Midland weather radio image courtesy of Amazon.com

For emergency warnings and situation updates after an emergency, Americans are notified via weather radios (what are those again?), television (they’ll interrupt the Kardashians I’m sure), and cell phone broadcasts (that are so annoying most of us have silenced them, am I right?). These forms of notification are better than historical options, however they’re still not enough. These warning systems will give an initial warning, but they don’t do a very good job keeping us updated on the recovery process, or tell us when it’s safe to enter our homes again. These systems also can’t tell us if our loved ones made it out safely, including our four-legged family members. Furthermore, alarm fatigue, lack of public trust, politics, technical limitations, and human error have all contributed to the inability of these technologies to achieve their intended potential. This system is ripe for disruption. Team GETS has hacked each phase of this system, creating elegant solutions to some of FEMA’s hardest problems.

Team GETS Solution

To start addressing the issues facing America’s coasts, it’s necessary to understand how the coast is divided. Below is a diagram of how FEMA defines coastal zones, and the risks that each zone faces related to flooding. Though only addressing one coastal risk, this diagram does depict the nuances that each technology solution must address.

FEMA’s Four Coastal Zones, courtesy of FEMA.gov

Imagine a future where while going about your daily routine you receive an alert on your cell phone, and an audible alert within your residence. Knowing the residence alert only sounds for imminent threats, you take notice. Whether it be a closing hurricane, tremors just before an earthquake, or a fast moving forest fire, when you hear the alert you know it’s time to act now. The system is alerting you because thousands of well placed sensors have determined you need to activate your emergency response procedures for either evacuation or sheltering in place. In addition to notifying you, this system also has mechanisms to keep disaster response groups updated too. For those that have survived a disaster, the initial response is usually the easiest step. Waiting for news of your loved ones, your home, and your community is much harder. The Team GETS solution will move emergency response and recovery into the 22nd Century.

Smart fire alarm photo courtesy of Mashable.com

The Team GETS concept home has capitalized on the idea of a smart home and turned it into a safely intelligent home. What if your home was able to tell you when a disaster was coming and what your best course of action would be? This can be possible by combining annunciating in-home fire alarms with movement monitoring technology. The sensors and announcement panels will allow early warning systems to deliver warning messages, basic response advice, and communicate with first responders deployed to help rescue survivors. Imagine how much faster people can be saved if the rescue teams know exactly which homes still have people in them? Technology exists today to monitor the movements of the mobility limited. One of these technologies, called BLUESOUND, created by Ghassem Mokhtari, et al. uses a combination of infrared, ultrasound, and Bluetooth technology to ambiantly monitor the movement of people in the home. Working hand-in-hand with the National Fire Protection Association (NFPA), secure fire monitoring devices with technology similar to BLUESOUND that can be installed to safely and securely connect your home to the F-ARPA Net.

What is the F-ARPA Net? F-ARPA Net is the network that will connect safely intelligent homes to the local Emergency Management Agency and local Emergency Dispatch Center(s). Using secure internet connections via local internet service provider, cellular phone, external weather monitoring transmitter (discussed later) or satellite, depending on what’s already available and functional in the home, F-ARPA Net will only connect to homes when an emergency is imminent. During the pre-disaster, disaster response, and life-safety recovery phase F-ARPA Net will be used to communicate with affected citizens and coordinate citizen rescues. But what happens when there is no disaster present? The simple answer is nothing, most of the time. The only time F-ARPA Net will be used outside a disaster is when testing the system to verify that it’s working. Much like fire, tornado, and other drills that we participate in annually, it is necessary to verify the system works prior to a disaster, rather than hoping for the best while waiting for a disaster to strike. F-ARPA Net is dedicated to preparing, protecting, and when necessary, saving our citizens.

PROWEATHERSTATION Data Logging Wireless Weather Station photo courtesy of Tycononline.com

However, Team GETS has not limited emergency notification, communication, and situational awareness to inside the home. In addition to the safety intelligent home technology, mounted on the exterior of every coastal structure and government building are two items providing active live information feeding into your local Emergency Operations Center (EOC), your local National Weather Service (NWS) Office, and also your local Emergency Dispatch Center(s). This information not only allows key prediction and response personnel to direct evacuations and sheltering, but provides immediate information for directing the right recovery resources to the right locations. Each identified structure has a small weather station providing vital information about wind, seismic activity, barometric pressure, etc. which is better than current Doppler radar and scattered remote monitoring stations used today. To keep the system online during an event where power is out, a 2-week battery backup and wireless transmitter allow for maintained transmission to local prediction and response personnel.

The second system affixed to each structure is a reinforced box containing a drone. Each drone will be equipped with a camera, 2-way radio, and a global positioning system (GPS). The drones are programmed to immediately perform a coordinated grid-scan of the affected area immediately following a disaster. The purpose of the scan is to:

Drone image courtesy of Dronesglobe.com

1. Scan for survivors
2. Survey initial damage to report to the EOC, FEMA, and later insurance companies
3. Survey critical infrastructure
4. Determine most-functional routes for first responders to take to reach survivors
5. Help with identifying appropriate warehousing and staging locations.

Once the scans are complete the drone will return to any survivors to assist with initial triage and identification so appropriate rescue resources can be sent. Additionally, the drone radio will be connected to the local Emergency Dispatch Center whose dispatchers are trained in dispatch first-aid training that could be used to remotely assist survivors until further help arrives. But, to do this, we have to hack the Government.

Hack Government Buying Power!

Image Courtesy of Thoughtco.com

The thing that my daughter loves most about buying a new toy is not only that she can play with it, but that she can take it to her school for show-and-tell. Sharing it gives her extra gratification in owning and using the toy. She not only enjoys it herself, but she can share the excitement and enjoyment of the toy with others.

So you may be asking yourself- “What does this have to do with the government?” The answer is, everything. In the government, acquisition is like solving blockchain algorithms. Between weaving through management directives, policies, and organizational guidance, each step is akin to a giant leap into the unknown and never-ending labyrinth known simply as procurement. If you are fortunate enough to reach the end of the game - you buy an out-of-date product that no longer meets your needs.

Image Courtesy of HuffingtonPost.com

As the world’s largest purchaser of commodities and services, according to Delivering on Digital, the US government spends close to $500 billion annually. The sheer magnitude of this buying power makes it hard to steer this ship.

So what does hacking government buying power look like? If you are thinking that the system needs to be turned upside down, then you are right. Traditionally in government, we start big, and think small. We take on a big project and we buy it through multiple small steps by comparing price quotes to find the cheapest vendor without thought to reliability, prior successful executions, or warranty. Then we buy the cheapest option, not necessarily what meets our needs, we then purchase additional products or service supplements to fill in the gap; or just suffer through an incomplete service. The end result is usually inefficient work, losing time and resources, as workers struggle to make the poor acquisitions work. William D. Eggers gives us some great ideas for changing this system in Delivering on Digital. Below is a summation of several strategies that I believe can transform this process.

Here’s How:

· Start in small steps and think big. This is how agile development and digital procurement works in the private sector.

· Race: Create a competition to attract multiple vendors to a problem space.

· Winners: Weed out the best innovators by giving awards and prizes.

· Show and Tell: Select the top tier vendors and develop a phase for adapting ideas to the problem space by testing prototypes.

· Finish Line: Create a group of the best talent for your digital needs. In the selection phase, this can mean teams comprised of multiple vendors that can work together to address the mission requirements.

Phases in Digital Innovative Government Procurement — Created by Linda Jashari

Use what is out there to create your Digital Team. The US Digital Services provides a checklist guide to those who are new to acquiring digital products for the government. The Playbook provides expert advice from individuals trained and specialized in digital acquisition.

The best part of innovation is that you can see the product via show-and-tell before you commit to spending the limited budget for the project. This phase of the game is not only fun and inspiring- but it pushes competitors to develop new solutions to government digital services by learning from each other.

Hacking Hiring and Training and the Public Trust

Image Courtesy of NetworkComputing.com

The technology advancement argued here will forge a new relationship between humans and the Internet of Things (IoT). But how do we build the level of confidence in the public’s trust to satisfy the masses? Safety, Security,and Trust are some of the important fundamental tent poles of any relationship. These same principles remain true as they are applied to the human interaction with the virtual world of application, device and cloud computing as well. As the IoT becomes more available, prevalent, interconnected, user friendly and affordable, especially in the most personal aspects of our private lives, many people delay or reject the opportunity to have new technology invade their private space. For a basic example, most people consider the term hacking itself a negative term as a feeling of intrusion, exploitation and violation.

We here at Team GETS have chosen to use the term in a completely opposite and accurate positive light. Its simplistic misinterpretations like this example and countless others related to technology the keep many potential users in a state of perpetual illiteracy when it comes to opening their minds on how security and safety can be furthered by the same technology they reject.

As the gap continues to close between those who would reject the modern and advanced safety and security we are arguing here, there are countless of organizations working to further win over that trust which can certainly saves lives.

Image Courtesy of ShawAcademy.com

One such group was developed within the Internet Society called the Online Trust Alliance (OTA). The OTA is a 501c3 nonprofit and an initiative with a mission to benefit the safe use of the internet throughout the world. Their defined goals include; the education of businesses, policy makers and stakeholders; and to develop best practices and tools to users’ security, privacy and identity. The OTA also promotes data sharing and collaboration through working groups, training and committees and is a member of a number of leading organizations committed to collaboration, law enforcement and data sharing. Among these initiatives, the OTA has worked to advance the development of an IoT trust framework, which if globally adopted would provide a more secure IoT infrastructure and ultimately a public trust. Some of the thirty-seven principles being designed and developed by the OTA address security, user access, privacy and best practices and include, but are not limited to:

• Ensure devices and associated applications support current generally accepted security and cryptography protocols and best practices. All personally identifiable data in transit and in storage must be encrypted using stringent security standards. This is including, but not limited to, WIFI and Bluetooth connections.
• All IoT support web sites must fully encrypt the user session, from the device to the backend services. Current best practices include HTTPS or HTTP Strict Transport Security (HSTS) by default, or Always On SSL (AOSSL). Devices should include mechanisms to reliably authenticate their backend services and supporting applications.
• IoT support sites must implement regular monitoring and continual improvement of site security and server configurations to acceptably reduce the impact of vulnerabilities. Perform penetration tests at least annually.
• Establish coordinated vulnerability disclosure including processes and systems to receive, track and promptly respond to external vulnerabilities reports from third parties including but not limited to customers, consumers, academia and the research community. Remediate post product release design vulnerabilities and threats in a publicly responsible manner either through remote updates and/or through actionable consumer notifications, or other effective mechanism(s). Developers should consider “bug bounty” programs, and crowdsourcing methods to help identify vulnerabilities that companies’ own internal security teams may not catch or identify.
• Must have a mechanism for automated safe and secure methods to provide software and/or firmware updates, patches and revisions. Such updates must either be signed and/or otherwise verified as coming from a trusted source. Updates and patches should not modify user-configured preferences, security, and/or privacy settings without user notification. Automated (vs automated) updates provide users the ability to approve, authorize or reject updates.
• Conduct security, and compliance risk assessments for all service and cloud providers.
• Design devices to minimum requirements necessary required for operation.
• Include strong authentication by default, including providing unique, system-generated or single use passwords; or alternatively use secure certificate credentials.
• Ensure privacy, security, and support policies are easily discoverable, clear and readily available for review prior to purchase, activation, download, or enrollment.
• Disclose the duration and end-of-life security and patch support, (beyond product warranty). Such disclosures should be aligned to the expected lifespan of the device and communicated to the consumer prior to purchase. (It is recognized IoT devices cannot be indefinitely secure and patchable. Consider communicating the risks of using a device beyond its usability date, and impact and risk to others if warnings are ignored or the device is not retired).
• Disclose what and how features will fail to function if connectivity or backend services becomes disabled or stopped including but not limited to the potential impact to physical security. (Consider building in controls to disable connectivity or disable ports to mitigate potential threats, while maintaining core product functionality, based on the device usage, balancing out potential life/safety issues).
• Disclose the data retention policy and duration of personally identifiable information stored.
• IoT devices must provide notice and/or request a user confirmation when initially pairing, onboarding, and/or connecting with other devices, platforms or services.
• Publicly disclose if and how IoT device/product/service ownership and the data may be transferred (e.g., a connected home being sold to a new owner).
• Only share consumers’ personal data with third parties with consumers’ affirmative consent, unless required and limited for the use of product features or service operation.
• Provide controls and/or documentation enabling the consumer to review and edit privacy preferences of the IoT device including the ability to reset to the “factory default.”
• Commit to not sell or transfer any identifiable consumer data unless it is a dependent part of the sale or liquidation of the core business which originally collected the data, providing the acquiring party’s privacy policy does not materially change the terms. Otherwise notice and consent must be obtained.
• Comply with applicable regulations including but not limited to the Children’s Online Privacy Protection Act (COPPA) and international privacy, security and data transfer regulatory requirements.
• IoT vendors using email communication must adopt transport-level confidentiality including generally accepted security techniques to aid in securing communications and enhancing the privacy and integrity of the message.
• Implement measures to help prevent or make evident any physical tampering of devices. Such measures help to protect the device from being opened or modified for malicious purposes after installation or from being returned to a retailer compromised.
• Consider how to accommodate accessibility requirements for users who may be vision, hearing and/or mobility impaired to maximize access for users of all physical capabilities.
• Develop communications processes to maximize user awareness of any potential security or privacy issues, end-of life notifications and possible product recalls, including in app notifications. Communications should be written maximizing comprehension for the general user’s reading level. Consider multilingual communications recognizing that English may be the “second language” for users.
• The drone and in-home systems will only be accessed during testing and in disaster situations. Each use of the system will be reported; including the reason, duration, and extent of use. This openness will also assist with quick detection should anyone with malintent attempt to use the system. To further the security of the system, a rigorous quality assurance program will also be implemented.
• Pieces of the system will be tested at random to ensure that their coding and manufacturing are sound and without “back doors” or other covert or obscure access built in. Though this process will add expense, it is worth it in the end.

Image Courtesy of the Entrepreneur Lab

However, to be completely become successful at these ventures, the government must also hack hiring and training. Using traditional government strategies of hiring those that are interested in government work results in hiring non-specialists. These individuals have a dedication to public service, but are unable to bring the latest and greatest advancements from the private sector. To overcome this limitation, the government will need to think differently — more specifically, they must bring the private sector in. But how? The answer, hire those who can deliver, pay them well, and don’t plan to keep them forever. This solution may sound heartless, but let me explain further.

Inspired by William Eggers’ Delivering on Digital and Paul Willmott’s digital strategy interview, the government must establish clear objectives, then create a competition where the brightest in academia and the private sector to compete for a worthy purse. The end goal will be to hire the most capable innovators to achieve all these difficult to attain objectives.

Step 1: Outline clear objectives. For coastal areas the technology must:

• Be able to function regardless of exterior environmental conditions.
• Be able to notify emergency dispatch, responders, and emergency management agencies that a person is within a dwelling prior to, during, and post emergency event (provided the dwelling is still standing post-event).
• Be able to communicate emergency messages and preparation or evacuation advice with all area constituents regardless of location, primary language, and functional and access needs.
• Be able to offer 2-way communication between emergency dispatch, and citizens.
• Allow information sharing and provide situation update information with emergency dispatch, responders, and emergency management agencies.
• Provide environmental information prior to, during, and post event.
• Be secure and minimize risks for hacking or compromise of constituent’s personal information.

Step 2: Host a contest. For this type of technology development there will be two phases of contest. The first is a conceptual solution contest:

• Open to any competitor regardless of country of origin.
• All submissions must provide solutions to all outlined objectives.
• The top 5 submissions will be awarded $10,000 and invited to the second phase of competition — the MVP stage.

The second contest will be to generate prototypes of each winning team’s concept. This contest will:

• Be open to those chosen from the first phase of the contest.
• Provide functional prototypes or minimum viable products (MVPs) that can withstand coastal environmental challenges, and meet or exceed all stated objectives.
• The top submission will be awarded a $50,000 prize and a contract to work with the government on overseeing the development, product creation, and area-wide roll-out of their team’s design.
• The team will also be responsible for training and educating their government counterparts who will be co-navigating the project on the government side.
• However, within the contract will be clauses for audits, reviews, and the potential for contract updates every 6 months.

Knowing how to procure and deliver digital solutions is not enough. Digital solutions, if deployed correctly also have the potential to send positive ripples across the government landscape. To do this it is critical to hack government’s department divisions and silos.

Hacking the Silos

Image Courtesy of ManagementKits.com

Creating a digital strategy for emergency management services is technologically attainable, but politically complicated. Hacking through institutionalized information silos demands a complete change in culture and the establishment of trust between agencies. Utilizing the concept of Horizontal Government, emergency responders can change the way services are delivered to the public via an integrated digital data platform. Currently, there is tremendous duplication of effort, cost, and maintenance, and information-sharing is close to impossible.

A single common system is not the solution, as it would be impractical, expensive, and slow to respond to changing needs and demands. The focus of a digital transformation must be on the data. Integration between systems is simplified with a concentration on the data that needs to be shared between agencies. Reaching agreement on shared data demands a cultural shift in the way public servants currently view information. Overcoming this sense of “ownership” will face significant hurdles, but has the benefit of eliminating duplicative expenses and makes the sharing of information possible.

A digital platform with advanced data analytics provides tools that can determine where and when to deploy emergency management resources, but barriers between the functional silos create a limitation to taking action based on the available analysis. All the data that is collected from homeowners and businesses during a disaster is useless if first responders cannot access it easily to make informed decisions.

Designing a system from ground zero would be easy and would include a fully integrated digital data platform; however, government agencies do not have the luxury of starting with a clean slate like startups do. Linking disparate agencies across diverse platforms requires tremendous inter-agency cooperation and an ability to overcome resistance to change.

Hacking the silos requires four steps to create a shared digital strategy:

1. Identify opportunities and challenges that could be addressed via a shared platform;

2. Identify the needs of the citizens in a disaster;

3. Develop a vision of how shared data can fulfill those needs;

4. Prioritize the initiatives that can deliver this vision.

The inability of disparate systems to communicate and share data has long been one of the most common problems faced in information technology. A digital strategy allows integration faster and cheaper than in the past. Creating a central data hub and treating individual agencies as the spokes would facilitate a modular, scalable system that would allow agencies to “plug in” and exchange data in real time. Rather than an “all-or-nothing” strategy, this model lets agencies participate when they are ready, keep the system that is most suitable to their individual needs, and determine which data they are willing to share. Utilizing shared, standard integration architecture simplifies the automated exchange process. A strong governance model is essential to establishing trust between agencies. The technology is not the problem — — the people using it are.

Natural disasters already have a significant financial impact on state and federal budgets; digital strategies that hack the silos between agencies have the potential to reduce the cost of delivering emergency services to the public. Horizontal government not only reduces costs, it improves the services that are delivered to the public and allows them to fully participate in the data collection process. Mobile devices can completely transform communications between the public and emergency responders; essentially, the public becomes a data source. The current systems are so isolated and disjointed that allowing real time communications is nearly impossible. Without digital integration, valuable information may be stuck in one silo; barriers between silos limit the ability of individual first responder agencies to take necessary action based on the data provided by the public. An integrated digital platform will improve accessibility and performance across multiple agencies, and provide a better experience for the public being served.

America’s coasts are beautiful and under threat. According to the Centre for Research on the Epidemiology of Disasters, both man-made and natural disasters are increasing in number and severity each year. To keep the coasts and their inhabitants safe it is imperative that we change the way we approach preparedness. Team GETS understand this. We have to hack the government, break down the old bureaucratic way of doing business and replace it with something better. Changing how the government procures, hires and trains, breaks down it’s silos, and keeps itself digitally safe and secure. Doing this will allow us to disrupt how people on the coasts are prepared. We will be able to provide digital solutions to save people, property, and the environment. As an added advantage these changes will also usher in a future of openness for the government. #HackedTheRightWay