The decentralized future of security

Perhaps the very idea of the Dept. of Homeland Security is wrong. Perhaps, rather than trying to force myriad agencies into a single reporting protocol, standards-based security meshes can make cross-agency communication a natural activity.

Gary Wolf in the December Wired wrote an article called "Reinventing 911," which is definitely worth a second look, or a first look if you missed it in the flood of holiday junk mail. Here's the basic idea, as voiced by Art Botterell, author of a disaster alerting system called  Common Alerting Protocol:

The focus in homeland security is on the idea of America as an invincible fortress," he told me later. "Most of the effort goes into prevention, law enforcement, and the military. But those of us in emergency management tend to think, 'Well, stuff happens. So, what are you going to do about it?'

If you took an emergency response approach to the problem of homeland security, you would build systems that allow responders and agencies to talk quickly and easily. Doing this wouldn't address intelligence issues or get Navy planes to intercept hijacked jetliners in the sky, but you would be able to handle the impacts of disasters be they natural or terrorist in origin.


To understand the true nature of warnings, it helps to see them not as single events, like an air-raid siren, but rather as swarms of messages racing through overlapping social networks, like the buzz of gossip. Residents of New Orleans didn't just need to know a hurricane was coming. They also needed to be informed that floodwaters were threatening to breach the levees, that not all neighborhoods would be inundated, that certain roads would become impassible while alternative evacuation routes would remain open, that buses were available for transport, and that the Superdome was full.


Obviously, the top-down organization of DHS and FEMA didn't meet the needs of people during Katrina. Consider a different model, based on a system Bouttrell created for California:

[W]arnings are sucked up from an array of sources and sent automatically to users throughout the state. Messages are squeezed into a standard format called the Common Alerting Protocol, designed by Botterell in discussion with scores of other disaster experts. CAP gives precise definitions to concepts like proximity, urgency, and certainty. Using CAP, anyone who might respond to an emergency can choose to get warnings for their own neighborhood, for instance, or only the most urgent messages. Alerts can be received by machines, filtered, and passed along. The model is simple and elegant, and because warnings can be tagged with geographical coordinates, users can customize their cell phones, pagers, BlackBerries, or other devices to get only those relevant to their precise locale. The EDIS system proved itself in the 1994 Northridge earthquake, carrying more than 2,000 news releases and media advisories, and it has only grown more robust in the decade since.

So the question, Wolf concludes is whether what we really need is a monolithic military or a system that supports volunteerism and improvisation. Recall all the volunteers turned away during Katrina because they weren't authorized.

If national safety - the ability to respond to hurricanes, terrorist attacks, earthquakes - depends on the execution of explicit plans, on soldierly obedience, and on showy security drills, then a decentralized security scheme is useless. But if it depends on improvised reactions to unknown threats, that's a different story. A deeply textured, unmapped system is hard to bring down. A system that encourages improvisation is quick to recover. Ubiquitous networks of warning may constitute our own asymmetrical advantage, and, like the terrorist networks that occasionally carry out spectacular attacks, their power remains obscure until they're called into action.