Policy Area 2: Security Awareness Training

This month’s Criminal Justice Information Services (CJIS) Security Policy blog looks at Policy Area 2 – Security Awareness Training. In CJIS Security Policy version 5.1 we find an increase in requirements for awareness training that was brought forward from version 5.0 but not found in previous versions, where only record keeping was addressed. The updated requirements focus on content of training and levels of training dependent upon a person’s level of access to Criminal Justice Information (CJI).

Awareness Topics

Before discussing the content of training, the security policy requires basic security awareness training within six months of initial assignment for personnel who are able to access CJI. Further training is required every two years. If training is accepted from another agency, such training must also meet CJIS requirements.  Security awareness training must include specific information for the following groups:

  Ø  All personnel

  Ø  Personnel with physical and logical access

  Ø  Personnel with information technology roles

All Personnel – At a minimum, the following topics must be addressed as baseline security awareness training for all authorized personnel with access to CJI:

1. Rules that describe responsibilities and expected behavior with regard to CJI usage
2. Implications of noncompliance
3. Incident response; points of contact and individual actions
4. Media protection
5. Visitor control and physical access to spaces; applicable physical security policy and procedures, e.g., challenge strangers, report unusual activity
6. Protect information subject to confidentiality concerns; hardcopy through destruction
7. Proper handling and marking of CJI
8. Threats, vulnerabilities, and risks associated with handling CJI
9. Dissemination and destruction

 

Personnel with Physical and Logical Access – In addition to baseline training for all personnel, the following topics, at a minimum, must be addressed as baseline security awareness training for all authorized personnel with both physical and logical access to CJI:

1. Rules that describe responsibilities and expected behavior with regard to information system usage
2. Password usage and management; including creation, frequency of changes, and protection
3. Protection from viruses, worms, Trojan horses, and other malicious code
4. Unknown e-mail and attachments
5. Web usage; allowed versus prohibited, monitoring of user activity
6. Spam
7. Social engineering
8. Physical security; increases in risks to systems and data
9. Media protection
10. Handheld device security issues; address both physical and wireless security issues
11. Use of encryption and the transmission of sensitive and confidential information over the Internet; address agency policy, procedures, and technical contact for assistance
12. Laptop security; address both physical and information security issues
13. Personally owned equipment and software; state whether allowed or not, including copyrights
14. Access control issues; address least privilege and separation of duties
15. Individual accountability; explain what this means in the agency
16. Use of acknowledgement statements; passwords, access to systems and data, personal use and gain
17. Desktop security; discuss use of screensavers, restricting visitors’ view of information on screen, e.g. mitigating “shoulder surfing”, battery backup devices and allowed access to systems
18. Protect information subject to confidentiality concerns; in systems, archived, on backup media, and until destroyed
19. Threats, vulnerabilities, and risks associated with accessing CJIS service systems and services

 

Personnel with Information Technology Roles – In addition to baseline security for all personnel and personnel with physical and logical access, the following topics at a minimum must be addressed as baseline security awareness training for all information technology personnel, e.g. system administrators, security administrators, network administrators:

1. Protection from viruses, worms, Trojan horses, and other malicious code to include scanning and updating definitions
2. Data backup and storage; centralized or decentralized approach
3. Timely application of system patches; part of configuration management
4. Access control measures
5. Network infrastructure protection measures

 

Security Training Records

The policy standards pertaining to security training records remain relatively the same as in earlier versions. One rule which has been added requires security training records to be maintained by the CJIS Systems Officer (CSO)/State Identification Bureaus (SIB)/Compact Officer. The policy also states that maintenance can be delegated to the local level.

 

Summary

The Security Awareness Training section of the CJIS Security Policy has become more robust with recent versions. The content of baseline training is very specific and is cumulative, commissariat with increased access and roles of responsibilities for maintaining the security of CJI. Timeframes for training are in effect for initial training as well as additional training every two years. Training records must be maintained by the proper authority.

 

Next Blog

Policy Area 3. Incident Response. This area addresses the capability to detect and address a security incident. Increased mandates are added to include reporting, addressing weaknesses, and the processes in place. Formal responsibilities are added as are mandates for monitoring and incident response training. Join us next month to learn more about the increased mandates for incident response.

Homeland Security Grant Funding & City of San Diego

In the post 9/11 world, many urban areas in the United States received Homeland Security Grant Funds.  In order to prioritize the investment of those funds on the most critical gaps in their security strategy, the San Diego urban area created an advisory council with a balanced approach between fire services, law enforcement and emergency managers.  This Regional Technology Partnership Advisory Council (RTP) further identified a need to provide project management to support implementation of large complex regional projects. In order to fill this need for project management, the San Diego urban area, through the City of San Diego Office of Homeland Security,  acquired consulting services through a competitive procurement to support the implementation of regional technology projects. L.R. Kimball was awarded the contract to provide these services.  Consulting services include overall program management, GIS project management, Computer Aided Dispatch interoperability project management, interoperability communications planning and an emergency fire communications center study. The ability to acquire on-board consulting services in cooperation with the RTP through an approved contract allows regional UASI projects to move forward more quickly compared to the often long and complex procurements.

Kimball Actively Preparing Staff for Full Client Support on the State & Local Implementation Grant Program (SLIGP)

Kimball has been actively preparing our staff to support clients in preparing the grant applications, and as we announced last year, we established the Kimball Broadband Evolution Support Team (BEST) in anticipation of planning activities states are expected to perform under the SLIGP program.

 

 State and Local Implementation Grant Program (SLIGP); Supplemental Application Narrative

1. Existing Governance Body

 

a. Describe the organizational structure and membership of the existing Statewide Interoperability Governing Body (SIGB), or its equivalent, that is responsible for public safety communications in the State.

 

b. Describe the SIGB’s authority to make decisions regarding public safety communications and how these decisions are implemented.

 

c. Describe how the State will leverage its existing SIGB, or its equivalent, to coordinate the implementation of the Public Safety Broadband Network (PSBN) in the State.

 

d. How does the State plan to expand its existing SIGB to include representatives with an understanding of wireless broadband and Long Term Evolution (LTE) technology in order to facilitate its consultations with FirstNet?

 

e. Does the State currently dedicate sufficient financial resources to adequately support the SIGB? Does the State intend to invest funds received from SLIGP to financially support the SIGB? If so, provide the amount the State expects to request and describe the SIGB functions that these funds will support.

 

2. Statewide Communications Interoperability Plan (SCIP)

 

a. Are there existing strategic goals and initiatives in your SCIP focused on public safety wireless broadband? If so, what are they?

 

b. Describe how the State has engaged local governments and tribal nations, if applicable, in public safety broadband planning activities that have been completed to date.

 

c. Does the State intend to use SLIGP funding to support efforts to update the SCIP by adding public safety wireless broadband strategic goals and initiatives? If so, provide the amount the State expects to request and describe the activities that these funds will support.

 

3. State-level Involvement

 

a. What is the status of the Statewide Interoperability Coordinator (SWIC) for your State? Does this person work full-time in the SWIC capacity? How will this person be involved with SLIGP?

2

 

 

b. How will the State’s Chief Information Officer/Chief Technology Officer be involved with SLIGP and with activities related to the implementation of the nationwide public safety broadband network?

 

c. What other State-level organizations or agencies will be involved with SLIGP?

 

d. What are the specific staffing resources the State requires to effectively implement the consultation process with the First Responder Network Authority (FirstNet) and perform the requirements of SLIGP? If the application requests funding for additional staffing, provide the amount the State expects to request and describe the positions these funds will support.

 

e. How is the State engaging private industry and secondary users (e.g., utilities)?

 

4. Coordination with Local Government Jurisdictions

 

a. Describe the local government jurisdictional structure (e.g., municipalities, cities, counties, townships, parishes) located within the boundaries of the State, Commonwealth, Territory, or District applying for a grant. How many of these local jurisdictions exist within the State’s boundaries?

 

b. Describe how your State will involve these local jurisdictions to ensure there is adequate representation of their interests in the FirstNet consultation and in the planning and governance for SLIGP.

 

c. Describe past methods the State has used to successfully coordinate state-wide projects or activities with local government jurisdictions.

 

d. What have been some of the State’s primary challenges when engaging with local jurisdictions? What are some of the strategies that the State will employ to overcome these challenges during implementation of SLIGP?

 

5. Regional Coordination

 

a. Does your State have intrastate regional committees that are involved with public safety communications? If so, please describe their organizational structure and membership and how they provide input to the SIGB.

 

b. Describe any interstate regional bodies in which your State participates that are involved with public safety communications in the State.

 

c. How does the State plan to engage and leverage these existing regional coordination efforts in the nationwide public safety broadband network planning?

If you’d like help developing your responses to the many questions required for the grant application, Kimball’s BEST team is ready to get engaged immediately – contact us at communications.technology@lrkimball.com

CJIS Security Policy Version 5.1

Introduction

The past few years have marked a significant change to the Criminal Justice Information Services (CJIS) security requirements with the release of version 5.0 in 2011 and the requirements further refined in version 5.1 released in 2012.  In response, we are launching a series of security blogs which examines CJIS Security Policy version 5.1 and in particular, Section 5, Policy and Implementation.  

 

The CJIS Security Policy is indented to provide the appropriate controls necessary to protect Criminal Justice Information (CJI), while in transit and at rest (storage). Keeping in mind, transit includes the full network path which CJI travels, and storage includes electronic storage such as a server, as well as printed copies of protected information. CJIS Security Policy, version 5.1states:

 

The CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI data. This policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operate in support of, criminal justice services and information.

 

Please note: the author of this blog is not associated with CJIS or the FBI, and holds no claim to being the authority on CJIS compliance or audits. This blog series is strictly an informational view of the policy to provide readers with the opportunity to review each section, grow in their understanding of the policy meaning, and provide a format to highlight the increased security requirements.

 

Series Focus

Our focus for the series will be Section 5 – Policy and Implementation. This section is divided into 12 policy areas as follows:

1. 1.     Information Exchange Agreements
2. 2.     Security Awareness Training
3. 3.     Incident Response
4. 4.     Auditing and Accountability
5. 5.     Access Control                                                                          
6. 6.     Identification and Authentication
7. 7.     Configuration Management
8. 8.     Media Protection
9. 9.     Physical Protection
10. 10.   System and Communications Protection and Information Integrity
11. 11.   Formal Audits
12. 12.   Personnel Security

Each month, this blog will focus on one of the twelve policy areas, providing information and insight to assist with meeting the goals of the policy. Although our series focus begins with Section 5, Policy and Implementation, readers are encouraged to become familiar with the entire policy which also addresses roles and responsibilities.

 

Summary

As we journey though CJIS Security Policy version 5.1 section 5, we will examine the major changes to the requirements for receiving and storing Criminal Justice Information. Reminder, the author is not an authority, just a security professional with the desire to assist readers in their understanding of the new, and much more stringent, security measures required by the CJIS security policy.

 

Next Blog

Our first policy area will be Information Exchange Agreements, where we will explore the increased requirements that became mandatory as of 2011 and 2012.  Expanded security measures for this section include areas from information exchange to outsourcing to incident reporting. Please join us next month as we venture forward with CJIS Security Policy version 5.1.

Are you interested in becoming an Emergency Number Professional?

Are you interested in becoming an Emergency Number Professional? L.R. Kimball is once again offering an ENP Study Group to help you prepare for NENA's April exam. Topics to be covered include telephony, radio, PSAP infrastructure, and Human Resource issues. Sessions start February 11. Schedule, topics, and call-in details sent upon registration. Sharon Counterman will be your study group leader.

http://www.lrkimball.com/forms/study-groups/enp-sign-up.aspx

 

ENP Online Book

FirstNet and Related Activity Continues

Comments Submitted on FirstNet Architecture, FirstNet Board Meeting Schedule Announced, NTIA Creates Office of Public Safety Communications

Over 130 parties submitted comments in response to the NTIA’s Notice of Inquiry (NOI)  concerning the conceptual network architecture of FirstNet that was presented at the initial FirstNet Board meeting (http://kimball.typepad.com/lrkimball/2012/09/firstnet-board-meeting-reveals-strategy-for-development-of-nationwide-psbb-network.html ).  Responses, inputs and recommendations relative to the proposed architecture and approach put forth so far, vary widely.  Responders included vendors, user community, integrators, industry and Public Safety organizations, and carriers.  The responses can be viewed or downloaded at the NTIA’s web site:

http://www.ntia.doc.gov/federal-register-notice/2012/comments-nationwide-interoperable-public-safety-broadband-network-noi

 

We would expect some discussion of these inputs, and a further update on the status of FirstNet activities to take place at the board’s next meeting.  NTIA has announced the schedule for upcoming open public meetings of the FirstNet Board.  The meetings will be held on December 11, 2012; April 23, 2013; August 13, 2013; and October 15, 2013, from 9 a.m. to 12:30 p.m. Eastern Time in Washington, D.C. Additional meetings will be held February 12, 2013, and December 17, 2013 in Boulder, Colorado; and June 11, 2013, in San Francisco, California.  The detailed announcement, with information on accessing the meetings via webcast, is posted on the NTIA’s web site at:  http://www.ntia.doc.gov/federal-register-notice/2012/first-responder-network-authority-board-meeting

 

In a related matter, information released by NTIA indicates they have formed a new Office of Public Safety Communications tasked with overseeing the State and Local Implementation Grant Program, this is the $135M funding targeted to help state, local and tribal governments plan for the deployment of the nationwide public safety broadband network.  The new NTIA office will be charged with assisting FirstNet with procurement issues.  Information released on this move indicates Stephen Fletcher, most recently the state of Utah’s CIO, will lead the newly formed department, and  Laura Pettus, a program manager with NTIA previously supporting the PSIC Grant program, will be the deputy chief.  In a presentation on the State and Local Implementation Grant program given by Ms. Pettus in August, she indicated the Notice of Funding Availability and full program details would be released in First Quarter of 2013.

UPDATE – NTIA Releases Notice of Inquiry on FirstNet

UPDATE – NTIA Releases Notice of Inquiry on FirstNet proposed approach As was indicated by the FirstNet Board during their initial meeting (and summarized below), NTIA released the Notice of Inquiry earlier this week seeking comments on the conceptual design approach presented at the meeting. Comments must be received no later than Nov. 1, 2012 at 5:00 p.m. Comments can be emailed to firstnetnoi@ntia.doc.gov or submitted by mail. The NOI also seeks comment on the general concept of how to develop applications for public-safety users as discussed at the FirstNet board meeting. The formal notice as posted in the Federal Register can be found at

http://www.ntia.doc.gov/files/ntia/publications/firstnet_noi_10042012.pdf

FirstNet Board Meeting Reveals Strategy for Development of Nationwide PSBB Network

The initial meeting of the FirstNet board of directors today (Sept. 25, 2012) provided the first insights into the board’s proposed approach to development and build-out of the FirstNet Nationwide Network (FNN).

After swearing in of the Board they immediately worked their way through a number of resolutions.  These included resolutions adopting Bylaws, and show of support for standards, FCC actions for assignment of the Public Safety broadband spectrum, and an NTIA Service Level Agreement to supply administrative, technical, staffing and various other resources as requested by FirstNet.  To address the legislative mandate that the Board actively consult with and seek inputs of the Public Safety user community, the Board passed a resolution calling for members of SAFECOM to serve as the public-safety advisory committee for FirstNet. Under this resolution, Board chairman Sam Ginn will work with the Department of Homeland Security to select the advisory committee members, and with the FirstNet board to choose the committee’s chairman and vice chairman.

Chairman Ginn emphasized several times during the course of the meeting the need for input, mandated or not, but also noted the Board had a job to do and planned to move forward on development of the network:

“We need you to be communicating with us your thoughts and ideas. But you need to do that in a timely basis, because I think you have understood from this meeting that we are going to take this project with a sense of urgency, and we’re going to run with it. We’d be happy to have you comment and help us along the way, but we have a sense that we have a mission here and we’re going to get it done.”

The indication to moving forward with some sense of urgency, and the potential timing of the first deployments of the network presented by Board member Craig Farrill is in some contrast with the five-year timeline the NTIA discussed in their announcements in August on the State and Local planning-grant program, tied to planning for FirstNet.

Farrill presented a fairly detailed overview of the FirstNet Boards conceptual Network Architecture approach.  The presentation explained that build-out of an entirely new Public Safety broadband infrastructure was likely to be impractical from a cost standpoint, and this approach does not meet the mandates of the legislation to leverage to the extent possible, existing resources. Rather, the Board intends to pursue an approach that will leverage the existing US wireless mobile communications wireless infrastructure. With over 285,000 existing Radio Access Network (RAN) sites and associated backhaul already installed by various Mobile Network Operators (MNO’s) such as Verizon, AT&T, Sprint and others, leveraging this infrastructure will allow the fastest deployment of a redundant, and wide coverage PSBB network.

Based on the proposed architecture and approach that Farrill presented during the meeting, he indicated that deployment of the network could begin in 2013 or 2014.

     

 

 

 

 

 

 

FirstNet Conceptual Architecture – Multiple Terrestrial Partners
(from Craig Farrill presentation 9/25/12)

The conceptual design presentation indicated that a Distributed core would be established for the FNN, housed across multiple hardened and secure locations to provide redundancy.  The distributed Core would be comprised of two major elements – the LTE  Enhanced Packet Core (EPC) which provides the switching, core routing, user database and management services for the network, and the Service Delivery Platform (SDP) where applications including support for voice, PTT, video, etc. would reside and be managed.

Farrill described what was termed a “three-in-one” approach to achieving RF coverage for the LTE network. The first dimension and primary terrestrial based coverage approach would leverage the RAN sites and backhaul networks that have been constructed by MNO’s across the country.  FirstNet would pursue agreements with MNO’s to connect their existing LTE sites into the FNN Core, allowing FirstNet to fairly quickly begin offering Public Safety Broadband services.  At the same time, FirstNet would begin deploying Band Class 14 (the dedicated 20 MHz Public Safety allocation) RAN equipment at these sites.  As the Band Class 14 RAN comes online, day-to-day capacity and Public Safety traffic would utilize this spectrum, which would be managed for Public Safety’s prioritization and needs.

In order to create redundancy and the most robust network approach and achieve the coverage goals of Public Safety, the FirstNet board envisions pursuing agreements with multiple MNO’s, even in the same geographic areas.  That is, agreements might ultimately be in place in some areas with as many as 3 to 6 MNO’s, each integrated into the FirstNet core and adding Band 14 coverage alongside their respective existing spectrum.

Farrill also noted the Board plans to monitor the level of coverage they achieve for LTE at a county level across the entire country.  He noted there are 3,030 counties in the continental US, and that they plan to develop some means of tracking the degree of coverage achieved in each – regardless of population. 

The second dimension of the conceptual design approach is satellite based coverage.  Much like the approach for terrestrial base coverage leveraging existing network infrastructure and agreements with network operators, the Board envisions development of agreements for service with multiple satellite providers for broadband coverage in areas and situations where the terrestrial coverage is impractical or perhaps out of service.

The third dimension of the “three-in-one” approach to the overall FNN is deployable sites and self-contained LTE systems, such as a “Cell on Wheels” or a “System on Wheels”.  These tools, utilizing Band 14 RAN equipment would be utilized to enhance coverage and capacity, deployed as-needed for special events, disasters, and similar scenarios.

 

 

 

 

 

 

 

 

Illustration of FirstNet Conceptual Architecture Three Dimensions of Coverage
(from Craig Farrill presentation 9/25/12)

 

There was also a discussion on applications, and the Board’s interest in establishing a certification process.  Board Chair Ginn indicated his anticipation that developers will begin working on app’s for Public Safety use on the FNN, much like app’s are available for commercial use and download.  He noted the hope that innovators and creative programmers would develop a wide range of programs and app’s that can be supported by the network, and that could be made available to users anywhere in the country. 

Chairman Ginn indicated the Board plans to investigate further how to approach this concept, potentially bringing in people who understand how to develop the concept and enable the approach to supporting app’s, identify if any issues or roadblocks, etc.

The meeting was wrapped up with the indication the Board understands there will be a variety of opinions and inputs from user community and others and they welcome those and are open to other better ideas.  At the request of the FirstNet board, the NTIA indicated they plan to “very quickly” seek comments on the presentations in a notice of inquiry, according to an NTIA spokeswoman.

Copies of each of the Resolutions adopted by the Board, and the presentation on the Conceptual Network Architecture can be viewed on the NTIA’s web site at http://www.ntia.doc.gov/other-publication/2012/firstnet-board-actions-09252012

Incident Response and Planning

by Lori Kleckner

We are at the final section of the NENA Next Generation Security Standard (NG-SEC). Our topic is Incident Response and Planning. Although most emergency call centers do well to respond to physical incidents, responding to cyber incidents is still an area in need of attention.

In regards to cyber security, an Incident Response Plan should include details how an organization will respond to a computer security incident. Examples of incidents include:

• Malicious code – a virus, worm, Trojan horse or other harmful code-based activity 
• Hacking – unauthorized access to systems
• Critical service outages – failure of power, network, phones or other vital services
• Denial of service – attack that prevents or impairs authorized use of systems by exhausting resources

Although incidents such as critical service outages may not be a result of a cyber attack, such reasoning should be considered when investigating the source of the outage. Your facility may not have been the intended target, but collecting information from your environment may assist a wider investigation into the incident. To be prepared for any attack, a sound method must be in place.

The Process

 Plan – an orderly process with defined expectations. This plan should detail what to look for, what to do and assign responsibility for each task. Keep in mind; it is more cost effective to prevent an incident than bear the consequences. Once a solid plan is in place, activities should focus on:

Detect – through monitoring and established thresholds for automated alarms and notification. Partner with organizations that provide warning of impending and recently occurring security incidents which may impact your environment.

Respond – efficient and effective response to early signs of malicious activity and during an actual incident. Responding to security incidents is an important part of an effective IT security program. Rapidly detect incidents to minimize loss and destruction as well as restore service.

Report – techniques are followed to assure all information has been captured and disseminated to the appropriate authorities. The NG-SEC standard provides a template for information to collect and report.

What to Look For

Terms such as events and incidents are utilized to identify activities. Events are any observable occurrence in a system or network. Some events may appear to be unusual, but are determined to be normal activity. However, adverse events are incidents that cause a negative consequence, such as system failure, unauthorized use of system privileges or loss of data. An incident is a violation or imminent threat of violation of security policies or standard security practices.

Examples are: 

• An email attachment that infects the network computers
• An employee providing illegal copies of software through peer-to-peer file sharing originating on a workstation 
• A botnet sending high volumes of connection requests to a web server, causing it to crash

Any unauthorized attempt to leverage access to a system, e.g. network, server, workstation, software or data, is considered a security incident. It is understood that a security violation may and often will fall under the purview of authorities such as the police, FBI or other law enforcement agencies.

What to Do

In accordance with NG-SEC, the process for identification and reporting security incidents shall: 

Contain the incident and minimize the loss or compromise of information assets

• Isolate the system as much as possible, e.g. disconnect from the network 
• Initiate Business Continuity or Disaster Recovery plan if needed

Enable the initiation of the appropriate legal process

• Approach each suspect event as though it may be a security violation
• Gather and preserve evidence
• Provide evidence and evidence analysis to appropriate authorities

Process requests for security related information

• Establish a person to lead communication requests both to and from your organization
• Utilize appropriate channels to communicate information regarding the incident
• Practice notification procedures to assure names, phone numbers and email addresses are valid

Correlate activity with other incidents to allow for coordinated action and to prevent duplicated efforts

Establish procedures to update or repair functionality utilized to propagate the incident

Gather statistics for identifying trends and development of security measures to counteract vulnerabilities

Establish methods and notification procedures, e.g. alarms to warn of possible malicious activity

Improve procedures and guidelines

• Review effectiveness of incident handling
• Recommend changes to prevent and protect against future incidents

Recommend priorities and how to react to circumstances

• Quicker and more efficient
• Reduce cost, duration and business impact
• Establish Service Level Agreements for out-sourced processes

Summary

Responding to an incident begins with planning. A well thought out process to detect, respond and report is essential. Monitoring can provide warning of malicious activity as it begins and will ideally be mitigated before it has the opportunity to escalate into an incident. Knowing what to look for and what to do when faced with a cyber security incident will reduce system outages and the costs associated with a security breach. NG-SEC Appendix 1: Incident Response Planning provides sample plans, forms and other information to assist with these processes.

Our next blog will recap the key points throughout our journey of the ten sections of NG-SEC.

L.R. Kimball Announces Formation of Public Safety Broadband Evolution Support Team (BEST)

L.R. Kimball today announced the formation of a specialized team, focused on supporting clients in all aspects of Public Safety Broadband planning, network design, applications and grants and funding pursuits.  The firm’s Broadband Evolution Support Team (BEST) will be made up of L.R Kimball’s in-house staff of experts and select industry partners, covering nearly every aspect of end-to-end public safety communications systems.

L.R. Kimball’s team members have expertise in public safety and government communications, radio engineering and information technology, FCC licensing and spectrum planning and public safety operations.  In addition, a number of the firm’s professionals have direct operations and management experience in government and the public safety industry, developing governance, operating structures and funding approaches.  This insight and experience provides a unique understanding of the requirements, operating environment, applications and capabilities needed by public safety broadband system users.  Equally important, the Kimball BEST staff  can provide clients with an understanding of not only the technical aspects of an decision, but a first-hand understanding of operational and, sometimes, political aspects of potential changes that might result from a recommended course of action. 

L.R. Kimball’s BEST staff includes experts who supported previous relevant client projects such as:

Successful NTIA BTOP Grant Program Applications for Pennsylvania, West Virginia, Vermont Telecommunications Authority and New Jersey (one of 7 Public Safety LTE project awards in the country)

LinkAMERICA Alliance Broadband Mapping - as part of the LinkAMERICA Alliance, L.R. Kimball is working through CostQuest Associates to implement the NTIA awarded State Broadband Data and Development projects for four states:  Alabama, Idaho, Wisconsin and Wyoming. 

Oklahoma Statewide Public Safety LTE Assessment –L.R. Kimball was engaged by Oklahoma to identify and asses existing radio communications infrastructure and resources in the state and provide recommendations to leverage these investments to upgrade government and public safety communications in the state.  L.R Kimball’s team completed a parallel analysis of need, conceptual design and budgetary cost estimates for an LTE infrastructure sharing the same backbone and sites as the land mobile radio network.

L.R. Kimball’s BEST staff is already actively engaged in monitoring and analyzing information being released as a result of the passage of HR 3630, by NTIA, the FCC and the Public Safety community.  Kimball’s BEST team is fully prepared to support clients in understanding the provisions of HR 3630 and the National Public Safety Broadband Network approach.  In particular, Kimball’s complete suite of capabilities and the BEST staff will bring clients all of tools needed to address the anticipated requirements of the State level Broadband Plans, including:

• Document and Inventory existing resources such as Tower sites, Microwave and Fiber Connectivity, etc.
• Interactive Mapping and Display of Resources and Networks
• Conceptual System Design and Cost Estimates
• Opt-in/Out Analysis
• Sustainability and Business Case Analysis
• Governance and Operating Model Approaches
• Application and Use Case Assessments and Recommendations
• Procurement Support
• Project Management and Implementation Support Services

 

For more information on the services supported by the L.R. Kimball Public Safety Broadband Evolution Support Team, contact:

 Kevin McGeary

(814) 867-4566 x3275

 

Background:

L.R. Kimball is one of the nation’s largest engineering/architecture/consulting firms and is the infrastructure business unit of CDI Engineering Solutions listed as #12 on Engineering News Record’s list of “Top 50 Telecommunications Firms.  Headquartered in Pennsylvania since our founding in 1953 as a civil engineering firm, L.R. Kimball has evolved into a contemporary, multifaceted full-service solution provider.  The firm is nationally recognized and serves clients from its ten regional offices across the United States.

 

The BEST is organized under L.R. Kimball Communications Technology Division, already supporting hundreds of Public Safety clients in NG9-1-1, Dispatch Operations and Staffing, Automated Systems, Radio and Wireless, GIS/Mapping, and Government and Regulatory Services.