Information Classification & Protection

by Lori Kleckner & Monique Lewis

In this installment of L.R. Kimball’s series on Next Generation 9-1-1 (NG9-1-1) Security, or NG-SEC, we will discuss information classification and protection. Classification measures are in place to protect sensitive information. Types of sensitive information include personnel records and network configurations. Personal health information recorded from emergency calls may be protected as well. Unauthorized release of sensitive information may result in law suits, exposed networks, and the possibility of violating federal laws.

Information should be classified according to its level of sensitivity. The level of sensitivity determines the level of protection. What you should consider when classifying information:

• Policies
• Regulations
• Laws
• Mandates

L.R. Kimball observed that security policies do not exist among most 9-1-1 facilities visited. However, an informal policy was implemented at each facility. It appears to be commonplace among the 9-1-1 community at large to treat uncategorized information as sensitive when the classification is unknown. L.R. Kimball found that each facility bears its own variation of informal information classification and identification of sensitive information.

Additionally, several facilities have similarities when it came to treatment of security policies. For example, many facilities required signature and pickup on a specific type of information. Although most 9-1-1 facilities tends not to create the security policy for information classification, L.R. Kimball found it to be commonplace among most emergency responders to have some form of informal policy pertaining to information classification implemented. 

Responsibility for classifying and protecting information should be clearly defined. The data owner and data custodian should be known and identified. The data owner is responsible for determining the value or sensitivity of the information and assigning classification, e.g. public, internal use only, restricted. The data owner should communicate appropriate access and safeguard requirements to the data custodian and users. The data custodian is responsible for applying the restrictions established by the data owner to ensure confidentiality, integrity, and availability is maintained.

Role	Responsibility
Data Owner	Establish classification and protection levels
Data Custodian	Apply and manage appropriate safeguards
Data User	Adhere to controls in place

Uncategorized information could lead to the release of sensitive information. Formalizing information and classification policies will reduce the possibility of accidental release of sensitive information.

Our next blog will highlight NG-SEC section 6, General Security.

Keeping your cool in the heat

The summer looks like it is going to be a hot one.  If you are working outside, there are several precautions you should take to protect your workers and yourself.

• Train workers and supervisors about the hazards of working in the heat and to understand heat stress and how to prevent it from occurring. 
• Be able to recognize the symptoms of heat related illness in yourself and for your co-workers.
• If possible, try to become acclimatized to the heat by gradually increasing your exposure to heat over a 5 day period.  Monitor your own physical condition and watch for signs with your co-workers.
• Review medication to determine if they can affect your response to heat related illnesses.
• Wear lightweight, light colored, loose fitting clothing.
• Make cool (50-60˚F) water available in a convenient place.
• Remember to frequently drink small amount of water before you become thirsty to maintain good hydration.  A good rule of thumb is to drink at least one pint of water per hour or about 6 ounces of water every 15 minutes.  This should maintain urine to a clear or lightly colored position.
• It is equally harmful to consume too much water.  You should not drink more than 12 quarts of fluid in a 24 hour period.
• Eat regular meals and snacks as they should provide enough salt and electrolytes to replace those lost through sweating.
• Try to reduce the physical demands of the job, such as excessive lifting, climbing, or digging during the hottest parts of the day. 
• Monitor the weather and reschedule strenuous activities at cooler times.
• Schedule frequent rest period and water breaks in a shaded or cooler area.
• Wearing Personal Protective Clothing can increase the risk of heat stress, since many of these types of clothing tend to trap heat close to the body.
• Know first aid procedures for heat related illnesses and the location of the nearest medical care.

FCC Releases Waiver Guidance on Narrowbanding

Recently, the FCC released an announcement that provides guidance on submitting Waiver requests for the requirement to reduce system bandwidth.  Although most of the industry has been expecting this possibility, until now the FCC has given little indication that waivers would be considered.  The release makes it clear that getting a Waiver granted will not be an easy or automatic proposition.  It will require showing a plan, progress on migrating to narrowband and indication of key dates and details on when your system will be compliant.  Waivers would be for an extension in the timing of the conversion to narrowband, not for a release from the requirement entirely.

If yours is one of the many agencies or entities who has not yet addressed the migration to narrowband, L.R. Kimball encourages you to begin the process of assessing your system and equipment as soon as possible.  The first step in addressing the changes and potential impact on system performance because of this change, is an assessment of the existing system to identify what equipment might be re-programmed or upgraded and what equipment might be replaced.  In addition, for many systems the move to narrowband 12.5 KHz bandwidth could result in a discernable difference in coverage performance.  These impacts could require the addition of new sites and related equipment in order to maintain the current levels of coverage and audio quality your users expect.

 It’s also important to note that the FCC included a reminder to licensees (including government and Public Safety) about the potential penalties for non-compliance:  “Operation in violation of the Commission’s rules may subject licensees to appropriate enforcement action, including admonishments, license revocation, and/or monetary forfeitures of up to $16,000 for each such violation or each day of a continuing violation and up to $112,500 for any single act or failure to act.”  Again – if you haven’t acted on this issue yet, now is the time to address it.

 L.R. Kimball works to stay at the forefront of this mandate and best practices in assessing and developing strategies for meeting the requirement while maintaining or improving system performance.  More information on the details of the narrowband mandate and areas to consider is available on the L.R. Kimball Resource Center, including the Guide to Narrowbanding White Paper. 

 Our firm offers a low cost, “Narrowband Health Check” service that allows you to engage the expertise needed to develop a high level assessment of your system and equipment, and an understanding of the potential changes and impact to your system that may need to be addressed.  To learn more, or to discuss a specific quote and proposal for a detailed assessment of the impact of narrowband on your system, please contact Kevin McGeary at (814) 867-4566 x3275.

NG9-1-1 Implementation: An Industry Snapshot

In late 2010, L.R. Kimball surveyed public safety organizations from New England to the west coast to gauge the status of NG9-1-1 implementation and identify areas of concerns among the organizations.  Survey findings revealed that an overwhelming majority of respondents have advanced to Wireless Phase II deployment status. However, even with this advanced technology, most struggle with response delays or misrouted responses due to GIS or other database problems.  

Other findings included:

• 74% of respondents are in the NG9-1-1 planning phase, with 13% at the implementation stage and 13% reporting no plans for NG9-1-1
• 87% of respondents are at a Wireless Phase II status for 9-1-1 centers
• 80% of respondents rank GIS data as a high or number one priority
• Of the respondents who experienced delays or misrouted response because of issues related to data, most of those issues involved in accuracies within the data, or incomplete or missing data within the GIS data
• Additionally, half of the respondents indicated that inaccurate GIS data or lack of regular GIS data maintenance concerned them the most when it came to GIS data
• Only 52% of respondents were aware of the NENA document entitled “Synchronizing Your GIS Data with Your MSAG and ALI Databases,” released in the fall of 2009 to assist 9-1-1 centers with improving data accuracy across existing 9-1-1 datasets. 
• Only 1 in 4 respondents have started to implement this synchronization across the datasets.

 These findings confirm what many in the industry have often assumed – although NG9-1-1 remains a national priority, communities and public safety organizations all across the nation have several operational considerations to plan for, including many related to GIS accuracy and maintenance. 

Managing & Storing NG9-1-1 Location Data

NG9-1-1 will be data-driven from beginning to end.  As a result, public safety organizations will need to review the way they manage and maintain GIS data. To ensure proper accuracy and maintenance, organizations need a roadmap that can guide them during the operational planning and budgeting process. 

There are four guidelines that agencies should keep in mind as they develop their roadmap:

• GIS data must be accurate
• Data maintenance is essential.  Address information can quickly become outdated and incorrect data can break down the call routing process. 
• Work together with network partners to develop and use standardized data. 
• Policy and governance coordination is key to ensuring GIS data accuracies. 

The Next Generation from L.R. Kimball

L.R. Kimball has been designing, consulting on and managing the development of emergency systems and networks for more than 50 years. This includes more than 20 years of experience developing and implementing comprehensive GIS data technology and collection methodologies.  Our staff members have helped agencies create policies and procedures, evaluate hardware and vendors, design networks, and develop and maintain data as communities move toward NG9-1-1. 

If you’re facing an NG9-1-1 challenge, be it operational, funding or data related, we encourage you to spend some time on our website, download our white papers or give us a call.  Click here to download our latest white paper, The Critical Role of GIS in NG9-1-1.

P3 Provides a New Approach to Student Housing

Across the country, colleges and universities are turning to an alternative approach for student housing.  The Public Private Partnership, or P3, approach joins a private developer with available funding with a higher education institution in need of additional housing.  Typically, the private developer funds, designs, constructs, and often manages, the facility for the college or university, thus enabling college resources to be used elsewhere. 

The benefits of this arrangement are far reaching.  First of all the college or university can retain their land and enter into a lease arrangement with the developer.  The institution is then able to accommodate enrollment growth without self-funding the project.  Finally, the project is usually delivered more efficiently and expeditiously by the developer, becoming available in a shorter time frame at less cost. 

Success of the project is measured by the strength and creativity of the team assembled for the project.  The P3 developer orchestrates the process and assembles the team of professionals which includes architects and engineers, a finance team and a management group.  This team must take a number of items into consideration including financing, branding and housing and residence life amenities.

L.R. Kimball has seen this trend take off in Pennsylvania and New Jersey and believes that it will continue to grow in popularity, allowing colleges and universities to fill their housing requirements in the most cost-efficient manner.  The firm has recently released a white paper dedicated to the considerations and steps a higher education institution should take when considering a P3 approach.  Download it now. 

Architecture & Social Media: Finding the Right Applications

By Mike Pappas

Well, I’ve been a little busy.  I have been testing the social media concepts outlined in my first blog and have some things to report.

The biggest issue I ran into is that many companies have policies regarding the use of social media software from the office.  For all of the right reasons, many companies prohibit use by employees so that the employee is not spending his or her day on Facebook or Twitter talking to their spouse or family when they are billing to a project.  So, getting permission to be connected is certainly an issue.  There are ways to deal with the issue, some of which I will outline in the conclusion to this posting.

Quickly, here are some social media tools and how they fared in my first attempt.  I divide them into passive -meaning things are posted and await participation by others, and active - where the participant is immediately informed that a communication need is active and live.

As you could imagine, active has its benefits, but also a couple pit falls.

Facebook: Facebook is a passive tool.  Things are posted more as a ‘…hey, look at me, I need to talk to you when you are ready, here is the problem…’ type of tool.  This could be very useful if a number of people need to participate and there are photos that all must review to be informed.  Again this has uses if timely responses are not necessary.  Post today and wait a few days for everyone to responds.

Tweets:  Tweeting is passive as well, though with smart phones, people who are connected will be beeped that there is an incoming communication on both Facebook and their Tweet page.  Communication will be back and forth and can be relatively immediate.  Therefore, this is a tool, that if used when other participants are connected, could help  resolve issues while on the site for a construction meeting.

Texting:  This is a more immediate tool, typically texts are a back and forth communication tool.  I have never attempted to include photos from the job site though I have done so in personal communications, so it would work though I did not test it for this effort.

Facetime: This is a fully active tool and incredibly useful for site work.  I was completely unaware of this software until I purchased my new iPhone.  This tool is like a phone call with a live recorder feed.  The new 4G phones allow the caller to either look toward themselves or away from themselves like a conventional video recorder.  This is incredibly useful when on a site trying to explain to someone in an office what they are looking at.  The only drawback is that it is not available at this time on PC… but if you have a Mac iPad or Notebook, you are good to go with an app called ‘fring’.  I haven’t used it though it is discussed on numerous blogs.  I don’t have an iPad or Notebook.

Skype:  This is also a fully active tool.  Just like Facetime, it allows you to communicate like a phone call with video.  I have Skype loaded as an app on my phone, though I haven’t used it to date.  I have a friend deployed overseas and will attempt using this once he is situated at a permanent base, just to see how well it works on my iPhone.

Conclusion: The biggest roadblock to using these softwares is company support.  It is difficult for companies, particularly in these trying fiscal times, to justify employees having these softwares on their company PC’s with the risk of having employees communicate with family and friends when they should be working.  There are a number of ways to get around this, a company could start a new section of their company Facebook or tweet page.  Tweeting and texting occur in offices anyway and an individual could ask other teammates if they had their own social media on their personal phone and if it would be acceptable to communicate using that tool if a problem arose on site that could be handled using a phone.

Finally, one aspect I touched upon in my previous blog post, is liability.  Sometimes answers deserve more consideration than what Facetime or Skype would provide, putting site personnel in a position where they could be compromised by trying too hard to solve the problem.  The site employee must have the experience to discern the difference. 

To sum up this blog, there is certainly a role for both passive and active format communication tools in offices.  There are ways around the liability issues, we have no choice but to find a way or continue to marginalize the difference we make for both our companies and our clients.  So many people use these social media networks today that implementation will occur in the very near future one way or another.  It would be best for companies to see social media for what it is.  Like BIM, it is another tool to make the design team more efficient, effective and, maybe more importantly, more relevant.

DB's Corner - Procurement Documents

 

 As referenced in the last issue of The Spec Den Blog, document types include construction documents, procurement documents, and contract documents; this entry attempts to describe procurement documents.  These documents are prepared by the Professional (Architect/Engineer/Landscape Architect) and used during the process of selecting a constructor.  In its simplest definition, to procure means ‘to obtain or receive’, which in our case relates to construction materials.  There are many different methods of construction procurement; however the three most common types of procurement are:  traditional design-bid-build; design-build; and management contracting.  Of these three, bidding is the most frequently used procurement process.

Considering bidding scenarios, the following are the most frequent ways for the Owner to receive a bid:

*  Closed, Selective, or Invited Bidding:   Method of competitive bidding where the Owner restricts those who are permitted to submit a bid.  The Owner, at its discretion, establishes a list of bidders to the exclusion of everyone else.  This method cannot be used on projects where financing occurs via public funding.

*  Open Bidding:   Method of competitive bidding where bids are received from all interested contractors, rather than from a select list of bidders privately invited to compete.  This procurement method generally involves advertising in local newspapers to legally notify contractors of the bidding process.  This is the process most frequently used on projects with public funding.

*  Two Step Bidding:   Method of competitive bidding procedure where bidders submit technical proposals in response to performance specifications.  Each bidder whose technical proposal is acceptable, then submits a sealed bid in accordance with normal bidding procedures. The government is one entity using this process.

*  Total Cost Bidding:   Method sometimes used for FF&E where the purchase price from the buyer is guaranteed and will not exceed a set maximum amount during a fixed period.  The equipment will be repurchased at a set minimum price when the original period ends.

But the question of this blog is what documents are used in the aforementioned bidding methodologies?  Bidding or procurement documents can be divided into 5 general components:  procurement requirements, contracting requirements, specifications, drawings, and resource materials.  Within each of these general components are the following elements:

*  Procurement Requirements:  ‘Solicitation’ (Advertisement for Bids, Invitation to Bid, Request for Proposals); Instructions for Procurement (Instructions to Bidders, Procurement Meetings); ‘Available Information’ (Existing Condition Information, Environmental Assessment Information, Geophysical Data, Geotechnical Data); ‘Procurement Forms and Supplements’ (Bid Forms, Bid Supplement Forms such as Allowance Form, Unit Prices Form, Alternates Form, and Wage Rates Form); and ‘Representations and Certifications’ (Bidder’s Qualifications, and Non-Collusion Affidavit).

*  Contracting Requirements:  ‘Contracting Forms and Supplements’ (Agreement Forms) Project Forms (Bond Forms, Certificate of Insurance, Schedule of Values Form Request for Interpretation Form, Change Order Form, and various Closeout Forms), ‘Conditions of Contract’ (General Conditions and Supplementary Conditions), and ‘Revisions/Clarifications/Modifications’ (Addenda, Record Clarification and Proposals, and Record Modifications such as Change Orders).

*  Specifications:  General Requirements (Division 01), Facility Construction (Divisions 02 - 19), Facility Services (Divisions 20 - 29), Site and Infrastructure (Divisions 30 - 39), and Process Equipment (Divisions 40 - 49).

*  Drawings:  For all contracts relative to the project.

*  Resource Materials:  These include any other type information needed to completely describe the Work so that constructors can adequately prepare their bid or proposal for the Owner’s consideration. Examples could be Owner’s Record Drawings of an existing building and/or of a previous construction phase.

 “BIDDER has examined copies of all the Bidding Documents.”  This statement that might be observed on a Bid Form raises another question that comes to mind relating to proper terminology used throughout the project manual: Should the words Procurement Documents, Bidding Documents, or something else be used in the Procurement and Contract Requirements?  MasterFormat 04, a publication from the Construction Specifications Institute (CSI), identifies recommended names and numbers of Documents and Specifications used in the project manual.  While the previous edition, MasterFormat 95, to my recollection used the term Bidding Documents, its 2004 replacement generally uses the term Procurement Documents.  MasterSpec, as prepared by Arcom, typically uses the term Procurement instead of Bidding.  The following illustration is a Paragraph from MasterSpec’s Document 001116 - Invitation to Bid:

“Printed Procurement and Contracting Documents: Obtain after <Insert date> by contacting <Insert Owner, Architect, or reprographic house address>.  Documents will be provided to prime bidders only; only complete sets of documents will be issued.”

 Is there a ‘right way’, a ‘wrong way’, or a ‘better way’ when referring to Procurement Documents throughout the project manual?  My interpretation is to use the term Procurement Documents.  This is an issue that I will continue to research and discuss with others who are specification writers and users of these Documents.

 Next Blog:  Contract Documents.

Marcellus Shale Economic Impact is Hot Topic for PA Legislators

L.R. Kimball Staff Members Speak to Pennsylvania Legislature About Marcellus Shale Economic Impact

In early June, L.R. Kimball Vice Presidents for Business Development, Dave French and Tanya McCoy-Caretti testified at a public hearing on the impact of Marcellus Shale drilling in Pennsylvania.  The hearing was held in South Park, PA, and was sponsored by the Joint Legislative Air and Water Pollution Control and Conservation Committee.  Opening remarks were made by State Representative Scott Hutchinson of Jefferson County, the Committee Chairman. 

According to Rep. Hutchinson the hearing was held as part of an effort by state lawmakers to gather up-to-date information about the variety of effects the growing Marcellus Shale drilling industry has on communities in Pennsylvania. 

French and McCoy-Caretti spoke about how Marcellus Shale exploration and drilling could affect businesses that are not directly tied to the oil and gas industry, such as municipalities and local governments, airports, developers and transportation agencies.  Presentations were also given by the Penn State University Cooperative Extension Office, Pennsylvania County Commissioners Association, Allegheny County Health Department and H20 Resources, Inc.

L.R. Kimball VP Receives Honorary Doctorate Degree

Charles (Chuck) Pryor, Vice President, Business Development, was awarded a Doctor of Humane Letters, honoris causa, at the California University of Pennsylvania graduation on May 7, 2011. Chuck was honored by University President Dr. Angelo Armenti, Jr. for his 40 years of service to the University and his distinguished 37 years career in the construction and architectural/engineering industry.

 
 
Chuck has been with L.R. Kimball for the past 10 years and has been recognized as one of the company’s top talent by earning “Eagle Squadron” recognition in 2008. He specializes in public assembly, sports, higher education, federal, correctional, land development, transportation and civil/environmental projects. L.R. Kimball has partnered with the University on numerous projects including the $60 million, 6000-seat Convocation Center scheduled to open this fall.

A 1973 graduate of California University, Chuck earned a bachelor’s degree in liberal arts while playing baseball for the Vulcans. He won three varsity letters and was named captain of the 1973 baseball team. He and his wife Marianne Finley Pryor ‘72 ’73 support the Pryor-Finley Family Athletic Scholarship, “paying it forward” by providing scholarships for deserving student-athletes.

Chuck joined the board of directors for the Foundation for California University of Pennsylvania in 1989. He served as a member and Vice President until 1997, when he began a four-year term as Foundation President.    

In addition, Chuck has served the community as chairman of the board for the Private Industry Council of Washington, Pa; vice chairman of the board for the Pitt Ambassadors; board member for Community Action South West, the Greater Washington Area Chamber of Commerce and the Master Builders Association of Western Pa.; Joint Apprenticeship Committee; and former member of the California State College Athletic Council.

Congratulations, Chuck! 

The Albatross of Marcellus Shale Drilling

by... Scott Roberts

When I was in seventh grade, I read Samuel Taylor Coleridge’s ‘Rime of the Ancient Mariner’.   More precisely, my seventh grade English teacher made me read it.    Poems from the late 1700’s are rarely the reading of choice for 12 year old boys.    But, since I still remember it 45 years later, I’ll give that teacher kudos for making me read it.  If you haven’t read it, you still may know of it.  Two of Taylor’s creations are familiar to this day --and both come to mind as I read news stories about Pennsylvania and the development of the Marcellus Shale.  They are the verse ‘Water, water everywhere nor any drop to drink’ (I learned the hard way that the correct word is ‘nor’ vs. ‘not’) and the cliché of having an albatross hung around ones neck.

Coleridge’s Mariner kills an albatross and his shipmates -- believing he killed their good luck charm-- hang the bird’s corpse around the mariner’s neck.  Rhetorically, the opponents of Marcellus development hang the orange water of Pennsylvania’s historic mine drainage problem around the neck of the modern gas industry.  Recently the media has been reporting concerns from stakeholders such as this one: "Everybody testifies there's never been an incident [of drinking water contaminated by fracking] but we haven't done it in this geology, and it's not 25 years from now. Nobody had ever found acid mine drainage in the first 25 years of coal-mining, either. Some of this stuff takes time."  This argument is, like the albatross -- just superstition. 

Mine drainage is the result of a naturally occurring chemical weathering process, the oxidation of pyrite.  Early settlers in Western Pennsylvania named plenty of places ‘Yellow Creek’, ‘Redstone’ and ‘Sulfur Run’.  When rock is broken, as it by mining but also by any kind of earth moving including road construction (remember I-99) or landslides, exponentially more surface area is exposed to weathering.  When the rock contains pyrite, then it is the pyrite that is attacked; and to compound matters, a bug called Thiobaccillius Ferroxidans, will make the rubble its home and catalyze the reaction.  The oxidation of pyrite releases energy versus consuming it (known as an exothermic reaction), so once it starts, it keeps going on all by itself. 

In contrast is Pennsylvania’s historic oil and gas industry.  Go ahead and Google old photos from Titusville and Oil City.  And look closely at them.  You’ll see oil and brines flowing away from the wells into the region’s rivers.  Then, Google photographs of Drake Well State Park or other places in the region today.  They’re green, lush, and full of wildlife and home to many Pennsylvanians.  The old time pollution was not cleaned by industry, nor by the local citizens, nor by some government agency.  Instead, it was, (completely the opposite to the formation of mine drainage) naturally remediated by chemical weathering processes.  Since the exploration and production of oil and gas doesn’t unleash a self-perpetuating chemical reaction, any pollution created is finite. 

While I remember ‘Rime’ it is far from my favorite poem—which is Rudyard Kipling’s ‘If’.  The albatross reminds me of the verse in ‘If’ about truth being ‘…twisted by knaves to make a trap for fools…’   It’s time we lift the rhetoric off from the neck of this debate, and start talking facts.