DRAFT

A Strategic Plan

for the

Development and Application

of

SAVANT

Version 4.0

Mar 08

Dave Lush, CTOGlobeTech Exchange

DRAFT

DRAFT

1. PURPOSE:.............................................................................................................................................1

2. BACKGROUND:..................................................................................................................................1

A. SERIOUS PROBLEMS WITH THREAT KNOWLEDGE MANAGEMENT:....................................................1B. MODEL DRIVEN THREAT ASSESSMENT AND SAVANT:....................................................................2C. THE GENESIS OF SAVANT:...............................................................................................................2

1) AIPSS and Precursor Efforts:.......................................................................................................22) AVIPSS and KPS, VPS, and VIPS:................................................................................................2

D. ADVENT OF THE SAVANT PROGRAM:..............................................................................................2E. SAVANT AND PREDECESSOR ACCOMPLISHMENTS THUS FAR:........................................................3

1) Ground Breaking Info Model Driven Threat Database Capabilities...........................................32) Next Generation EWIR System (NGES):.......................................................................................33) VPS IOC and Enterprise-wide Deployment of VPS:.....................................................................34) Re-engineering of the AIPSS Knowledge Editor to Achieve JADE:.............................................35) Development of IOC for VIPRE:...................................................................................................36) Establishment of an Information Model Development Environment (KILN):..............................37) Threat Domain Specific Applications of SAVANT:.......................................................................3

F. SAVANT PROBLEMS/ISSUES:............................................................................................................31) Inadequate Operational Architecture and Requirements Baseline:.............................................32) Aging Technical and System Architecture:...................................................................................33) Fielding of Knowledge Bases and Associated Dynamic Products Takes Too Long:....................34) Inadequate Conceptual Modeling Capabilities:...........................................................................35) Threat Knowledge Authoring Tool Is Not Considered Easy to Use:............................................36) Limited VPS Virtual/Dynamic Product Features:........................................................................37) Lack of a Comprehensive Ad Hoc Query Tool:............................................................................38) Lack of Robust Intelligence Discovery/Delivery Capability:........................................................3

G. ADVENT OF A SAVANT FUNDING PROGRAM LINE:.........................................................................3

3. SOME VISION CIRCA 2013:.............................................................................................................4

A. WORLD CHAOS:..................................................................................................................................4B. IMPERATIVE FOR INFORMATION SHARING AND IMPROVED THREAT KNOWLEDGE MANAGEMENT:..4C. NET-CENTRIC OPERATIONS AND WARFARE:......................................................................................4D. NASIC PARADIGM SHIFT:..................................................................................................................5D. CONCEPTUAL MODEL OF THE THREAT:.............................................................................................7E. STRUCTURED THREAT ASSESSMENT:.................................................................................................7F. CONCEPTUAL MODELS ARE FACILITATING ANALYSIS AND THREAT KNOWLEDGE CAPTURE:.......12G. STRUCTURED THREAT ASSESSMENTS ARE FACILITATING COMPLETENESS & RE-USE:..................12H. THREAT KNOWLEDGE BASELINE:....................................................................................................12I. SOME SPECIFIC SCENARIOS:.............................................................................................................12J. REPETITION IS ONE OF THE PRINCIPLES OF LEARNING:...................................................................14K. STATE OF NASIC CAPABILITIES/PERFORMANCE IN 2013:..............................................................15

4. THREAT KNOWLEDGE MANAGEMENT IMPERATIVES:....................................................16

5. TOP LEVEL REQUIREMENTS:.....................................................................................................16

A. THE CORE FUNCTIONAL REQUIREMENT:.........................................................................................16B. DERIVED REQUIREMENTS:................................................................................................................16

6. THE PRIMARY SAVANT GOAL:..................................................................................................17

A. COMPLETE EXTERNALIZATION/CAPTURE/MANAGEMENT OF NASIC THREAT KNOWLEDGE:.......17B. FLEXIBLE AND AGILE CAPABILITY FOR DYNAMIC PRODUCT DEVELOPMENT/DEPLOYMENT:........17C. ROBUST INTELLIGENCE NOTIFICATION/DISCOVERY/DELIVERY SERVICES:.....................................17

7. MAJOR SAVANT OBJECTIVES:...................................................................................................18

A. ROBUST SAVANT PROGRAM AT NASIC:.......................................................................................18

DRAFT i

DRAFT

B. IMPROVED, ENHANCED, RE-ENGINEERED, BASE-LINED SAVANT SYSTEM:..................................18C. ESTABLISHMENT OF A NASIC THREAT KNOWLEDGE BASELINE:...................................................18D. ACQUISITION/DEVELOPMENT OF A CONCEPTUAL MODELING TOOL WITH REQUISITE FEATURES:. 18E. ENHANCED, MORE INTEGRATED KILN CAPABILITY:......................................................................18F. ENHANCED, MORE RICHLY FEATURED KNOWLEDGE AUTHORING TOOL (JADE):.........................18G. ENHANCED, SEMANTICALLY AIDED INTELLIGENCE PRODUCT DEVELOPMENT/MANAGEMENT:.....19H. GENERALIZED, SEMANTICALLY AIDED QUERY TOOL:....................................................................19I. ENHANCED, SEMANTICALLY AIDED DISCOVERY/MASH-UP/DELIVERY CAPABILITIES:...................19J. ROBUST ORGANIZATIONAL CAPABILITY FOR SAVANT APPLICATIONS:........................................19

8. REVIEW OF CORE CONCEPTS/TECHNOLOGIES/ARCHITECTURE:...............................20

A. THE BASIC KNOWLEDGE MANAGEMENT CONOPS AND CORE IDEAS:..........................................20B. SOME BUILDING BLOCK TECHNOLOGIES:........................................................................................21

1) The Oracle Platform/Suite:.........................................................................................................212) Service Oriented Architecture (SOA), Web Services, and BPM:................................................213) MS Office Related Capabilities:..................................................................................................214) Structured Authoring Capabilities:.............................................................................................225) Conceptual Modeling Methodologies/Tools:..............................................................................226) Semantic Technologies:...............................................................................................................22

C. ARCHITECTURE:................................................................................................................................231) Operational Architecture:...........................................................................................................232) System Architecture:...................................................................................................................233) Technical Architecture:...............................................................................................................25

9. PROPOSED APPROACH:................................................................................................................26

A. RE-ESTABLISH, EXECUTE, SUSTAIN AN EXPLICIT FORMAL SAVANT PROGRAM:..........................261) Vetted, Approved Program Charter and Program Plan:............................................................262) Program Governance Structure:.................................................................................................26

B. ESTABLISH AND CONTROL A SAVANT SYSTEM BASELINE:...........................................................261) Functional and System Requirements:........................................................................................262) Operational/Info, Technical, System Architectures:...................................................................26

C. ESTABLISH, EXECUTE, MANAGE PORTFOLIOS OF SAVANT RELATED PROJECTS:.........................271) Two Kinds of SAVANT Project Portfolios:.................................................................................272) Proposed SAVANT Capabilities Portfolio:.................................................................................283) Proposed SAVANT Results Portfolio:.........................................................................................304) Portfolio/Project Management/Oversight:.................................................................................30

D. INVESTIGATE AND LEVERAGE SELECTED HOT-OFF-THE-SHELF TECHNOLOGIES:..........................311) Possibly Obscure But Powerful Features of the Oracle Suite:...................................................312) MS Office/Sharepoint:.................................................................................................................313) SOA/ESB and Web Services:.......................................................................................................314) Java Community Process (JCP) and Java Spec Request Driven Capabilities:.........................315) SysML Conceptual/System Modeling Tools:...............................................................................316) Structured Authoring Tools (e.g. In.Vision Xpress Author):.......................................................317) Semantic Mash-up Technologies/Tools:.....................................................................................318) Semantic Query Capabilities:.....................................................................................................31

E. ACHIEVE ORGANIZATIONAL COMPETENCIES/CAPABILITIES TO RAPIDLY APPLY SAVANT:.........31

10. Final Words:.....................................................................................................................................31

DRAFT ii

1. PURPOSE:

a. The purpose of this document is to communicate a strategic plan and a foundation for program planning for the continuing development, application, and maintenance of the NASIC SAVANT capability.

b. More specifically this document (1) cites relevant background; (2) expresses vision regarding NASIC’s situation, ops scenarios, and capabilities circa the year 2013; (3) states associated goals/objectives and top level functional requirements; (4) reviews the core CONOPS/concepts, technologies, and architecture; (5) specifies the general approach; and (6) identifies key projects to be accomplished in order to realize the vision for NASIC’s threat assessment and knowledge management capabilities in the year 2013.

2. BACKGROUND:

a. Serious Problems with Threat Knowledge Management:

The IC, DOD, and DHS have had and still have serious problems with how they capture and manage our nation’s hard earned knowledge of the threat. The major facets of this problem are identified and discussed very briefly in the following.

1) Official Finished Threat Knowledge Is Not Baselined:

It would appear that our so called “finished” or “approved” threat knowledge is not baselined and managed as a baseline would be managed. This means that we don’t know for sure what the official assessment of the threat is, how it is updated, or how to acquire it rapidly. The implications of this are obvious and very serious.

2) Official Finished Threat Knowledge Does Not Support the Single Source Multi-purpose Paradigm:

Our threat knowledge is not single sourced and multi-purposed which means that there are multiple instances of possibly disparate knowledge about the same threat and that the knowledge on hand cannot be readily re-constituted to serve multiple purposes. Once again the implications are obvious and serious.

3) Official Finished Threat Knowledge Is Not Properly Structured, Detailed, Labeled (Tagged):

Our threat knowledge is not properly structured, detailed, and labeled so as to provide for the discovery and acquisition of the specific, precise knowledge required. This has serious implications for re-purposing, preparedness, and responsiveness in general and for net-centric operations in particular.

b. Model Driven Threat Assessment and SAVANT:

NASIC is responding to the threat knowledge management problem with a model driven threat assessment paradigm and a powerful capability for (1) the capture/management of threat knowledge; (2) the development/management of dynamic intelligence products; and (3) the discovery and delivery of those products. The capability is called SAVANT.

c. The Genesis of SAVANT:

1) AIPSS and Precursor Efforts:

Starting in the 70s under the leadership of Mr. Don Quigley and Ms. Suzi Barber, NASIC began to develop unique threat database capabilities which featured an information model driven approach which was ahead of its time. This approach was successfully applied to a number of threat database requirements with the most noteworthy being the requirements for the Electronic Warfare Integrated Reprogramming (EWIR) capability, the NASIC DIODE product, and the NASIC SCACS product. These applications of early info model driven capability had profound implications and all that has transpired since traces back to this work and the vision and efforts of folks like Don Quigley and Suzi Barber.

2) AVIPSS and KPS, VPS, and VIPS:

In 1999, NASIC initiated an official program managed by NASIC/SC to develop a new intelligence paradigm and comprehensive capability for the ontology driven capture/management of threat knowledge (KPS), the subsequent development/capture of dynamic intelligence product components (VPS), and the discovery and dissemination of products and threat knowledge that draw from the underlying knowledge and product component bases to meet client requirements (VIPS).

d. Advent of the SAVANT Program:

In 2004 the KPS/VPS/VIPS program was transferred to the newly created Advanced Programs Directorate (AP) and was renamed SAVANT. This was an important event because the program was now viewed as a truly “corporate” venture at NASIC as opposed to just an IT thing.

e. SAVANT and Predecessor Accomplishments Thus Far:

There have been a number of very significant initial accomplishments which were lead by NASIC folks like Sharon Cain, Dave Sanders, Dave Drake, and Chris Colliver. These include:

1) Ground Breaking Info Model Driven Threat Database Capabilities:

2) Next Generation EWIR System (NGES):

3) VPS IOC and Enterprise-wide Deployment of VPS:

4) Re-engineering of the AIPSS Knowledge Editor to Achieve JADE:

5) Development of IOC for VIPRE:

6) Establishment of an Information Model Development Environment (KILN):

7) Threat Domain Specific Applications of SAVANT:

f. SAVANT Problems/Issues:

We will cite major issues/problems with SAVANT in the following. Many of these are a result of the fact that SAVANT and its immediate predecessor program have been under funded since inception. As such obvious enhancements to the core capabilities could not be developed/implemented.

1) Inadequate Operational Architecture and Requirements Baseline:

2) Aging Technical and System Architecture:

3) Fielding of Knowledge Bases and Associated Dynamic Products Takes Too Long:

4) Inadequate Conceptual Modeling Capabilities:

5) Threat Knowledge Authoring Tool Is Not Considered Easy to Use:

6) Limited VPS Virtual/Dynamic Product Features:

7) Lack of a Comprehensive Ad Hoc Query Tool:

8) Lack of Robust Intelligence Discovery/Delivery Capability:

g. Advent of a SAVANT Funding Program Line:

Starting in FY09 a significant SAVANT funding line will be in place. This will enable a more concerted and systematic program of SAVANT development and implementation and ultimately our vision of a new model driven threat assessment and knowledge management paradigm.

3. SOME VISION CIRCA 2013:

In the following, a vision of sorts is presented regarding how NASIC would ideally operate in the context of a very complex intelligence picture and our nation’s paradigm for net-centric operations and warfare (NCOW). Please note that the concepts presented are not meant to constitute exact and precise direction regarding what NASIC should do and/or become. But we do believe that the core concepts of model driven threat assessment and knowledge management are fundamental.

a. World Chaos:

It is the year 2013. Afghanistan and Iraq are in chaos. Global terrorism is rapidly increasing with two attacks on the US homeland and several serious attacks in Europe, Asia, and Africa since 9-11. In the context of a struggling US economy and overextended military, China and Russia are flexing their economic and military muscle more than ever. There have been major cyber attacks on facets of the US cyber infrastructure both civilian and military. The threats to our national security are quite multi-faceted and complex. Demands on our intelligence apparatus are severe.

b. Imperative for Information Sharing and Improved Threat Knowledge Management:

1) Following 9-11 it became apparent that our nation’s will and capabilities for information sharing were suspect. As such initiatives for information sharing have been launched at multiple levels of our security and law enforcement apparatus.

2) A few years ago (circa 2008) NASIC had an epiphany when a critical masse of its leadership realized that proper knowledge management is a necessary condition for effective information sharing. In other words if the information to be shared has not been captured and managed properly then it will not be as readily re-purposed and shared and it will not be as valuable once it is shared.

3) Since 2008 NASIC has internalized and has applied some basic tenants regarding its threat knowledge as follows:

a) A Comprehensive Threat Knowledge Baseline Must Be Established and Maintained:

b) The Baseline Must Support a Single Source, Multiple Purpose Paradigm:

c) The Baseline Must Provide Requisite Scope, Structure, Detail, and Labeling:

c. Net-centric Operations and Warfare:

Out of necessity, our Nation’s defense and homeland security apparatus is operating more and more in context of a net-centric operations and warfare (NCOW) paradigm and associated environments and infrastructures. Various communities of interest are executing their operational architectures in a net-centric fashion with each player having its prescribed roles, processes, and requisite data, info,

and knowledge appropriately pre-positioned. Machine-to-machine flows of data, info, and knowledge are quite prevalent.

d. NASIC Paradigm Shift:

1) NASIC’s basic, top level operational architecture is portrayed in Figure 1.

ThreatAssessment

InformationProfiling

Distribution

All SourceData

Exploitation

Product PrepAnd

Dissemination

Customerand

Production MgtCollection

RequirementsManagement

PRODUCTION MANAGERCOLLECTION

MANAGER

PRODUCTSPECIALIST

Figure 1: NASIC Operational Architecture

KNOWLEDGEMANAGER

ANALYSTANALYSTANALYST

ANALYSTANALYSTANALYST

Threat Knowledge

Management

In--Boxes

Profiles

ProductionInformation

CollectionRequirements

CollaborativeWorkspaces

Data Ware House

Product/ServicesRepository

DATA/INFOSUPPLIER

CUSTOMER

Assessed BOK

2) Back in 2008, NASIC realized that demand for highly tailored, just-in-time intelligence would be increasing dramatically and that it would be increasingly “playing” in the context of net-centric operations and warfare (NCOW). So, as a result, NASIC instituted a new paradigm for threat assessment and threat knowledge management.

3) In this new approach, NASIC intelligence analysts execute a model driven analysis/assessment paradigm (see Figure 2) which produces “structured” threat assessments in accordance with the appropriate conceptual models of the threat (see Figures 3a, 3b).

4) Development of the conceptual models of the threat is initiated at the start of the assessment process and the models are continuously vetted and refined throughout the threat assessment process.

5) When the threat assessment process is completed, the resulting conceptual models and the model instantiations (see Figure 4.) that result by incorporating into the model the INT data and assessment results are at hand. These then become a core part of the overall threat assessments (see Figures 5a, 5b) which are readily imparted to the SAVANT threat knowledge base.

6) In all of this (see Figure 6.) the conceptual model of the threat under study is at the heart of the matter.

CONCEPTUAL MODEL

EXTERNALIZEDMACHINE READABLEINFORMATION MODEL

ORONTOLOGY

A Major Challenge of the New IntelAnalyst Tradecraft Is to Externalize and Formalize The Analysts’ Conceptual Models to Become Machine Readable Ontologies or Information Models Which Can “Drive” Intel Knowledge Mgt and Virtual Production

ANALYST

Incoming Observations and

Data

Cognitive andOntology

DevelopmentProcesses

Externalizing Conceptual Models

ONTOLOGY DEVELOPMENTMETHODOLOGIES

ANDTOOL(S)

Figure 2.: Externalizing Conceptual Models

d. Conceptual Model of the Threat:

More specifically, the conceptual models of the threat (see Figures 1a, 1b) are patterned after the OMG SysML meta-model for systems modeling and consist of specifications of:

structure;

behavior/signatures;

parametrics; and

summary of capabilities.

e. Structured Threat Assessment:

And, the structured threat assessments (See Figures 3a, 3b) are made up of :

the intelligence requirements driving the assessment i.e. the questions that must be answered;

the key assumptions and constraints;

a summary/description of data sources;

a conceptual model of the threat (as described above);

the instantiated model of the threat (including key findings in terms of projected purposes, capabilities, and vulnerabilities);

key findings, implications, predictions; and

key arguments and rationales for the analysis and findings.

Figure 3a: C-map of a Conceptual Model of the Threat

Figure 3b: Reference Model View of Threat Conceptual Model

PurposesCapabilities

Vulnerabilities

Structure(structural models)

Behavior(behavioral models)

Parametrics(physics/math)

Conceptual Model of the Threat

Signatures

+

+

Key Findings (Purposes

CapabilitiesVulnerabilities)Structure

Behavior

Parametrics

Instantiated Model of the Threat

Assumptions&

Constraints

=

Figure 4: Instantiation of the Conceptual Model

Source Data &

EngineeringModels &

Other Tools

Signatures

Arguments&

Rationales

PurposesCapabilities

VulnerabilitiesStructure Behavior

Parametrics

Conceptual Model of the Threat

Signatures

Figure 5a: C-map of a Threat Assessment

Figure 5b: Reference Model for the Threat Assessment

InstantiatedConceptual

Model

ConceptualModel

KeyAssumptions

Structured Threat Assessment

Arguments&

Rationales

SourceCitations

KeyIntelligenceQuestions

FindingsImplicationsPredictions

Model Driven Analysis & Knowledge Capture

A Major Challenge of the New Intel Analyst Tradecraft Is to Externalize and Formalize The Analysts’ Conceptual Models to Become Machine Readable Ontologies or Information Models Which Can “Drive” Intel Knowledge Mgt and Virtual Production

ANALYST

Incoming Observations and

Data

Cognitive andConceptual Model Development

Processes

CONCEPTUAL MODEL DEV METHODOLOGIES

ANDTOOL(S)

ANALYST ANALYST INTERNALIZEDCONCEPTUAL MODEL

Collaborationand

Peer Review

Figure 6: Externalizing Conceptual Models

ANALYSIS AND CONCEPTUAL MODEL

INSTANTIATIONMETHODS/TOOL(S)

Threat Knowledge BaseA core element of a threat assessment is the conceptual model of the threat.

The model is “instantiated” with data and metadata derived from the source INT data and the results from analysis of that data.

The instantiated model is used to ascertain key facts and assertions regarding the nature of the threat.

Threat Assessment

Key Intelligence Questions Key Assumptions & Hypotheses Data/Info Sources Conceptual Model Instantiated Conceptual Model Findings, Implications, Predictions Arguments/Rationales

Conceptual Model(Ontology) &Instantiation

Structure Behavior Parametrics Capabilities Signatures

f. Conceptual Models Are Facilitating Analysis and Threat Knowledge Capture:

In this new model driven threat assessment paradigm, the development, vetting, and distillation of the threat assessments are guided by the concurrent development and iterative refinement of externalized conceptual models of the threat. These conceptual models serve to focus the analytic effort and facilitate the communication and vetting of the threat assessments and ultimately when the finalized models are “instantiated” with data, information, and threat analysis/assessment results, they become an invaluable characterization of the threat.

g. Structured Threat Assessments Are Facilitating Completeness & Re-use:

The resulting structured threat assessments which include the finalized instantiated conceptual models as the core element also include other important facets of a threat assessment which are not often included in the typical intelligence product. These structured threat assessments because of their structure are readily captured and managed in the NASIC SAVANT threat knowledge base via the SAVANT system’s powerful model driven knowledge authoring/editing tool. Capturing the threat knowledge in this fashion enables the rapid provisioning of the exact data, information, and knowledge that is required by a multiplicity of national security players.

h. Threat Knowledge Baseline:

So, in the context of the preceding, NASIC has established a robust intelligence baseline containing the structured threat assessments, threat models (ontologies), intelligence business rules, and instantiated threat models for the domains, countries, systems, and systems of systems that it is responsible for. As such NASIC is totally prepared to respond rapidly to ad hoc requests for data, information, and knowledge from virtually any client (including machines) operating in context of net-centric operations and warfare.

i. Some Specific Scenarios:

We envision some specific scenarios that exemplify how NASIC might be operating circa 2013 in the context of a robust fully fielded capability for threat knowledge management and digital production and an established current threat knowledge baseline.

1) First of all, NASIC analysts routinely and with greatly reduced effort develop and field “standing” or “scheduled” intelligence products which are continuously updated from appropriate facets of the overall KPS-based threat baseline which the analysts keep current as new information and assessment results are available. The analysts involved simply keep their facet of the threat baseline current and the derived products are therefore current by definition.

2) A very important acquisition customer requires comprehensive and appropriately structured threat knowledge on an entire class of threat systems. A few years ago a similar request was rejected because the knowledge, while contained in the heads of analysts, was not available in a form which could satisfy the requirement. Now given the existence of the threat baseline the

appropriate queries and product style sheets are rapidly developed and the required product is readily produced. This happens in a very few days if not hours.

3) US cyber operations capabilities are governed by the cyber control system which includes a highly structured knowledge base which is patterned after a federated ontology of cyber space, the cyber threat, and cyber operations. The cyber operations knowledge base receives cyber threat knowledge from NASIC in a machine to machine manner from the NASIC knowledge base where it was posited in accordance with the appropriate conceptual threat models of the cyber threat. The cyber control system uses ontologies of the cyber threat developed by NASIC.

4) At the same time, NASIC’s IADS threat knowledge is delivered in machine to machine web services based fashion to the operational and warfighting environments to help achieve requisite situational awareness and formulate the common operating picture. Once again ontologies of IADS related concepts are also provided by NASIC and used to semantically aid net-centric operations and warfare.

5) Ad hoc and QRT intelligence production requests are automatically parsed upon receipt into web ontology language (OWL)-based constructs which are used in semantically (ontology) aided searches of the threat baseline for highly relevant knowledge. The relevant knowledge from all facets of the threat baseline are retrieved and provided to the analyst in a so called “mash up” which is a semantically aided combination of search results which best answer the clients needs. The analysts then have at their disposal very flexible and powerful tools for the development/staging of tailored products that respond to ad hoc QRT requests based upon the automatically derived “mash ups”.

6) Similarly, clients visit the NASIC portals and initiate ad hoc queries and/or launch intelligence service discovery requests across the net-centric environment. These requests are parsed and combined with appropriate threat ontologies and associated semantics that are part of the threat baseline to provide a powerful discovery capability. The data, info, and knowledge discovered is processed, appropriately packaged, and delivered to the client.

7) NASIC has been designated the lead organization for a new intelligence initiative in a complex domain involving nation states, non-state actors, and systems of systems. This initiative is of very high interest to policy makers, acquisition elements, and war fighters.

a) In the beginning NASIC responds to the initiative in a traditional fashion with ad hoc static VPS products responding to ad hoc requirements. But it soon becomes clear that NASIC must establish a much more efficient and systematic response to this initiative which is not likely to go away any time soon.

b) So NASIC decides to establish a robust, knowledge driven, intelligence portal to best address client demands in context of this highly topical initiative. This new domain specific intelligence portal will require new threat assessments and associated threat models for the various facets of the overall domain.

c) NASIC, applying solid maturity in project management gained over the past five years, initiates a project to develop the knowledge driven portal. In two weeks NASIC has drafted, vetted, and approved the project’s charter and the team developed project plan.

d) The plan calls for an incremental approach first envisioned a few years previously by a senior database systems engineer from SC who has had a profound effect on the development of NASIC’s SAVANT capabilities.

First, an initial “static” (as opposed to dynamic) portal offering is defined, designed, implemented, and maintained using the SAVANT VPS capability. This enables a rapid initial deployment of the portal at the product component level using static VPS components which actually contain the intelligence content as opposed to drawing it dynamically from the under lying knowledge base.

Since conceptual modeling is now a part of analyst tradecraft (since 2008) and since NASIC’s analysts are well schooled in conceptual modeling and use of the modeling toolkit, many of the requisite threat models for the threat domain have already been developed by virtue of the threat assessment work that has already transpired. These models are imparted to the SAVANT KPS knowledge management system where they rather immediately drive the knowledge authoring tool to enable capture of the threat knowledge corresponding to those models.

At this point selected static VPS-based portal components are modified to draw dynamically upon the content just imparted to the KPS knowledge base.

Development of remaining models is accomplished as threat assessments are accomplished in un-assessed facets of the overall intelligence domain. And once again these models are imparted to SAVANT to guide the knowledge authoring process.

And once again, after the knowledge is captured, the appropriate VPS components are modified to draw their content from the threat knowledge just imparted to the threat knowledge base.

e) Ultimately, in this incremental fashion, NASIC arrives at a totally threat knowledge baseline driven portal capability.

j. Repetition Is One of the Principles of Learning:

NASIC has repeated on the incremental portal development theme described above a number of times and as a result it has developed an organizational competency for achieving this kind of result on a routine basis. Developing and fielding a robust, threat knowledge baseline driven intelligence portal has become a natural and routine part of NASIC business.

k. State of NASIC Capabilities/Performance in 2013:

1) As a result of its initiative in establishing (1) the model driven analysis and threat knowledge management paradigm, (2) the associated threat knowledge baseline; and (3) the capabilities for dynamic product development and ontology aided discovery, NASIC has improved its intelligence assessment/production performance several fold in terms of completeness, accuracy, timeliness, and productivity when compared to the performance levels prior to the paradigm shift.

2) Now, NASIC is fully participating in net-centric ops and warfare (NCOW) and is satisfying the needs of its clients in an optimal fashion because the clients themselves can discover and acquire specific pieces of threat knowledge which can readily applied and/or re-purposed in the client’s problem space.

4. THREAT KNOWLEDGE MANAGEMENT IMPERATIVES:

a. Our national security players (including machines) must be able to quickly receive, discover, access, and acquire the specific pieces of threat data, info, and knowledge that they need and that they have the security clearance level to receive.

b. As such, the Intel Production Centers must develop, capture, manage, and employ their data, information, knowledge, and product with requisite scope, specificity, and granularity such that it can be readily discovered, accessed, retrieved and re-purposed to provide tailored timely intelligence products and services in the context of various Communities of Interest (COIs) operating in a net-centric environment.

c. This strongly suggests that the intelligence data, information, and knowledge must be properly conceptualized, structured, and managed so as to provide requisite structure, detail, and labeling to support discovery, access, re-purposing, and delivery.

5. TOP LEVEL REQUIREMENTS:

The vision and imperatives cited above give rise to some key functional requirements/features that must be supported/enabled by the intelligence/information systems that will be used at any intelligence center to do the job.

a. The Core Functional Requirement:

NASIC’s Vision, Goals, and Objectives have revolved around the notions of producing descriptive, interpretive, and predictive knowledge of the threat and then providing that knowledge to policy makers, acquisition elements, and to the warfighters by participating in net-centric operations and warfare within the appropriate COIs.

A such, NASIC must be able to provide its clients with the very high precision and very high recall threat data, information, and knowledge that they need, with requisite scope and detail (granularity), in the requisite form, and when they need it.

b. Derived Requirements:

So, what are the implications of the core requirement specified above?

1) First, NASIC must establish and manage a digital threat knowledge baseline of appropriately structured, detailed, and labeled threat assessments with requisite scope and granularity.

2) The NASIC threat knowledge baseline must be able to support a single source, multi-channel intelligence production paradigm in which multiple intelligence product streams are driven from a single source of threat knowledge.

3) These threat assessments must include descriptive, interpretive, and predictive data/knowledge of the threat represented in accordance with appropriate conceptual models of the threat having the requisite detail and structure.

4) The NASIC must have the tools to develop the requisite conceptual models of the threat.

5) To instantiate the constructs that are represented in the conceptual models, NASIC must be able to capture/manage rather complex data having rich structure and detail.

6) In order to have great flexibility in re-purposing its data, information, and knowledge, NASIC must be able to develop, capture, and manage product “components” which leverage the conceptual models and access selected pieces of the data/knowledge captured.

7) And, along with these product components, NASIC must capture and manage product component layouts or generalized style sheets and be able to apply these style sheets to the product component output in order to create any “presentation” that is required e.g. HTML, PDF, XML, etc.

8) NASIC must develop, capture, manage semantically assisted portals, portlets, mashups, and/or web services which are made up of the product components discussed above. The clients come to the portal and invoke features inherent in the selected portlets which invoke the product components which in turn access the data/knowledge previously captured. In many cases the “clients” will be machines.

9) And, NASIC must have the overarching capability to provide discovery/notification services to our clients and to render/deliver the products and services that are represented in the portlets, web services, product components, and underlying data/knowledge. Again, in many cases the clients will be machines.

6. THE PRIMARY SAVANT GOAL:

The primary goal is to enable - via application of IT, Knowledge management concepts/practices, and semantic technologies - the realization of the vision and requirements stated above. That vision and those requirements drive the need for a capability which enables the following:

a. Complete Externalization/Capture/Management of NASIC Threat Knowledge:

b. Flexible and Agile Capability for Dynamic Product Development/Deployment:

c. Robust Intelligence Notification/Discovery/Delivery Services:

7. Major SAVANT OBJECTIVES:

a. Robust SAVANT Program at NASIC:

Given the advent of a significant funding line it would seem to make sense to establish or re-establish a robust SAVANT Program at NASIC. This program would have an explicit, vetted, approved program plan and governance structure to include PMO and executive steering, engineering, and customer groups.

b. Improved, Enhanced, Re-engineered, Base-lined SAVANT System:

We will no doubt need to accomplish significant re-engineering of SAVANT in order to accommodate new requirements and leverage new technologies and also to reduce sustainment costs. When we re-engineer SAVANT we must establish and maintain the appropriate SAVANT baseline in terms of requirements, architecture, system definition/design, etc.

c. Establishment of a NASIC Threat Knowledge Baseline:

We want to support and facilitate the NASIC effort to establish a SAVANT-based threat baseline consisting of structured threat assessments to include instantiated threat models. This should be a corporate program in its own right consisting of a portfolio of threat domain projects each of which accomplishing the establishment of the respective domain’s part of the overall baseline.

d. Acquisition/Development of a Conceptual Modeling Tool with Requisite Features:

We must provide the analysts with a rich toolset for the development, capture, management, and presentation of conceptual models of the threat. These conceptual modeling tools should be standards-based (e.g. OMG’s SysML) and they should yield artifacts which can rather directly support follow-on info model development in the KILN.

e. Enhanced, More Integrated KILN Capability:

In concert with the general objectives for SAVANT re-engineering we need to re-engineer and enhance the SAVANT KILN capability such that it is extremely interoperable with the analysts’ new conceptual modeling tools and otherwise provides for a very smooth and efficient development and installation of the SAVANT info models that correspond to the analysts’ conceptual models.

f. Enhanced, More Richly Featured Knowledge Authoring Tool (JADE):

There are a number of enhancements in the requirements queue that can and should be made to the JADE knowledge authoring tool. Given the availability of externalized, captured, managed conceptual models and associated constructs derived to drive SAVANT, we have the opportunity to apply semantic technologies to the JADE process so as to make it easier and more efficient to use.

g. Enhanced, Semantically Aided Intelligence Product Development/Management:

The current SAVANT VPS capability is pretty basic. There has been talk of perhaps not even having a VPS capability. But whether it will be VPS in its current form or or not, SAVANT must have the capability to develop and manage product definitions/designs, static/dynamic content, and presentation. So, what ever this product development/management capability is called we want it to provide enhanced capability when compared to what we have now. These enhancements would include developing additional “product rendering classes” and using the semantics inherent in the SAVANT information models to assist the definition, development, assembly, and presentation of static or dynamic products.

h. Generalized, Semantically Aided Query Tool:

The general nature of the SAVANT data model makes the development of queries more difficult than is query development for traditional commercial database query. And at present there does not exist a general comprehensive query tool for SAVANT. Development of such a capability given the data structure complexities is not any easy task but given the presence of semantics inherent in the SAVANT information models it seems possible and even advisable to develop a comprehensive semantics driven query tool for SAVANT.

i. Enhanced, Semantically Aided Discovery/Mash-up/Delivery Capabilities:

So, now we want to make the SAVANT discovery/delivery services really sing! As such we want to develop a suite of such services which enable NASIC’s clients to readily discover and acquire the threat knowledge they need. This of course can happen by virtue of the traditional web site visiting/browsing/pointing/clicking kind of activity or it can happen by exercising the generalized semantics assisted query capability or it can happen by virtue of so called semantic mash-ups which are en vogue at present.

j. Robust Organizational Capability for SAVANT Applications:

Finally, we want to develop/sustain an organizational competency/capability to define, design, implement, maintain threat domain specific applications of SAVANT to rapidly address requirements for threat knowledge bases; dynamic intelligence products; and intelligence portals, portlets, mashups, etc. This capability for rapid application of SAVANT to requirements would consist of the requisite competencies/skills, processes/practices, and tools.

8. REVIEW OF CORE CONCEPTS/TECHNOLOGIES/ARCHITECTURE:

a. The Basic Knowledge Management CONOPS and Core Ideas:

1) The core idea of SAVANT is to drive the capture, organization, management, use of threat data/knowledge via externalized digital versions of the conceptual models that analysts no doubt form as the basis for the articulation of their assessments of the threat.

2) These conceptual models, which are viewed as crucial artifacts of threat assessment, are captured/externalized in the form of ontologies ( i.e. specifications of a conceptualizations) or information models which identify entities/behaviors/relationships/ attributes and associated parametrics which collectively characterize and specify the threat.

3) In this context we have chosen to view every thing that we capture data and knowledge about as a real or abstract “object” e.g. an airplane or a weapons acquisition strategy. We also make what we believe to be a useful distinction between INT event objects, threat objects, and product objects.

4) And we entertain the concept of hierarchies of objects in which we could represent very composite threat objects like countries, forces, systems of systems, and systems; INT objects (i.e. observed threat object behavior) would be part of a threat object characterization which would be part of a product component which would be part of an threat country or topic portlet.

5) A very important point to remember here is that by capturing the appropriately narrated conceptual model in digital form we have in essence captured the content meta-data for the knowledge that instantiates the model. As such this meta-data is now available to be propagated to any product that the associated knowledge piece becomes a part of.

6) So, when the analyst has captured his/her threat knowledge in accordance with the externalized conceptual models, dynamic customized products can be readily driven from the pre-positioned threat knowledge. This includes product content tagging which is derived from the externalized conceptual models that we have “hung” the threat knowledge on in the first place.

7) These dynamic products are developed in terms of pre-existing primitive product component types which are instantiated with static data or equipped with mechanisms for acquiring dynamic content that is provided when triggered by a client. These product components are developed and captured along with product component level meta-data and managed in a product component level knowledge base.

8) Finally, the pre-positioned product components are further combined into appropriate product portlets and/or web services which draw together all products and underlying knowledge on a particular threat topic. Semantic mashup capabilities and semantically (ontology) aided search capabilities enable rapid discovery and assembly of just the right data, information, and knowledge for the client.

9) Now, as suggested above in one of the scenarios, major intelligence topic portals can be developed incrementally by first defining, designing, and fielding a static VPS-based version of the portal and then swapping static portal components out for dynamic threat baseline driven components as the requisite threat models are developed and instantiated.

10) This incremental and layered approach (to the capture of information model and associated threat knowledge; development and management of dynamic intelligence product components; and rendering of product components via semantically aided portlet and web services technology) is very powerful and facilitates re-purposing of content tagged intelligence knowledge for clients in multiple communities of interest (COIs) in the overall net centric environment.

b. Some Building Block Technologies:

There are a number of technologies which show promise in the enhancement and re-engineering of SAVANT. Some of these are identified and briefly discussed in the following.

1) The Oracle Platform/Suite:

Oracle is continually updating its product suite and associated features and so it is essential to maintain situational awareness on the current and planned offerings. At present Oracle categorizes its offerings into two major categories as follows:

a) Oracle Database:

b) Oracle Fusion Middleware:

2) Service Oriented Architecture (SOA), Web Services, and BPM:

Service oriented architecture and associated COTS products offer many benefits in terms of extensibility, re-usability, maintainability, etc. On the other hand, effective application of SOA requires that the CONOPS and operational architecture be fairly well specified to enable requisite orchestration of the required web services. This indicates need for the capability to development business process models presumably using a standard BPMN based tool.

3) MS Office Related Capabilities:

The MS Office suite which consists of a comprehensive suite of desktop applications and servers is becoming a bit of a force when viewed as a total enterprise capability. MS categories its product suite at the top level as follows:

a) Office Desktop Applications:

b) Office Servers:

4) Structured Authoring Capabilities:

We probably want to keep an eye on the so called “structured authoring” capabilities for opportunities to provide a more friendly knowledge authoring experience for our analysts as they instantiate/populate their conceptual models of the threat. Capabilities that show promise include:

a) XML Schema Driven (e.g. In.Vision Xpress Author):

b) Darwin Info Typing Architecture (DITA):

5) Conceptual Modeling Methodologies/Tools:

In the preceding we have proposed that conceptual models of the threat will become a core artifact of the threat assessment process. As such conceptual modeling and associated tools will become a core part of analyst tradecraft. There are a number of conceptual modeling perspectives and the ultimate idea is to provide the analyst with the requisite toolset to render conceptual models which collectively sever to characterize the entity or concept under study.

In any event there are a number of methods/tools which can be categorized as follows:

a) Concept Mapping (e.g. IHMC C-map Tool, CaseTalk, etc):

b) Ontology Development:

c) Business Process Modeling (e.g. via BPMN):

d) System Modeling (e.g. via SysML):

6) Semantic Technologies:

The so called “semantic technologies” are showing promise for enhancing the capabilities of SAVANT in a number of different ways. The core information model (ontology) driven nature of SAVANT provides opportunity to apply semantic technologies which have to do with application of ontologies to various problems/issues that occur in the use of applications and data.

a) Ontology Development:

b) Semantic Integration/Interoperability (Application/Data):

c) Semantic Mash Up:

d) Semantic Query:

e) Semantic Web Services:

f) RFD Triple Data Store:

c. Architecture:

It is useful to look at SAVANT architecture both current and future in context of the DODAF framework which accommodates three architectural views: operational, technical, and system .

1) Operational Architecture:

A properly specified operational architecture (CONOPS) for SAVANT would feature an ontology driven intelligence assessment and production paradigm involving the formulation of the information models for the intelligence domain under study and the subsequent capture/management of data/knowledge in accordance with those models. Figures 1-6 shown above are actually portraying facets of the operational architecture for SAVANT. All else flows from this.

2) System Architecture:

a) At present, the system architecture for SAVANT (shown in Figure 7 below) has three basic system segments:

the threat knowledge capture/management capability: Knowledge Pre-positioning System (KPS);

the dynamic product development/management capability: Virtual Production System (VPS); and

the intelligence notification, discovery, access, delivery capability: Virtual Intel Product Rendering Environment (VIPRE).

Product Components& Layouts

KPS/VPS/VIPRE System

VirtualProduction

System(VPS)

KnowledgePre-positioning

System (KPS)

Knowledge Objects Portlets/Products

Top Level System Architecture

Virtual Intelligence Product Rendering

Environment(VIPRE)

Figure 7: Top Level System Architecture

b) A some what notional top level view of the NASIC enterprise system architecture is shown in Figure 8.

Note: This is the KPS/VPS/VIPRECore Complex of Apps and Stores for Pre-positioning, Production, and Dissemination.

Note: the work flow, tools, and repositories shown in the diagram would be supported by very extensive machine readable information models and other meta-data which enable a very high degree of flexibility, applicability, and interoperability.

KEY FEATURES

Horizontal Fusion of Intel Production Lifecycle and INT Data, Eng Models, & Threat Assessment Results

Collaborative Team Environment Automated Technical and Mgt

Workflows (the big blue arrow) Service Oriented Architecture (SOA)

Via Enterprise Service Bus (ESB) Data and Meta-data Driven

Processes and Repositories Ontology Driven Intel Analysis &

Knowledge Mgt Data and Meta-data Driven Virtual

Products Standard Data Repositories and

Access Web Services Based Intelligence

Portal

PRODUCTIONRQMT/PROJECT

INFO

COLLECTONRQMTINFO

INTOBJECTS

INTELPRODUCTOBJECTS

RQMT/PROJMGT

SERVICES

COLLECTIONMGT

SERVICES

TTPU/TPEDWORKBENCH

SERVICES

KNOWLEDGEPREPOSITSYSTEM

SERVICES

VIRTUALPRODUCTION

SYSTEMSERVICES

PROD RQMTS & PROJECT

MGT

COLLECTIONRQMTS

MGT

TASK/POSTPROCESSEXPLOITDISSEM

CAPTURETHREAT

CHARACTER-IZATION

DESIGNASSEMBLECAPTURE

PRODUCTS

VIRT INTELPRODUCT

RENDERINGSERVICES

RENDER& DISSEM

PRODUCTSSERVICES

INTELPORTAL

OBJECTS

ENTERPRISE AND COMMUNITY INFO MODELS and META DATA

ENGMODELS

ENGINEERING(GEOMETRY)(DYNAMIC)

ENGMODELINGSERVICES

ANALYSISCOGNITIVE

TOOLSERVICES

THREATASSESS-

MENT

ANALYSTNOTEBOOKS

THREATSYSTEM

OBJECTS

COLLABORATING TEAM MEMBERS

PLMS

ENTERPRISE SERVICE BUS (ESB)

Figure 8: Enterprise System Architecture

3) Technical Architecture:

The technical architecture for SAVANT specifies current commercial/government standards for data, protocols, APIs; key technologies; application frameworks; and basic COTS building blocks upon which the system is designed and built.

a) SAVANT is combining service oriented architecture (SOA); web services; and model, view, controller (MVC) architectural/design patterns.

b) SAVANT leverages commercially available object relational data management system (ORDBMS) capability (i.e. Oracle) to deal with the complex data management requirements.

c) SAVANT leverages the J2EE framework, the Java Community Process (JCP), and its

Java Specification Request (JSR) construct.

d) SAVANT also leverages and applies key government standards to include IC MSP and DOD Discovery Meta-data Standard (DDMS).

e) SAVANT will no doubt leverage various of the semantic technologies such as Web Ontology Language (OWL) and Web Rule Language (WRL) to develop semantic mashups, semantic queries, etc, etc.

9. PROPOSED APPROACH:

a. Re-establish, Execute, Sustain an Explicit Formal SAVANT Program:

1) Vetted, Approved Program Charter and Program Plan:

Given the establishment of a funding line, the SAVANT activity at NASIC should have a refreshed charter and program plan which collectively serve to re-authorize, re-energize, and re-focus the entire effort.

2) Program Governance Structure:

The program plan should specify a refreshed governance framework with appropriate processes and boards. The program must have an improved functional requirements management mechanism to include an active functional control board (FCB).

b. Establish and Control a SAVANT System Baseline:

At present because of limited resources the SAVANT system baseline is not completely specified and managed. With the advent of a SAVANT funding line it would seem appropriate to establish a more replete specification of the SAVANT baseline to include:

1) Functional and System Requirements:

Functional and system requirements for SAVANT must be properly captured and managed. This management activity would include periodic review, vetting, and prioritization of requirements on hand in relation to requirements just received.

2) Operational/Info, Technical, System Architectures:

The appropriate architectural views for the SAVANT capability should be baselined and configuration managed. These artifacts are actually quite important for the efficient and effective conduct of on-going enhancement and support of the SAVANT capability.

c. Establish, Execute, Manage Portfolios of SAVANT Related Projects:

We want to establish the optimal portfolios of SAVANT program projects. These portfolios would be optimal in the sense that the portfolios have been selected and prioritized via an explicit valuation and selection process.

1) Two Kinds of SAVANT Project Portfolios:

It would appear appropriate to acknowledge two SAVANT portfolios which would organize projects into two categories as follows:

a) re-engineering, enhancement, or development of SAVANT capabilities; and

b) application of SAVANT to establish the required threat knowledge/product results for NASIC.

SAVANTPORTFOLIOS

CAPABILITYPORTFOLIO

(re-engineering)(enhancement)

(new development)

RESULTSPORTFOLIO

(knowledge bases)(dynamic products)

(portals/portlets)

SAVANT Baselineing Threat Knowledge Baseline

Conceptual Modeling Toolkit (SysML)

Enhanced KILN Capability

Enhanced Knowledge Editor (JADE)

Enhanced Product Capability (VPS)

Generalized Query Tool

SAVANT Re-engineering

Enhanced Discovery/Delivery (VIPRE)

Threat Domain #1

Threat Domain #2

Threat Domain #3

Threat Domain #N

Figure 9: SAVANT Program Project Portfolios

2) Proposed SAVANT Capabilities Portfolio:

The SAVANT capabilities portfolio would be a long term phased effort to re-engineer and re-baseline the SAVANT capability. The effort would be an overarching project encompassing all other major re-engineering, enhancement, and new development projects and would include the development of requisite baseline specifications for requirements, architecture, design, etc.

Candidate projects for the portfolio include the following:

a) SAVANT Baseline Establishment:

This project actually constitutes a long term phased effort to baseline the SAVANT system. This would involve establishment and the maintenance of appropriate baselines for requirements, architectures, system designs, test plans, etc.

Note: All other SAVANT capabilities would be accomplished in close coordination with the SAVANT system baselining effort.

b) SAVANT Re-engineering:

Given the piecemeal funding of SAVANT that has been the rule over the past years and given the advent of a persistent source of funding starting in FY09 it would seem to make sense to initiate a re-engineering effort for SAVANT which at least consists of a review of the architecture/design of SAVANT in light of deficiencies problem areas identified and a discussion of what should be done.

Of course the decision could ensue to re-engineer the SAVANT capability or major segments of it and this would therefore drive initiation, execution, montitoring/oversight, and close-out of the appropriate re-engineering projects.

One re-engineering issue that has been oft discussed over the past few years is the question of whether or not the VPS segment of the overall architecture is required as the SAVANT program moves forward. This question would be addressed in the re-engineering effort by re-visiting relevant ops architecture and key requirements and then examining alternative technical and system architecture.

c) Acquisition/Development of Analyst Conceptual Modeling Toolset :

If a model driven threat assessment paradigm is to be institutionalized at NASIC we will have to equip the analysts with the appropriate conceptual modeling tools. This would require a project which would focus quite heavily on the survey of the market place for tools which can model threat entities with sufficient fidelity; provide digital renditions of the models which can drive information model development in the KILN; and at same time be deemed useable by the intelligence analysts.

In this context the OMG’s SysML standard and ssociated vendor tools aare showing considerable promise. SysML is a standard for the graphical specification of general systems and/or systems of systems. The standard is not intended to be applicable solely to IT systems but rather is intended for all systems. And the standard also specifies an XML based serialization which the tools support so that the models can indeed drive KILN work.

d) Enhanced, Semantically Aided Knowledge Authoring Tool (JADE):

There are always requirements for enhancements to the SAVANT JADE editor. As such it would seem to make sense to initiate a project to enhance the JADE editor to meet outstanding requirements.

Also since the JADE editor has access to the SAVANT information models (which are in essence ontologies) then it raises the question as to whether the so called semantic technologies can be applied to enable significant enhancements to JADE.

Further so called “structured authoring” is en vogue in the commercial world and it may be advisable to be on the look out for opportunities to apply standards-based, structured authoring capabilities to JADE requirements. One example of this opportunity is the In.vision Xpress Author plug-in for MS Word which enables structured authoring against any XML schema in context of a Word user interface.

e) Enhanced, Semantically Aided Dynamic Product Development Capability (VPS):

At present the VPS capability while providing pretty powerful stuff but is nevertheless still pretty basic in a lot of respects. The capability only supports the absolutely essential set of primitive product components and so could use a number of additional rendering classes to enrich the primitive component palette.

Further, the composite components and associated product presentations have been limited in terms of navigability features offered to the end client.

And since VPS operates in the SAVANT environment and has access to the SAVANT information models and DQI data then it would seem that the potential is high for applying semantic technologies with significant benefits. Content metadata derived from information models can be propagated through the output of dynamic VPS components. Further, it could be that the so called semantic mash-up technologies could be applied in the context of VPS, VPS rendering classes, and VPS components.

f) Generalized, Semantically Aided Query Tool:

For years we have been talking about the need for a generalized query tool for SAVANT. Given SAVANT’s underlying data model this is not an easy chore but perhaps with the advent of more consistent funding this project can be initiated. Again, the SAVANT information models will be leveraged in several ways to drive the generalized query capability.

g) Enhanced, Semantically Aided Discovery/Delivery Capability (VIPRE):

The SAVANT capability for discovery/delivery is also pretty basic and many enhancements are required. So we need to initiate a project which will develop/implement/deploy the required enhancements.

This work would no doubt expand upon the existing product registry based discovery capabilities and also consider application of semantic technologies to provide for an enhanced discovery, acess, and delivery capability.

This work could also include inclusion f semantic mash-up frameworks to accommodate rapid development of mash-up products.

3) Proposed SAVANT Results Portfolio:

a) Establishment of the NASIC Threat Knowledge Baseline:

This project actually constitutes a long term phased effort to apply SAVANT to all of NASIC’s threat domains. This would involve development/capture of requisite threat models and population of the associated domain specific threat knowledge bases.

Note: All other SAVANT results projects would be accomplished in close coordination with the knowledge baselining effort.

b) Domain Specific Knowledge Bases and Product Offerings:

4) Portfolio/Project Management/Oversight:

Of course we must apply appropriate processes/tools to manage the SAVANT portfolio and its projects. Suffice to say here that each portfolio project would have:

a) Approved Requirements: b) Approved Project Charter:c) Solid Project Plan; d) Explicit Kick Off Reviews:e) Periodic Technical Reviews IAW Project Plan;f) Periodic Management Reviews IAW Project Plan;g) Explicit Close Out Reviews:

d. Investigate and Leverage Selected Hot-Off-The-Shelf Technologies:

We want to take appropriate advantage of capabilities that have emerged over the past couple of years to include:

1) Possibly Obscure But Powerful Features of the Oracle Suite:

2) MS Office/Sharepoint:

3) SOA/ESB and Web Services:

4) Java Community Process (JCP) and Java Spec Request Driven Capabilities:

5) SysML Conceptual/System Modeling Tools:

6) Structured Authoring Tools (e.g. In.Vision Xpress Author):

7) Semantic Mash-up Technologies/Tools:

8) Semantic Query Capabilities:

e. Achieve Organizational Competencies/Capabilities to Rapidly Apply SAVANT:

1) This involves a concerted effort to build up an organizational capability for the rapid application of SAVANT to knowledge management, digital production, and/or discovery and dissemination services. This includes development/acquisition of requisite competencies/skills, processes/practices, and tools to enable rapid development/fielding of information models, product components/presentations, navigable composite products, portals, portlets, and mashups.

2) This will require the repeated planning, execution, and follow up of SAVANT application projects so that the organization becomes well practiced and well tooled at applying SAVANT to its knowledge management, digital production, and intelligence dissemination requirements.

10. Final Words:

a. This is an exciting time for SAVANT. The need is profound. The concepts are powerful. The program now has a significant funding line. An actual operational capability is at hand. There have been significant applications of SAVANT at NASIC and the ONI initiative indicates that there is other life in the universe.

b. But progress at NASIC has been slow. At times the program has lost focus. It is imperative that the planning, execution, oversight, control of the program appropriately honor the profound nature of the need and the significant resources now being provided.