recommended reading

State Department seeks system to track diplomats through cell phone signals

Inside the vandalized U.S. Embassy in Tripoli.

Inside the vandalized U.S. Embassy in Tripoli. // Francois Mori/AP

The agency charged with securing U.S. embassies plans to purchase a system that could locate and track diplomats during an emergency based on the signals beaming from their satellite and cell phones, solicitation documents show.

That system could be extremely effective at monitoring security during an embassy or consulate attack, such as the Sept. 11 attacks in Libya and Egypt, but also could expose diplomats to new dangers if the system is hacked, experts told Nextgov.

The personnel tracking locator system would replace nine-year-old technology that the State Department’s Diplomatic Security Service uses to pinpoint the location of employees both at embassies and domestically, the solicitation documents said.

DSS is responsible for securing embassies from attack and for protecting certain State Department officials traveling abroad, a job that’s come under increasing scrutiny since the Sept. 11 attack in Benghazi, Libya, that killed Ambassador J. Christopher Stevens and three other diplomats. The service also is responsible for guarding some foreign dignitaries traveling in the United States.

It’s not clear whether the existing personnel tracker played any role in the State Department response to the Benghazi and Egypt attacks. The department declined to answer questions about the current tracking system or its proposed replacement, stating only “as is standard procedure, the department published a presolicitation notice.”

Tracking systems based on signals from the current generation of mobile and satellite phones are not powerful enough to provide precise location information, said R. James Duckworth, an engineering professor at Worcester Polytechnic Institute in Massachusetts who conducts government-funded research in tracking technology. The proposed system likely would be effective at determining whether all tracked personnel had evacuated a building, but less effective at locating someone who might still be inside, he said.

Duckworth’s research focuses on using custom-built trackers, which emit a much stronger signal than mobile and satellite phones, to help emergency responders locate their colleagues in burning or collapsed buildings. The project is partly funded by the Homeland Security Department and partly by private donors, he said.

“This is all about situational awareness,” Duckworth said. “If you can get the commanders or other people on the scene better information about what’s happening around them, that’s huge.”

Even the custom-built sensors Duckworth is using aren’t yet capable of giving precise enough location information for emergency responders. That capacity is still two to three years away, he said.

“For those guys, working in a smoke-filled and maybe a collapsed building, you’ve got to be within two to three meters’ accuracy,” Duckworth said. “If a firefighter is down and you send in a rescue team and you’re more than two meters inaccurate you’re close to being on an incorrect floor. You could be on the other side of a wall.”

The proposed DSS system must be “device agnostic,” according to the Oct. 5 presolicitation notice. That means it should be capable of capturing and tracking signals from the current generation of mobile and satellite phones regardless of their manufacturer as well as from future versions of such devices.

There are dangers associated with using tracking technology abroad, said Tom Kellermann, vice president of cybersecurity at Trend Micro, a company that develops antivirus software.

“What’s dangerous about this is that these systems can be hacked so they could basically be beaconing [diplomats’] positions,” he said. “In a country with non-state actors that are not friendly to the U.S. that will make them more susceptible. They could be beaconing their own position and setting themselves up for assassination.”

Kellermann was formerly a senior data risk management specialist for the World Bank.

Hacking commercially available phones has become so common that even technically unsophisticated groups are capable of it, Kellermann said. Once a hostile group has wormed its way into a diplomat’s phone, it’s not difficult to jump from there to the full tracking system, he added, where the group can either track a particular diplomat by her phone signal or send misinformation about officials’ locations into the system.

“This goes to a bigger issue,” Kellermann said, “which is that physical security people who specialize in personal security are very good at what they do, but they have a tendency to adopt and roll out technology like this without doing a true risk assessment of unintended consequences. There’s a phenomenon all through the U.S. government where physical and personal security folks adopt technology to provide more kinetic security and, in fact, they open up an entirely new can of worms.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.