search menu icon-carat-right cmu-wordmark

SEI Brings Wide Expertise to Commercial Mobile Alert Service Effort


May 30, 2012—A New Yorker passing through Kansas glances at her cell phone and discovers she’s received a text message alerting her to a threat from tornadoes closing in on the lonely stretch of Interstate 70 down which she and her husband are driving. At the same time, other cell phone customers in the threatened geographical area also receive the National Weather Service alert. So informed, they all can seek shelter and take the steps necessary to protect themselves. This is one of many visions those working on the Commercial Mobile Alert Service (CMAS) seek to make possible. To help in the effort to integrate systems into CMAS, thereby creating greater numbers of alert originators and a more effective warning system, the Department of Homeland Security (DHS) has tapped the expertise of the Software Engineering Institute (SEI).

CMAS, also referred to as the Personalized Local Alert Network (PLAN), has grown out of the Warning, Alert, and Response Network (WARN) Act. The system provides alerting authorities the ability to broadcast emergency alerts to customers with appropriately provisioned cell phones who are located in the geographical vicinity of cellular towers serving an affected area. To date, four of the largest cellular networks—AT&T, Sprint Nextel, T-Mobile, and Verizon—have agreed to participate. The system also incorporates thousands of alert originators. CMAS transmits three types of alerts: presidential alerts, imminent threat alerts, and AMBER alerts. 

Though the participation of the four large cellular networks provides the system 90 percent geographic coverage, numerous smaller providers and thousands of alert originators still need to be integrated to maximize the reach of CMAS. This is where the SEI comes in. Its role is to create the integration strategy. 

Creating an Integration Strategy for Alert Originators

Larry Jones, senior member of the technical staff at the SEI, and team lead for the SEI’s CMAS effort, noted that the SEI brings to the table both its leadership in software engineering research and a single source of experts from the multiple disciplines the CMAS project requires. “The SEI’s Research, Technology, and System Solutions (RTSS) Program leads a cross-SEI team,” said Jones. “That team includes experts in architecture, integration, network security, and project management.”

In particular, Jones cited the CERT Program, which has a long history as a coordination center of information about internet security problems that specially qualifies the SEI to use mission thread analysis to make recommendations for the CMAS security strategy. Jones also acknowledged the Acquisition Support Program (ASP), which adds expertise in software organizations and management.  

Challenges the CMAS Integration Strategy Must Address

Key to the integration strategy, and the ultimate effectiveness of CMAS, is providing paths of integration into the systems for the thousands of alert originators. These include all state, county, and city governments, as well as local districts for fire protection, transit, and public utility services that choose to participate. In addition, the overall effort includes aspects of international cooperation. The challenges to integration are many:

  • Alert originators use many different types of software, including custom software or software developed in house.
  • The documentation available for the existing systems varies widely.
  • The security of systems varies.
  • Bandwidth capabilities vary.
  • The originators’ readiness to integrate with CMAS varies.

In addition to these challenges, Jones observed that the originators’ current use of the required protocol varies. “CMAS will use the Common Alerting Protocol or ‘CAP),’” said Jones. “Among other things, CAP has a 90-character limit. Originators feel this limits their ability to describe a situation to users, especially for AMBER alerts. So CMAS alerts have varying needs to be supplemented by other existing emergency alert systems, such as TV, radio, and social media.”

Jones added that “a one-size-fits-all strategy definitely will not work.” The CMAS integration strategy developed by the SEI team will also need to address numerous other issues, such as scale, language, population density, and topography. “Alert originators work in vastly different contexts and necessarily have vastly different origination systems,” said Jones. “For example, San Diego County is the size of Connecticut. Residents speak English, Spanish, Tagalog, Vietnamese, and many other languages. Its territory includes coastline, mountains, and desert, which are prone to different types of emergencies, from tsunami to landslides to wildfires.” Consequently, added Jones, “the alert system that San Diego uses will differ from that used by, say, a county in Montana with a population of less than 5,000. Some areas need more capabilities than others.”

Jones noted the overall CMAS effort is extensive and involves several other organizations working on other aspects of the project. The Applied Physics Laboratory at Johns Hopkins University is constructing a large-scale computer model of the system on which to run simulation studies and a test environment. The RAND Corporation is developing a mobile-penetration strategy to determine the availability of mobile services across the country. And Touchstone Consulting Group is coordinating stakeholder forums, documenting best practices, and designing regional tests of the system.

How Alert Originators and Disseminators Can Help the Integration Effort

The collection of data from all the various stakeholders associated with the CMAS project is critical to the SEI’s development of a CMAS integration strategy. Consequently, the SEI is seeking information about the needs and requirements of alerting authorities and disseminating carriers who need to integrate with the system. The SEI encourages these organizations to get involved. It urges them to contact the SEI to discuss the capabilities of their emergency alert systems and their needs and concerns related to integrating with CMAS. Concerned organizations should contact the SEI by sending email to

For more information about CMAS, please visit the following websites: