2012 European Intelligence and Security Informatics Conference

Creation of an EU-level Information Exchange

Network in the Domain of Border Security
Gregorio Ameyugo, Michal Art, Ana Soa Esteves, Jakub Piskorski
Frontex
Warsaw, Poland
Email: rstname.lastname@frontex.europa.eu
AbstractThis paper describes a staged effort to address the
issue of Border Control information sharing across EU Member
States. Specically, the rst step of the adopted solution is
described; it consists of the deployment of a distributed network
managing a commonly agreed set of messages. The paper is
accompanied by a demo of the Information Sharing Application
deployed at each node of the network.

It is de-centralised (no common central underlying

database), and inexpensive (using open source software
whenever possible)
It is scalable and technologically very stable
It is easy to interface with NCCs and relevant national
systems and with Frontex and its information systems
It requires from Member States a very low commitment
to participate in the core information exchange network
Beyond the minimum requirements for information exchange to be agreed and dened, each network node is
free to decide what to exchange with whom on the basis
of bilateral agreements.
The ultimate goal of setting up of the aforementioned
network is to pave the way for the creation of EUROSUR1
- the future European integrated border surveaillance system.

I. I NTRODUCTION
The aim of our project is to facilitate the sharing of
actionable information related to border control between EU
Member States. This exchange should allow the creation of
a common awareness of the situation at the external border
of the EU which is, since the creation of the European free
movement area, a topic of supranational interest. Difculties
to share information stem from two different sources:

II. R ELATED W ORK

In the course of the last decade, information sharing across
jurisdictional boundaries of intelligence, law enforcement and
other security-related bodies has been acknowledged to be of
ever-growing importance [2]. Basic aspects and examples of
information sharing systems are presented in [3]. Our work
focuses on enabling exchange of basic geo-tagged information at EU level on border control issues and visualisation
thereof on geo-maps in a decentralised manner. Development
of systems that support the aforementioned functionality is
becoming increasingly popular, in particular, due to the rapid
emergence of open source software for making GeoWeb
applications in a cost-efcient manner, e.g., see [4].
Currently, several efforts similar to ours are being carried
out at EU level to streamline information exchange by various
security-related communities, e.g., BluemassMed2 and MARSUNO3 (maritime surveillance), SafeSeeNet4 (maritime safety
and environment protection), etc. A long-time perspective EUlevel effort is to integrate existing surveillance systems and
networks used by different authorities dealing with border
control, safety, sheries control, customs, environment and
defense into a Common Information Sharing Environment5

Most Border Guards organizations in EU Member States

(MS) use legacy systems to manage their information,
these systems are often undocumented, tightly coupled,
and relatively closed and inexible.
Cultural, operational, structural, and legal issues make
information exchange across MSs a difcult task.

A big bang project approach (i.e., top-down approach) to

develop and deploy a complex system for facilitating information exchange is risky in view of legal, technological, and other
specic national constraints (i.e. overlapping responsibilities),
which might be considered as important factors that could
hinder the use of such a system.
The solution chosen is a bottom-up approach, in which the
Member States have been asked to determine the information
they want to share and minimum technology has been already
provided to support that exchange. Any extensions to the
technology and new functionalities will be implemented in
an agile manner based on stakeholders feedback and needs.
To be more precise, our project consists of setting up a persistent connection between a limited number of participating
(so called) National Coordination Centres - NCCs (a one-per
country body responsible for coordinating gathering information at national level) and Frontex (the EU Border Agency)
through a lean common interest geo-tagged information
sharing network (fully extensible) and on the facilitation of
information trade between the different nodes in the network.
Main characteristics of the network dened are the following:
978-0-7695-4782-4/12 $26.00 2012 IEEE
DOI 10.1109/EISIC.2012.55

1 http://europa.eu/legislation summaries/justice freedom security

/free movement of persons asylum immigration/l14579 en.htm
2 http://www.bluemassmed.net/
3 http://www.marsuno.eu/
4 http://www.emsa.europa.eu/operations/maritimesurveillance/safeseanet/113-safeseanet.html
5 http://ec.europa.eu/maritimeaffairs/policy/integrated maritime surveillance

356

(CISE) for the maritime domain. The bottom-up developed

network described in this paper is not limited to the maritime
domain, but it clearly contributes to the development of the
future CISE. The particular characteristic of the ongoing
development is the fact that the network is being implemented
and deployed at the same time as the legislation for sharing
border control information at EU level is being prepared,
which allows to test things before they are nailed down.
Furthermore, we believe that an iterative approach of further
development and extension of the network is benecial in
terms of exibility and agility.

JBoss Servers and making use of the GIS services provided

locally by the node. It allows any authorized node user to
access the nodes business information and other services
using a standard web browser. The other services include node
domain-limited email, audio/video conferencing and chat.
A node provides connectivity for the local NCC system.
This can enable local NCC network users to access the
Information Sharing Application and services from their workstations. It also makes automatic or automated machine to
machine data exchange possible through the use of Web
Services provided by the node.

III. I NFORMATION E XCHANGE N ETWORK A RCHITECTURE

IV. DATA M ODEL AND V ISUALISATION

The presented solution delivers a set of identical network

nodes, one node to each of the NCCs of the participating
Member States (currently including: Finland, France, Greece,
Italy, Lithuania, Poland, Portugal, Slovakia, Spain, and being
extended till end of 2013 to 18 countries in total) and one
to Frontex. The nodes form a peer-to-peer network connected
through a secure network built with IPsec VPN over Internet.
Each deployed node consists of a computer rack equipped with
multiple servers and several networking and security devices.6

Three main categories of business information (artefacts)

are currently exchanged by the nodes: (a) Events - datasets
describing actual events or events as they happen on the
border or in other areas of interest, (b) Documents - text,
pictures and video les, and (c) Graphical elements - dots,
lines and other shapes that are geo-referenced and thus can be
displayed on maps. Artefacts can be linked to each other. A
coarse-grained structure of the event type hierarchy agreed on
between Member States is given below.
* IRREGULAR MIGRATION
- Irregular border crossing (entry)
- Irregular border crossing (exit)
- Irregular border event related to facilitators
- Other events related to irregular migration
RELATED
CROSS-BORDER CRIME
*
- Trafficking in human beings
- Smuggling
- Other cross-border criminal activity
* CRISIS
- Natural disaster
- Man-made disaster
- Violence
- Armed conflicts
- Humanitarian Crisis - Unspecified crisis event
* OTHER
- Warning
- Law infringement
- Exercise
- Other unspecified event

Fig. 1.

Each event description consists of: (a) a generic part that

includes information on: event type, its status, classication
level, location7 , time, condence, impact, information source
(e.g., reporting system, border crossing point, etc.), links to
related online resources, associated actions (e.g., operational
activities), and (b) a specic part that includes event typespecic information, e.g., description of the victims in case of
trafcking in human beings, or the number of injured people
in case of crisis situations, etc.
An icon policy has been developed8 such that the whole
information visualization picture is coherent across various
event types. See Figure 2 for examples.

The architecture of the network.

Each node keeps and controls its own set of information plus
a copy of information received from other nodes. Information
entered at a node is automatically shared intransitively with
other nodes (push mode only) according to the sharing rules
(see Section V) established locally in the node according to
the existing bilateral or multilateral agreements. There is no
possibility to pull data from other nodes. User access is dened
locally in each node, using LDAP (Lightweight Directory
Access Protocol) Directory Service. PKI infrastructure is used
to authenticate nodes accessing services of the other nodes.
The architecture of the network is depicted in Figure 1.
The business information pieces are accessible to the node
users through the Information Sharing Application. It is a
multi-tier Web application running in each nodes Apache and

V. S HARING P OLICIES
The information shared is pushed by the originating node,
the owner, into the network and distributed to other nodes
following bilateral or multilateral agreements between them
which the system identies as sharing rules.
This approach prots from the distributed character of the
network which not having any central node is not limited
7 We

6 It comes with a 52 LCD screen and a general-issue LINUX-based

workstation allowing access to the services of the network.

use GeoNames gazetteer (http://ws.geonames.org) for this purpose.

ideas have been borrowed from the OSINT project presented in [1].

8 Many

357

Fig. 3. The Information Sharing Application. In the Left-hand pane event

template (description) is visible. On the right-hand pane the Event layer
is displayed on a map. Via clicking on an icon a balloon with detailed
information on an event is displayed.

Fig. 2. Various icon types used for visualisation: (a) irregular migration and
related cross-border crime (rst two rows), (b) man-made disasters (inverted
triangles), (c) natural disasters (triangles), etc.

Four different user roles are supported: (a) Viewer - can

only view information, (b) Operator - can view, enter and
modify information, (c) InfoManager - can dene sharing
rules, and (d) AppManager - can adjust Application settings,
congure alerts and manage node-wide lters.
Each network node retains ownership of the information
that it has created. Ownership can be transferred to any other
requesting node, subject to approval by the current owner.
Only the owner node can modify an artefact freely and share
the updates according to its local sharing rules. Other nodes
can propose updates, however their contributions have to be
submitted to the owner of the artefact for approval and sharing
according to the owners sharing rules.

by the need to manage a common denominator set of

information which could be seen by all the participating
nodes, on the contrary, the solution adopted allows for the
creation of communities of interest in which more active
nodes will have a richer picture of what is happening at
the external border. Nevertheless, the mechanism of dening
sharing policies allows also to: (a) simulate a centralised
information exchange network, and (b) use each node of the
network as a local system, i.e., information is not being shared,
only visible on the NCC consoles that have access to the
Information Sharing Application.
VI. I NFORMATION S HARING A PPLICATION

VII. C ONCLUSIONS

The Information Sharing Application (ISA) presents artefacts on one of the three preinstalled maps using a rich set of
icons. Artefacts in the same geographic location are grouped
to keep clarity of the situational picture. Relations between
artefacts can be displayed as arrows. New icons appear as their
information is entered or received. Three predened views are
available: Event, Analytical and Operational.
A screenshot of ISAs Interface is given in Figure 3. The
user interface is optimized to allow fast and easy access
to detailed information and functions. Counters indicating
numbers of pending items are displayed. A list of alerts is
displayed and automatically updated. A set of pop-ups can
be activated by an action of a mouse over an artefact to
present intermediate-level information or allow fast access
to available functions. The ISAs Interface includes editors
for: creating and manipulating event descriptions (templates),
creating information lters, managing sharing rules, creating
graphical objects, conguring ISA settings (e.g., access to map
services, dening user settings, etc.). Furthermore, an event
browser (based on user-dened lters) is provided. Finally,
ISA is equipped with an artefact-related persistable chat with
other network nodes.

We have briey presented an effort aiming at the development of a simple decentralised network for sharing geotagged border control-related information between EU Member States, which is an essential milestone that will hopefully
pave the way for creating a future EU-level integrated border
surveillance system. The network as such provides tracks
to transport information. The further steps will focus on
providing the cargo, i.e., using the network to populate it
with event, analytical and operational information, that will
lead to the creating of situational pictures at the EU borders.
R EFERENCES
[1] Martin Atkinson, Jakub Piskorski, Erik Van der Goot and Roman Yangarber. 2011. Multilingual Real-Time Event Extraction for Border
Security Intelligence Gathering. In: Counterterrorism and Open Source
Intelligence Series. Lecture Notes in Social Networks, Vol. 2.
[2] Henry L. Stimson Center. 2008. New Information and Intelligence Needs
in the 21st Century Threat Environment. Published by Stimson Center.
[3] Christopher Westphal. 2008. Data Mining for Intelligence, Fraud & Criminal Detection: Advanced Analytics & Information Sharing Technologies.
CRC Press, Inc, Boca Raton, FL, USA.
[4] Yasuharu Yamada. 2010. Web Based Disaster Information Sharing
Platform, GeoWeb using Open Source Software and Freeware for Rural
Areas. In International Archives of the Photogrammetry, Remote Sensing
and Spatial Information Science, Volume XXXVIII, Part 8, 2010.

358