Schneier on Security

A blog covering security and security technology.

« Friday Squid Blogging: Squid Sand Sculpture | Main | Robotic Guns »

July 2, 2007

Bioterrorism Detection Systems and False Alarms

It took several days for New Jersey officials to establish that the alert wasn't the beginning of a deadly bioterror attack, but had been triggered by someone's allergic reaction to a smallpox vaccine at a local military facility. This false alert came from the government-funded computer program, Biosense. The complex program, which culls electronic health data from 350 of the nation's urban hospitals as well as veterans' hospitals and defense department facilities, comes after a string of costly, and never fully realized computer ventures before it. But three years into its development, with a price tag of around $230 million (on top of millions more spent on unsuccessful systems before it), it is unclear as to exactly what the program can accomplish.

EDITED TO ADD (7/2): The article is in Google's cache.

Posted on July 2, 2007 at 7:54 AM • 5 Comments • View Blog Reactions

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Only available to registered users...

Posted by: Woo at July 2, 2007 8:14 AM

gotta love google cache.

article here:
http://tinyurl.com/2ck8lb

Posted by: suomynona at July 2, 2007 8:21 AM

I expected more consistency from an article in a scientific magazine.

1. The article attacks the program for false positives. "To succeed, what should a system's threshold be? A rise in the purchase of antidiarrheal medicine? Maybe it's an outbreak, or maybe there's a discount being offered." Yet it also references the iceberg phenomenon: "Iceberg is an apt metaphor, because if a single patient surfaces with alarming symptoms, public health officials know that the bulk of cases are likely submerged and will explode into view shortly, depending on the disease's incubation period."

2. "For an attack big enough for Biosense to pick up, you might not need technology at all, says Dan Desmond, president of the SIMI Group, a California information technology firm. You'd learn as much from hanging out at the local morgue." Yes, if you happen know which morgue in the US to hang out at. This is what the program is supposed to help with.

3. The article praises SYRIS for being populated by doctors, who can distinguish signal from noise. Yet it lists sales data on antidiarrheals & testing agents as the keys in identifying a crytposporidium outbreak in Milwaukee

The following, on the other hand, makes a lot of sense to me: "The biggest problem, say public health experts, is that the CDC lacked the technological expertise for the undertaking." Creating a usable, useful program for non-progammers isn't easy. It's the rare programmer who understands the needs of a specialized user group and - as any program designer will tell you - the program specifications are even more important than the programming itself. See the comments by "Gordon" after the article.

Posted by: Harry at July 2, 2007 9:42 AM

Brought to you by the same fine group that brought us the FBI Case Files program!

http://investors.saic.com/phoenix.zhtml?c=193857&p=irol-newsArticle&ID=895047&highlight=

Posted by: Bill P at July 2, 2007 12:00 PM

very good

Posted by: mani shankar at April 24, 2008 3:05 AM