Updated September 28, 2004
The Operation Respond Institute, Inc develops the OREIS software for emergency responders. OREIS transmits sensitive information about hazardous materials and transportation carriers directly to users for emergency response and mitigation purposes. OREIS operates on a query-response basis and largely acts as a central hub for transmitting query and response communications between emergency responders and transportation carrier data systems. Because of the sensitive nature of this data, Operation Respond has enacted security policies addressing physical facilities, personnel, data processing and transmission, authorized users and rule violations. The Operation Respond security policies affecting the OREIS software are described below.
I. Physical Facility
Operation Respond maintains two physical faculties that require the implementation of security policies. One of these locations is the Operation Respond office in Washington, DC, which serves as the corporate headquarters for the organization. The second location is the ORI computer center, housed in Bethesda, Maryland at the offices of Trawick and Associates. The security policies of these two locations are described in depth below.
Operation Respond
The Operation Respond Corporate headquarters are located at 401 Constitution Ave, NE Washington, DC 20002. This facility is protected by a lock and alarm system. The lock is utilized 24 hours a day and the alarm, which includes both motion detectors and door/window alarms, is in use whenever an employee is not present at the facility. This location contains six desktop computer systems, each of which are networked and password protected.
Trawick & Associates
The Operation Respond computer center is located at the offices of Trawick & Associates, 6900 Wisconsin Avenue in Bethesda, Maryland. This office is locked 24 hours a day/seven days a week. Outside doors are locked and secured by WATCHBY security system. Only authorized personnel are permitted access to the computer server room. The building itself is locked after 6 p.m. on weekdays and all weekend, at which point the building can only be accessed via a key card.
II. Personnel
All employees and staff operating from the Operation Respond headquarters in Washington, DC are United States citizens. All employees working at the Bethesda, Maryland computer center are legally allowed to work in the United States, but are not all necessarily full U.S. citizens. All employees are vetted prior to hire and are subject to criminal background checks at any time.
Operation Respond executive managerial staff have received security clearance from the Department of Transportation. This security clearance required the completion of a background check and allows the recipient access to physical facilities maintained by the Department of Transportation. In addition, managerial staff at the OREIS computer center has been subject to and successfully cleared a security background check by the U.S. State Department.
III. Data Processing and Transmission
A. Encryption Process
For a railroad car inquiry within OREIS, the data transmitted to and from the Operation Respond server is encrypted twice to ensure that, if the data is somehow intercepted, it will not be understood. The encryption process essentially transforms information to an incomprehensible form before transmission and reinterprets that data to its original form after receipt. Data sent through OREIS™ is encrypted as it travels between the OREIS™ user and the ORI server as the request is initiated and as the data is passed back. Remember that all ORI obtains from the carrier is the STCC code.
B. Proxy Server
Operation Respond has installed a Proxy server into the OREIS™ system to act as an additional firewall. This proxy is located at the front of the OREIS™ server and acts as a filter for the data being passed between Operation Respond and the railroad and motor carriers. The proxy directs all of the incoming traffic to the right location, while all machines within ORI are behind the firewall and all of the internal IP addresses are hidden from the outside.
C. Virtual Private Network (VPN) Connections
Operation Respond is in the process of establishing Virtual Private Network Connections with all of the participating railroad and motor carriers to transmit the live hazardous materials data contained in OREIS 6.0. The VPN will establish a direct connection between the ORI server and the individual carrier's server. This is a very secure connection that allows ORI to transmit and receive sensitive data in the Internet environment in a safe manner. This VPN connection is enabled by the SmartGate system described above.
Once the VPN connections are established, all data transmitted between the carrier's server and Operation Respond will be encrypted and passed through a proxy at either side of the transmission. The Norfolk Southern was the first railroad to establish such a connection with Operation Respond, allowing OREIS to query and receive information from the NS in seconds. The Canadian National and CSX are currently working with ORI to establish VPN connections.
D. V-One "SmartGate" Technology
OREIS 6.0 is deployed with the SmartPass security technology created by V-ONE Corporation. This program is installed locally on the user's machine alongside OREIS. SmartPass is part of the SmartGate security solution and allows ORI to establish a very secure VPN connection between a user and the ORI server for fully encrypted data transmission in a secured environment. SmartPass is also utilized by other emergency response tools, like RISS and LEO. To learn more about SmartGate, visit www.v-one.com.
E. Redundant Server
Operation Respond has established a redundant, backup server for the main OREIS server located in Bethesda, Maryland. The redundant server housed at Marshall University in Huntington, WV is a mirror of the main OREIS server and will act as an invisible backup system in case the main server is ever down or disconnected for any reason.
F. Encrypted Passenger Railroad Schematics
The railcar and locomotive schematics contained in OREIS are protected by encryption on the OREIS CD-ROM. The system provides a unique key to decode and view the schematics. This means that the images cannot be viewed independently of the OREIS software interface and without a proper internal key based on the user's location and registration number.
G. Management Reports
ORI monitors traffic and use of the OREIS server. Monthly reports about traffic and server utilization are generated and providing to carriers. Any unusual or suspicious system utilization is investigated.
IV. Authorized Users
A. Strict distribution system
Operation Respond employs a strict distribution system that ensures that OREIS™ is only available to the emergency response community. OREIS™ is only available to legitimate fire, police, EMS, emergency management and emergency dispatch agencies. ORI maintains a database of all OREIS™ users to facilitate these measures. Agency name, address, point-of-contact and contact information is kept current and accurate to ensure control over the user base.
B. Registration Process
A strict registration process ensures that OREIS™ is installed only at the proper location. Upon installation, all users are required to submit completed electronic registration form to ORI before they are able to access the system. This registration process includes a system of security checks that ensures the installing party matches the agency profile for that particular set of OREIS™. If the registration information does not match, the ORI server will not allow the user to access the program. In addition, all sets of OREIS™ are assigned a unique serial number. This serial number can only be used once to install the software on one workstation or laptop computer.
C. License Agreements/Background Check
Another procedure used to confirm the legitimacy of the user is a requirement for the return to Operation Respond of a signed user license agreement. The license agreement stipulates that anyone who has access to the software at the installation location has received and is subject to security background checks. This document is matched with the original order and recorded in a master file.
V. Violation of Policy
Operation Respond monitors server activity and generates monthly reports, as described above in section III-G, Management Reports. This monitoring and reporting system allows ORI to screen any suspicious activity and quickly identify violations of Operation Respond security policies.
Any Operation Respond user found to misuse the system or violate any of the above described security policies will immediately be blocked from accessing the Operation Respond server. This includes, but is not limited to, any user that installs the software in a location outside of an emergency agency or any user that loses their status as an emergency responder. Any misuse of the system or violation of security procedure will result in that user's account being permanently terminated from the ORI database and all access to the ORI server from that user will be denied. This denial of access can be accomplished through functionality provided by the SmartPass system. As of the publication of this document, no OREIS users have been found in violation of ORI security policies.