EPTS Scenario

Bio-defense & Very Large EPNsHarvey Reed, Arkady Godin

MITREDRAFT, v4

Introduction• This brief contains a simple bio-defense scenario, which illustrates the inherent challenges present in Very Large EPNs (event processing networks)• The challenges are mostly alignment oriented:

• Organization• Command, control, coordination• Data• Process

• Some challenges are decision support oriented• This scenario is in harmony with the objectives of the National Infrastructure Protection Plan - http://www.dhs.gov/xprevprot/programs/editorial_0827.shtm

Events Start Locally then Escalate

The first physical event happens. A livestock truck and small car collision off of a major interstate is handled by local authorities, when one of them noticed that the livestock (largely unhurt) looked suspicious.

Collision

Time T+0 – Event Starts Locally

T+0

T+0T+1

T+2

The county inspector is called in and they determine that the livestock has a highly contagious disease.

Time T+1 – Escalate

The state agricultural authorities are called to the scene, they agree, and cordon off the area as a bio-hazard area, and the case is filed with a national registry, which triggers low level alerts.

Time T+2 – Escalate

Event Correlation Enables Coordination

T+2

T+3

The national agricultural dept fusion center correlates this incident with several others in the same region of the country. Further, there is a high probability that the diseased livestock comes from one import/export company on the east coast.

Time T+3 – Correlate

T+4

Authorities are dispatched to the import/export company only to find that the owners have fled the country, and there is evidence to suggest that this may be a coordinated attack on the agricultural infrastructure of the country.

Time T+4 – Investigate

A bulletin is issued, to other countries with an agricultural safety bi-lateral agreement, to pursue.

Time T+5 – Pursue

T+5T+5

Very Large EPNs Require AlignmentOrganizational • Minimal jurisdictional ambiguity

• Agreements are in place to enable information sharing• Technology and security policy interoperability enables information sharing.

Command, Coordination, and Communication

• Determine if an organization’s infrastructure can adequately support operational activities• Operational analysis determines proper functional partners and information exchanges• Infrastructure analysis identifies communications gaps

Semantic Domain Specific Example -- Emergency Management TC, OASIS -• Emergency Data Exchange Language Resource Messaging (EDXL-RM)• Emergency Data Exchange Language (EDXL) Hospital AVailability Exchange (HAVE)

Process • Mass communication is important, so that the public can be alerted in a consistent fashion. Some companies are starting to offer mass communication as a service, such as MyStateUSA.com

Very Large EPNs Use Decision Support(example)NBIS provides a bio-surveillance common operating picture to senior leaders and partner agencies regarding natural disease outbreaks, accidental or intentional uses of biological agents, and emergent biohazards through the acquisition, integration, analysis and dissemination of information from existing human health, animal, plant, food, and water surveillance systems and relevant threat and intelligence information.