ML23018A161
| ML23018A161 | |
| Person / Time | |
|---|---|
| Site: | Quad Cities  |
| Issue date: | 08/31/2022 |
| From: | State of IA, Dept of Homeland Security and Emergency Management |
| To: | Office of Nuclear Security and Incident Response |
| Shared Package | |
| ML23018A159 | List: |
| References | |
| Download: ML23018A161 (1) | |
Text
Alert and Notification System Evaluation Report
Quad Cities Generating Station (Cordova, Illinois)
State of Iowa - Alert & Notification Backup System August 2022 ANS Evaluation Report-Backup System
Table of Contents Signature Page 4 Revision History 5 Executive Summary 6 Section 1: ANS Plan 7 Licensing Obligation 7 Description of System 7 Means 7 Methods 8 Authority 8 Administration 8 Requirements/Function 9 Operations 9 Security and Privacy 9 Training and Quality Assurance 9 Public Outreach and Education 10 Messaging 11 Public Messaging 11 Disabilities and Access/Functional Needs 11 Transient Populations 12 Ingestion 12 Maintenance 12 Section 2: Design Report 14 Licensing Obligations (if applicable) 14 Requirements 14 System Coverage 14 Population/Demographics 16 Interoperability 17 Operations 17 Management/Administration 18 Security and Privacy 18 Maintenance/Repair 18 Availability/Reliability 19 Testing 19
Table of Contents 2 QCGS/State of Iowa ANS
ANS Evaluation Report-Backup System
Responsibility 19 Training 21 Quality Assurance 21 Description/Performance 21 Physical Requirements 21 Administrative Components 22 Operational Components 22 Verification 23 Availability/Reliability 23 Security and Privacy 24 Training and Public Outreach 25 Section 3: Appendices A-Y 26
Table of Contents 3 QCGS/State of Iowa ANS
ANS Evaluation Report-Backup system
REVISION HISTORY The revision history is a summary of the modifications that have been made to this document. In an effort to maintain a historical record of edits, please do not remove previous entries.
Revision No. Summary of Revision Name Date
Change Backup ANS for the State of Iowa to Alert 1.0 Iowa-ETNS-(IPAWS-WEA). Primary notification 9/1/2022 system remains the approved siren system maintained by NPP.
Revision History 5 QCGS/State of Iowa ANS
ANS Evaluation Report-Backup system
EXECUTIVE
SUMMARY
The State of Iowa in coordination with the Scott County Emergency Management Agency, Clinton County Emergency Management, and the Quad Cities Generating Station (QCGS), intends to change the Alert and Notification backup scheme for the Scott County and Clinton County Emergency Planning Zones (EPZ). The intent is to replace backup route alerting with Wireless Emergency Alerts (WEA) through the Alert Iowa-ETNS/IPAWS system. WEA will work in conjunction with Scott County EMA and Clinton County EMA, who will utilize the use of reverse 911/landline notification through the Alert Iowa-ETNS system. The ability to message all landlines in the EPZ will aid in messaging for those residents who do not have WEA capable devices. The impetus for the change is due to difficulties in route alerting processes, and increased capabilities available to WEA. The primary notification system of sirens will remain in effect. The Alert Iowa-ETNS/IPAWS system will be activated immediately following siren activation. Constellation has been involved in reviewing this change and is supportive of the Alert Iowa-ETNS/IPAWS system as the backup ANS. See Appendix U-Iowa Alert Iowa Support.
Revision History 6 QCGS/State of Iowa ANS
ANS Evaluation Report
SECTION 1: ANS PLAN
Licensing Obligation The Quad Cities Generating Station license provided by the Nuclear Regulatory Commission (NRC), does not state the type or number of Alert or Notification Systems (ANS) for QCGS.
However, the State and Local Government Agreement has the following requirements before a change to ANS can occur: The primary system is the Constellation siren system.
Description of System
Means The Iowa Department of Homeland Security and Emergency Management Department (HSEMD) in coordination with Scott County EMA and Clinton County EMA, intend to implement the following changes to the existing ANS scheme:
- 1. Primary ANS: HSEMD, Scott County EMA, Clinton County EM, and QCGS will maintain the current outdoor siren(s) and use of NWS (National Weather Service) to activate EAS (Emergency Alert System) as the Primary Method for Alerting the Public. No Changes will occur.
- 2. Backup ANS: HSEMD, Scott County EMA, and Clinton County EMA will replace road maps and route alerting as the backup of Alerting the Public with the Integrated Public Alert & Warning System (IPAWS) - Wireless Emergency Alert (WEA). IPAWS-WEA uses the administrative channel on Telecom Cellular Towers to send emergency messages to mobile devices (cell phones and similar devices) in a designated area. Messages can include alerts and basic instructions.
IPAWS-WEA improves coverage of the relevant areas in Scott County and Clinton County, and studies indicate improved reception and comprehension by the public.
In conjunction with the WEA notification, Scott County EMA and Clinton County EMA will also utilize the use of reverse 911/landline and area opt-in accounts for notification through the ANS system. The ability to message all landlines in the EPZ will aid in messaging for those residents who do not have WEA capable devices.
See the attached Quad Cities Generating Station (QCGS) Primary and Backup ANS method diagram (Appendix A).
Methods The Primary method of Alerting the Public will remain the previously approved and implemented siren system provided by Constellation and EAS messaging provided by the NWS Quad Cities office upon approval by Clinton and Scott County EMAs.
Section 1: ANS Plan 7 QCGS/State of Iowa ANS ANS Evaluation Report
The Back-up method of Alerting the Public will be the Alert Iowa-ETNS notification system, specifically the use of Integrated Public Alert & Warning System (IPAWS) - Wireless Emergency Alert (WEA). IPAWS-WEA uses the administrative channel on Telecom Cellular Towers to send emergency messages in text form to mobile devices (cell phones and similar devices) in a designated area. In conjunction with the WEA notification, Scott County EMA and Clinton County EMA will utilize the use of reverse 911/ landline data that has been integrated into the Alert Iowa-ETNS. Messages can include alerts and basic instructions. The Alert Iowa-ETNS messages will be activated immediately following the Primary method by the NWS Quad Cities office.
Appendix A
Authority Scott County EMA and Clinton County EMA are the Alerting Authorities for the portion of the EPZ in their respective County. Please refer to the Administration Section.
Administration Scott County EMA and Clinton County EMA administers the operation of alert and notification under the oversight of HSEMD and their respective County Emergency Management Commissions. See Appendix B (Alert Iowa-Scott County Operating Plan and Procedure) and Appendix C (Clinton County Alert Iowa-Operating Plan and Procedure).
Section 1: ANS Plan 8 QCGS/State of Iowa ANS ANS Evaluation Report
Requirements/Function
Operations Activation Procedure(s) -
o Activation Procedures are identified in the county plans standard operating procedures:
Scott County EMA SOP-3 (Appendix D)
Clinton County EMA SOP-3 (Appendix E) o There is no failure mode analysis since Primary and Backup ANS will be activated consecutively (i.e. Backup ANS activated immediately after Primary). See SOP-3 4.1-B-9.c. Since the Backup Prompt Notification System, Alert Iowa-ETNS, is activated simultaneously or shortly after the Primary, no action will need to be taken in the event of siren failure.
Process(es) - for Alert Iowa o See Appendix B: Alert Iowa-Scott County Operating Plan and Procedure.
o See Appendix C: Clinton County Alert Iowa-Operating Plan and Procedure.
Security and Privacy
Physical Security o Access to IPAWS for WEA is through a web-based platform provided by Alert Iowa-ETNS vendor software as a Service Solution. Any mobile device or computer with internet access can be used to access the platform. Security primarily is controlling access to login and passwords to the platform. Access to the system is limited and controlled by customizable administrative rights controlled at the county level.
o HSEMD grants access to WEA once a county official has demonstrated they have met all of the requirements set forth by FEMA. See the attached IPAWS Guide in Appendix F.
Privacy o IPAWS WEA uses broadcast technology and does not use a database, and therefore, no privacy information is utilized.
o The reverse 911 data loaded into the Alert Iowa-ETNS is provided from current telecommunication company records and is updated on a yearly basis by HSEMD.
The data is stored within the vendor's SaaS (Software as a Service) as a digital record. Alerting authorities can pull and update this data throughout the year as deemed necessary by working with the Alert Iowa-ETNS vendor.
Training and Quality Assurance
Access to IPAWS is restricted to those who have completed the required training required by FEMA and IPAWS. The Iowa Department of Homeland Security and Emergency Management Section 1: ANS Plan 9 QCGS/State of Iowa ANS ANS Evaluation Report
(HSEMD) provides a user manual and supplemental training for IPAWS authorized users.
Counties who have access to IPAWS must complete a monthly demonstration of their IPAWS capability to stay compliant.
Schedule of routine training and certification o Monthly Proficiency Testing as required by FEMA Test of IPAWS WEA by Scott County EMA and Clinton County EMA and State HSEMD Quarterly reports on COG compliance are reviewed by the Alert Iowa-ETNS Program Manager for compliance. Those who are not in compliance are notified.
o IPAWS Guidance updated and distributed by HSEMD on an as needed basis.
o Biennial REP Exercise:
Demonstration of Communication Coordination, Decision-Making, Protective Action Decisions, and limited end-to-end test.
Limited schedule:
o In-person IPAWS Training provided by HSEMD for all Alert Iowa -ETNS administrators.
Alert Iowa-ETNS access is granted to counties through user agreement. Training is provided in-person and virtually for administrators on best practices, and usage.
See Appendix G: HSEMD Alert Iowa Strategic Planning Document for calendar year 2022 for courses offered in the 2022 year. Training is offered on a limited and revolving basis by HSEMD.
Limited schedule:
o Alert Iowa-ETNS utilized by Clinton County EMA and Scott County EMA for internal communications, special events exercises, and real world scenarios. This ensures that system administrators are familiar with the system and are able send messages as needed.
Training Plans for Scott and Clinton County.
See Appen dix B: Alert Iowa-Scott County Operating Plan and Procedure.
See Appendix C: Clinton County Alert Iowa - Operating Plan and Procedure.
Public Outreach and Education See Appendix G: HSEMD Alert Iowa Strategic Planning Document for calendar year 2022, and Appendix H: Alert Iowa Marketing Campaign Results FY 22. Also Appendix P: Combined Marketing Alert Iowa. For examples of marketing plans, materials, and results.
Summary: Annual education materials are updated and provided by HSEMD to the public and alerting authorities across the state. Counties utilize local events, partnerships, and social media to advertise the system. Statewide and local marketing for the Alert Iowa-ETNS system is valuable
Section 1: ANS Plan 10 QCGS/State of Iowa ANS ANS Evaluation Report
for promoting awareness of the system to residents. However, the proposed backup system of using IPAWS-WEA and NTIS does not require the public to sign-up to receive those messages.
The Constellation Public Information Brochure, which is updated annually, informs the public that Clinton and Scott County utilize Alert Iowa for public alerts if there is an event at the QCGS. See Appendix Q. In addition, the public website includes a message under the Warning Siren Section that Iowa residents will also receive emergency alerts via Alert Iowa. A link to Alert Iowa will be included for citizens to obtain more information regarding Alert Iowa (i.e. https://alert.iowa.gov).
Messaging
Public Messaging
HSEMD provides guidance on message creation for the Alert Iowa -ETNS system as well as for WEA messaging See Appendix I: HSEMD Alert Iowa Best Practices and Instr uction Guide, and Appendix F: IPAWS Guide.
Using IPAWS-WEA allows for short messages to be included in the alert. Messages are attached and are for short clear protective actions or directions.
The Alert Iowa-ETNS system is used for the distribution of the IPAWS-WEA message and also for the dissemination of phone calls via the use of reverse 911 data loaded into the Alert Iowa-ETNS system. The telephone data is provided from current telecommunication company records and is updated on a yearly basis by HSEMD. The data is stored within the vendor's SaaS as a digital record. Alerting authorities can pull and update this data throughout the year as deemed necessary by working with the Alert Iowa-ETNS vendor.
For Alert Iowa-ETNS messages for each county, see:
Scott County EMA SOP-3 (Appendix D)
Clinton County EMA SOP-3 (Appendix E)
Disabilities and Access/Functional Needs See Attached HSEMD Alert Iowa Best Practices and Instruction Guide, Appendix I.
IPAWS-WEA allows for text-based messages to go to mobile devices such as cellular telephones.
The hearing-impaired population will be able receive alerts without additional equipment or door-to-door notifications that were necessary when using the previous system.
Section 1: ANS Plan 11 QCGS/State of Iowa ANS ANS Evaluation Report
Transient Populations See Attached HSEMD Alert Iowa Best Practices and Instruction Guide, Appendix I.
Transient Populations would not be negatively impacted by the new backup alerting method. WEA does not utilize a database and will reach mobile devices within range of cellular towers in or near the EPZ. Also WEA messaging will include short clear protective actions or directions to watch or listen to EAS Stations for further information.
Ingestion Sirens are not utilized for Ingestion Pathway processes.
Maintenance The Alert Iowa-ETNS vendor performs basic maintenance on equipment and performs regular testing of their system. The Alert Iowa-ETNS provider has operation centers that monitor the environment 24x7 using automated and manual tools.
The Alert Iowa-ETNS system is a SaaS system. The vendors services operate in geolocated SOC 2 Type 2 certified Tier III data centers and use geographically diverse voice call services. The data centers have highly redundant systems to include power supplies backed by a generator system, cabinet power supply, synchronized UPS (Uninterruptible Power Supply), HVAC system, networking devices and failover capabilities to an alternate data center.
If a data center system, power grid, or an entire data center has an outage, the service fails over to the alternate data center. Also, the vendor replicates data between data centers to mitigate the risk of an outage causing data loss and to supply a stable seamless experience.
The data centers make use of the following industry-standard safeguards:
- 24/7 manned security
- Electronic keycards with pin codes
- Mantraps
- Biometric scanners
- Locks on all cabinets or cages
- CCTV monitoring
- Highly available HVAC
- Redundant circuits and power
- Backup generators
- Fire suppression and emergency lighting
- Strict access procedures
Physical access at each facility is controlled with three access safeguards:
- 1. A named access control list identifies only vendor representatives authorized to access the data center.
Section 1: ANS Plan 12 QCGS/State of Iowa ANS ANS Evaluation Report
- 2. At the data center, only these authorized personnel can pass the two-factor keycard and biometric control system.
- 3. A combination lock secures the cabinets housing the vendor's physical servers. This combination key is kept in an encrypted "password safe" only accessible to vendor System Administrators.
Section 1: ANS Plan 13 QCGS/State of Iowa ANS ANS Evaluation Report
SECTION 2: DESIGN REPORT
Licensing Obligations (if applicable)
This is already addressed above.
Requirements
System Coverage Population -
o The portion of Scott County in the EPZ is primarily a rural area with three municipalities: Princeton, LeClaire and McCausland and an overall population of approximately 7870.
o The portion of Clinton County in the EPZ is primarily a rural area with three municipalities: Camanche, Clinton and Low Moor and an overall population of approximately 30,509.
o Includes 6,626 transients with approximately 5844 in Clinton County and 782 in Scott County in the primary areas.
Geographic Area -
o The Geographic coverage of the area is the portion of IPAWS-WEA Coverage is 100% of the Geographic area.
See attached maps for cellular carriers in the region.
Alert Iowa-ETNS Coverage is 100% of the Geographic area.
Alert Iowa-ETNS is utilized to supplement IPAWS-WEA.
The following number of landlines and resident opt-in recipients (reachable by a combination of voice calls and text messages) are reachable per EPZ zone:
Note that landline and opt-in recipients numbers can and do fluctuate over time.
EPZ Zone One (Clinton) 4 Landlines EPZ Zone Seven (Clinton) 40 Landlines 239 Opt-in 241 Opt-in Recipients Recipients
EPZ Zone Two (Scott) 0 Landlines EPZ Zone Eight (Scott) 1 Landlines 266 Opt-in 275 Opt-in Recipients Recipients
EPZ Zone Three 76 Landlines EPZ Zone Nine (Clinton) 54 Landlines (Clinton) 256 Opt-in 251 Opt-in Recipients Recipients
Section 2: Design Report 14 QCGS/State of Iowa ANS
ANS Evaluation Report
EPZ Zone Four (Scott) 58 Landlines EPZ Zone Ten (Scott) 0 Landlines 272 Opt-in 270 Opt-in Recipients Recipients
EPZ Zone Five (Clinton) 622 Landlines EPZ Zone Eleven (Clinton) 2014 Landlines 331 Opt-in 776 Opt-in Recipients Recipients
EPZ Zone Six (Scott) 165 Landlines EPZ Zone Twelve (Scott) 333 Landlines 278 Opt-in 383 Opt-in Recipients Recipients
Landlines are loaded from available telco data for each county. Opt-in Recipient accounts are created and managed by the public. A resident can sign up for alerts based on the address(es) they provide in the system.
IPAWS-EAS-used as part of the primary method.
IPAWS-EAS is a radio and TV broadcast system and has 100% of the geographic area.
Means -
o The Integrated Public Alert & Warning System (IPAWS) - Wireless Emergency Alert (WEA). IPAWS-WEA uses the administrative channel on Telecom Cellular Towers to send emergency messages in text form to mobile devices (cell phones and similar devices) in a designated area. Messages can include alerts and basic instructions.
o The Alert Iowa-ETNS system has all reported loaded landlines from County telcos loaded into the system on an annual basis. This is accessible to send a voice message to by geographical boundary by the county EMA. Messages can include alerts and basic instructions
Primary Methods -
The Primary method of Notifying the Public will remain the previously approved and implemented siren system provided by Constellation and IPAWS-EAS messaging provided by the NWS Quad Cities office upon approval by Clinton and Scott County EMAs.
Backup Methods -
o The Integrated Public Alert & Warning System (IPAWS) - Wireless Emergency Alert (WEA). IPAWS-WEA uses the administrative channel on Telecom Cellular Towers to send emergency messages in text form to mobile devices (cell phones and similar devices) in a designated area. Messages can include alerts and basic instructions.
o The Alert Iowa-ETNS system will be utilized to send messaging to all reverse 9-1-1 data in a designated area. Messages can include alerts and basic instructions.
Section 2: Design Report 15 QCGS/State of Iowa ANS
ANS Evaluation Report
Population/Demographics The portion of Scott County in the EPZ is primarily a rural area with three municipalities:
Princeton, LeClaire and McCausland and an overall population of approximately 7870.
The portion of Clinton County in the EPZ is primarily a rural area with three municipalities:
Camanche, Clinton and Low Moor and an overall population of approximately 30,509.
Transient population for both counties as reported in ETE (Evacuation Time Estimate) from Constellation/KLD Engineering, P.C.
Includes 6,626 transients with approximately 5844 in Clinton County and 782 in Scott County primary population areas. See Appendix S: KLD-Transient Population EPX.
Demographics from 2020 US Census:
Scott County-Language other than English-6.6% See Appendices R and X Language by county, for breakdown by language.
Per US 2020 Census and Voting Right Act, Scott County is not included in the designation of counties with foreign speaking populations. See documents included in submission. See Appendix J.
Households with a computer, 89.1%
Households with a broadband internet subscription-83.6%
Graduation rate-93.5%
Individuals with a disability under age 65 years-7.6%
Clinton County Language other than English-2% See Appendices R and X Language by county, for breakdown by language.
Per US 2020 Census and Voting Right Act, Clinton County is not included in the designation of counties with foreign speaking populations. See documents included in submission. See Appendix J.
Households with a computer 84%
Households with a broadband internet subscription-78.8%
Graduation rate-90.4%
Individuals with a disability under age 65 years-9.8%
Literacy Projections for Scott County and Clinton County-See Appendix T-Literacy Estimates.
Scott County 2003 NCES (National Center for Education Statistical reports) is the most recent report 7% of the population is lacking basic literacy skills Clinton County 2003 NCES is the most recent report 8% of the population is lacking basic literacy skills
Section 2: Design Report 16 QCGS/State of Iowa ANS
ANS Evaluation Report
Interoperability The IPAWS-Compliant Vendor Program called Alert Iowa-ETNS is used to activate IPAWS-WEA and is also used to activate the ETNS messaging.
The Alert Iowa-ETNS system is supported and managed by HSEMD. Alerting authority is granted to county EMA for emergency messaging purposes. The Alert Iowa-ETNS system is the proposed back-up means of notification and is maintained separately from the currently primary method of alerting.
The Alert Iowa-ETNS system is a SaaS and is accessible from any electronic device with access to the internet. Clinton County EMA and Scott County EMA use two separate IT systems to provide for initial redundancy when utilizing the system for IPAWS-WEA and ETNS messaging.
The redundancy for the back-up ANS method is as follows.
Operations Scott County EMA is the Alerting Authority for the portion of the EPZ in Scott County. Scott County EMA operates the Alert Iowa-ETNS, under the authority of HSEMD and the Scott County Emergency Management Commission.
Clinton County EMA is the Alerting Authority for the portion of the EPZ in Clinton County.
Clinton County operates the Alert Iowa-ETNS under the authority of HSEMD and the Clinton County Emergency Management Commission.
Section 2: Design Report 17 QCGS/State of Iowa ANS
ANS Evaluation Report
Management/Administration HSEMD administers the alert and notification system across the state. Access is granted to counties to use the system. HSEMD provides guidance and training for system users. The set-up, and administration of each county system is the responsibility of the County Emergency Management Agency.
See Appendix I: Alert Iowa Best Practices and Instruction Guide and Appendix F: IPAWS Guide.
Security and Privacy Physical Security -
o Access to IPAWS for WEA and EAS is through a web-based platform provided by Alert Iowa-ETNS vendor. Any mobile device or computer with internet access can be used to access the platform. Security primarily is controlling access to login and passwords to the platform. Access to Logins and Passwords are granted by HSEMD for County EMA access and by each County EMA for county access.
Privacy o IPAWS WEA broadcast technology and does not use a database, and therefore, no privacy information is utilized.
Logical Security -
o Security primarily is controlling access to login and passwords to the platform.
Access to Logins and Passwords are granted by HSEMD for County EMA access and by each County EMA for county access.
See access agreements for Clinton County (Appendix L) and for Scott County (Alert Iowa-Scott County Operating Plan and Procedure).
Under Appendix J of the Scott County Alert Iowa Plan is the MOA with IPAWS::
On page 3, Section 7.0, Security, First Paragraph: Both parties agree to adhere to and enforce the Rules of Behavior (as specified in Appendix C).
On Page 11, Section 2.3 (Appendix C), Interoperable System User Accounts & Passwords: This LISTS ALL SECURITY &
PASSWORD REQUIREMENTS.
o HSEMD requires system users to take an annual IT security training and all users must sign the Acceptable Use Policy, and Internet Access Policy, see Appendix K.
Maintenance/Repair Preventative maintenance -
o Alert Iowa-ETNS vendors IT Operations monitors the environment 24x7 using automated and manual tools and provides all system maintenance.
o IPAWS is maintained by the US Government Department of Homeland Securitys Federal Emergency Management Agency (FEMA).
Corrective maintenance -
Section 2: Design Report 18 QCGS/State of Iowa ANS
ANS Evaluation Report
o Alert Iowa-ETNS vendor has architected the platform and systems to permit only authorized access to customer data. The production network, which contains customer data, is isolated from Alert Iowa-ETNS vendors corporate and development network using strict technical and administrative access controls.
Customer data is never used in development testing or marketing materials. The production network itself is segmented by function, with separate segments for web activity, messaging, databases, and other functions. Alert Iowa-ETNS vendors IT Operations and IT Security teams monitor and tightly control network traffic between these segments to ensure customer data only moves when necessary for messaging and database maintenance.
Availability/Reliability Alert Iowa-ETNS vendor provides an uptime of 99.999% for the Services, subject to scheduled updates and scheduled maintenance and to any downtime caused by the Client or by Third Party Service Providers.
FEMA IPAWS Office supported by FEMA REP states the system has an availability in excess of the required 94%. REPP has confirmed in Public Meetings that IPAWS has 98.9% availability/reliability with a congressional requirement to meet 99.999%.
FCC oversees Telecom and Mobile Devices. For the purposes of reliability, IPAWS meets or exceeds the 94% requirements.
LTE Coverage Maps-See Appendix M.
Testing HSEMD, Scott County EMA and Clinton County EMA Staff will routinely test devices and software utilized for the Alert Iowa-ETNS.
Summary Testing will be tests of hardware and software in parts and at a minimum as whole annually if not more often.
Schedule of routine testing:
o Monthly-IPAWS Lab test conducted by HSEMD, Scott County EMA, and Clinton County EMA devices, network, IPAWS-Compliant Vendor Platforms and the IPAWS Server. Barring ongoing emergencies.
Unscheduled:
o Regional system testing of the Alert Iowa-ETNS software.
See Appendix D: Scott County_SOP 3_Alert Iowa Operational Plan.
Responsibility The Alert Iowa-ETNS vendor maintains the SaaS and provides maintenance, testing and repair.
The vendor monitors and tightly controls network traffic between these segments, so data only moves when necessary for messaging and database maintenance. Each network tier is firewalled and only permits Internet access where required. The system is continuously monitored with several tools to detect unauthorized activity or changes. Tools such as Ganglias and Nagios
Section 2: Design Report 19 QCGS/State of Iowa ANS
ANS Evaluation Report
monitor at the server and OS levels. Other tools such as App Manager and DbTuna monitor application and database servers. In addition, Crashlytics is used to monitor mobile applications.
Changes to critical system files or configurations automatically notify the vendors IT Operations. Last, periodic vulnerability scans and other tests are performed by internal and third-party assessors to identify vulnerabilities with applications and infrastructure.
The Alert Iowa-ETNS vendors corporate and service infrastructure are continuously monitored for applications and infrastructure vulnerabilities. Security audits and assessments with advice and best practices are provided by vetted vendors and security consulting services.
The platform is annually audited by a third-party, using services from independent security firms specializing in vulnerability assessment and penetration testing. Auditors are also SANS/GIAC Certified Web Application Penetration Testers. Reviews are comprehensive and include:
- Database account control and access
- Vulnerability of the web and mobile applications
- Physical security and physical security policy
- Network security and network security policy
- Personnel security and personnel security policy
- Cryptography
- Firewall rule base audit performed quarterly
- OS security
- Backup and recovery process
- Intrusion detection system
- Wireless network security configuration
An independent third-party conducts annual penetration testing is conducted on both the Rave platform infrastructure as well as applications.
The vendor also holds awareness and training for all employees, they are required to complete annual Information Security training. Training is completed through an online learning management system (LMS). The Information Security module includes topics on:
- Information security overview
- Electronic IDs and passwords
- Avoiding identity theft
- Information classification
- Computer viruses and hoaxes
- Email and Internet use
- Extra email precautions
- Premise and Workspace security
- Social engineering
- Phishing prevention
- Business continuity plan
The modules include a final assessment highlighting real-world compliance issues that employees should learn to recognize and respond to appropriately.
Section 2: Design Report 20 QCGS/State of Iowa ANS
ANS Evaluation Report
Training Access to IPAWS is restricted to those who have completed the required training required by FEMA and IPAWS. The Iowa Department of Homeland Security and Emergency Management (HSEMD) provides a user manual and supplemental training for IPAWS authorized users.
Counties who have access to IPAWS must complete a monthly demonstration of their IPAWS capability to stay compliant.
Schedule of routine training and certification o Monthly Required Testing-Test of IPAWS WEA by Scott County EMA and Clinton County EMA and State HSEMD o IPAWS Guidance updated and distributed by HSEMD on an as needed basis.
Biennial REP Exercise:
o Demonstration of Communication Coordination, Decision-Making, Protective Action Decisions, and limited end-to-end test.
Limited schedule:
o In-person IPAWS Training provided by HSEMD.
Training Plans for Scott and Clinton County.
See Appendix B: Alert Iowa-Scott County Operating Plan and Procedure.
See Appendix C: Clinton County Alert Iowa-Operating Plan and Procedure.
Quality Assurance
Alert Iowa-ETNS vendor performs QA on All application changes, whether in normal or emergency releases. These changes are peer reviewed, tested, and inspected by QA prior to being applied to the production environment.
Description/Performance
Physical Requirements System Components -
o The Alert Iowa-ETNS system used for reverse 911 alerting and to access IPAWS -
WEA is a SaaS system.
Section 2: Design Report 21 QCGS/State of Iowa ANS
ANS Evaluation Report
User Interfaces -
o IPAWS WEA is accessed through the Alert Iowa-ETNS vendor. The web-based platform can be accessed using any internet accessible mobile device or computer.
o The Alert Iowa-ETNS system provides robust real-time reporting after an alert is sent to see the rate of delivery and delivery success rate.
Functional Block Diagrams -
o See the attached Quad Cities Generating Station (QCGS) Primary and Backup ANS method diagram. Appendix A.
Administrative Components Organizational Responsibilities -
o HSEMD administers the Alert Iowa-ETNS system, but the counties have the ultimate authority on system use. At the direction of HSEMD, and per the Alert Iowa Best Practices and Instruction Guide, Appendix I, testing of the system is required to ensure operational readiness. Instructions and recommendations for IPAWS-WEA are included in the Alert Iowa IPAWS Guide, Appendix F.
Management -
o HSEMD oversees the Alert Iowa-ETNS system with each county being the alerting authority. Counties must sign a user agreement and submit an ops plan in accordance with Iowa Code and Rule.
o See attached Clinton County Alert Iowa-ETNS application, user agreement and operations plan, Appendices O, L, C.
o See attached Scott County Alert Iowa-ETNS application, user agreement and operations plan, Appendix B.
o See Iowa Code 605.15 and Iowa Rule 29c.17a in Appendix N.
Operational Components Activation -
o See attached Clinton County Alert Iowa-ETNS application, user agreement and operations plan, Appendices O, L, C.
o See attached Scott County Alert Iowa-ETNS application, user agreement and operations plan, Appendix B.
Timing -
o IPAWS-WEA National Test 2018 - Test Results indicate 95% of Mobile Devices capable of receiving WEA received the alert in less than 15 seconds.
o The Alert Iowa-ETNS has the following capacity in place to deliver voice messaging to landlines in the EPZ zones. The Alert Iowa-ETNS has the capacity to place 400,000 voice calls per hour. Each voice call Alert Iowa-ETNS vendor sends out has at minimum six carrier route choices, and their system can switch routes in real time in response to congestion.
Geo-Targeting -
o IPAWS-WEA is a broadcast technology and only can currently limit geography based on the Cellular towers in the identified area resulting in RF bleed over.
Section 2: Design Report 22 QCGS/State of Iowa ANS
ANS Evaluation Report
IPAWS update 2.0 will increase the accuracy to 0.1 miles of the boundary designated for the alert.
o Alert Iowa-ETNS collects known landline telephone numbers from information provided by telcos to HSEMD. These records are coded by county and uploaded into alert Iowa on an annual basis.
The Alert Iowa-ETNS has the following capacity in place to deliver voice messaging to landlines in the EPZ zones. The Alert Iowa-ETNS has the capacity to place 400,000 voice calls per hour. Each voice call Alert Iowa-ETNS vendor sends out has at minimum six carrier route choices, and their system can switch routes in real time in response to congestion.
Verification Coverage -
o Scott County, Clinton County, and HSEMD support staff to review the logs and records for maintenance, testing, training, and verification of the capabilities as listed in the Alert Iowa-ETNS Plan. The LTE coverage for the Quad Cities will be updated annually. The results of the review will be included in the Annual Letter of Certification (ALC).
Population/Demographics -
o Scott and Clinton Counties will review the ETE (Evacuation Time Estimate) report provided annually by Constellation for any shifts in population demographics for the area.
Availability/Reliability
Alert Iowa-ETNS vendor provides an uptime of 99.999% for the Services, subject to scheduled updates and scheduled maintenance and to any downtime caused by the Client or by Third Party Service Providers.
Alert Iowa-ETNS vendor utilizes host-based intrusion detection software to ensure that critical security and configuration files are not changed. Alert Iowa-ETNS vendor also utilizes a configuration management system to ensure that all machines adhere to corporate security policies and standards. The configuration management system publishes policies such as authentication configuration, NTP/time, and syslog settings that help to ensure the systems are synchronized and the data is available.
Alert Iowa-ETNS vendor IT Operations and IT Security teams monitor numerous sources of information around potential vulnerabilities and are granted authority to test and apply patches and protections for newly discovered vulnerabilities at its discretion. This policy is designed to ensure that vulnerabilities are addressed rapidly and effectively as new issues are identified and resolved across the technology industry.
Alert Iowa-ETNS vendor continuously monitors their system with intrusion detection software to ensure critical security and configuration files are protected and correct. Any
Section 2: Design Report 23 QCGS/State of Iowa ANS
ANS Evaluation Report
changes to critical files immediately notify Alert Iowa-ETNS vendor's Technical Operations team.
Per our Alert Iowa -ETNS vendor, for availability/reliability year-to-date we are 99.988%
uptime. 2021 was 99.986%. We are projected for a 99.991% uptime for 2022. This is tracked and reported annually.
Alert Iowa-ETNS vendor Technical Operations teams routinely audits log data and access controls, as well all relevant software versions, OS, application, and database security patches. This allows us to proactively maintain system security. They support formal release processes for both urgent security patches based on known security risks or other threats, and for standard, scheduled product releases.
Per FEMA, the IPAWS Reliability/Availability exceeds the 94% benchmark. As of Q1 2022, it is at or exceeds 99.9% per the IPAWS quarterly congressional report.
The Alert Iowa-ETNS system is also the system used to access FEMA-IPAWS.
Scott Countys Information Technology department has verified that the following building Internet connectivity for 1100 E. 46th Street, Davenport, IA 52807, has an uptime of 99.99% in the last 365 days. This service is provided through CS Technologies, and because of the nature of operations between the Scott County Emergency Management Agency and the Scott County Emergency Communications Center, redundancy is in place. See Appendix V: Scott County Information Technology Letter.
Security and Privacy
Privacy o IPAWS WEA uses broadcast technology and does not use a database, and therefore, no privacy information is utilized.
o Alert Iowa-ETNS vendor maintains appropriate security controls to protect within reason the contracted service and the customer data. The controls include such items as next generation firewalls, intrusion detection systems, denial of service protection, malicious code protection, and encryption. Data is encrypted both in transit and at rest, where necessary employing acceptable industry standards.
Encryption keys are safeguarded and changed at appropriate intervals.
Annual Security Training is required by the Iowa OCIO Information Security Office -
https://iowagov.securityeducation.com/
o All State of Iowa employees are required to complete all training on the security education platform.
Alert Iowa-Administrators are instructed to never write down their passwords. Alert Iowa has a self-service portal where users can find a forgotten username and reset their password as needed. If users are unable to reset their passwords on their own, domain admins have the ability to do so.
Section 2: Design Report 24 QCGS/State of Iowa ANS
ANS Evaluation Report
o o Passwords and usernames in the Alert Iowa-ETNS are tied to each unique domain.
Domain admins have the ability to reset passwords for another administrator in their system, but not the ability to see current passwords. Account auto-protect protocols are in place for login attempts, and the primary domain admin will be notified of any admin lockouts. The Alert Iowa -ETNS vendor has a 24-7/365 IT support desk that can assist administrators with locked accounts.
For County security, see the previous section above entitled Security and Privacy.
Training and Public Outreach
See Attached HSEMD Alert Iowa Best Practices and Instruction Guide in Appendix I, and Alert Iowa Marketing Campaign Results FY 22 in Appendix H. See Attached HSEMD Alert Iowa Strategic Planning Document for calendar year 2022, Appendix G.
Summary: Annual Education materials are updated and provided by HSEMD to the public and alerting authorities across the state. HSEMD provides training courses for all Alert Iowa Administrators on a yearly basis in-person and virtually. Course videos and manuals are available year-round on a secured access shared site accessible by Alert Iowa-ETNS administrators. Lastly HSEMD provides information on the Alert Iowa program on its respective social media sites.
HSEMD Staff and agency partners with access to IPAWS receive routine training on all devices and software utilized by HSEMD for Alert Iowa-ETNS.
Schedule of routine training and certification o Monthly Required Proficiency Testing-Proficiency test of IPAWS WEA by Scott County EMA and Clinton County EMA and State HSEMD
o IPAWS Guidance updated and distributed by HSEMD on an as needed basis.
Section 2: Design Report 25 QCGS/State of Iowa ANS
ANS Evaluation Report
Appendices
Appendix Title
A Quad Cities Generating Station (QCGS) Primary and Backup ANS method diagram
B Alert Iowa-Scott County Operating Plan and Procedure
C Clinton County Alert Iowa-Operating Plan and Procedure
D Scott County EMA SOP-3
E Clinton County EMA SOP-3
F Alert Iowa: IPAWS Guide
G HSEMD Alert Iowa Strategic Planning Document for calendar year 2022
H Alert Iowa Marketing Campaign Results FY 22
I Alert Iowa Best Practices and Instruction Guide
Section 3: Appendices 26 QCGS/State of Iowa ANS ANS Evaluation Report
J Voting Rights Act
K Internet Access and Usage/Acceptable User Policy
L Clinton County User Agreement
M LTE Coverage Maps
N Iowa Code
O Alert Iowa Application-Clinton County
P Combined Marketing Alert Iowa
Q Constellation Public Information Brochure
R Language by county
S KLD-Transient Population EPZ
T Literacy Estimates
Section 3: Appendices 27 QCGS/State of Iowa ANS ANS Evaluation Report
V Scott County Information Technology Letter
W Final IA Clinton County Emergency Management_MOA-IPAWS
X U.S. Census Bureau Quick Facts
Y Clinton & Scott Countys Signed IPAWS MOU
Section 3: Appendices 28 QCGS/State of Iowa ANS
Literacy Projections for Scott & Clinton County Iowa The summarized data below was based upon the National Center for Educational Statistical reports from 1992 & 2003. The 2003 report is the most current report that was produced by the NCES.
https://nces.ed.gov/naal/estimates/StateEstimates.aspx 2022 Projected Literacy Rates Countywide Averaged % from 1992 & 2003 Total Projected EPZ Population Projected EPZ Population based on Population for Each County Population # Averaged %
Scott County 174,170 7.00% 12,192 7,817 547
Clinton County 36,793 7.50% 2,759 30,336 2,275
Combined Total 210,963 38,153 2,822
Reportable or Projected Population "Percent Lacking Basic Total Projected Population #
Literacy Skills"
1992 NCES Report - Scott County 116259 7.00% 8,138
2003 NCES Report - Scott County 121,420 7.00% 8,499
1992 NCES Report - Clinton County 39,212 7.00% 2,745
2003 NCES Report - Clinton County 38,590 8.00% 3,087