Local Police Share Secure Wireless Network in Wisconsin

Police departments upgrade shared network and overcome security challenges.

by / June 22, 2008

The cities of Middleton, Fitchburg and Sun Prairie have similar-sized populations, are almost equidistant and are on the outskirts of Wisconsin's capital city, Madison.

They also share some things that are far less obvious: an encrypted wireless network that links their police departments, a bundle of high-tech software and the joint commission responsible for it all.

The MultiJurisdictional Public Safety Information System (MPSIS) task force formed four years ago to fix the police departments' ailing records management systems, and since then it has procured high-tech tools and provided cost savings.

"We consolidated a lot of what police departments need to do their job," said Matthew Prough, the system administrator and sole MPSIS employee.

Prough, whose background includes law enforcement and technology, steered the cities' latest collaborative project: upgrading slow T1 links (in place since 2004) to high-speed wireless and encrypting part of the network's traffic. The improvement initially presented a challenge for the MPSIS.

Going the Wireless Way

When the cities looked to upgrade their network, a speedier connection wasn't on top of the must-have list. Officials wanted the ability to extend a flat Layer 2 network out to the network's physical locations to prevent disruptions, while also preserving the existing IP network addressing scheme.

As a result, if the main Fitchburg server failed, a backup server at a different location would assume operations without the need to reconfigure. "This gives us an easy ability to establish redundancy and business continuity for our systems," he said.

Redundancy is especially important for public safety entities because a several-minute glitch endanger people.

Prough said the decision to extend the Layer 2 network out to the sites - instead of routing between them - to provide a backup network backbone often comes as a surprise to others. "My experience is that there's a basic assumption made by people that since we have three separate sites, we route between them," he said.

Some consultants discarded the idea of a Layer 2 network, Prough said, especially when it came to encryption and backup links. Prough suspected that familiarity with routed networks was partly to blame. "But we knew what we wanted to achieve, and simple persistence and patience ultimately allowed us to achieve the results we were looking for," he said.

Segment Solution
Because of the wireless upgrade, the MPSIS had to comply with Criminal Justice Information Services (CJIS) security requirements - federal mandates for sensitive information.

The requirements are compulsory for police departments, which access state and federal databases (e.g., when pulling license plate data) and information from local police departments connected by a Web-based tool called the Wisconsin Justice Information Sharing (WIJIS) Justice Gateway.

Although CJIS compliance under WIJIS is not mandatory until 2010, any upgrade or new connection must comply immediately, Prough said.

To secure the wireless network, the MPSIS turned to encryption. Of the five responses to the organization's RFP, three offered wireless radios with built-in encryption and two offered wireless-only solutions with the option to encrypt via a third-party vendor.

For the MPSIS, the choice hinged on price.

"The two that included encryption options external to the wireless radios were significantly less expensive," Prough said. The cities tapped CommConnect for the wireless connection and took CommConnect's advice to enlist third-party vendor CipherOptics for the encryption.

CipherOptics proposed its CipherEngine to meet MPSIS's cost and performance requirements. In addition to encrypting traffic on the Layer 2 switched network, the MPSIS called on CipherOptics to segment the nonencrypted traffic from the Fitchburg Fire Department, so the fire department would connect via half of the Fitchburg Police Department link, thereby consolidating the two existing links that used the same water tower.

This created a serious challenge for the MPSIS because typically everything that goes with encrypted data gets encrypted, said Brian Irish, CipherOptics' marketing director.

To deal with the problem, CipherOptics implemented two separate virtual local area networks (VLANs) using encryption, Irish said. This capability wasn't always available. "In the past, encryption and VLANs have been like oil and water," he said.

The solution gave Prough what he was looking for - the power to dictate which data gets encrypted, he said. "This deployment has been a great example of how municipalities can get security as they transmit data in a way that works for them," Irish said.

Implementation of the encryption onto the network was a snap for Prough. CipherOptics talked Prough through the software configuration, and he did the work himself. Prough said he's had no trouble making encryption modifications to the wireless paths, even when operating from a remote location.

The simplicity of the system and additional savings, especially on the operational side, have made the encryption solution valuable to the MPSIS, Prough said.

The entire wireless system cost approximately $200,000, with the encryption portion about $35,000 of that total, said Fitchburg Chief of Police Thomas Blatter. The MPSIS received more than $1.1 million in federal grant money since 2004, which played a big role in implementing the joint software and recent upgrades. U.S. Rep. Tammy Baldwin, D-Madison, played a key role in landing those grants, Blatter said.

"The federal government can provide valuable financial and moral support by encouraging and assisting this type of inter-community cooperation for the public good," Baldwin's spokeswoman said.

Consortium Formation
The MPSIS was originally formed in late 2003 to tackle the issue of replacing three aging records management systems.  

Other software items were included in the original project, including police dispatch software (Global Dispatch) and mobile data software (Global mReach), which together were "pretty inclusive of what police departments need on a daily basis," Prough said.

The records management system, Global Justice, took time to roll out because of the difficulty of converting data from the three separate systems, said Phil Sisk, president of Global Software Corp., MPSIS's software provider.

The result was worth it. The records management system, which was in full use by November 2005, is central to the police departments' functions, Prough said. The system shares and stores incident, accident, citation, arrest and evidence information from the three departments - it basically gives officers more information to fight crime, Sisk said.

The availability and accessibility of information helps officers do more in the car (on squad car computers), and they don't have to enter data twice. "These communities deal with the same issues and often the same people," Sisk said. "They have a better picture of whom and what they are dealing with when they share this type of information."

While the founding goal of the MPSIS was to purchase and implement a shared records management system, the objective naturally progressed; the cities looked into other components that fit within the joint framework and its existing systems, Prough said.

For example, the trio purchased a digital dictation system, municipal court software and fingerprint identification technology - all woven into the records management system.

Prough said the collaborative framework gives the cities access to new technologies and services that would've otherwise been unattainable. It also encouraged the police departments to join forces in other areas like training.

A key part of working together, Prough said, is to give all cities a say, but let no single city have too much control.  

However, democratizing the process has its downside.  

"Any changes they wanted to make had to be voted on and agreed to by the group as a whole," Prough said, "but it can work if you can work through that - the consolidation can be very successful."

A future goal of the MPSIS is to provide some data access to the public, such as the locations and types of service calls the departments receive.

The MPSIS is also open to the idea of other police departments coming on board. The MPSIS's high-speed wireless network and encryption upgrades are tailored to be flexible and scalable.

Prough put it this way: "Since everybody is doing it the same way, it makes sense to build that out a little further."

Jessica Hughes Contributing Writer

Jessica Hughes is a regular contributor to Government Technology and Emergency Management magazines.

Platforms & Programs