Coordinating DRAFT - FOUO

Biometrics Tiger Team Trip Report 23 April 5 May 2006

15 June 2006

DRAFT FOUO

TABLE OF CONTENTS

Para 1.0 2.0 3.0 4.0 5.0 6.0

Page Executive Summary (U)..................................................................................................1 Purpose (U).....................................................................................................................2 Background (U)...............................................................................................................2 Scope (U).........................................................................................................................2 Methodology (U).............................................................................................................2 Overall Assessment (U) .................................................................................................3 Assessment and Recommendation (U) ..........................................................................4 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 Doctrine (U) .......................................................................................................4 Organization (U) ................................................................................................6 Training (U) .......................................................................................................8 Materiel (Operations) (U) ..................................................................................9 Materiel (Support) (U) .....................................................................................14 Leadership and Education (U) .........................................................................15 Personnel (U) ...................................................................................................16 Facilities (U) ....................................................................................................16

Annex A Information Paper: Use of Biometrics in the U.S. Central Command (CENTCOM) Area of Responsibility (AOR) ...........................................................18 Annex B Budget Recommendations for DOTMLPF Solutions...............................................20 Annex C DOD Biometric Systems in the USCENTCOM AOR..............................................21 Annex D DOD Biometric Systems/Enterprise Data Flow ......................................................22 Annex E Biometrics Tiger Team Assessment Briefing............................................................23 Figure 1. Biometrics Tiger Team Itinerary and Sites Visited .....................................................3 Figure 2. Biometric Systems and their associated EBTS data fields (Initial Data Call)............11

ii

Coordinating DRAFT - FOUO

EXECUTIVE SUMMARY
The Biometrics Tiger Team (BTT) led by Major General Conrad Ponder, Chief Integration Officer, Department of the Army G6, included a mix of senior civilians, officers, and a non-commissioned officer. The BTT mission researched and examined the biometrics operational architecture in the United States Central Command's (USCENTCOM) Area of Responsibility (AOR). Each team member had a focus either on policy and doctrine, intelligence exploitation, force protection, detainee affairs, acquisition, special operations, forensics, law enforcement or interagency operations. All members were experienced in the knowledge and use of biometrics. An important precursor to the BTT mission was a theater visit by senior communications and information systems officials, including Lieutenant General Steve Boutelle, CIO/G6. The senior team laid the initial groundwork for biometric issues which were then further explored and analyzed by the BTT. This trip report provides findings using the Doctrine, Organization, Training, Materiel, Leadership & Education, Personnel, and Facilities (DOTMLPF) format. The report also provides several annexes that provide further background into biometrics use in the USCENTCOM AOR and budget recommendations based on BTT findings. There are too many people and organizations to thank for their assistance in making the BTT trip a success. We extend our sincere appreciation to USCENTCOM and its dedicated personnel for their superb support.

DRAFT FOUO

Coordinating DRAFT - FOUO

Biometrics Tiger Team Trip Report 23 April 5 May 2006

1.0 PURPOSE. Assess and recommend improvements to biometric operational and systems architecture in United States Central Command (USCENTCOM) Area of Responsibility (AOR). 2.0 BACKGROUND. On 3 March 2006, the Department of Defense (DOD) Biometrics Executive Agent (EA) was tasked by the Campaign Planning Committee (CAPCOM) to establish a Tiger Team including organizations possessing technical expertise to further develop biometric systems architecture in the CENTCOM AOR and report results to the CAPCOM. A Biometrics Tiger Team (BTT) composed of 14 members was assembled to conduct a theater-wide survey from 22 April 2006 through 5 May 2006. The team members are MG Conrad Ponder, DOD Biometrics EA; Mr. Ron Bechtold, Director, Army Architecture Integration Center (AAIC); COL David Scarbalis, Director, DOD Biometrics; COL Michael Bennett, DOD Detainee Affairs; COL James Bristow, Program Executive Office/Biometric Program Manager, COL Christopher Pritchett, Joint Staff Deputy Directorate for Antiterrorism and Homeland Defense (J34); LtCol John Manson, U.S. Marine Corps (USMC); LTC Troy Techau, USCENTCOM J2X; MAJ Daniel McNarama, USCENTCOM J34; Mr. James Strom, Army G-2; MAJ Mike Galope, Army G-3 Battle Command; IS1. Austin Frecks, Navy Special Warfare Group One/Special Operations; Mr. Thomas Lynch, FBI; and MAJ Christopher Mongirdas, Army Chief of Information Operations, CIO/G-6. 3.0 SCOPE. The focus of this report is the effectiveness of biometric systems and processes utilized within the tactical and operational battlespace of the USCENTCOM AOR (Kuwait, Afghanistan, Qatar, Iraq, Bahrain, and Horn of Africa). There is a direct correlation between these systems and operational processes to Doctrine, Organization, Training, Materiel, Leadership & Education, Personnel, and Facilities (DOTMLPF). DOTMLPF plays a crucial role in the development, integration, operations, and sustainment of any capability. Key components that were not directly visited by the BTT include the sustaining base/strategic level of operational support, e.g., training in the Service schools, data integration with the authoritative database (Automated Biometric Identification System (ABIS)), and the Intelligence analysis performed at the National Ground Intelligence Center (NGIC) that enable the biometric capability.

4.0 METHODOLOGY. The BTT assessed and categorized biometrics utilizing the
DOTMLPF format. This format provides the structure for assessing issues and recommending improvements for biometric systems and processes within the USCENTCOM AOR. The BTT approach was to interview operational and support personnel engaged in the deployment, operation, and maintenance of fielded systems. Key systems reviewed were the Biometrics Automated Toolset (BAT), Biometric Identification System for Access (BISA),

DRAFT FOUO

Coordinating DRAFT - FOUO

Detainee Reporting System (DRS), Defense Biometric Identification System (DBIDS), MultiPurpose Access Card (MPAC), and forensic lab/Combined Explosives eXploitation Cell (CEXC) (See Annex C for DOD Biometric Systems in the USCENTCOM AOR). The BTT documented the current situation, assessed gaps, and identified opportunities for improvement. Figure 1 shows the primary locations visited and activities assessed by the BTT.
BTT Itinerary
Location Doha, Kuwait Qatar Kabul, Afghanistan Organization ARCENT FWD CENTCOM (FWD) TF Phoenix ISAF & CFC-A: C2/C6 Bagram, Afghanistan Camp Victory, Iraq Abu Graib, Iraq Camp Victory, Iraq Samarra, Iraq Al Asad Fallujah, Iraq Fallujah, Iraq Camp Victory, Iraq Camp Victory, Iraq CJTF G2 MNF-I C2/C3/C6 JTIF/TF 134 (MG Gardner) MNF-C (C2, C3, C6); MG Zaner, BG Conner 101st ABN (AASLT) (G2, G3) US Marines Regional Forensic Lab Humanitarian Assistance Site CEXC TF Troy C2 BISA FWD International Zone (IZ), Iraq CPATT MNSTC-I Iraqi Ministry of Interior MNFI Force Protection Bahrain HOA NAVCEN US Marines JIOC-I BISA MPAC MPAC MPAC Force Protection - Biometrics EMIO/DBIDS BAT DBIDS DBIDS BAT, C2 BAT, Information Sharing, Base Access Detainee Operations/DRS, BAT, Base Access, C2 - Biometric Operations Biometric Operations, Communications/Networks MP & JTIF - Detainee processing Biometric Operations; BAT, BISA, DRS, BAT, BISA, Biometric Operations and Requirements BAT, BISA, Detainee Operations, Host Nation TNG (PPT) Latent Prints, Forensic Exploitation, BAT BAT supporting aid to civilian population Latent Prints, Forensic Exploitation System/Event

Figure 1. Biometrics Tiger Team Itinerary and Sites Visited

5.0 OVERALL ASSESSMENT. Biometric capabilities are currently utilized to

enable the Warfighter to identify individualsenemy and friendlythroughout the USCENTCOM AOR. Multiple biometric systems were rapidly fielded to fill critical Warfighter needs in day-to-day operations and now permeate every facet of operations to include force protection, intelligence, detainee operations, maritime interdiction operations, special operations

DRAFT FOUO

Coordinating DRAFT - FOUO

missions, forensics, and host nation support. This rapid fielding of biometric capabilities has had tremendous success; however it has had its associated issues for the biometric users. The BTT found several recurring themes from the end users, which include: Who is in charge of biometrics? Units see the inherent value of biometrics and have adapted biometrics at all echelons. Lack of user feedback on the biometric information collected otherwise known as the so what. No theater-wide biometric operational architecture or communications plan. Limited logistics and training. Information sharing is restricted between systems and sites. Multiple systems are performing similar operational functions.

Of the deployed biometric systems, BAT is the predominant system utilized within the AOR by the U.S. Army and USMC; with BISA and DBIDS employed in ten and three sites, respectively (See Annex C for DOD Biometric Systems in the USCENTCOM AOR). Utilizing the DOTMLPF format, the high-level findings are:

Doctrine biometrics solved operational problems for intelligence analysis, detainee tracking,

6.0

and force protection by identifying individuals in the battlespace; however, multiple weaknesses exist in doctrine and policy. Organization Units see the inherent value of biometrics and have adapted biometrics at all echelons; however, there is unclear ownership and no unity of effort. Training Tactics, Techniques, Procedures (TTPs) are in their infancy and must be standardized, documented, and share at all echelons. Materiel within two years, biometrics systems have been successfully deployed and adapted by the warfighter; however, the deployments lack a systems approach with very limited integration with existing architectures, disjointed field services, no formal logistical support, and insufficient data sharing. (See Annex C for DOD Biometric Systems in the USCENTCOM AOR) Leadership and Education employment of biometrics varies based on command emphasis. Personnel great creativity and innovation by personnel to operate biometric systems and to exploit technology to solve local problems; however, force structure is inadequate to support biometric operations. Facilities substandard and inadequate facilities impair biometric support. ASSESSMENT AND RECOMMENDATIONS 6.1 Doctrine

DRAFT FOUO

Coordinating DRAFT - FOUO

6.1.A Assessment 6.1.A.1 Doctrine. Little doctrinal foundation exists to guide operations, maintenance, and training for biometrics. The only formal doctrine documents are USCENTCOMs Concept of Operations (CONOPS) and Red Force SOP. Additionally, USCENTCOM Biometrics Advisory Board (CBAB) that reviews, validates biometric capabilities, to include systems, and provides input for DOTMLPF solutions. The biometric capability was deployed without going through a full acquisition process with associated DOTMLPF review or integration. The BTT found limited or no higher headquarter policies or operational guidance. 6.1.A.2 Policy. Current polices do allow for information sharing and collaboration with the U.S. Government (USG), Coalition partners, and foreign governments. Policy is required to address the sharing of systems, processes, and data with and between coalition nations. The International Security Assistance Force (ISAF) in Afghanistan is a prime example. Within six months from now, Combined Forces Command Afghanistan (CFC-A) stands down and the U.S. effort transitions significant responsibility over to ISAF. The two main issues throughout the transition are the continuation of biometrics collection and the sharing of biometric data with ISAF members. For example, we currently have an inadequate capability to identify Iraqis rejected for base access/employment at a U.S. base who then travel to a different province within Iraq and attempt to enter a United Kingdom base or who enroll as Iraqi police officers. There is no specific policy that addresses what type of biometric and contextual information can be shared with which Coalition partners. Furthermore, policy does not cover the specifics for what the information can be used for or in what situations biometrics can be shared. For example, situations where biometric information is used and can be shared for intelligence is different than biometric information that can be shared with and used by law enforcement agencies. Additionally, policy does not dictate the means for sharing data or address privacy rights for U.S. citizens and foreign nationals. Current policies do not allow for the enrollment of U.S. (non-USGsponsored) and Coalition/International partners in the AOR. The inability to enroll these population groups degrades force protection and accountability within the AOR. The Combatant Commands (COCOMs) operating in theater requires the ability to collect on these groups to verify, track, or restrict individual access (e.g., Tactical Operations Center).

DRAFT FOUO

Coordinating DRAFT - FOUO

Ineffective policies are limiting operations. For example, the Expanded Maritime Interception Operations (EMIO) policy does not include the collection of an individuals iris which allows for rapid identification of individuals. Overall, there has been a weak transition from Rapid Equipping to DOTMLPF review and integration. Systems have been fielded without any apparent plan or process from rapid equipping to permanent capability. DOD policy and procedures require review to improve transition from rapid equipment to DOTMLPF integration. 6.1.B Recommendation 6.1.B.1 Short Term 6.1.B.1.1 Approval by the Deputy Secretary of Defense (DepSecDef) of the following collaboration policies in staffing: a) Sharing of Biometric Data and Associated Information with Coalition Forces and other International Allies. b) Biometric Data Collected from Coalition and International Allies in the U.S. Central Command (USCENTCOM) Area of Responsibility (AOR). c) Collection of Biometric Data from Certain U.S. Persons in the United States Central Command (USCENTCOM) Area of Responsibility (AOR). d) Sharing of DOD Biometric Data and Associated Unclassified Information with Interagency Entities. 6.1.B.1.2 Establish a doctrinal working group. Solicit COCOMs (USCENTCOM), Joint Staff, and Services to submit certain procedures used in theater for consideration to become Joint doctrine via the J7 governance process. 6.1.B.2 Long Term 6.1.B.2.1 As an AOR matures, enforce transition from Rapid Equipping of capabilities to a coordinated DOTMLPF implementation. 6.1.B.2.2 Institutionalize biometrics into doctrine. Designate a lead agency or organizational group to be in charge of Joint doctrine development for biometrics.

DRAFT FOUO

Coordinating DRAFT - FOUO

6.1.B.2.3 COCOMs identify how biometric data are utilized, managed, and supported within their regions in accordance with approved policies. 6.2 Organization 6.2.A Assessment 6.2.A.1 Utilization. The Intelligence Community is a strong advocate of biometric use throughout the USCENTCOM AOR. The Warfighter uses biometrics to definitively identify individuals throughout the battlespace and to access the individuals associate information, e.g., intelligence dossiers. Units quickly learned the inherent value of biometrics and have adapted biometrics at all echelons to support their respective missions. Many organizations employ biometrics to varying degrees of success. 6.2.A.2 Ownership. Ownership of biometrics is unclear and lacks unity of effort. There is no clear Command and Control hierarchy for biometrics in theater. No one group or organization in theater centrally controls, maintains accountability, provides coordination or guidance for the theater. As a result, implementation and supervision of Biometrics is dependent on the local command (personality driven). The BTT discovered biometric ownership lacking at all levels of command in the USCENTCOM AOR. This void is causing issues throughout the biometrics community. Strategically, biometrics needs an interagency Sheriff to simplify and organize the various consumers of biometrics information. Operationally, the COCOMs need to identify how biometric data is utilized, managed, and supported within their regions by focusing on biometric systems integration into Warfighter force protection and anti-terrorism efforts. Tactically, local commanders and planners need to embrace Biometric system capabilities, incorporate biometrics into operations orders, and ensure forces are fully exploiting biometric system capabilities. Metrics for biometric systems and operations should be developed and inserted into daily operations briefing within local commands. Additionally, there is minimal accountability of biometric systems throughout the entire USCENTCOM AOR. 6.2.A.3 Coalition Transition. Sharing data with coalition and other nations supporting the U.S. effort requires immediate attention. The transition of data, equipment, and processes is an issue between U.S. forces and Afghans, Iraqis, and Coalition nations.

DRAFT FOUO

Coordinating DRAFT - FOUO

6.2.A.4 Duplication of Effort. It is imperative that biometrics operational personnel avoid capturing multiple biometric samples from the same individual and storing it in various standardized formats on multiple storage systems. Such duplication of data could lead to matching errors and an overall loss of data integrity (e.g. enrolling individuals in both BAT and BISA at the same location for base access). 6.2.A.5 Forensics. Forensic evidence collection is quickly becoming an integral part of maneuver unit operations. For example, land component units that capture a subject must provide detailed information named capture reports, which consist of sworn statements from unit participants, statements of force used to affect the apprehension, and evidence custody receipts to the divisional or theater facilities. Forensics capabilities are being implemented across the USCENTCOM AOR without a life cycle management process or ownership. Overall, forensics requires integration into the biometric enterprise. For example, there is no overarching coordinated approach to collecting and processing forensic evidence for the rapid exploitation of High Value Targets, e.g., operators developing targeting packages for killing, capturing, or prosecuting those identified from forensic evidence. 6.2.B Recommendation 6.2.B.1 Short Term 6.2.B.1.1 Determine ISAF way-ahead. 6.2.B.1.2 Establish organizational structure to evolve forensic collection and exploitation capabilities. 6.2.B.1.3 Identify Office of the Secretary of Defense Principle Staff Assistant (PSA) as Biometrics Sheriff. 6.2.B.1.4 Establish in-theater C2 chain of command or hierarchy responsible for biometrics oversight, accountability, coordination, policy, training integration, coalition data sharing, etc. 6.2.B.2 Long Term

DRAFT FOUO

Coordinating DRAFT - FOUO

6.2.B.2.1 Establish a distinguishable biometric force structure at all command levels. 6.2.B.2.2 Establish a Data Strategy Community of Interest. 6.3 Training 6.3.A Assessment 6.3.A.1 Operator Proficiency. The BTT identified a consistent lack of an ability to operate current biometric systems. The BTT discovered that training was a consistent shortcoming and personnel had inadequate predeployment training on actual hardware and software or how to properly deploy and employ biometric systems. Many units complained of little or no training for the systems they inherited at the beginning of their rotations. There were no provisions for sustaining a training curriculum for rotational units. The team observed that Service institutional training is necessary if biometrics is ever to reach their full potential. 6.3.A.2 Tactics, Techniques, and Procedures (TTPs). Because of the lack of proper training, the need for TTPs in theater become more critical; however, the BTT determined TTPs are not documented, standardized across units and echelons nor are they shared. Maneuver units have established local TTPs and procedures and have whole-heartedly embraced biometric operations, yet there is little overarching policy, oversight, guidance and absolutely no doctrine available to them to develop standardized TTPs. Localized procedures also need to be standardized to become Standard Operating Procedures (SOPs) and passed along from current operating units to incoming units and personnel. 6.3.A.3 Institutional Training. Training was a consistent shortcoming. Fragmented institutional training lacks the unity of effort throughout the DOD. Training in biometrics or biometric systems needs to be institutionalized in the schoolhouse environment (e.g., Advanced Individual Training and Military Occupational Specialty training) within the Services as part of a curriculum. Furthermore, there is inadequate or no predeployment training. The BTT concluded that Service institutional training is necessary if biometrics is ever to reach its full potential. 6.3.B Recommendation

DRAFT FOUO

Coordinating DRAFT - FOUO

6.3.B.1 Short Term 6.3.B.1.1 Initiate a comprehensive DOTMLPF review. 6.3.B.1.2 Task Joint Forces Command (JFCOM) to develop a comprehensive training plan. 6.3.B.1.3 Establish a centralized online collaboration Web site. 6.3.B.1.4 Establish a biometric distance-learning capability. 6.3.B.1.5 Send Mobile Training Teams (MMTs) into the AOR to train users. G2 has sent MTTs, post-BTT visit, to train BAT users with in the Theater. 6.3.B.2 Long Term. Institutionalize common training curricula at service schools, command courses, training centers, mobilization and mission rehearsal exercises, e.g. use the biometric Program of Instruction (POI), as a baseline, from the 98 Series Advanced Individual Training (AIT) located at the U.S. Army Intelligence Center at Fort Huachuca (USAIC&FH) 6.4 Materiel (Operations) 6.4.A Assessment 6.4.A.1 Implementation Strategy. The BTT consistently found duplicative systems/capabilities fielded throughout the theater. None of the biometric systems are programs of record and have been fielded without any integration. The lack of system integration or an integrator has contributed to the inconsistent network planning and integration, drive-by fieldings, and lack of sustainment processes for repair and training. Many of the communications planners were completely unaware that biometric systems were on the network. Additionally, units were unaware if a repair processes exist. 6.4.A.2 Communications Planning. The BTT could not identify a theater-wide communications plan to manage bandwidth that support biometric systems. Many times the communications staff officer (S6) was unaware of vendor-provided Local Area Networks (LANs), biometric applications, and dedicated satellite links for fielded systems. The lack of

DRAFT FOUO

Coordinating DRAFT - FOUO

connectivity for fielded systems results in systems administration personnel traveling by car to remote locations to ensure databases are synchronized into a network. At the tactical level, this is very pronounced between the intelligence officer and S6 organizations across the AOR and hampers the ability to deliver consistent quality of service for base access, identity management, etc. since no one is accountable for end-to-end service delivery. In addition, the NIPRnet within theatre does not have sufficient band width dedicated or prioritization of data to fully support detainee processing operations, and what is dedicated is not sustainable during the processing, resulting in frequently lost data synchronization. For example, while visiting Abu Ghraib, when questioned about the rest of the process, the detainee management personnel indicated that moving information back to the NIPR DRS side of the processing computer and air gapping data out to end users was a viable solution; however, this requires dual handling of the files and adds a manual process. Since the RAM chips in the computers were upgraded, computers were able to complete the verification of data process required by the BAT-DMS (BAT-Detainee Management System) side of the NIPR program. The National Detainee Reporting Center (NDRC) and BAT/G-2 supplied the RAM chips to upgrade the computers. 6.4.A.3 Operational Architecture. No operational architectures exist for the capability that describes the business process; thereby, these capabilities are cobbled together by units and operators without clear objectives and capabilities. Two centers of gravity for the biometric architecture that have emerged are: 1) how do we support the first tactical mile at the user/soldier level that is completely disconnected from the network? and 2) how do we share collected data with all approved parties? Lack of an operational architecture has resulted in duplicative systems and multiple enrollments of Third-County Nationals (TCNs). For example, the BTT observed situations where camps were using both the BISA and BAT systems for base access and required TCNs to be enrolled in both systems. Folks generally did not understand the entire value stream for information collected. They generally guessed how the information they collected was used by downstream organizations. A good example is the CEXC system where latent fingerprints were collected and sent to the Terrorist Explosive Device Analytical Center (TEDAC) for further analysis. Unfortunately, the TEDAC backlog could delay fingerprint processing by up to a year. Without a clear understanding of the value chain of

DRAFT FOUO

Coordinating DRAFT - FOUO

information flow, time delays will be unintentionally injected into the process and opportunities to detain persons of interest will be lost. Users generally did not receive feedback concerning information collected. If an identity match occurred, feedback to AOR generally didnt happen because points of contact were unknown. Many personnel had no knowledge of the Biometric Intelligence Analysis Report or the Automated Identification Management System Web site where intelligence analysis of biometric data is published for all SIPRNet users. The requirement for rapid feedback and accessibility to the contextual data following the collection effort was a common theme among the users. Any mechanism to improve the feedback process should consider parallel routing, rapid response (15 minutes to the user), an AOR search capability, target education, and standard collection fields. 6.4.A.4 System Design. Most fielded biometric collection systems are technically similar, but have different applications, capabilities, and limitations. A common theme that resonates with all systems is the distinct lack of interoperability and synchronization among them. None of the current systems have the ability to easily interoperate or communicate to one another or to provide quick cross-reference access capability for operators. Common data fields fail to achieve interoperability between systems. 6.4.A.5 Un-tethered Capability. The requirement for a tactical, lightweight, waterproof, multi-modal biometric device/system was a recurring theme by the users. Any device employed tactically needs to have the ability to collect and match biometrics to identify any individuals on the battlefield at the point of collection. 6.4.A.6 History/Audit Trail. None of the systems are transactional. They perform poorly when executing queries and typically do not allow for performance feedback. The history of the individuals location is required to have a data mining capability for tracking individuals throughout the battlespace. Additionally, audit trials are needed for administrative purposes as well as to track files through applications and eliminate anomalies. 6.4.A.7 Data Synchronization. Data synchronization between systems is immature and does not meet user requirements for an integrated biometric capability. The primary source of frustration among users of the BAT is the data replication and synchronization process. The Data Synchronization

DRAFT FOUO

Coordinating DRAFT - FOUO

Service process is cumbersome and inefficient. The system design does not scale to meet operational needs, which frequently results in different identity baselines among the 18 BAT servers. The current algorithm consumes too much bandwidth and processing time even if there are no changes within the database. The new service pack will help mitigate some of these issues to include monitoring point-to-point Electronic Fingerprint Transmission (EFT) transactions. (See Annex B, BAT Process Flow in USCENTCOM AOR) 6.4.A.8 Data Classification. The classification levels of the biometric data hinder information sharing, interoperability, and increase latency of information exchange. There is no cross domain solution (CDS) solution for data sharing between NIPR and SIPR. A CDS guard would allow, via a National Security Agency (NSA) approved, this exchange of information and increase information timeliness by reducing or eliminating manual or cumbersome automated processes. 6.4.A.9 System Standards. Biometric standards and parameters for EBTS- and EFTS-compliant collection equipment have been established. However, implementation of a system of systems or family of systems approach is required to achieve interoperability of systems and information exchange. The draft chart below represents the seven primary systems/missions (BAT, BISA, DBIDS [for Base Access in USCENTCOM AOR only], DRS, EMIO, MPAC, & SOCOM) and the type/number of data fields utilized with each.

DRAFT FOUO

Coordinating DRAFT - FOUO

EFTS/EBTS Type 1 Type 2 Type 4 Type 7 Type 9 Type 10 Type 14 Type 16 Non-EBTS Other
(See Legend Below) Type Type Type Type Type Type Type Type 1247910 14 16 -

BATT 20 6 13 105 9 9 1 7 1 6 1 7 2 0 ? a, b

BISA 7 5 11 2 7 9 9 0 1 9 0 0 17 9

DBIDS 6 7 13 1 7 9 9 0 1 9 0 0 110 d

DRS 54 1 2 4 2 0 0 0 0 0 0 3

EMIO 18 0 13 9 9 9 9 1 2 1 9 1 6 3 1 c, 9 d, e

MPAC 115 13 65 * 9 9 0 1 9 0 0 5 8 c

SOCOM

18 0 13 9 9 9 9 1 2 1 9 1 6 3 1 c,9d, e

Legend Header information Demographic/Contextual data 500-ppi fingerprint images User-defined images Minutiae Facial images Fingerprint variant Iris images

abcde-

Intelligence data Interrogation reports Digital audio clips Palm prints (Type 15) Signatures (Type 8)

Figure 2. Biometric Systems and their associated EBTS data fields (Initial Data Call) 6.4.B Recommendations 6.4.B.1 Short Term 6.4.B.1.1 Hand-selected team to conduct baseline system performance, server replication, and comms; tune existing system in AOR.

DRAFT FOUO

Coordinating DRAFT - FOUO

6.4.B.1.2 Develop and execute a DOD Watchlist to provide rapid response/feedback to all users on a biometric collection. 6.4.B.1.3 Complete analysis of end-to-end communications. 6.4.B.1.4 Complete analysis of alternatives for common collection capability. 6.4.B.1.5 Standardize the Graphic User Interface (GUI). 6.4.B.1.6 Approve minimum contextual data set. 6.4.B.2 Long Term 6.4.B.2.1 Implement systems of systems approach to deliver an enterprise solution.

6.4.B.2.2 Design and implement configurable system/software

based on mission: Joint, lightweight, water-proof, and multimodal. . Employ HIIDE system in the interim to provide the Warfighter with a light, multi-modal collection system which will allow them to synchronize with existing BATs and their respective servers.

6.4.B.2.3 Establish end-to-end, service-level standards (cycle times, availability, cost, etc.). 6.4.B.2.4 Establish multi-domain biometric analysis, collaboration, and dissemination capability 6.4.B.2.5 Ensure enterprise solutions address unique requirements at the tactical edge. 6.4.B.2.6 Create enterprise data model to support biometric capabilities. 6.4.B.2.6.1 Enhance system file transactions.(transactional by each file vs. batch files)

DRAFT FOUO

Coordinating DRAFT - FOUO

6.4.B.2.6.2 Separate dossiers from biometrics; link those using unique codes or meta-data. 6.5 Materiel (Support) 6.5.A Assessment 6.5.A.1 Field Support Engineer (FSE). Inconsistent field service engineer support with no cross-level support for different systems. Conflict among contractors is degrading support to the Warfighters. Within Afghanistan, the BTT determined that all the BAT Locally Employed Person enrollment sites are operated by Kellogg Brown & Root (KBR) in a stand-alone, unconnected, isolated KBR LAN. Data is not shared unless the BAT FSE makes a trip to the site and updates/exchanges the KBR BAT clients. Consequently, if no FSE is available or the FSE is on leave, then there is no exchange of data from the KBR BAT to the SIPR BAT. 6.5.A.2 Logistics Support. There is no formal logistics support system for fielded systems. Cannibalization is common due to lack of spare parts for systems. There are limited documentation, training manuals, and diagnostic tools to troubleshoot problems. 6.5.B Recommendation 6.5.B.1 Short Term 6.5.B.1.1 Identify focal point in AOR responsible for end-to-end sustainment. 6.5.B.1.2 Develop a migration plan for centralized field service engineer support. 6.5.B.2 Long Term 6.5.B.2.1 Centralize and fund an Integrated Logistic Support Plan. 6.5.B.2.2 Execute migration plan. 6.6 Leadership and Education

DRAFT FOUO

Coordinating DRAFT - FOUO

6.6.A Assessment 6.6.A.1 Biometrics Employment. Employment of biometrics is personality-dependent and has not been addressed within any Service schools for leaders or staff. In many locations, biometric knowledge is limited to individuals who have taken the initiative to learn about the capability. However, there is no continuity of operations when that individual leaves or when units redeploy from the AOR. 6.6.A.2 Biometric System Awareness. Consistent lack of knowledge in AOR of system capabilities and effective work-arounds not promulgated. 6.6.A.3 Lessons Learned/Best Practices. Limited sharing of lessons learned and best practices. 6.6.A.4 Adaptive Utilization of Biometrics. Adaptive use of biometric technologies to satisfy tactical requirements is prevalent among users. 6.6.B Recommendations 6.6.B.1 Short Term 6.6.B.1.1 Establish Education Plan. Establish centralized online collaboration Web site. Develop/Deploy Biometric Awareness DVD series. 6.6.B.1.2 Task JFCOM to develop comprehensive education plan. 6.6.B.2 Long Term 6.6.B.2.1 Institutionalize leadership training curriculum at Service schools, command courses, training centers, mobilization and mission rehearsal exercises. 6.6.B.2.2 Establish mentorship program by sending trained personnel to train and coach unit on how best to employ biometric capability. 6.7 Personnel

DRAFT FOUO

Coordinating DRAFT - FOUO

6.7.A

Assessment. The force design is inadequate to support biometric operations in the USCENTCOM AOR. Biometric management is inconsistent and its employment is commander-dependent. Units that are successful using biometric system, e.g., BAT, have dedicated operators and have cross-trained their personnel to ensure continuity of operations.

6.7.B Recommendation 6.7.B.1 Short Term 6.7.B.1.1 Dedicate contract support to meet short-term operational requirements (explore re-allocation of contractor resources). 6.7.B.1.2 Identify dedicated personnel prior to deployment to enable biometric operations. 6.7.B.2 Long Term 6.7.B.2.1 Create a dedicated biometric force design. 6.7.B.2.2 Establish a Joint/Service Skill Identifier (e.g., Additional Skill Identifier); Common Tasks/Training. 6.8 Facilities 6.8.A Assessment 6.8.A.1Throughout the AOR, bases have demonstrated great innovation in adapting biometrics to the volume of individuals processed at the entry control points (ECP). In the United States, the biometric repository (ABIS in West Virginia) and analysis center (NGIC in Charlottesville, Virginia) provide an initial capability to utilize, decide, and act on biometric and associated information (e.g. Intelligence dossiers linked to biometric samples). Due to a variety of constraints in the USCENTCOM AOR, base access facilities are sub-standard to conduct operations. This shortfall and non-standardization of facilities has lead to the utilization multiple systems and processes to cope with environment and operational a factors.

DRAFT FOUO

Coordinating DRAFT - FOUO

6.8.A.2In the U.S., the inadequate facilities and infrastructure have led to service disruptions through equipment failure, communications impairments, no continuous operational support (24 x 7 operations), and no Continuity Of Operations Plan (COOP) for U.S. facilities and operations. 6.8.B Recommendation 6.8.B.1 Short Term 6.8.B.1.1 Implement Biometric Enterprise Joint Urgent Operational Needs Statement. 6.8.B.1.2 Review base access requirements. 6.8.B.2 Long Term 6.8.B.2.1 Improve core analysis and repository capabilities at U.S. facilities. 6.8.B.2.2 Review in-theater analysis and repository requirements. 6.9 Conclusions. The following conclusions were drawn by the BTT:

Rapidly deployed multiple systems to fill critical warfighter biometric needs Systems do work and missions are accomplished BAT (SIPRnet) is primary system in AOR Used by US Army and USMC Fills a multitude of missions (detainee management, base access, HUMINT Ops, population control, etc.) BISA and DBIDS (Stand-alone system) utilized for base access only Need to operationalize and synchronize biometrics efforts Move from stovepipe systems to an acquisition life-cycle using DOTMLPF analysis and support

DRAFT FOUO

Coordinating DRAFT - FOUO

Annex A. Information Paper: Use of Biometrics in the U.S. Central Command Area of Responsibility SAIS-ZCB 1 February 2006 SUBJECT: Use of Biometrics in the U.S. Central Command (CENTCOM) Area of Responsibility (AOR) 1. Purpose. To outline the use of biometric capabilities in the CENTCOM AOR 2. Facts. a. DoD Biometrics provides direct support to our Warfighters in the Global War on Terrorism (GWOT) through the development of an identity dominance capability. This capability has grown through various initiatives involving the formal establishment of the DoD Biometrics Program, the development of a biometric matching capability modeled on the FBI system, and information-sharing efforts with external DOD and U.S. government (USG) organizations. b. Responsibilities. Army Chief Information Officer (CIO)/G-6 is the Executive Agent for DOD Biometrics, which comprises the DoD Biometrics Management Office (BMO), the DoD Biometrics Fusion Center (BFC), and the Program Manager (PM) Biometrics. Together, these components enable the CENTCOM biometric capabilities. c. Biometric systems supporting the USCENTCOM AOR (1) The DOD Automated Biometric Identification System (ABIS). The BFC ABIS is co-located at the FBI Criminal Justice Information Services Division in Clarksburg, W.Va. The ABIS serves as the authoritative operational database for storing and matching of biometric data. It provides U.S. military forces with the capability to identify persons who are, or may be, national security threats. Currently, the ABIS prototype project, initiated in August 2004, focuses on the storage and searching of biometric data collected from detainees and other potential national security threats. DoD match results are provided for intelligence processing and analysis to the National Ground Intelligence Center (NGIC). NGIC, located in Charlottesville, Va., serves as the U.S. Armys intelligence analysis, exploitation, and production resource for biometric matches reported by the BFC. NGIC posts match analysis reports to Multi-National Force-Iraq personnel and other field commanders in the AOR. The ABIS collects biometrics from the Biometrics Automated Toolset (BAT), the Biometric Identification System for Access (BISA), and the Detainee Reporting System (DRS). (2) The BAT is a multimodal biometrics system that collects fingerprints, iris images, and facial photos. It is a self-contained biometrics searching and matching tool that enrolls,

DRAFT FOUO

Coordinating DRAFT - FOUO

identifies, and tracks persons of interest and builds digital dossiers for intelligence purposes. It can be networked, or it can operate in stand-alone mode using its internal structured query language database. The BAT supports biometric collection against any population group and assists in interrogation and detainee management, intelligence analysis, special operations, tactical operations, base access, entry control, and badging missions. The BAT is the primary source of theater-collected biometric data recorded in the ABIS. The BAT version 4.0 was fielded to the CENTCOM AOR during January 2006. During the fielding, the BAT and the National Detainee Reporting Centers (NDRC) DRS were bridged together to provide for single enrollment of detainees on the same workstation at Theater Internment Facilities. This single-station capability eliminates dual enrollment processing, automatically inserts the Internment Serial Number (ISN) and other biographic data into BAT v4.0, minimizes additional training for the operators, and reduces possible data entry errors. (3) BISA improves force protection for U.S. and Coalition personnel in Iraq by providing the capability to collect biometric data, establishing biometrically based identity authentication and identity management procedures, and issuing a biometrically based secure credential for all persons requesting access to U.S. facilities and installations. After a nonscreened, non-U.S. person requests access and is approved by the approving authority, the applicant is enrolled into BISA. Ten sites in Iraq were scheduled for BISA fielding, with eight currently operational. (4) The NDRCs DRS creates the official detainee records on behalf of the DoD and the USG. It is the primary accountability tool for detainees in theater. Until the DRS-BAT interoperability bridge was installed, the DRS collected biometrics per the classified Secretary of Defense memo, Global Screening Criteria for Detainees, February 2004, and passed these data to the ABIS, BFC, and other government agencies (OGAs). Once the bridge reaches full operational capability, there will be a more seamless transmission of the biographic and biometric data to the various required agencies. (5) Under the support of the Rapid Equipping Force (REF), the Multi-Purpose Access Card (MPAC) biometrically based badging system involves searching fingerprint data of Iraqi enrollees against the ABIS and the FBIs Integrated Automated Fingerprint Identification System and is used for identity vetting and access control. The REF has assisted the Iraqi government in building an Iraqi Automated Fingerprint Identification System (AFIS) for holding and searching the MPAC records. Considerable amounts of training have been provided by the REF on operating the AFIS and forensic/latent fingerprint collection and processing. (6) The BFC in conjunction with Navy Criminal Investigative Serves developed a pilot project for a forward-deployed forensic collection lab. In late November and early December 2005, a Mobile Training Team trained 3/7 Marines in Ar Ramadi on the techniques of collecting forensic data. A total of 89 Marines were trained in this effort. The lab, scheduled for delivery to

DRAFT FOUO

Coordinating DRAFT - FOUO

Fallujah, Iraq in late February 2006 will process the evidence, electronically format it, and send the prints directly to latent experts at the BFC for immediate processing. 100% of the forensic evidence collected can be submitted to ABIS for matching. (7) Expanded Maritime Interception Operations (EMIO) will be expanded to include biometric collection. Policy is being staffed with the Joint Staff. COL David Scarbalis/703-602-5427 Approved by______________

DRAFT FOUO

Coordinating DRAFT - FOUO

Annex B Budget Recommendations for DOTMLPF Solutions

TBP

DRAFT FOUO

Coordinating DRAFT - FOUO

Annex C. DOD Biometric Systems in the USCENTCOM AOR

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

Annex D. DOD Biometric Systems/Enterprise Data Flow

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

Annex E. Biometrics Tiger Team Assessment Brief: Biometrics Tiger Team Assessment Brief

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO

Coordinating DRAFT - FOUO

DRAFT FOUO