Like everything else, modern police work is increasingly data intensive and network dependent. But network performance becomes even more critical when you are supporting 450 police cruisers spread over a county of 876 square miles (including 214 square miles of water), when "mobile" sometimes means delivering vital data to a vehicle in hot pursuit at more than 100 mph, and lost data could mean the difference between life and death in extreme situations.
That is exactly the environment in which Mac Magruder, deputy sheriff and MIS director for the sheriff's office in Escambia County, Florida. The county includes Pensacola and has a population of approximately 315,000. The sheriff's office has 1,100 employees and is the police force, runs the county jail and also handles more routine tasks such as process serving and prisoner transport.
Data services are vital to modern police operations. When a deputy sheriff pulls over a speeder, he already has basic information on the car - its description, the owner's name and other information, insurance information, whether it has been reported stolen - on the data screen in his cruiser. As soon as he has the driver's license, he can get information on the driver, including any police record. "Many crimes are solved and things detected at vehicle stops," Magruder says. "You can never be sure who is in the car, or what might happen." Officers have found themselves in unexpectedly dangerous confrontations at vehicle stops, so this information can be vital.
Similarly, when an emergency call is received, the cruisers get data showing what kind of call it is, location and other relevant information often before the dispatcher assigns the call to a unit. "We still use radio dispatch because we need to maintain the radio log as a record," Magruder says. But if an officer is close to the scene, he may respond before the dispatcher can make the call."
Obviously, downtime is unacceptable in this environment, and operations are 24x7x365. Given the particular demands a large police department puts on its data network, here are two lessons Magruder has learned:
1. Choose flexibility
"When I joined the sheriff's office, they didn't have firewalls. Internet activity was much lower then, and it wasn't a concern. Sheriff McNesby directed me to bring us into the 21st century." One of the first things he did was install two appliances running Check Point 3.x from Check Point Software Technologies Ltd. "Then my ISP, Cox Cable, decided to switch from Worldnet to UUnet." That required him to change his IP addresses. "Changing IP addresses in a CheckPont firewall is a major task. It took me a whole day the first time." He was able to do all the re-licensing for the firewalls online, however, and everything seemed under control.
Then, two weeks later, for some reason Cox said he had to change IP addresses again. "They sent me the address range, but when I tried to change the licenses online, I couldn't do it." He called Check Point's support, which kept referring him to one online document after another. "Finally I told them I was paying US$15,000 a year for support, and they were going to stay on the line until this was resolved."
It turned out that he had exceeded his quota for IP address changes, and he had been locked out. And the only people who could help him were in the Israeli office. The problem was, that office was closed on Thursdays and Fridays, and this was a Thursday.
"Finally I asked for the name of the president of the company, and with some crafty investigative work I obtained his phone numbers and called his cell phone. He was in an airport somewhere, and he was pretty surprised to get that call."
The next thing he knew, Check Point vice presidents were calling him. But only the Israel office could give him permanent licenses, and they could not do that until Saturday. The best they could do was issue temporary licenses. "At that point," he said, "I was through with Check Point."
He encountered Stonesoft at about this time at a computer conference and was impressed with the flexibility and clustering capabilities of its StoneGate firewall. "Everything is GUI-driven, so doing things like changing IP addresses are trivial tasks." He had money in his budget, so he bought two Stonesoft clustered firewalls and passed the Check Point firewalls to another county agency that could use them. That was five years ago, and he says the Stonesoft firewalls are "the easiest I have ever used." He likes them well enough that he just bought an intrusion prevention system from Stonesoft. The IPS works in conjunction with the firewalls to thwart would-be attackers.
2. Choose tested dependability
Magruder is building a mesh network on the 4.9 GHz band to replace the county's aging 800 MHz Motorola Radio Controller system, which only provides 19.2 kbit/s capacity. At that speed the present system is confined mostly to alphanumeric data. "We can send a mug shot, but it takes about 20 seconds." The mesh network will let the department send photo images, which have multiple applications in police work. Magruder envisions routinely sending driver's license photos from the Department of Motor Vehicles to traffic stops.
"Suppose we have a robbery at one end of town and stop a suspect at the other end. Today we might need to retain this citizen in custody for an hour or longer before we can get him to the witness for identification. And then he might turn out to be the wrong person." With the mesh network, he envisions shooting a digital image from the place where the suspect is stopped across town to the witness for a tentative identification in minutes. Then if the witness does not identify the suspect, he can be released immediately.
Magruder plans to share this new network with other county agencies. "We can send electronic permit forms to construction sites and allow contractors to open portals on it so they can file their permit requests electronically. Fire, EMS or any local government entity could have access to the county LAN. EMS could send live video and data from the ambulance to the hospital."
This network puts Escambia County in the forefront of the latest trend in wireless networking, municipal networks, along with Philadelphia, San Francisco and other large municipalities. However, Escambia's network covers a wider geographic area than many of the others and, because of its origins with the sheriff's office, has particularly rigorous dependability and connection hand-off requirements. Those needs played a key role in vendor selection.
"There are about three vendors selling mesh enabled architecture (MEA) networks," Magruder says. "Their capabilities and pricing are comparable, but the Motorola network is literally battle tested. The US Army is using it in Iraq, both for data communications with front-line units and location tracking. If it can survive the adverse conditions of the Iraqi desert and battlefield, it should survive here."