Use Case Tutorial - Bio-Defense (4/7)


Published on

Part 4 of 7 of the Use Case Tutorial presented at DEBS'2009 in Nashville, TN

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Use Case Tutorial - Bio-Defense (4/7)

  1. 1. EPTS Scenario Bio-defense & Very Large EPNs Harvey Reed, Arkady Godin MITRE DRAFT, v4
  2. 2. Introduction • This brief contains a simple bio-defense scenario, which illustrates the inherent challenges present in Very Large EPNs (event processing networks) • The challenges are mostly alignment oriented: ● Organization ● Command, control, coordination ● Data ● Process • Some challenges are decision support oriented • This scenario is in harmony with the objectives of the National Infrastructure Protection Plan -
  3. 3. Events Start Locally then Escalate Time T+0 – Event Starts Locally The first physical event happens. A Collision livestock truck and small car collision off T+0 of a major interstate is handled by local authorities, when one of them noticed that the livestock (largely unhurt) looked suspicious. Time T+1 – Escalate The county inspector is called in and they determine that the livestock has a highly contagious disease. Time T+2 – Escalate The state agricultural authorities are T+0 called to the scene, they agree, and T+1 cordon off the area as a bio-hazard area, and the case is filed with a T+2 national registry, which triggers low level alerts.
  4. 4. Event Correlation Enables Coordination Time T+3 – Correlate The national agricultural dept fusion center correlates this incident with several others in the same region of the country. Further, there is a high probability that the diseased livestock comes from one import/export company on the east coast. Time T+4 – Investigate T+2 T+5 Authorities are dispatched to the T+5 import/export company only to find that the owners have fled the country, and there is evidence to suggest that this may be a coordinated attack on the T+4 agricultural infrastructure of the country. Time T+5 – Pursue A bulletin is issued, to other countries T+3 with an agricultural safety bi-lateral agreement, to pursue.
  5. 5. Very Large EPNs Require Alignment Organizational • Minimal jurisdictional ambiguity • Agreements are in place to enable information sharing • Technology and security policy interoperability enables information sharing. Command, • Determine if an organization’s infrastructure Coordination, can adequately support operational activities • Operational analysis determines proper and functional partners and information exchanges Communication • Infrastructure analysis identifies communications gaps Semantic Domain Specific Example -- Emergency Management TC, OASIS - • Emergency Data Exchange Language Resource Messaging (EDXL-RM) • Emergency Data Exchange Language (EDXL) Hospital AVailability Exchange (HAVE) Process • Mass communication is important, so that the public can be alerted in a consistent fashion. Some companies are starting to offer mass communication as a service, such as
  6. 6. Very Large EPNs Use Decision Support (example) NBIS provides a bio-surveillance common operating picture to senior leaders and partner agencies regarding natural disease outbreaks, accidental or intentional uses of biological agents, and emergent biohazards through the acquisition, integration, analysis and dissemination of information from existing human health, animal, plant, food, and water surveillance systems and relevant threat and intelligence information.