HomeMy WebLinkAbout08 - CLETS Encryption RequirementCITY OF NEWPORT BEACH
CITY COUNCIL STAFF REPORT
' Agenda Item No. 8
June 9, 2009
TO: HONORABLE MAYOR AND MEMBERS OF THE CITY COUNCIL
FROM: Police Department
John Klein, Chief of Police, 949 644 3701, JKlein@nbpd.org
nbpd.org
Bill Hartford, Lieutenant, 949 644 3660, BHartford @nbpd.org
SUBJECT: FUNDING FOR CLETS ENCRYPTION REQUIREMENT
RECOMMENDATION:
Approve an expenditure of $54,217 to upgrade and encrypt the Police
Department's CAD California Law Enforcement Telecommunication System
(CLETS) interface to accommodate the data encryption between the Orange
County Sheriffs Department and the Police Department.
Authorize the Chief of Police to execute a Professional Service Agreement with
Northrop Grumman, as approved by the Office of the City Attorney.
DISCUSSION:
Background:
The Police Department received a letter dated December 11, 2008, from the OCSD
stating that California's Department of Justice (DOJ) now requires all CLETS
connections to be encrypted (CLETS Policies, Practices and Procedures section 1.9.6).
CLETS Policies, Practices, and Procedures section 1.9.6 Encryption
Data accessed via the CLETS and transmitted through any public network segment, wireless network,
untrusted network or the public Internet shall be immediately protected with encryption. The encryption
shall meet the requirements specified in the FBI's CJIS Security Policy section 7.8. Encryption keys used
to encrypt data accessed via the CLETS shall be managed through documented procedures detailing key
generation, key distribution, key disposal, emergency procedures, key recovery and key escrow. It is the
responsibility of the law enforcement or criminal justice agency to document, and keep current, all
encryption key management practices.
Funding for CLETS Encryption Requirement
June 9, 2009
Page 2
CLETS, a data interchange switcher for SlWte data files, is a high -speed message
switching system, which became operational in 1970. CLETS provides law
enforcement and criminal justice agencies access to various data bases and the ability
to transmit and receive point -to -point administrative messages to other agencies within
California or via the National Law Enforcement Telecommunications System.1
The OCSD is the hub for all CLETS connections for the Police Department. They also
recommend what equipment should be used for encrypting CLETS connections. Based
on their recommendation in their December 11, 2008 letter, the Police Department will
need to purchase equipment to encrypt the CLETS interface from CAD to OCSD.
During conversations with both the OCSD network support staff and various encryption
equipment vendors /consultants, the Police Department's CAD 9.6K connection (from
CAD to OCSD) will not support the encryption technology needed. The CAD 9.6K
connection is approximately 20 years old. The interface on the CAD System needs to
be converted to a TCP /IP interface. This conversion process has been a recurring
budget request for the past few years, but due to budgetary constraints, has not been
approved.
Northrop Grumman (formerly PRC), the product manufacturer of our current CAD
System, has quoted a price of $49,854 (including California sales tax, $54,217) for
converting the CAD 9.6K interface. Northrop Grumman is the developer of our CAD
System's software and is currently under contract for service with the Police
Department. As a component of the Northrop Grumman system, there is a source code
that is embedded into the CAD System's software, which is a proprietary product of
Northrop Grumman and limits Northrop Grumman as the sole provider for the CAD
CLETS interface.
Once the CAD CLETS interface is converted from the 9.6K interface to a TCP /IP
interface, the CAD CLETS data will be able to utilize the existing T -1 connection to
OCSD.
The deadline to complete the encryption before sanctions are imposed by the DOJ is
June 30, 2009.
Environmental Review:
Not applicable.
'US Definitions, "CLETS Law & Legal Definitions," http //: definitions.uslegal.comm / clets
Funding for CLETS Encryption Requirement
June 9, 2009
Page 3
Funding Availability:
As authorized by Council Policy F -3, Dennis Danner, the Administrative Services
Director, has approved the following transfers:
$10,000 from the Utilities Fund, #1820 -8116
$10,000 from the Postage and Freight Account, #1820 -8050
$30,000 from the PC Replacement Fund, #1820 -9005
These funds will be transferred into the Computer Maintenance Software Account,
#1820 -8181, to fund the upgrade and encryption of CLETS. As a result of implementing
restrictive fiscal spending guidelines, excess funds were located in these accounts.
Prepared by:
r�
Bill Hartford, Lieutenant
Support Services Division
Submitted by:
Jo n Klein
IEF OF POLICE
Attachments: OCSD Letter, dated December 11, 2008
TCP /IP Scope of Work
Newport Beach Police Department
Chief John Klein
P.O. Box 7000
Newport Beach, CA 92660
Chief Klein:
The Department of Justice requires that all CLETS data traveling through public network segments
be fully encrypted ( CLETS Policies, Practices and.Procedures section 1.66E). This means that the
TI data line carrying your ELETE and CAD data to and from the Orange County Sheriff's
Department must be equipped to encrypt data from end to end. Also impacted are any internal data
lines connecting your substations-,af these lines are transmitting CLETS data.
The Orange County Sheriff's Department has obtained the necessary equipment to encrypt our end' of
your Tl circuit. Your agency will be required to purchase the same equipment for your end of the TI
circuit. At minimum, a Cisco 2811 router with Advanced Security Software Feature Set will be
necessary. A price quote is attached to this letter listing the required equipment and associated costs.
To allow adequate time to purchase the necessary equipment, we will be contacting your agency to
coordinate the TI line encryption in February 2009. If your agency is ready to implement prior to
that time, please contact the "Sheriffs Data Center at 714 - 8344444 and you will be directed to the
appropriate person.
The Department of Justice has given Orange County a deadline of June 2009 to be fully compliant. If
your agency is not in compliance prior to that date, you will have to work directly with DOJ on your
compliance issues.
Sincerely,
Sandra Hutchens, Sheriff - Coroner
Dave Wilson, Captain
Support Services Division
PROUDLY SERVING THE UNINCORPORATED AREAS OF ORANGE COUNTY AND THE FOLLOWING CITIES AND AGENCIES:
ALISD VIEJO • DANA POINT • LAGUNA HILLS • LAGUNA NIGUEL • LAGUNA WOODS • LAKE FOREST MISSION VIEJO
RANCHO SANTA MARGARITA .• SAN CLEMENTE • SAN JUAN CAPISTRANO • STANTON • VILLA PARK ,
OC PARKS • DANA POINT HARBOR • JOHN WAYNE AIRPORT • OCTA • SUPERIOR COURT
SHERIFF- CORONER DEPARTMENT
SANDRA HUTCHENS
COUNTY OF ORANGE
SHERIFF - CORONER
CALIFORNIA
UNDERSHERIFF
JOHN L. SCOTT
`
EXECUTIVE COMMAND
JACK ANDERSON
329 N. FLOWER STREET
JOHN B. DAVIS
SANTA ANA, CA 92793
RICK DOSTAL
(714) 947 -7990
December 11, 2008
MICHAEL R.HILLMANN
MIKE JAMES
Newport Beach Police Department
Chief John Klein
P.O. Box 7000
Newport Beach, CA 92660
Chief Klein:
The Department of Justice requires that all CLETS data traveling through public network segments
be fully encrypted ( CLETS Policies, Practices and.Procedures section 1.66E). This means that the
TI data line carrying your ELETE and CAD data to and from the Orange County Sheriff's
Department must be equipped to encrypt data from end to end. Also impacted are any internal data
lines connecting your substations-,af these lines are transmitting CLETS data.
The Orange County Sheriff's Department has obtained the necessary equipment to encrypt our end' of
your Tl circuit. Your agency will be required to purchase the same equipment for your end of the TI
circuit. At minimum, a Cisco 2811 router with Advanced Security Software Feature Set will be
necessary. A price quote is attached to this letter listing the required equipment and associated costs.
To allow adequate time to purchase the necessary equipment, we will be contacting your agency to
coordinate the TI line encryption in February 2009. If your agency is ready to implement prior to
that time, please contact the "Sheriffs Data Center at 714 - 8344444 and you will be directed to the
appropriate person.
The Department of Justice has given Orange County a deadline of June 2009 to be fully compliant. If
your agency is not in compliance prior to that date, you will have to work directly with DOJ on your
compliance issues.
Sincerely,
Sandra Hutchens, Sheriff - Coroner
Dave Wilson, Captain
Support Services Division
PROUDLY SERVING THE UNINCORPORATED AREAS OF ORANGE COUNTY AND THE FOLLOWING CITIES AND AGENCIES:
ALISD VIEJO • DANA POINT • LAGUNA HILLS • LAGUNA NIGUEL • LAGUNA WOODS • LAKE FOREST MISSION VIEJO
RANCHO SANTA MARGARITA .• SAN CLEMENTE • SAN JUAN CAPISTRANO • STANTON • VILLA PARK ,
OC PARKS • DANA POINT HARBOR • JOHN WAYNE AIRPORT • OCTA • SUPERIOR COURT
NOfiTf /ROP GJW9~J ,4M
May 29, 2009
Newport Beach Police Department
870 Santa Barbara Drive
Newport Beach, CA 92660
Attention: Mr. ]ohn Veale
Northrop Grumman Information Technology, Ina
15010 Conference Center Drive
Chantilly, VA 20151
Subject: Altarifm CAD TCP/IP interface to OCATS
Dear Mr. Hartford:
Quote #109372v2
Northrop Grumman is pleased to provide you with a quotation to replace your current A/tarijrl
bi -sync OCATS interface with a TCP /IP interface. The new interface will be based on the
OCATS Interface Specifications provided by your department.
Scope of Work
With this proposal, Northrop Grumman will perform the following tasks:
• Design, develop, code, test, and install the OCATS interface driver based upon TCP /IP
protocol standards, using the Orange County OCATS Interface Specification.
• Modify all messages to be sent to OCATS to meet the new OCATS header requirements.
• Modify the OCATS Response Handler in the CAD system to address the transactional
header differences between the current interface and the proposed TCP /IP interface.
This will ensure that all messages received from OCATS are correctly processed and
routed for display.
• Set up and configure the OCATS TCP /IP interface address requirement inside the
A/tar&rm registry.
• Assist the Newport Beach Police staff with integration testing;
• Provide configuration management for the new interface
Based on the OCATS Interface Specifications provided the Newport Beach PD, the OCATS
message formats remain unchanged. Therefore, this quotation does not include any effort to
modify and /or add any CAD screens /forms or transactional messages.
Customer Responsibilities andAssumpifons
NBPD will be responsible for the following items:
• Provide all necessary hardware and routers with 128 bit encryption (3DES or AES, FIPS
140 -2 compliant);
• Configuration of all routers and communication hardware;
• Supply a test TCP /IP circuit, IP's and Ports to OCATS for testing
• Provide necessary staff to assist with the testing of all OCATS transactions
Newport Beach Alfar&lm CAD TCP /IP Interface to OCATS Quote #109372v2
Page 2
Price
The price for this Proposal is $49.854.00
Applicable Sales Tax has not been included in the above prices and will be added to subsequent
invoices.
Payment Terms
1.) Upon Acceptance of Northrop Grumman Quotation /Issuance 40%
of Purchase Order
2.) Upon Installation of Software 35%
or Northrop Grumman Certifying That Modification Is Ready for
Testing
3.) Upon Acceptance 25%
Total Software, Services, & Miscellaneous 100%
Acceptance
Acceptance will occur when the testing demonstrates the new interface is successfully
communicating with OCATS and responses are received for requested information; or 30 days
after the Newport Beach Police Department is notified in writing that the data is available for
testing. Any non - performance by non - Northrop Grumman software/hardware shall not preclude
acceptance of the Northrop Grumman work.
Terms and Conditions
Northrop Grumman standard terms and conditions apply to this quotation and are attached for
your review. An implementation schedule will be agreed upon after receipt of a purchase order
or properly executed contract acceptable to Northrop Grumman. The quotation number (CSG-
109372v2) must be included in all resulting purchase orders.
This quotation will expire on July 18, 2009.
Northrop Grumman looks forward to working with you on this initiative and the continued
support of your site. Please don't hesitate to contact LeRoy Butenhoff at (571) 313 -2387 or me
at (571) 313 -2610 if you need further assistance.
Regards,
Sent Via Electronic Mail; May 29, 2009: Andy R. Peucker
Andy R. Peucker
Contracts Manager
Northrop Grumman Information Technology, Inc.
cc: Paul Martin
LeRoy Butenhoff