The agency charged with securing U.S. embassies plans to purchase a system that could locate and track diplomats during an emergency based on the signals beaming from their satellite and cell phones, solicitation documents show.
That system could be extremely effective at monitoring security during an embassy or consulate attack, such as the Sept. 11 attacks in Libya and Egypt, but also could expose diplomats to new dangers if the system is hacked, experts told Nextgov.
The personnel tracking locator system would replace nine-year-old technology that the State Department’s Diplomatic Security Service uses to pinpoint the location of employees both at embassies and domestically, the solicitation documents said.
DSS is responsible for securing embassies from attack and for protecting certain State Department officials traveling abroad, a job that’s come under increasing scrutiny since the Sept. 11 attack in Benghazi, Libya, that killed Ambassador J. Christopher Stevens and three other diplomats. The service also is responsible for guarding some foreign dignitaries traveling in the United States.
It’s not clear whether the existing personnel tracker played any role in the State Department response to the Benghazi and Egypt attacks. The department declined to answer questions about the current tracking system or its proposed replacement, stating only “as is standard procedure, the department published a presolicitation notice.”
Tracking systems based on signals from the current generation of mobile and satellite phones are not powerful enough to provide precise location information, said R. James Duckworth, an engineering professor at Worcester Polytechnic Institute in Massachusetts who conducts government-funded research in tracking technology. The proposed system likely would be effective at determining whether all tracked personnel had evacuated a building, but less effective at locating someone who might still be inside, he said.
Duckworth’s research focuses on using custom-built trackers, which emit a much stronger signal than mobile and satellite phones, to help emergency responders locate their colleagues in burning or collapsed buildings. The project is partly funded by the Homeland Security Department and partly by private donors, he said.
“This is all about situational awareness,” Duckworth said. “If you can get the commanders or other people on the scene better information about what’s happening around them, that’s huge.”
Even the custom-built sensors Duckworth is using aren’t yet capable of giving precise enough location information for emergency responders. That capacity is still two to three years away, he said.
“For those guys, working in a smoke-filled and maybe a collapsed building, you’ve got to be within two to three meters’ accuracy,” Duckworth said. “If a firefighter is down and you send in a rescue team and you’re more than two meters inaccurate you’re close to being on an incorrect floor. You could be on the other side of a wall.”
The proposed DSS system must be “device agnostic,” according to the Oct. 5 presolicitation notice. That means it should be capable of capturing and tracking signals from the current generation of mobile and satellite phones regardless of their manufacturer as well as from future versions of such devices.
There are dangers associated with using tracking technology abroad, said Tom Kellermann, vice president of cybersecurity at Trend Micro, a company that develops antivirus software.
“What’s dangerous about this is that these systems can be hacked so they could basically be beaconing [diplomats’] positions,” he said. “In a country with non-state actors that are not friendly to the U.S. that will make them more susceptible. They could be beaconing their own position and setting themselves up for assassination.”
Kellermann was formerly a senior data risk management specialist for the World Bank.
Hacking commercially available phones has become so common that even technically unsophisticated groups are capable of it, Kellermann said. Once a hostile group has wormed its way into a diplomat’s phone, it’s not difficult to jump from there to the full tracking system, he added, where the group can either track a particular diplomat by her phone signal or send misinformation about officials’ locations into the system.
“This goes to a bigger issue,” Kellermann said, “which is that physical security people who specialize in personal security are very good at what they do, but they have a tendency to adopt and roll out technology like this without doing a true risk assessment of unintended consequences. There’s a phenomenon all through the U.S. government where physical and personal security folks adopt technology to provide more kinetic security and, in fact, they open up an entirely new can of worms.”